fix(security): rework scan working folder location to prevent leaks

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.

GNU General Public License v3.0

52 stars 10 forks source link

fix(security): rework scan working folder location to prevent leaks #92

Closed psyray closed 4 months ago

psyray commented 4 months ago

fix #16

Replace the scan_id sequential number by an uuid, hard to guess. This quickly address the issue while we could think about a better solution when we will work on the #71

I've also "normalize" the path :

graph LR;
    A(/usr/src/scan_results)
    B(/domain_name)
    C(/subscans)
    D(/scans)
    E(/uuid)
    A-->B;
    B-->C;
    B-->D;
    C-->E;
    D-->E;

Tested and working

psyray commented 4 months ago

While testing I found a bug. When deleting target the scan results path is wrong and there is a space in the path So all the scan logs stay on the disk

psyray commented 4 months ago

bug resolved, ready to be tested and merged