mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-04 19:57:01 -07:00
ed0cceb75a
add a recon module for an n8n instance that serves /rest/settings without authentication; the endpoint exists so the frontend can load but it discloses the webhook url structure, instance id, release channel, configured authentication method and whether owner setup is still pending, which aids reconnaissance and can indicate a claimable instance; it is unauthenticated by design so this is reported as information disclosure.