In this CIP blog, we will be finding out how to search for exposed NGINX configuration files using Criminal IP. 

What Are NGINX Configuration Files?

NGINX is a type of webserver that is commonly used alongside Apache. In particular, traffic-intensive sites like Netflix, Dropbox and many popular websites are using NGINX. NGINX’s configuration file guides users through on how to set up an NGINX server. This means that there are sensitive information about the server included which can be something of interest to hackers. 

The default name of NGINX webserver’s configuration file is “nginx.conf” so you can find configuration files on asset search by searching the default name as the keyword. As shown in the image below, if you search the keyword “nginx.conf” with the filter “title: index”, you can find nginx.conf files on sites with directory index vulnerability.

“nginx.conf” title: “Index of “

Search Results for "nginx.conf" title: "Index of " Using Criminal IP's Asset Search
Search Results for “nginx.conf” title: “Index of ” Using Criminal IP’s Asset Search
nignx.conf Files Exposed on Sites With Directory Index Vulnerability
nignx.conf Files Exposed on Sites With Directory Index Vulnerability 

How to Find NGINX Configuration File Management Tools: 

Although there are many ways to search for NGINX configuration files, if you search for sites that have ‘Nginx UI’ in their HTML title, you can check NGINX UI pages that manages various configuration files of NGINX webservers. 

title: “Nginx UI”

Search Results for title: "Nginx UI" on Criminal IP's Asset Search
Search Results for title: “Nginx UI” on Criminal IP’s Asset Search

The critical part of this example is that the configuration value can be changed and applied. If you click on the sub-menu ‘Main Config’, you can check the configuration file of NGINX webserver (nginx.conf) and change its configuration value.

Configuration File of 'NGINX UI' Marked Site's NGINX Webserver
Configuration File of ‘NGINX UI’ Marked Site’s NGINX Webserver

As many people, including internet service companies are using NGINX servers, they are always a major target for hackers. There are many cases of cyberattacks that have been carried out by targeting exposed vulnerabilities. 

Therefore, checking if the NGINX webserver you’re managing doesn’t have any exposed configuration files by mistake should be the most basic yet prioritized security measure that should be taken. 

If you want to find out how to search for webservers built using NGINX, check out our article “Search for Applications Exposed to Attack Surface Using Product Filter on Asset Search” which explains how to use the product filter. 

Source : Criminal IP (

관련 글: