edoardottt / csprecon Goto Github PK

Having JSON output as an option would be nice, especially when doing -l targets.txt, for example

{"x.subdomain.com" : ["new.subdomain.com",  "second.subdomain.com", "etc.."]}

Just mapping the specific taarget to the domains found from CSP.

Fix Path Traversal in MHolt Archiver dependabot security alert. It isn't sure if csprecon is affected (not likely because the import is indirect).

Dependabot can't find a published or compatible non-vulnerable version for https://github.com/mholt/archiver

All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

Affected versions: >= 3.0.0, < 3.3.2
Patched version: 3.3.2

In resource-constrained environments we sometimes cannot afford to install full-blown Go + build packages with it: good practice is to have pre-packaged binary releases for each platform.

You can include this in a GitHub action workflow, by leveraging something like the https://github.com/marketplace/actions/go-release-binaries action which automates the process.

For reference:

• https://github.com/marketplace/actions/goreleaser-action
• https://github.com/edoardottt/cariddi/blob/main/.goreleaser.yaml
• https://github.com/edoardottt/cariddi/blob/main/.github/release.yml
• https://github.com/edoardottt/cariddi/blob/main/.github/workflows/release-binary.yml
• https://github.com/edoardottt/cariddi/blob/main/.github/workflows/release-test.yml

Is your feature request related to a problem? Please describe.
It would be a nice feature to optionally include a scope constraint by domain so that results are constrained to only subdomains of the specified constraint domain or a list of constraint domains in a file.

Describe the solution you'd like
When --scope example.com is specified, only return subdomains of *.example.com. Ex:
api.example.com
foobarbaz.example.com
etc...

Describe alternatives you've considered
I'd like to use this tool but currently too many third-party hosts are returned and it would be very useful to only get hosts that are in-scope for a penetration test that you're authorized to test.

Additional context
I could manually parse the output results to filter out-of-scope items but this would be a great feature to have built-in to the project.

Describe the bug
A clear and concise description of what the bug is.

go install github.com/edoardottt/csprecon/cmd/csprecon@latest
# github.com/projectdiscovery/utils/maps
/root/go/pkg/mod/github.com/projectdiscovery/[email protected]/maps/synclock_map.go:15:18: undefined: atomic.Bool
note: module requires Go 1.19

go version 
go version go1.18.1 linux/amd64

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

@edoardottt looking to get multiple domains to filter or more than one domain keyword to grab from the results with flat -d