id: unauthorized-puppet-node-manager

info:
  name: Puppet Node Manager - Unauthorized Access
  author: pussycat0x
  severity: medium
  description: Pupper Node Manager is exposed to external users.
  metadata:
    max-request: 1
    fofa-query: 'app="puppet-Node-Manager"'
  tags: node,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<a href="/nodes">Nodes</a>'

      - type: status
        status:
          - 200
# digest: 490a00463044022003ccd6fe2e0259a02cf374bf528013de630d149d97208c27f1272bb7a06658b9022061f24c0838b4fd2ca4b7148df410c060fdeea9c5a5e690bf7d7f6c447d15e603:922c64590222798bb761d5b6d8e72950