Chef Automate Security

{{#include ../../banners/hacktricks-training.md}}

What is Chef Automate

Chef Automate is a platform for infrastructure automation, compliance, and application delivery. It exposes a web UI (often Angular) that talks to backend gRPC services via a gRPC-Gateway, providing REST-like endpoints under paths such as /api/v0/.

• Common backend components: gRPC services, PostgreSQL (often visible via pq: error prefixes), data-collector ingest service
• Auth mechanisms: user/API tokens and a data collector token header x-data-collector-token

Enumeration & Attacks

{{#ref}}
chef-automate-enumeration-and-attacks.md
{{#endref}}

{{#include ../../banners/hacktricks-training.md}}