Comments (5)
I am just glancing quickly to see where I would start on his adventure.
Are you thinking that, for the first line "HTTP_RESPONSE" in the first snippet, that the url of "https://irmaservices.nps.gov/arcgis/rest/%E2%80%9Dhttps:/www.nps.gov/lib/bootstrap/3.3.2/css/nps-bootstrap.min.css%22"
is the wrong format?
If so, then... yes... I would agree.
After throwing that string into a URL Decoder, I get...
"https://irmaservices.nps.gov/arcgis/rest/”https:/www.nps.gov/lib/bootstrap/3.3.2/css/nps-bootstrap.min.css""
The URL Encoded string of %E2%80%9D
and %22
are both equivilant to "
. So, either we need to account for that on our end. or there is something fishy with your But, that's just me glancing at this and thinking out loud.bbot -t target.txt
text file.
Has it happened since? Do you have a debug.log that correlates with those snippets? I tried grepping through that debug.log but I couldn't find %E2%80%9D
anywhere.
After thought (thanks to Paul):
The "module_sequence" is "httpx"... so that concatenation of those urls would be on our side. I'll dive into it.
from bbot.
@stryker2k2 thank you so much 🙏 You can find these in output.ndjson which I uploaded here:
https://drive.proton.me/urls/8KTKPZ8D04#MNYh5yfHn2IM
from bbot.
Hey @amiremami , were you running paramminer on that scan?
from bbot.
Hey : ) Yes, here is my debug.log if it's useful.
debug.log
from bbot.
This may be a symptom of the recursive decoding we're doing prior to URL excavation.
from bbot.
Related Issues (20)
- Filedownload.handle_event (url_unverified) HOT 1
- Badsecrets taking a long time HOT 3
- Git clone interacting with console HOT 1
- SSLCert: duplicate malformed certificates HOT 1
- Bug in IIS Shortnames HOT 1
- Bug in BadDNS HOT 1
- Stdout dies mid-scan HOT 4
- ASN Error HOT 1
- Ability to set timeout on individual modules
- Option to Raise FILESYSTEM and WEBSCREENSHOTs as Base64 Blobs HOT 4
- Optimize scan status message HOT 1
- Better discovery path tracking for dnsbrute_mutations
- New Module: Apache Tika & `RAW_DATA` events HOT 11
- InternetDB: option to display open ports HOT 2
- WPScan Installation Error HOT 13
- Modile jwt_tool to check for jwts with certain CVE issues? HOT 2
- Enable Cookies By Default
- Don't Increment Scope Distance for Hostless Events HOT 2
- Optimize Neo4j
- Discrepancies in wappalyzer findings. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbot.