Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add support for URL templates #247
On another scanner (Acunetix) i noticed this feature, basically can warn if URl rewrite was detected and then you got 2 options, ignore and continue scan or stop scan and define URL rewrite rules, i was wondering if we could get this one step further, auto detect URL rewrite and automatically add rules on the fly during the scan so we avoid infinite scan loops and fps
Working on this now, reliably auto-detecting it would be impossible, however, what we can do is fuzz each path fragment individually.
That wouldn't even require the user to provide rewrite rules (which can be a PITA and be fraught with mistakes) as all possible rules would be covered -- I think.
What I ended up doing is allow for auditing a new class of element, a link-template.
Say you've got this link:
You can cherry pick from that link which parts to audit using a regular expression that uses named captures, like so:
The above would extract the
Or, if you've got many inputs in the same link, you can do something like:
Which will extract the
I'll also add rewrite support like in the links you provided as it's generally preferable if you've got access to them.