search

intigriti / misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
https://bugology.intigriti.io/misconfig-mapper-docs
MIT License
265 stars 17 forks source link

How to specify target #20

Open krivadna opened 1 week ago

krivadna commented 1 week ago

in "yourcompanyname" How to specify a url "https://example.com" or "example.com"

0xblackbird commented 1 week ago

Hi @krivadna!

You can set the -target CLI flag to specify a target. Did you encounter any issues with setting that CLI flag? If so, feel free to provide some more information that can help me trace back the issue.

Thank you!

krivadna commented 6 days ago

I am using intentionally vuln website but getting error

~/misconfig-mapper $ ./misconfig-mapper -target "https://testphp.vulnweb.com" -service 1 -delay 1000 [+] Checking 49 possible target URLs... [-] Error: Failed to read response for https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login [-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login) [-] Error: Failed to read response for https://https://testphp.vulnweb.com-net.atlassian.net/servicedesk/customer/user/login

0xblackbird commented 6 days ago

Hi

Correct, the target you supplied for that specific template is invalid as the template is designed to find the Atlassian Jira service desk misconfiguration. For that, it expects a target name only as it processes it as a suffix for {target}.atlassian.net

Testphp is not known to be vulnerable to the misconfiguration you selected. However, you could try setting the target to your company name instead.

Example: $ ./misconfig-mapper -target "yourcompanyname" -service 1 -delay 1000

You can find more examples under the Usage-section

Future releases will include a more sophisticated way of adjusting the target to address inconsistencies like these.