search

RedSiege / EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
https://www.christophertruncer.com/eyewitness-usage-guide/
GNU General Public License v3.0
4.93k stars 843 forks source link

Malformed URL (from deleted head 605) #659

Closed Relkci closed 4 months ago

Relkci commented 4 months ago

original #605 from deleted head branch/repo.

Addresses #656 -- maybe. The example in the issue post from rengine-ng https://github.com/Security-Tools-Alliance/rengine-ng/issues/15 provided a sample URL that itself appeared legitimately malformed with a space in the URL. For the sake of this MR, I have to assume that was accidental and wasn't the cause of bringing #605 back up.

The example provided in #605 is fixed by the proposed changes from #605 and now here.

MR #659 addresses not-malformed URL from #605 by acknowledging it is not malformed

http://vimeo.com/api/oembed.json?url=/web/20131219172814/http://vimeo.com/80375746&api=1&player_id=preroll&height=354&width=630&callback

Screenshot:

image

Relkci commented 4 months ago

Meh, was a few extra minutes to deal with the space. MR #659 now addresses malformed URLs with spaces such as the one sampled here: https://github.com/Security-Tools-Alliance/rengine-ng/issues/15 (note space)

https://account.servicenow.com/sign-in?client_id=0oapi9ote73XCWSst0x7&redirect_uri=https://account.servicenow.com/auth&response_type=code&state=/profile/home?locale=en-us&scope=openid&source_id= account&locale=en-us

image

I don't actually like that we just abruptly sys.exit on a malformed URL, but... this isn't the MR to change that outcome