search

intigriti / misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
https://bugology.intigriti.io/misconfig-mapper-docs
MIT License
267 stars 17 forks source link

Made templates location independent #17

Closed GKNSB closed 2 weeks ago

GKNSB commented 3 weeks ago

Assuming you keep the binary in a directory that is in your path, or you make a link in your path so that you can run it from anywhere on the filesystem. As it is now, the templates folder is created and the services.json is downloaded in every location you run the program from. This pr fixes that and ./templates/services.json is always kept where the binary is. Example follows:

Binary location:

/root/Tools/misconfig-mapper/misconfig-mapper
/usr/bin/misconfig-mapper -> /root/Tools/misconfig-mapper/misconfig-mapper (link)

Workplace directory structure:

/root/Bounties/bountya
/root/Bounties/bountyb
/root/Bounties/bountyc

I can run misconfig-mapper from any bounty location, however a new ./templates/services.json gets created in each one. With the fixes above, the program always looks for ./templates/services.json in the actual binary location so that would be /root/Tools/misconfig-mapper/templates/services.json. Sames goes for updates.

0xblackbird commented 3 weeks ago

Hi!

Thank you for your contributions! We appreciate your work a lot!

I will provide you with an update (likely before the end of this week)!