How to specify target

[krivadna]

in "yourcompanyname" How to specify a url "https://example.com" or "example.com"

[0xblackbird]

Hi @krivadna!

You can set the -target CLI flag to specify a target. Did you encounter any issues with setting that CLI flag? If so, feel free to provide some more information that can help me trace back the issue.

Thank you!

[krivadna]

I am using intentionally vuln website but getting error

~/misconfig-mapper $ ./misconfig-mapper -target "https://testphp.vulnweb.com" -service 1 -delay 1000
[+] Checking 49 possible target URLs...
[-] Error: Failed to read response for https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login
[-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.atlassian.net/servicedesk/customer/user/login)
[-] Error: Failed to read response for https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login
[-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.com.atlassian.net/servicedesk/customer/user/login)
[-] Error: Failed to read response for https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login
[-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com-com.atlassian.net/servicedesk/customer/user/login)
[-] Error: Failed to read response for https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login
[-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.comcom.atlassian.net/servicedesk/customer/user/login)
[-] Error: Failed to read response for https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login
[-] No vulnerable Atlassian Jira Service Desk instance found (https://https://testphp.vulnweb.com.net.atlassian.net/servicedesk/customer/user/login)
[-] Error: Failed to read response for https://https://testphp.vulnweb.com-net.atlassian.net/servicedesk/customer/user/login

[0xblackbird]

Hi

Correct, the target you supplied for that specific template is invalid as the template is designed to find the Atlassian Jira service desk misconfiguration. For that, it expects a target name only as it processes it as a suffix for {target}.atlassian.net

Testphp is not known to be vulnerable to the misconfiguration you selected. However, you could try setting the target to your company name instead.

Example: $ ./misconfig-mapper -target "yourcompanyname" -service 1 -delay 1000

You can find more examples under the Usage-section

Future releases will include a more sophisticated way of adjusting the target to address inconsistencies like these.

[0xblackbird]

Hi

I will be closing this issue due to no activity. If you ever encounter any further problems, feel free to open a new issue.

Thank you for your contributions!

[0xblackbird]

Hi!

Pull request #24 will fix the issues mentioned above. I recommend updating to the latest release version. If you ever encounter any further problems, feel free to open a new issue.

Thank you!