DSL doesn't filter status codes.

[nullenc0de]

Katana does not filter status codes as the usage reads. This is apparent with all sites I have tested. Katana is on the latest version.

~# katana -u http://testphp.vulnweb.com -jc -jsl -kf all -aff -fx -ps -mdc 'status_code == 200' -silent |httpx -silent -sc
http://testphp.vulnweb.com/ajax/infoartist.php?id=-7472 [404]
http://testphp.vulnweb.com/ajax/infoartist.php?id=-5162 [404]
http://testphp.vulnweb.com/admin/ [200]

~# katana -u http://testphp.vulnweb.com -jc -jsl -kf all -aff -fx -ps -fdc 'status_code == 404' -silent |httpx -silent -sc
http://testphp.vulnweb.com/.well-known/ai-plugin.json [404]
http://testphp.vulnweb.com/ajax/infoartist.php?id=-2232 [404]
http://testphp.vulnweb.com/ajax/index.phpuser-agent: [404]
http://testphp.vulnweb.com/ajax/infoartist.php?id=-1484 [404]
http://testphp.vulnweb.com/ajax/infoartist.php?id=-2230 [404]
http://testphp.vulnweb.com/ajax/categories.php [404]
http://testphp.vulnweb.com/acunetix_file/////// [404]

[geeknik]

From my limited debugging, it appears this issue manifests itself with the use of the -ps flag.

[ehsandeep]

@nullenc0de you are using passive crawl mode which can't have actual status code, as of now output include a placeholder value to make it resuable to process the output file as input for other integration but it does not include actual status code in passive mode.

[dogancanbakir]

Closing, this is by design.