Skip to content

Information Disclosure: Private IP¶

Identifier: private_ip

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Internal network addresses such as private IPs or hostnames may be exposed in public responses, revealing network structure and enabling targeted attacks.

How we test: We analyze all responses including error messages, headers, and response bodies to detect private IP addresses, internal hostnames, or EC2 instance identifiers. We check for common private IP ranges and internal naming patterns that should not be exposed publicly.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  private_ip:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.