id: exposed-kafdrop

info:
  name: Publicly exposed Kafdrop Interface
  author: dhiyaneshDk
  severity: low
  description: Publicly Kafdrop Interface is exposed.
  metadata:
    max-request: 1
  tags: exposure,misconfig,kafdrop

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: word
        words:
          - "<title>Kafdrop: Broker List</title>"
          - "Kafka Cluster Overview"
        condition: and
# digest: 490a00463044022010766d9eb707dadd8d5e72a7fd1ba9e750f9c0f1b368dfe7fcc6004fa6cbbe4e0220120e251961bd0f7f66e2691a63bebfc964789357440bdf89ef00d861f718efd5:922c64590222798bb761d5b6d8e72950