Home Page

id: jupyter-notebooks-exposed

info:
  name: Jupyter notebooks exposed to reading and writing
  author: johnk3r
  severity: high
  description: Jupyter notebooks are exposed.
  reference:
    - https://blog.aquasec.com/python-ransomware-jupyter-notebook
  classification:
    cpe: cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jupyter
    product: notebook
    shodan-query: title:"Home Page - Select or create a notebook"
  tags: jupyter,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 1

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_any(body, '<title>Home Page - Select or create a notebook</title>', '<div> There are no notebooks running. </div>', '/lab/api/settings')"
        condition: and
# digest: 4a0a004730450220179cd48de12f6e4dc8e199904cea32ceb268c3a910ea484154e1bea1546bc6d9022100a5e2715d285054cb5db1147dc80b50de3666108446b44cbfb0aec5d92498b1bc:922c64590222798bb761d5b6d8e72950