search
githubEdit

Introduction

Misconfig Mapper is a project by Intigriti for the community to help you find, detect and resolve common security misconfigurations in various popular services, technologies and SaaS-based solutions that your targets use!

Misconfig Mapper consists out of 2 parts, the Documentation and the Scanner.

hashtag
Documentation

The documentation has all the known misconfigured services documented. Each section or service has its own misconfigurations listed.

Each page is further divided into 5 separate sections; "Description", "Testing", "Remediation", "Potential Impact" and "References" (if any).

Example of a Public Groovy Script Console accessible on a misconfigured Jenkins instance.

hashtag
Scanner

The open-source scanner that is written in Golang is designed to help you automate finding or detecting almost all common security misconfigurations!

Some features include:

  • Automatic target enumeration (via permutations)

  • Template-based (easy configuration of new services)

  • Passive-only tests

Example of a misconfigured "Atlassian Jira Service Desk" finding using Misconfig Mapper.
LogoGitHub - intigriti/misconfig-mapper: Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!GitHubchevron-right

hashtag
Supported Services

At the moment, there are 15+ services available. Click here to view the full list of services covered.

Supported Serviceschevron-right

hashtag
Contributions

Contributions to the project are encouraged! Please learn more on how to contribute to the project on the following page:

Contributingchevron-right

hashtag
License

This project is licensed and available under the MIT Licensearrow-up-right.

PreviousMisconfig Mapper DocsNextSupported Services

Last updated