Thanos", "href=\"/classic/\">Thanos</a>")' condition: and # digest: 4b0a00483046022100cf5dabc93a4c57d56a23e01ad0fbb82741e1387ff7d7da79af476820d81f6e3c0221009d99a03387621399ec7818a5926d6bebd130437d4190fd06ca0a8a0f62247497:922c64590222798bb761d5b6d8e72950

id: thanos-prometheus-exposure

info:
  name: Thanos Prometheus Setup - Exposure
  author: DhiyaneshDk,righettod
  severity: high
  description: |
    Thanos graph endpoint was detected.
  reference:
    - https://thanos.io/
    - https://github.com/thanos-io/thanos
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"Thanos | Highly available Prometheus setup"
    fofa-query: icon_hash="29632872"
  tags: thanos,prometheus,exposure,setup,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/graph"
      - "{{BaseURL}}/classic/graph"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "THANOS_COMPONENT", "THANOS_QUERY_URL") || contains_all(body, "<title>Thanos", "href=\"/classic/\">Thanos</a>")'
        condition: and
# digest: 4b0a00483046022100cf5dabc93a4c57d56a23e01ad0fbb82741e1387ff7d7da79af476820d81f6e3c0221009d99a03387621399ec7818a5926d6bebd130437d4190fd06ca0a8a0f62247497:922c64590222798bb761d5b6d8e72950