RabbitMQ Weak Credentials Plugin

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

860 stars 178 forks source link

Closed leonardo-doyensec closed 5 months ago

leonardo-doyensec commented 5 months ago

The following PR adds the weak credential tester for RabbitMQ Management Portal.

Some notes on the current version of the rabbitmq management portal credential tester.

does a custom fingerprint in the canAccept() method since rabbitmq is not correctly recognized from nmap
tests the credentials using Basic Authentication
the management portal needs to be exposed on a different port, because the default one, which is 15672, is not scanned by the default configuration of nmap

leonardo-doyensec commented 5 months ago

Hi @tooryx, i've applied the fix that you have requested.

Thank you, Leonardo

tooryx commented 5 months ago

Thank you! I will try to get this merged as soon as possible.

~tooryx

leonardo-doyensec commented 5 months ago

No problem, i've fixed them.

Leonardo