http/misconfiguration/mobsf-framework-exposure.yaml

id: mobsf-framework-exposure

info:
  name: MobSF Framework - Exposure
  author: Shine
  severity: high
  description: MobSF Framework is exposed.
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"MobSF"
  tags: misconfig,exposure,mobsf,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/recent_scans/'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Recent Scans'
          - 'Mobile Security Framework - MobSF'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220333fff412ae39bfe77a3ab8e183e7815d1bc63f112aec630e93d96bafa23e549022100e512681a110d91c4fc7c5172f2bb195b347463b13d59e10aef1cb2a9daf6b8e5:922c64590222798bb761d5b6d8e72950
fix-template 2023-08-03 18:23:16 +05:30			`id: mobsf-framework-exposure`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30
			`info:`
fix-template 2023-08-03 18:23:16 +05:30			`name: MobSF Framework - Exposure`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30			`author: Shine`
			`severity: high`
Updated descriptions of templates 2024-01-03 11:38:41 +05:30			`description: MobSF Framework is exposed.`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30			`metadata:`
fix-template 2023-08-03 18:23:16 +05:30			`verified: true`
templateman update 2023-10-14 16:57:55 +05:30			`max-request: 1`
fix-template 2023-08-03 18:23:16 +05:30			`shodan-query: title:"MobSF"`
feat: Implement asset-discovery and vulnerability detection distinction 2025-10-17 14:17:02 +02:00			`tags: misconfig,exposure,mobsf,vuln`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30
			`http:`
			`- method: GET`
			`path:`
fix-template 2023-08-03 18:23:16 +05:30			`- '{{BaseURL}}/recent_scans/'`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
fix-template 2023-08-03 18:23:16 +05:30			`- 'Recent Scans'`
Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30			`- 'Mobile Security Framework - MobSF'`
fix-template 2023-08-03 18:23:16 +05:30			`condition: and`

Create mobsf-panel.yaml If mobsf panel s exposed, it can sometimes reveal vulnerability scan details of private mobile applications. 2023-08-02 16:14:52 +05:30			`- type: status`
			`status:`
			`- 200`
chore: sign templates 🤖 2025-10-26 16:17:34 +00:00			`# digest: 4a0a004730450220333fff412ae39bfe77a3ab8e183e7815d1bc63f112aec630e93d96bafa23e549022100e512681a110d91c4fc7c5172f2bb195b347463b13d59e10aef1cb2a9daf6b8e5:922c64590222798bb761d5b6d8e72950`