Open krivadna opened 1 week ago
Hi @krivadna!
You can set the -target
CLI flag to specify a target. Did you encounter any issues with setting that CLI flag? If so, feel free to provide some more information that can help me trace back the issue.
Thank you!
I am using intentionally vuln website but getting error
~/misconfig-mapper $ ./misconfig-mapper -target "https://testphp.vulnweb.com" -service 1 -delay 1000 [+] Checking 49 possible target URLs... [-] Error: Failed to read response for https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com-net.atlassian.net/servicedesk/customer/user/login
Hi
Correct, the target you supplied for that specific template is invalid as the template is designed to find the Atlassian Jira service desk misconfiguration. For that, it expects a target name only as it processes it as a suffix for {target}.atlassian.net
Testphp is not known to be vulnerable to the misconfiguration you selected. However, you could try setting the target to your company name instead.
Example: $ ./misconfig-mapper -target "yourcompanyname" -service 1 -delay 1000
You can find more examples under the Usage-section
Future releases will include a more sophisticated way of adjusting the target to address inconsistencies like these.
in "yourcompanyname" How to specify a url "https://example.com" or "example.com"