From 571899659ecb6b611bc81164cddaf40ce8485e42 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Wed, 15 Apr 2026 12:52:53 +0900 Subject: [PATCH 1/2] Create hatwoot-installer-exposed.yaml for Chatwoot Added a new YAML configuration for detecting Chatwoot installation exposure. --- .../installer/hatwoot-installer-exposed.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 http/misconfiguration/installer/hatwoot-installer-exposed.yaml diff --git a/http/misconfiguration/installer/hatwoot-installer-exposed.yaml b/http/misconfiguration/installer/hatwoot-installer-exposed.yaml new file mode 100644 index 000000000000..74c4e6cc5c67 --- /dev/null +++ b/http/misconfiguration/installer/hatwoot-installer-exposed.yaml @@ -0,0 +1,32 @@ +id: chatwoot-installer-exposed + +info: + name: Chatwoot - Unfinished Installation + author: 0x_Akoko + severity: high + description: | + Detected chatwoot instance with the initial installation onboarding page accessible at /installation/onboarding, enabling unauthenticated users to create the first Super Admin account and gain full platform control. + reference: + - https://github.com/chatwoot/chatwoot + - https://www.chatwoot.com/docs/self-hosted/monitoring/super-admin-sidekiq + metadata: + verified: true + max-request: 1 + vendor: chatwoot + product: chatwoot + shodan-query: http.title:"SuperAdmin | Chatwoot" + fofa-query: title="SuperAdmin | Chatwoot" + tags: misconfig,install,exposure,chatwoot,unauth + +http: + - method: GET + path: + - "{{BaseURL}}/installation/onboarding" + + matchers: + - type: dsl + dsl: + - 'contains_all(body, "SuperAdmin | Chatwoot", "Howdy, Welcome to Chatwoot", "Finish Setup")' + - 'contains(content_type, "text/html")' + - 'status_code == 200' + condition: and From 1d49144fb8b1c89379470f9e8ed412302920e9ba Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sun, 19 Apr 2026 13:42:36 +0530 Subject: [PATCH 2/2] Update and rename hatwoot-installer-exposed.yaml to chatwoot-installer.yaml --- ...atwoot-installer-exposed.yaml => chatwoot-installer.yaml} | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) rename http/misconfiguration/installer/{hatwoot-installer-exposed.yaml => chatwoot-installer.yaml} (88%) diff --git a/http/misconfiguration/installer/hatwoot-installer-exposed.yaml b/http/misconfiguration/installer/chatwoot-installer.yaml similarity index 88% rename from http/misconfiguration/installer/hatwoot-installer-exposed.yaml rename to http/misconfiguration/installer/chatwoot-installer.yaml index 74c4e6cc5c67..e4b54b646b84 100644 --- a/http/misconfiguration/installer/hatwoot-installer-exposed.yaml +++ b/http/misconfiguration/installer/chatwoot-installer.yaml @@ -1,7 +1,7 @@ -id: chatwoot-installer-exposed +id: chatwoot-installer info: - name: Chatwoot - Unfinished Installation + name: Chatwoot - Installation author: 0x_Akoko severity: high description: | @@ -27,6 +27,5 @@ http: - type: dsl dsl: - 'contains_all(body, "SuperAdmin | Chatwoot", "Howdy, Welcome to Chatwoot", "Finish Setup")' - - 'contains(content_type, "text/html")' - 'status_code == 200' condition: and