5O4R3S
commented
4 months ago Hi Lucas, I hope you are well. You are right, the tool is better equipped to scan OutSystems applications.
Initially I had created code to explore report screens (screens that use UltimatePDF), and with that I was going to create a tool for exploration, but I was afraid of what OutSystems would imagine about this lol.
But I agree with you on changing the name, as I do this in my spare time, I will change the name soon, really to avoid confusion.
Lucas, thank you :)
Hello Lucas, first of all thanks for your effort creating this tool, it's really useful. I've came across a slight different situation and I spend this weekend testing security points and while I was looking for something else, I found exactly the points that you described in this tool. I think you should talk/research with the common used pentest's OS distributions (like Kali, Parrot, BlackArch and so) and work with them to get your tool bundled with their OS.
I've only one point to suggest you: I see your application as an OSINT / Enumeration tool and I think you should consider changing the name of your tool to something like OutSystemsScan (OSS) or something else in this context. Like WPScan did, for instance... which does scan for wordpress's vulnerabilities. If your plan to evolve it to also automate exploitation of a target, I suggest you to create a module for the metasploit framework, this is something that I see in other projects and leads me to believe that this is like a "standard" in the field of information security
Thanks for sharing the tool, it's great.
Best regards,
Lucas Vilela