Open Viss opened 5 years ago
Thanks for the suggestion, it sounds like a useful feature idea and I'll look at implementing it soon! However one thing I'm wary of is silently going out of scope, so if I were to implement this, it would probably involve prompting the user before changing the url being scanned, as Dirble is slightly more intrusive than wpscan.
Yup! Should be pretty easy to sort out scope though - if the domain name doesnt change, just the subdomain and http->https, its generally 'the actual site you're looking for' vs a 302 or 301 to another actual site.
In testing out dirble, I noticed that it will attempt exactly the url that is given, but seems to not understand what to do if, for example, the following scenario is encountered:
./dirble --host abc.com <dirble brutes abc.com, but abc.com 301's absolutely every request>
curl -skv abc.com 301 to https://abc.com
curk-skv https://abc.com 301 to https://www.abc.com
real site resides on https://www.abc.com, but input provided is just abc.com.
wpscan handles this pretty well with a function called 'follow initial redirect'. If something like that could be possible here, it would greatly improve workflow!