shelld3v
commented
1 year ago exclude specific paths during recursive scans
It's already possible with --exclude-subdirs
Open vu1Art1st opened 1 year ago
shelld3v
commented
1 year ago exclude specific paths during recursive scans
It's already possible with --exclude-subdirs
vu1Art1st
commented
1 year ago exclude specific paths during recursive scans
It's already possible with
--exclude-subdirs
i'm not that mean, what i mean is in some cases, during scanning, especially recursive scanning, it may trigger WAF or redirection, resulting in a large number of consecutive HTTP response status codes of 200 with the same size. In such cases, it should be skipped directly."
Prady18
commented
1 year ago @AMG4MATIC Understood. When performing scanning activities, such as recursive scanning, it is possible that it may trigger a Web Application Firewall (WAF) or redirection, resulting in a large number of consecutive HTTP response status codes of 200 with the same size. In these cases, it may be advisable to skip these responses directly in order to avoid unnecessary scanning and potential detection by security mechanisms. Skipping these responses can help avoid false positives or unnecessary noise in the scanning process. However, it's important to always ensure that any scanning activities are performed in a responsible and legal manner, with proper authorization and adherence to applicable laws and regulations.
What is the feature?
The feature sets a flag to skip continuously getting the same size of response and exclude specific paths during recursive scans.
What is the use case?
This feature is useful when scanning websites that have a web application firewall, redirects, or custom error pages that return continuously the same size of 200 response. By setting this flag, dirsearch can skip these continuously same size responses and exclude specific paths to produce more accurate results.