Closed anshumanbh closed 6 years ago
Are you able to share --debug
output? Otherwise using --dryrun
might help show differences in the fingerprint targets that get created.
Since you never responded with further details, I'm closing. If it's still an issue, please post the cred files and scanner output to help me debug.
Cheers
Hello,
I noticed there is a bug in the way the resource names are being read to load the YML files.
So, for instance, lets suppose we have 2 YML files - exactly same but the only difference being that the
ssl
value istrue
in one andfalse
in the other.Let's say the names of these YML files are "xyz SSL" and "xyz noSSL".
Let's say we have a target with SSL enabled and invalid cert.
If we run changeme with just the noSSL YML file by specifying the
-n
flag as-n "xyz noSSL"
, fingerprinting is not successful. This is as expected.If we run changeme with just the SSL YML file by specifying the
-n
flag as-n "xyz SSL"
, fingerprinting is successful. This is as expected.Now, if we run changeme with both the YML files by specifying the
-n
flag as-n "xyz"
, it appears as if its loading both YML files and fingerprinting is coming out to be successful with both the ssl and noSSL YML files. The fingerprinting against thenoSSL
file should have failed but its succeeding.So, as per above, there is some discrepancy where specifying an incomplete name like
-n "xyz"
is not producing the expected output.Cheers!