Detect Private SSH, TLS, and JWT Keys
Detects the presence of private SSH, TLS, and JWT keys on the server.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the URLs to be scanned for private keys. It filters the URLs based on the response code, ensuring that only URLs with a response code between 200 and 299 are considered. It also extracts the URL variable from the response for further use.
The execute section of the template defines a single request to be executed. It modifies the URL by appending the URL paths from the wordLists section to the URL variable extracted in the API selection filters. This creates a list of URLs to be scanned for private keys.
The validation section specifies the criteria for validating the response of the executed request. It checks that the response code is equal to 200 and that the response payload contains one of the specified private key indicators. It also ensures that the response payload does not contain any HTML tags, indicating that the response is not an error page.
Frequently asked questions
What is the purpose of this test
What are the potential impacts of exposing private keys
What category and severity level does this test fall under
What are the references for further information on TLS and SSH vulnerabilities
What are the specific URL paths that will be checked for private keys
What are the validation criteria for a successful test