bugscanner-go icon indicating copy to clipboard operation
bugscanner-go copied to clipboard
verified publisher icon aztecrabbit

[Enhancement] Save specific Status Code & Server

Open MC874 opened this issue 3 years ago • 1 comments

Introduction

Currently, the tools only highligh 101 statuses, which, other status code are ignored from the result. It would be helpful if users able to specify status code. For example: 200 or 301 is often usefull to detect domain-frontable. Also, since bugscanner grabs the server name from the header, it is possible to specify what server that would be saved into result. This helps for users to find domain related to CDN such as CloudFront, cloudflare and Akamai.

Implementation

Can be reserved as a new parameter

--server cloudflare --server CloudFront
-server ['cloudflare', 'CloudFront']

--status-code 200 --status-code 301
--status [ 200, 301 ]

MC874 avatar May 24 '22 14:05 MC874

Updating the topic into more concise way.

MC874 avatar Jan 31 '23 15:01 MC874

the --status-code can't be changed because --target server must be resulting 101 Switching Protocols, if you are using cdn as proxy, your --taget server MUST resulting 101 because the Upgrade header exists in the payload, if your --target server not resulting 101, your connection will be closed by proxy (cdn)

aztecrabbit avatar Jun 11 '24 04:06 aztecrabbit

Introduction

Currently, the tools only highligh 101 statuses, which, other status code are ignored from the result. It would be helpful if users able to specify status code. For example: 200 or 301 is often usefull to detect domain-frontable. Also, since bugscanner grabs the server name from the header, it is possible to specify what server that would be saved into result. This helps for users to find domain related to CDN such as CloudFront, cloudflare and Akamai.

Implementation

Can be reserved as a new parameter

--server cloudflare --server CloudFront
-server ['cloudflare', 'CloudFront']

--status-code 200 --status-code 301
--status [ 200, 301 ]

@MC874 the garbage repo owner probably don't understand what you mean LOL https://github.com/aztecrabbit/bugscanner-go/issues/15#issue-2457026166

sonvirgo avatar Aug 19 '24 09:08 sonvirgo

It is true that cdn parameter MUST result in 101. However, since this is tool is intended for scanning "bugs", it would really helpful if you can add user-specified status/server be saved on the result. @aztecrabbit

MC874 avatar Aug 21 '24 01:08 MC874

It is true that cdn parameter MUST result in 101. However, since this is tool is intended for scanning "bugs", it would really helpful if you can add user-specified status/server be saved on the result. @aztecrabbit

@MC874 I dont really waste time walking through his code. But from the result obtain. Almost all found IPs are not forwarding traffic to target CDN neither through websockets nor http. If it forwards then ofcouse it responses to any kind of scan, like 'keep alive' scanning. His code surely has flaw. Even if the code get 101 from the IP, it is not clear if 101 comes from the IP itself or from the target CDN. That is why all found IPs dont forward traffic to the target CDN. I think his code is a cut down NMAP rather than 'bugs' scanner as he advertizes. I'd rathe rely on NMAP 200 response code scan. Then I scan by injecting programmatically the IP inside the End-to-end application source code to ensure it is the 'bug' host. Which forward traffic from end to end. Ofcouse this cant run as fast as his tool, which look like scan on the fly. But infact useless. It is internet, and spreading such kind of thing is misleading and waste lots of time.

sonvirgo avatar Aug 23 '24 00:08 sonvirgo