Checklist Check the version Vulnerabilities (get version from API) Refer to this Tenable Article Check for Puppet Naive autosigning enabled --> should be disabled you can scan it by via "nmap -p8140 --script puppet-naivesigning -sV 10.10.10.10" nmap -sSVC --privileged -vvv --reason -p 8140 --script puppet-naivesigning --script-args puppet-naivesigning.csr=/path/to/csr.pem,puppet-naivesigning.env=production,puppet-naivesigning.node=DomainnameOfAppServerControlledByPuppet 10.10.10.10 Look for unauthenticated API Access If API is accessible, run all commands to get Sensitive info Run this script Puppet_Pentest.py to Run most of the below commands at once. #Check whether Puppet Server is running on a server or not https://10.10.10.10:8140/status/v1/simple #Puppet Service Information - Check Services info (Agents) curl -k -X GET https://PUPPET-SERVER:8140/status/v1/services #Retrieve information about services running on Puppet Server https://10.10.10.10:8140/status/v
Way to Divergence