Skip to content

Comments

Adding config_file_scan #1051

Merged
securestep9 merged 4 commits intoOWASP:masterfrom
Manushya-a:config-scan
May 5, 2025
Merged

Adding config_file_scan #1051
securestep9 merged 4 commits intoOWASP:masterfrom
Manushya-a:config-scan

Conversation

@Manushya-a
Copy link
Contributor

@Manushya-a Manushya-a commented Mar 22, 2025

Proposed change

This PR aims to add a scan module config_file_scan which searches for configuration file in a website and adds a wordlist for the same

Type of change

  • New core framework functionality
  • Bugfix (non-breaking change which fixes an issue)
  • Code refactoring without any functionality changes
  • New or existing module/payload change
  • Localization improvement
  • Dependency upgrade
  • Documentation improvement

Checklist

  • I've followed the contributing guidelines
  • I've run make pre-commit, it didn't generate any changes
  • I've run make test, all tests passed locally

@Manushya-a
Config-scan
5aaaf14
@Manushya-a
Update config_wordlist.txt
d276379 
Adding possible configuration file names
@pUrGe12
Copy link
Contributor

pUrGe12 commented Mar 22, 2025

Hey, while you're at it, I think creating something like an extension adder would also make sense? For example, using the '-x' flag and specifying extensions to add onto the words in the wordlist file you're using while doing a scan would be cool and would probably help in config scans.

@Manushya-a
Copy link
Contributor Author

Manushya-a commented Mar 22, 2025

ya makes sense. I will get to it :D

@Manushya-a
Update config_wordlist.txt
3bf7ce4 
Updating the wordlist to remove spaces in the urls
@Manushya-a
Copy link
Contributor Author

Manushya-a commented Mar 24, 2025
edited
Loading

maybe we should tackle that in a separate pr?

@securestep9 securestep9 added the new module pull request with new module(s) label May 5, 2025
@securestep9 securestep9 self-assigned this May 5, 2025
@securestep9
Copy link
Collaborator

securestep9 commented May 5, 2025

Thank you for your contribution @Manushya-a ! 🚀

@securestep9 securestep9 added this pull request to the merge queue May 5, 2025
Merged via the queue into OWASP:master with commit 423f661 May 5, 2025
17 checks passed
@Manushya-a Manushya-a deleted the config-scan branch May 5, 2025 16:07
pUrGe12 pushed a commit to pUrGe12/Nettacker that referenced this pull request May 23, 2025
@Manushya-a @securestep9 @pUrGe12
Adding config_file_scan (OWASP#1051)
7f11962 
* Config-scan

* Update config_wordlist.txt

Adding possible configuration file names

* Update config_wordlist.txt

Updating the wordlist to remove spaces in the urls

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
pUrGe12 pushed a commit to pUrGe12/Nettacker that referenced this pull request May 24, 2025
@Manushya-a @securestep9 @pUrGe12
Adding config_file_scan (OWASP#1051)
eb243b3 
* Config-scan

* Update config_wordlist.txt

Adding possible configuration file names

* Update config_wordlist.txt

Updating the wordlist to remove spaces in the urls

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@securestep9 securestep9 securestep9 approved these changes

@arkid15r arkid15r Awaiting requested review from arkid15r arkid15r is a code owner

Assignees

@securestep9 securestep9

Labels

new module pull request with new module(s)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Manushya-a @pUrGe12 @securestep9