The Hypertext Transfer Protocol (HTTP) is an application protocol that serves as the foundation of data communication for the World Wide Web. Since it is used by numerous applications, from the Internet of Things (IoT) devices to mobile applications, it is a great place to search for vulnerabilities.
The HTTP SSL Certificate Checker auxiliary module will check the certificate of the specified web servers to ensure the subject and issuer match the supplied pattern, and that the certificate is not expired.
The HTTP Robots.txt Content Scanner auxiliary module will search for robots.txt
files and analyze their content.
If the PUT
method can be used by any unauthenticated remote user, arbitrary web pages can be inserted into the web root, possibly leading to a deface or even remote code execution, or the disk can be filled with meaningless data, resulting in a denial of service attack.
The Jenkins-CI Enumeration HTTP auxiliary module enumerates a remote Jenkins-CI installation...