Closed PaulSec closed 3 years ago
cc @isontheline @JulienPalard @smolveau :-)
I'm happy this is done \o/
I'm however useless at reviewing the code, I'm still on the bri^WPython side of life ;)
But I tested it with:
- uris: ["/db.sql", "/db.sql.gz", "/db.sqlite", "/db.sqlite.gz", "/db.sqlite3", "/db.sqlite3.gz", "/data.sql", "/data.sql.gz", "/users.sql", "/users.sql.gz", "/dump.sql", "/dump.sql.gz", "/mysqldump.sql", "/mysqldump.sql.gz", "/backup.sql", "/backup.sql.gz", "/db.backup", "/db.backup.gz", "/database.sql", "/database.sql.gz", "/db-data.sql", "/db-data.sql.gz", "/db_test.sql", "/db_test.sql.gz", "/db-test.sql", "/db-test.sql.gz"]
checks:
- name: Database file
status_code: 200
remediation: Delete this file
description: Verifies a database dump is accessible.
severity: "High"
and it works like a charm.
At the same time, I learnt that my Open Off^W^W firewall is greatly configured while testing ChopChop against my personal server, and getting instantly blacklisted... I had to test against another machine :P
uri
anduris
can't be specified at the same time.One example configuration file is as follow:
And we tried it using:
Closes #2