You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally posted by amiremami April 29, 2024
That would be great if possible to add a config option for paramminer to not print not reflected items into output.ndjson
Thanks 馃檹
The text was updated successfully, but these errors were encountered:
I think i'd rather have the generic ability to filter by tags in the output module, rather than something specific just for this one tag in paramminer. @TheTechromancer thoughts?
Tags are a good idea but we should try and consider users who are only scanning for vulnerabilities and don't plan on doing manual fuzzing. To them I think only the reflected ones would be interesting, so it might make sense to have a filter option on the module.
On the other hand, even the reflected ones sometimes don't result in a vulnerability. So until we have a more complete web scanning family with PARAM events, if we just want to say the paramminer modules are for advanced users only, that's fine too.
Lightfuzz branch will change how all of these works, so I am very hesitant to make changes like this now (there will be an entirely new event type, WEB_PARAMETER). This is also why I was leaning towards making a generic option to filter by tags.
Discussed in #1329
Originally posted by amiremami April 29, 2024
That would be great if possible to add a config option for paramminer to not print not reflected items into output.ndjson
Thanks 馃檹
The text was updated successfully, but these errors were encountered: