Unexpected behaviour adding domains when scope is only *.example.com

honoki / bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

MIT License

613 stars 90 forks source link

Unexpected behaviour adding domains when scope is only *.example.com #36

Closed rsilvav closed 3 years ago

rsilvav commented 3 years ago

When starting with a new program and defining scope only with:

bbrf scope in add *.example.com

trying to add the domain example.com will fail.

For replying the behaviour try:

bbrf new example bbrf use example bbrf inscope add *.example.com bbrf domain add example.com bbrf domains

Output will be empty.

anasbousselham commented 3 years ago

Hi, Your bbrf server is up!?

honoki commented 3 years ago

Hi @rsilvav - this is expected behaviour. BBRF at the moment does not match example.com to *.example.com, as it doesn't consider it a strict subdomain.

So I would recommend adding example.com as in scope explicitly.

I have some ideas about changing the default behaviour, but nothing concretely planned.

rsilvav commented 3 years ago

@honoki thanks for your answer!

Strictly speaking you're right, but programs with wide scope (like *.example.com) usually are implicitely including example.com (maybe they are wrong?)

It is an ambiguous, but in my opinion is better to send some out-of-scope reports than missing some implicitely-valid bugs. Maybe inverting the behaviour (example.com matches *.example.com unless example.com is out-of-scope) is an alternative.

For now i will follow your advice :)