Skip to content

Commit bbd2767

Browse files
HamzaSahin61HamzaSahin61
authored
Update redoc_exposed.md
1 parent 33244f6 commit bbd2767

File tree

1 file changed

+17
-9
lines changed

1 file changed

+17
-9
lines changed

documentation/modules/auxiliary/scanner/http/redoc_exposed.md

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,32 @@
11
## ReDoc API Docs UI Exposed
22

3-
Detects publicly exposed ReDoc API documentation pages by looking for known DOM elements, script names, and titles. The module is read-only and makes safe GET requests.
3+
Detects publicly exposed ReDoc API documentation pages by looking for known DOM elements and script names. The module is read-only and sends safe `GET` requests.
44

55
### Module Options
66

7-
* **RHOSTS** (required): Target address range or CIDR identifier.
8-
* **RPORT**: Default `80` (overridable via `DefaultOptions` or at runtime).
9-
* **SSL**: HTTPS support is registered by default (set if needed).
10-
* **REDOC_PATHS**: Comma-separated custom paths to probe. If unset, defaults to:
11-
`/redoc,/redoc/,/docs,/api/docs,/openapi`.
7+
- **RHOSTS** (required): Target address range or CIDR identifier.
8+
- **RPORT**: Default `80` (from `DefaultOptions`).
9+
- **SSL**: Enable to negotiate HTTPS to the target.
10+
- **REDOC_PATHS** (required): Comma-separated paths to probe. **Default**:
11+
`/redoc,/redoc/,/docs,/api/docs,/openapi`
12+
13+
### How It Works
14+
15+
- Prefers DOM checks (`<redoc>`, `#redoc`, or scripts containing `redoc` / `redoc.standalone`).
16+
- Falls back to title/body heuristics for “redoc”.
17+
- Considers only **2xx** and **403** responses (avoids noisy redirects).
1218

1319
### Verification Steps
1420

1521
1. Start `msfconsole`.
1622
2. `use auxiliary/scanner/http/redoc_exposed`
1723
3. `set RHOSTS <target-or-range>`
18-
4. (Optional) `set REDOC_PATHS /redoc,/docs`
19-
5. (Optional) `set SSL true`
24+
4. (Optional) `set SSL true`
25+
5. (Optional) `set REDOC_PATHS /redoc,/docs`
2026
6. `run`
2127

2228
### Scenarios
29+
2330
```text
2431
msf6 > use auxiliary/scanner/http/redoc_exposed
2532
msf6 auxiliary(scanner/http/redoc_exposed) > set RHOSTS 192.0.2.0/24
@@ -31,4 +38,5 @@ msf6 auxiliary(scanner/http/redoc_exposed) > run
3138

3239
* **Stability**: `CRASH_SAFE` (GET requests only).
3340
* **Reliability**: No session creation.
34-
* **SideEffects**: Requests may appear in server logs (`IOC_IN_LOGS` if applicable).
41+
* **SideEffects**: Requests may appear in server logs (`IOC_IN_LOGS`).
42+

0 commit comments

Comments
 (0)