Skip to content

Update Spider Param #365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
payoub125 merged 1 commit into from
Apr 3, 2026
Merged

Update Spider Param #365

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 14 additions & 21 deletions cmd/discover.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -545,12 +545,6 @@ func (a *WebScan) InitDiscoverCommand() {
return
}

ignoreCrossDomainRedirects, err := cmd.Flags().GetBool("ignore-cross-domain-redirects")
if err != nil {
a.OutputSignal.AddError(err)
return
}

// Get Request Method flags
requestMethodConfig, err := requesthelpers.GetRequestMethodFlags(cmd)
if err != nil {
Expand All @@ -559,7 +553,7 @@ func (a *WebScan) InitDiscoverCommand() {
}

// Set Config
config := getDiscoverRouteConfig(target, ignoreCrossDomain, collectStaticAssets, spiderDepth, maxRedirects, verifyTLS, timeout, ignoreCrossDomainRedirects, threads, requestMethodConfig.RequestMethodEnum, requestMethodConfig.HeadlessConfig, requestMethodConfig.BrowserbaseConfig)
config := getDiscoverRouteConfig(target, ignoreCrossDomain, collectStaticAssets, spiderDepth, maxRedirects, verifyTLS, timeout, threads, requestMethodConfig.RequestMethodEnum, requestMethodConfig.HeadlessConfig, requestMethodConfig.BrowserbaseConfig)

// Generate a report
report := discoverroute.PerformRouteCapture(cmd.Context(), config, requestMethodConfig.BrowserbaseSecrets)
Expand All @@ -569,7 +563,7 @@ func (a *WebScan) InitDiscoverCommand() {
// Target Flags
discoverRouteCmd.Flags().String("target", "", "URL target to discover routes from")
// Config Flags
discoverRouteCmd.Flags().Bool("ignore-cross-domain", true, "Ignore routes that do not share the target's base URL")
discoverRouteCmd.Flags().Bool("ignore-cross-domain", false, "Ignore routes that do not share the target's base URL")
discoverRouteCmd.Flags().Bool("collect-static-assets", false, "Collect static assets from route discovery")
discoverRouteCmd.Flags().Int("spider-depth", 3, "Maximum depth for route spidering")
discoverRouteCmd.Flags().Int("max-redirects", 100, "Maximum number of redirects to follow")
Expand Down Expand Up @@ -808,20 +802,19 @@ func getDiscoverProbeConfig(targets []string, protocol string, maxRedirects int,
}

// getDiscoverRouteConfig builds the config for route discovery.
func getDiscoverRouteConfig(target string, ignoreCrossDomain bool, collectStaticAssets bool, spiderDepth int, maxRedirects int, verifyTLS bool, timeout int, ignoreCrossDomainRedirects bool, threads int, requestMethod common.RequestMethod, headlessConfig *common.HeadlessRequestConfig, browserbaseConfig *common.BrowserbaseRequestConfig) discover.DiscoverRouteConfig {
func getDiscoverRouteConfig(target string, ignoreCrossDomain bool, collectStaticAssets bool, spiderDepth int, maxRedirects int, verifyTLS bool, timeout int, threads int, requestMethod common.RequestMethod, headlessConfig *common.HeadlessRequestConfig, browserbaseConfig *common.BrowserbaseRequestConfig) discover.DiscoverRouteConfig {
config := discover.DiscoverRouteConfig{
Target: target,
CollectStaticAssets: collectStaticAssets,
IgnoreCrossDomain: ignoreCrossDomain,
SpiderDepth: spiderDepth,
MaxRedirects: maxRedirects,
VerifyTls: verifyTLS,
Timeout: max(timeout, 0),
IgnoreCrossDomainRedirects: ignoreCrossDomainRedirects,
Threads: max(threads, 0),
RequestMethod: requestMethod,
HeadlessConfig: headlessConfig,
BrowserbaseConfig: browserbaseConfig,
Target: target,
CollectStaticAssets: collectStaticAssets,
IgnoreCrossDomain: ignoreCrossDomain,
SpiderDepth: spiderDepth,
MaxRedirects: maxRedirects,
VerifyTls: verifyTLS,
Timeout: max(timeout, 0),
Threads: max(threads, 0),
RequestMethod: requestMethod,
HeadlessConfig: headlessConfig,
BrowserbaseConfig: browserbaseConfig,
}
return config
}
Expand Down
23 changes: 11 additions & 12 deletions cmd/pentest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -821,18 +821,17 @@ func getPentestCmsWordpressXmlrpcFunctionsExposedConfig(targets []string, succes
func getPentestRouteStaticAssetTakeoverConfig(target string, fingerprintFilePaths []string, detect404Responses bool, successfulOnly bool, maxRedirects int, verifyTLS bool, timeout int, threads int, requestMethod common.RequestMethod, headlessConfig *common.HeadlessRequestConfig, browserBaseConfig *common.BrowserbaseRequestConfig) pentestroutefern.PentestRouteStaticAssetTakeoverConfig {
// Create Route Capture Config
routeCaptureConfig := &discover.DiscoverRouteConfig{
Target: target,
CollectStaticAssets: true,
IgnoreCrossDomain: false,
SpiderDepth: 1,
VerifyTls: verifyTLS,
Timeout: max(timeout, 0),
Threads: max(threads, 0),
RequestMethod: requestMethod,
MaxRedirects: maxRedirects,
HeadlessConfig: headlessConfig,
BrowserbaseConfig: browserBaseConfig,
IgnoreCrossDomainRedirects: false,
Target: target,
CollectStaticAssets: true,
IgnoreCrossDomain: false,
SpiderDepth: 1,
VerifyTls: verifyTLS,
Timeout: max(timeout, 0),
Threads: max(threads, 0),
RequestMethod: requestMethod,
MaxRedirects: maxRedirects,
HeadlessConfig: headlessConfig,
BrowserbaseConfig: browserBaseConfig,
}
// Create Static Asset Takeover Config with nested route capture config
config := pentestroutefern.PentestRouteStaticAssetTakeoverConfig{
Expand Down
1 change: 0 additions & 1 deletion fern/definition/discover/route.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ types:
maxRedirects: integer
verifyTls: boolean
timeout: integer
ignoreCrossDomainRedirects: boolean
threads: integer
requestMethod: method.RequestMethod
headlessConfig: optional<method.HeadlessRequestConfig>
Expand Down
2 changes: 1 addition & 1 deletion internal/discover/route/route.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func createSendHTTPRequestConfigWithQuery(baseURL, path string, queryParams map[
MaxRedirects: config.MaxRedirects,
VerifyTls: config.VerifyTls,
Timeout: config.Timeout,
IgnoreCrossDomainRedirects: config.IgnoreCrossDomainRedirects,
IgnoreCrossDomainRedirects: config.IgnoreCrossDomain,
Comment thread
payoub125 marked this conversation as resolved.
RequestMethod: config.RequestMethod,
HeadlessConfig: config.HeadlessConfig,
BrowserbaseConfig: config.BrowserbaseConfig,
Expand Down
Loading