Add more Security vulnerabilities -- flask jinja2 ssti / flask pin

RedSiege / EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

https://www.christophertruncer.com/eyewitness-usage-guide/

GNU General Public License v3.0

4.97k stars 844 forks source link

Add more Security vulnerabilities -- flask jinja2 ssti / flask pin #457

Closed 99Kies closed 4 years ago

99Kies commented 4 years ago

Add more Security vulnerabilities -- flask jinja2 ssti / flask pin

ChrisTruncer commented 4 years ago

We never have added vulnerabilities to this tool. I am open to it, but I would love to see it in a pull request because this hasn't been the original focus of EyeWitness. But feel free to open a PR with this capability

digininja commented 4 years ago

@99Kies If you are going to work on it, the easiest way would probably be to add an extra text field that could be used for notes, that way you could add a note comment to say "look for ssti" or something like that.