search

Lookyloo / PyLookyloo

Python CLI and module for Lookyloo
https://pylookyloo.readthedocs.io/en/latest/?badge=latest
BSD 3-Clause "New" or "Revised" License
6 stars 4 forks source link

Add check to URL in function enqueue in case prefix "http://" is missing #4

Closed Felalex57 closed 3 years ago

Rafiot commented 3 years ago

Just a note: we want to add the check directly in the __init__: https://github.com/Lookyloo/PyLookyloo/blob/main/pylookyloo/api.py#L22

Rafiot commented 3 years ago

Fixed by https://github.com/Lookyloo/PyLookyloo/commit/8914871a48f6f4d8ac2655f1a5871e6ccbe85cab

maaaaz commented 11 months ago

Hello there,

I would like to report a similar "bug".

I recently discovered in one of my workflow, that I was submitting bogus URL to pylookyloo, by prefixing a single-quote by a double-quote, and pylookyloo accepted it anyway, leading to bogus scan.

Example of my bogus workflow :

$ lookyloo --listing --query "'http://google.fr'"
https://lookyloo.circl.lu/tree/18f658c0-48b3-47ae-8b5d-35b3bd4c7fc1

But if you look at the lookyloo scan, it does not work as the URL was not correctly formatted.

Hence, could you improve the URL argument parsing in order to prevent bogus results ? For instance by removing all potential quotes around the URL, and also by ensuring that the URL is correctly structured (using this lib ?)

Cheers, and keep up the good work, CIRCL tools are awesome !