strix icon indicating copy to clipboard operation
strix copied to clipboard
Published 1 week ago verified publisher icon usestrix

Add open redirect, subdomain takeover, and info disclosure prompt modules

Open Trusthoodies opened this issue 1 month ago • 0 comments

Adds three comprehensive vulnerability detection guides following the existing template structure.

Closes #131

Changes

  • ✅ Added open_redirect.jinja - Parser differentials, OAuth exploitation, SSRF chaining
  • ✅ Added subdomain_takeover.jinja - DNS enumeration, service fingerprinting, exploitation
  • ✅ Added information_disclosure.jinja - Error analysis, source exposure, config leaks

Testing

All guides follow the established 180-line format and include:

  • Critical context and scope
  • Methodology (5 steps)
  • Injection points
  • Advanced techniques with examples
  • Framework-specific exploitation
  • Validation criteria
  • Pro tips

Examples

Open Redirect

  • Parser differentials: https://[email protected]
  • Protocol bypasses: //evil.com, javascript:alert(1)
  • OAuth token theft flows with redirect_uri manipulation

Subdomain Takeover

  • Service fingerprinting: S3 NoSuchBucket, GitHub Pages, Heroku
  • DNS CNAME enumeration via crt.sh and passive recon
  • Impact: session hijacking via cookie scope, OAuth callbacks

Information Disclosure

  • Stack trace extraction: framework paths, versions, credentials
  • Git exposure: /.git/HEAD, full repo dumping
  • Config leaks: .env, web.config, API keys in JS bundles

Trusthoodies avatar Nov 23 '25 17:11 Trusthoodies