Open TheTechromancer opened 2 months ago
I think i'd rather have the generic ability to filter by tags in the output module, rather than something specific just for this one tag in paramminer. @TheTechromancer thoughts?
Tags are a good idea but we should try and consider users who are only scanning for vulnerabilities and don't plan on doing manual fuzzing. To them I think only the reflected ones would be interesting, so it might make sense to have a filter option on the module.
On the other hand, even the reflected ones sometimes don't result in a vulnerability. So until we have a more complete web scanning family with PARAM events, if we just want to say the paramminer modules are for advanced users only, that's fine too.
Lightfuzz branch will change how all of these works, so I am very hesitant to make changes like this now (there will be an entirely new event type, WEB_PARAMETER
). This is also why I was leaning towards making a generic option to filter by tags.
Discussed in https://github.com/blacklanternsecurity/bbot/discussions/1329