This article introduces how to search for exposed NGINX configuration files using Criminal IP.

What Are NGINX Configuration Files?

NGINX is a type of webserver that is commonly used alongside Apache. In particular, traffic-intensive sites like Netflix, Dropbox and many popular websites are using NGINX. NGINX’s configuration file guides users through on how to set up an NGINX server. This means that there are sensitive information about the server included which can be something of interest to hackers. 

The default name of the NGINX web server’s configuration file is “nginx.conf” so you can find configuration files on Criminal IP Asset Search by searching the default name as a keyword. As shown in the image below, if you search the keyword “nginx.conf” with the filter “title: index,” you can find nginx.conf files on sites with directory index vulnerability.

“nginx.conf” title: “Index of “

Search Results for "nginx.conf" title: "Index of " Using Criminal IP's Asset Search
Criminal IP Asset Search results for “nginx.conf” title: “Index of ”
nignx.conf Files Exposed on Sites With Directory Index Vulnerability
nignx.conf Files Exposed on Sites With Directory Index Vulnerability 

How to Find NGINX Configuration File Management Tools

Although there are many ways to search for NGINX configuration files, if you search for sites with ‘Nginx UI’ in their HTML title, you can check NGINX UI pages that manage various configuration files of NGINX web servers.

title: “Nginx UI”

Search Results for title: "Nginx UI" on Criminal IP's Asset Search
 Criminal IP Asset Search results for title: “Nginx UI”

The critical part of this example is that the configuration value can be changed and applied. If you click on the sub-menu ‘Main Config,’ you can check the configuration file of the NGINX web server (nginx.conf) and change its configuration value.

Configuration File of 'NGINX UI' Marked Site's NGINX Webserver
Configuration File of ‘NGINX UI’ Marked Site’s NGINX Webserver

As many people, including well-known internet service companies, are using NGINX servers, they are always a major target for hackers. Many cases of cyberattacks have been carried out by targeting exposed vulnerabilities.

Therefore, checking if the NGINX webserver you are managing does not have any exposed configuration files by mistake should be the most basic yet prioritized security measure that should be taken.

If you want to find out how to search for webservers built using NGINX, check out our article “Search for Applications Exposed to Attack Surface Using Product Filter on Asset Search” which explains how to use the product filter. 

Source : Criminal IP (

관련 글: