telekom-security / explo Goto Github PK

There needs to be a way to define a check for a response code.

Example usecase: Check if a request to /admin/foo returns a 500:

name: exploit
description: checks if a request to /admin/foo returns a status code 500
module: http
parameter:
    url: http://example.com/admin/foo
    find_response_code: 500

Hi,

the method "headers_required" always returns "success" for me.

name: headers_required broken
description: headers_required always returns success
module: http
parameter:
    url: https://www.example.com
    method: GET
    headers:
        User-Agent: Mozilla/5.0
    headers_required:
        iDontExist: .

 % explo headers.explo 
Loading headers.explo
---
Block headers_required broken: The header_required method seems to be broken
HTTP Response: 200 (1256 bytes)
==> Success.

Am I missing something here or is it broken somehow?

Hey there,

Firstly I'd like to thank you for this project and for the awesome idea behind it.

During integration explo as a library in the workflow I faced a problem - explo seems very restrictive about fields included and lacks "informative" fields for the whole multistaged exploit, like a hostname affected, CVSS, a high-level overall description and other customized fields.

This informative fields could be in the additional yaml object on top of the file or something like that, what you think?

Hi,

would be great to have the ability to provide content to the scripts as command line arguments.

Example:

# explo login.yaml username password
# explo api_abuse.yaml auth_token

Inside the script you can access the values like $1, $2, etc.

Thanks for your consideration and keep it up! :)

Hi,

is there a way to check for the actual contents of a return header? This would be helpful to test for Open Redirect vulnerabilities.

Example Explo file:

name: Open Redirect
description: example.com - Open Redirect via Callback parameter
module: http
parameter:
    url: https://www.company.com/login.html?Callback=https://example.com
    method: GET
    headers:
        User-Agent: Mozilla/5.0
    expect_response_code: 302
    headers_required:
        Location: https://example.com

Hello,

Can you add json-like data in POST message?

like this:

payload = {'some': 'data'}
r = requests.post(url, json=payload)