search

vulncheck-oss / go-exploit

A Go-based Exploit Framework
https://pkg.go.dev/github.com/vulncheck-oss/go-exploit
Apache License 2.0
304 stars 29 forks source link

Add `vhost` and `path`/`rootpath` default flags #180

Closed terrorbyte closed 2 months ago

terrorbyte commented 4 months ago

It's come up a few times in the last few weeks where we have added flags for doing virtualhost settings in protocol or want to allow for changing of the default URI path stem. It seems sensible to probably make these default.

One potential downside is that not everything is HTTP (yet at least), so those flags might be considered nonsense in those cases... but at the same time we have user-agent flags. Probably a discussion for another time but should these be put into target classes that potentially change the default flags?

If I get a few cycles this week I will open a PR to get these in.

terrorbyte commented 3 months ago

After some thinking on this we should probably do a few things:

  1. Avoid adding global flags that are protocol assumptive.
  2. Match on the config.Protocol and for a known protocols add flags based on the protocol needs.
j-baines commented 2 months ago

Match on the config.Protocol and for a known protocols add flags based on the protocol needs.

This strikes me as a particularly good idea. Already we have at least 1 global flag that is always used but is only associated with HTTP (user agent). It seems that would be easy to clean up.