search

diego-treitos / linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels
GNU General Public License v3.0
3.45k stars 574 forks source link

Correct directory to exclude #51

Closed x42en closed 3 years ago

x42en commented 3 years ago

Hi,

It seems failban embbed some .htpasswd in their tests, it could be the same for multiple python projects, so I suggest an exclusion of all the python's dist-packages.

diego-treitos commented 3 years ago

Hi, thank you for your PR but I do not think it is a smart idea to exclude that path in a generic way for all find calls. Actually not even for only the .htaccess call. It is unusual that a python package includes .htpasswd files and probably fail2ban shouldn't do it, however I think it is a good idea to check for their existence, specially under python's site-packages, as it can lead to find some default credentials for packages in use or even some credentials that were left there by mistake. The python packages might be custom packages installed with pip.