Version 1.1.3 (Bugfixes)

Fixed bug with the new cookie processing Fixed some code being unreachable Moved new parameter to a different category Just a minor bugfix update
vladko312 · May 26, 2023 · 84578dd · 84578dd
1 parent f6a67c9
commit 84578dd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/core/channel.py b/core/channel.py
@@ -60,7 +60,12 @@ def _parse_cookies(self, cookies, all_injectable=False):
         # the parsing code. Concatenate to avoid headers with
         # the same key.
         if cookies:
-            for cookie in cookies.split(';'):
+            splitted_cookies = []
+            for cookie in cookies:
+                for param_value in cookie.split(';'):
+                    if '=' in param_value:
+                        splitted_cookies.append(param_value)
+            for cookie in splitted_cookies:
                 param, value = cookie.split('=', 1)
                 param = param.strip()
                 value = value.strip()
@@ -85,7 +90,7 @@ def _parse_header(self, all_injectable=False):
             param = param.strip()
             value = value.strip()
             if param.lower() == "cookie":
-                self._parse_cookies(value, all_injectable=all_injectable)
+                self._parse_cookies([value], all_injectable=all_injectable)
             else:
                 self.header_params[param] = value
                 if self.tag in param:

diff --git a/sstimap.py b/sstimap.py
@@ -18,7 +18,7 @@
 import traceback
 
 
-version = '1.1.2'
+version = '1.1.3'
 
 
 def main():
@@ -64,8 +64,8 @@ def main():
                 checks.check_template_injection(channel)
                 if channel.data.get('engine'):
                     break  # TODO: save vulnerabilities
-                if not forms:
-                    log.log(25, f'No forms were detected to scan')
+            if not forms:
+                log.log(25, f'No forms were detected to scan')
     else:
         # predetermined mode
         checks.check_template_injection(Channel(args))

diff --git a/utils/cliparser.py b/utils/cliparser.py
@@ -37,8 +37,6 @@ def banner():
                     help="Depth to crawl (default/0: don't crawl)")
 target.add_argument("-f", "--forms", action="store_true", dest="forms",
                     help="Scan page(s) for forms")
-target.add_argument("--config", dest="config",
-                    help="Use custom config file or directory")
 
 
 request = parser.add_argument_group(title="request", description="These options can specify how to connect to the "
@@ -78,6 +76,8 @@ def banner():
 detection.add_argument("--crawl-exclude", dest="crawl_exclude", help="Regex in URLs to not crawl")
 detection.add_argument("--crawl-domains", dest="crawl_domains",
                        help="Crawl other domains: Y(es) / S(ubdomains) / N(o). Default: S")
+detection.add_argument("--config", dest="config",
+                       help="Use custom config file or directory")
 
 
 payload = parser.add_argument_group(title="payload",