Qianlitp / crawlergo

A powerful browser crawler for web vulnerability scanners
GNU General Public License v3.0
2.85k stars 480 forks source link

Any suggestions on authenticated crawling? #126

Open rohitcoder opened 2 years ago

rohitcoder commented 2 years ago

Hi Team,

I really liked this project, this is super cool. I wanted to ask how to deal with authentications. If you used tools like ZAP Scanner or Burp Suite in past, you might have heard of there are lot of ways they are doing authenticated scans (Which basically first crawl after doing login). So, they have - JSON Based Auth, NTLM Auth, Script Based Auth, SSO Based auth support.

How we can do here? I was thinking if we can have something like, "A button" which starts crawling after user manually logged into web-app from launched browser, where user will fill creds and after he is logged-in he'll start crawler, and cralwer will capture all links inside that application.

Do you have any idea or can you guide me something here?

rohitcoder commented 2 years ago

@Qianlitp can we have an implementation of the playwright to do automatic logins?