Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Add ScanRuleMetadata to Active and Passive Scan Rules #440

Open
30 of 36 tasks
ricekot opened this issue Apr 4, 2024 · 0 comments
Open
30 of 36 tasks

Add ScanRuleMetadata to Active and Passive Scan Rules #440

ricekot opened this issue Apr 4, 2024 · 0 comments

Comments

@ricekot
Copy link
Member

ricekot commented Apr 4, 2024

Tracker issue for adding ScanRuleMetadata to active and passive scripts in this repo.

There are some scripts in the list below which may clash with existing rules in one of the scan rule add-ons (e.g. the check done by X-Powered-By_header_checker.js script is also done by the XPoweredByHeaderInfoLeakScanRule scan rule). We should either remove the script or the scan rule to avoid duplicate alerts.

Also, WebSocket passive scripts are not included here since they don't support the getMetadata() function at the moment.

Active

Passive

  • clacks.js
  • CookieHTTPOnly.js
  • detect_csp_notif_and_reportonly.js
  • detect_samesite_protection.js
  • f5_bigip_cookie_internal_ip.js
  • find base64 strings.js
  • Find Credit Cards.js
  • Find Emails.js
  • Find Hashes.js
  • Find HTML Comments.js
  • Find IBANs.js
  • Find Internal IPs.js
  • find_reflected_params.py
  • google_api_keys_finder.js
  • HUNT.py
  • JavaDisclosure.js
  • Mutliple Security Header Check.js
  • Report non static sites.js
  • RPO.js
  • s3.js
  • Server Header Disclosure.js
  • SQL injection detection.js
  • Telerik Using Poor Crypto.js
  • Upload form discovery.js
  • X-Powered-By_header_checker.js (Duplicate of: XPoweredByHeaderInfoLeakScanRule)
# for free to join this conversation on GitHub. Already have an account? # to comment
Development

No branches or pull requests

2 participants