edoardottt / csprecon Goto Github PK
View Code? Open in Web Editor NEWDiscover new target domains using Content Security Policy
Home Page: https://edoardoottavianelli.it
License: MIT License
Discover new target domains using Content Security Policy
Home Page: https://edoardoottavianelli.it
License: MIT License
Having JSON output as an option would be nice, especially when doing -l targets.txt, for example
{"x.subdomain.com" : ["new.subdomain.com", "second.subdomain.com", "etc.."]}
Just mapping the specific taarget to the domains found from CSP.
Fix Path Traversal in MHolt Archiver
dependabot security alert. It isn't sure if csprecon is affected (not likely because the import is indirect).
Dependabot can't find a published or compatible non-vulnerable version for https://github.com/mholt/archiver
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
Affected versions: >= 3.0.0, < 3.3.2
Patched version: 3.3.2
In resource-constrained environments we sometimes cannot afford to install full-blown Go + build packages with it: good practice is to have pre-packaged binary releases for each platform.
You can include this in a GitHub action workflow, by leveraging something like the https://github.com/marketplace/actions/go-release-binaries action which automates the process.
For reference:
Is your feature request related to a problem? Please describe.
It would be a nice feature to optionally include a scope constraint by domain so that results are constrained to only subdomains of the specified constraint domain or a list of constraint domains in a file.
Describe the solution you'd like
When --scope example.com is specified, only return subdomains of *.example.com. Ex:
api.example.com
foobarbaz.example.com
etc...
Describe alternatives you've considered
I'd like to use this tool but currently too many third-party hosts are returned and it would be very useful to only get hosts that are in-scope for a penetration test that you're authorized to test.
Additional context
I could manually parse the output results to filter out-of-scope items but this would be a great feature to have built-in to the project.
Describe the bug
A clear and concise description of what the bug is.
go install github.com/edoardottt/csprecon/cmd/csprecon@latest
# github.com/projectdiscovery/utils/maps
/root/go/pkg/mod/github.com/projectdiscovery/[email protected]/maps/synclock_map.go:15:18: undefined: atomic.Bool
note: module requires Go 1.19
go version
go version go1.18.1 linux/amd64
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
@edoardottt looking to get multiple domains to filter or more than one domain keyword to grab from the results with flat -d
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.