Closed domwhewell-sage closed 7 months ago
Hmm, this is an interesting idea. I am open to a dastardly module, however I'm hesitant to add a dependency on java, as the installation is unwieldy and can be problematic for the host system. @liquidsec may also have input here.
What is your vision for implementing it? How would it work with the python/bbot module system?
Hi, thanks for getting back to me. It would be implemented as a deadly module much like nuclei is, It outputs an XML file which can be parsed. Each finding comes with detail of the request/response that indicated the vulnerability which may have to be put into a separate file like the gowitness screenshots.
I don't think they distribute the java binary on its own, on the site if you select platform independent it prompts you to use a docker command to run it.
docker run --user $(id -u) --rm -v $(pwd):/dastardly -e \ BURP_START_URL=https://ginandjuice.shop -e \ BURP_REPORT_FILE_PATH=/dastardly/dastardly-report.xml \ public.ecr.aws/portswigger/dastardly:latest
During the dependency setup this could be accounted for by using deps_apt
to install docker.io and deps_ansible
to pull the docker image into the cache.
Running the command would probably have to prompt for sudo as the user may not be in the docker_users
group
Closing as this module has been merged 👍
Description Hi, would you be open to a PR for dastardly?
This would provide coverage of web application vulnerabilities: reflected XSS, CORS, Vulnerable JS, Content type not specified, Multiple Content Types, HTML Charset and duplicate cookies.
I am also investigating a OWASP ZAP module but have found dastardly to be more accurate on the above vulnerabilities.