id: browserless-debugger

info:
  name: Exposed Browserless debugger
  author: ggranjus
  severity: medium
  description: Browserless instance can be used to make web requests. May worth checking /workspace for juicy files.
  reference:
    - https://docs.browserless.io/docs/docker.html#securing-your-instance
  classification:
    cpe: cpe:2.3:a:browserless:chrome:*:*:*:*:node.js:*:*:*
  metadata:
    max-request: 1
    vendor: browserless
    product: chrome
    shodan-query: http.title:"browserless debugger"
  tags: browserless,unauth,debug,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>browserless debugger</title>"
          - "<code>Click the ► button to run your code.</code>"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a004630440220608079abff15319c244b70860ddabfe73e5657b7d31af7cc83c05ab4aabc2aa002201f4c016d61c1019acc06bf1046e38e9b36d8f3f1b38c6d2a05bb2d8a1c6b2012:922c64590222798bb761d5b6d8e72950