cisagov / gophish-tools

Helpful tools for interacting with a GoPhish phishing instance

Creative Commons Zero v1.0 Universal

42 stars 6 forks source link

gophish-export incorrectly matches assessment IDs #11

Closed dav3r closed 3 years ago

dav3r commented 4 years ago

🐛 Bug Report

gophish-export is being too lenient when matching assessment IDs; it does not check that the assessment ID exactly matches the campaign IDs.

To Reproduce

All of the following invocations result in the same assessment (TEST1234) being exported:

gophish-export T ...
gophish-export TE ...
gophish-export TES ...
gophish-export TEST ...
gophish-export TEST1 ...
gophish-export TEST12 ...
gophish-export TEST123 ...
gophish-export TEST1234 ...

Expected behavior

gophish-export should only export an assessment if the campaign IDs match exactly.

bjb28 commented 4 years ago

Good catch, thank you! I am going to look at fixing this with regex and add tests where possible.