mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-03 19:34:53 -07:00
855a47c3cf
add recon modules for self-hosted background-job dashboards that ship no authentication of their own and rely on the hosting application to protect them: sidekiq web /sidekiq/stats discloses the redis server internals and the job queue, celery flower /api/workers (reachable only when its api is deliberately opened) discloses every worker's broker config and registered tasks, and rq-dashboard /0/data/queues.json discloses the redis-backed queue names and job counts; each open instance also allows killing, retrying or deleting jobs, while a deployment protected by the application returns a redirect or 401 and is not flagged.