Open originalsouth opened 9 months ago
noamblitz
commented
9 months ago Instead of KAT deciding (with very complex rules) whether new objects should be cleared, we are going to build a screen where all new objects are shown in a list much like a to-list, which user can clear. Ticket can be handed over to the design team for refinement.
underdarknl
commented
2 months ago This could be great first use case for a dashboard query.
Basically: Select (using a Path query) all URL/HOSTNAME OOI's on the OOI-list that do not have a clearance level, and are within a zone that has a clearance level.
The user can then decide to add a clearance level to these, or set them to 0.
Describe the bug Suppose we would like to scan some URL like https://kennisnet.nl with the Wappalyzer boefje. Hence, we enable the Wappalyzer boefje, add the URL OOI, and clear it on level 2. Upon scanning, we discover nothing but a new https://www.kennisnet.nl as https://kennisnet.nl redirects to https://www.kennisnet.nl.
For reasons explained in #1662, and addressed in #1962, redirects by the Wappalyzer are yielded without any clearance as this could cause KAT to start scanning URLs that are not cleared by the user.
In this particular case, however, one can argue that a redirection within the same DNS zone can be cleared, as any user would intend and expect such behavior. Hence this bug.
To Reproduce
Expected behavior Yield software instances identified by Wappalyzer on https://www.kennisnet.nl
Screenshots
OpenKAT version main (84fcfbac3efb1b461754a696dac37539a6756814)