Skip to content

Information Disclosure: Private IP

Identifier: private_ip

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Internal network addresses such as private IPs or hostnames may be exposed in public responses, revealing network structure and enabling targeted attacks.

How we test: We analyze all responses including error messages, headers, and response bodies to detect private IP addresses, internal hostnames, or EC2 instance identifiers. We check for common private IP ranges and internal naming patterns that should not be exposed publicly.

Configuration

Example

Example configuration:

---
security_tests:
  private_ip:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.