-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suggestions for a filter flag to improvie accuracy #1293
Comments
It's already possible with |
i'm not that mean, what i mean is in some cases, during scanning, especially recursive scanning, it may trigger WAF or redirection, resulting in a large number of consecutive HTTP response status codes of 200 with the same size. In such cases, it should be skipped directly." |
@AMG4MATIC Understood. When performing scanning activities, such as recursive scanning, it is possible that it may trigger a Web Application Firewall (WAF) or redirection, resulting in a large number of consecutive HTTP response status codes of 200 with the same size. In these cases, it may be advisable to skip these responses directly in order to avoid unnecessary scanning and potential detection by security mechanisms. Skipping these responses can help avoid false positives or unnecessary noise in the scanning process. However, it's important to always ensure that any scanning activities are performed in a responsible and legal manner, with proper authorization and adherence to applicable laws and regulations. |
Its just like a: |
|
What is the feature?
The feature sets a flag to skip continuously getting the same size of response and exclude specific paths during recursive scans.
What is the use case?
This feature is useful when scanning websites that have a web application firewall, redirects, or custom error pages that return continuously the same size of 200 response. By setting this flag, dirsearch can skip these continuously same size responses and exclude specific paths to produce more accurate results.
The text was updated successfully, but these errors were encountered: