{"id":17665345,"url":"https://github.com/intigriti/misconfig-mapper","last_synced_at":"2025-03-11T15:32:38.289Z","repository":{"id":236965361,"uuid":"690120202","full_name":"intigriti/misconfig-mapper","owner":"intigriti","description":"Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!","archived":false,"fork":false,"pushed_at":"2025-02-25T21:19:14.000Z","size":4042,"stargazers_count":601,"open_issues_count":1,"forks_count":48,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-02-25T22:22:03.684Z","etag":null,"topics":["bug-bounty","bugbounty","cybersecurity","hacking","hacking-tool","misconfig","misfconfiguration","services"],"latest_commit_sha":null,"homepage":"https://bugology.intigriti.io/misconfig-mapper-docs","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intigriti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-11T15:10:11.000Z","updated_at":"2025-02-25T21:46:54.000Z","dependencies_parsed_at":"2024-10-23T23:09:09.209Z","dependency_job_id":"7836378e-a5c9-4a34-86cc-8ba4d3727d76","html_url":"https://github.com/intigriti/misconfig-mapper","commit_stats":null,"previous_names":["intigriti/misconfig-mapper"],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intigriti%2Fmisconfig-mapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intigriti%2Fmisconfig-mapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intigriti%2Fmisconfig-mapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intigriti%2Fmisconfig-mapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intigriti","download_url":"https://codeload.github.com/intigriti/misconfig-mapper/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243059820,"owners_count":20229642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","cybersecurity","hacking","hacking-tool","misconfig","misfconfiguration","services"],"created_at":"2024-10-23T21:01:19.773Z","updated_at":"2025-03-11T15:32:38.251Z","avatar_url":"https://github.com/intigriti.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Misconfig Mapper\n\nMisconfig Mapper is a project by Intigriti for the community to help you find, detect and resolve common security misconfigurations in various popular services, technologies and SaaS-based solutions that your targets use!\n\n![image](.github/assets/images/logo.png)\n\n# CLI Tool\n\n**Misconfig Mapper** has a [dedicated open-source CLI tool](https://github.com/intigriti/misconfig-mapper) written in Golang to help you automate the testing of most misconfigurations found on covered services.\\\n\\\nIt can identify and enumerate instances of services used by your company, and perform detection and misconfiguration checks at scale! By supplying a template with detection fingerprints and misconfiguration check fingerprints, the tool can quickly and accurately identify potential security risks in popular third-party software and services!\\\n\\\nThe tool is based on templates and is versatile. New services can be easily added by adding them to the `services.json` file.\n\n# Features\n\n-   The CLI tool is based on templates defined in the `services.json` file. You can add as many as you want. See [_Templates section_](cli-tool.md#templates) for more information on how to add a template.\n-   If you provide a company name, the tool will automatically generate permutations based on the keyword you provided and try to find any matching services.\n-   You can also optionally select to only detect the presence of services without performing any misconfiguration checks (see more on [_Usage section_](cli-tool.md#usage)).\n\n# Installation\n\nTo install Misconfig Mapper, you can clone the repository and compile the code from source or [download the latest release](https://github.com/intigriti/misconfig-mapper/releases).\n\n\u003e [!IMPORTANT]\n\u003e If you decide to download a release, make sure to run the following command to install the required templates:\n\u003e ```\n\u003e ./misconfig-mapper -update-templates\n\u003e ```\n\u003e This command will ensure that you download the latest templates that misconfig-mapper requires.\n\n### From source\n\nIf you want to build your own instance from source, ensure you have the latest version of Golang installed. To verify your installation, run:\n\n```bash\n$ go version\n  go version go1.21.5 linux/amd64\n```\n\n1. Clone this repository:\n\n```bash\n$ git clone https://github.com/intigriti/misconfig-mapper.git\n```\n\n2. Next, compile your binary from source:\n\n```bash\n$ go build -o misconfig-mapper\n```\n\n3. Finally, add or move the binary to a folder in your `$PATH` (optional)\n\n### CLI Auto-Completion\n\nIn case you would like to enable autocompletions for Misconfig Mapper, we support both Bash and ZSH.\n\n#### Bash\n\n```bash\n#!/bin/bash\n_misconfig_mapper_autocomplete()\n{\n    local cur prev opts\n    COMPREPLY=()\n    cur=\"${COMP_WORDS[COMP_CWORD]}\"\n    prev=\"${COMP_WORDS[COMP_CWORD-1]}\"\n    opts=\"-target -service -permutations -skip-misconfiguration-checks -list-services -max-redirects -headers -delay -timeout -update-templates -verbose\"\n\n    if [[ ${cur} == -* ]] ; then\n        COMPREPLY=( $(compgen -W \"${opts}\" -- ${cur}) )\n        return 0\n    fi\n}\n\ncomplete -F _misconfig_mapper_autocomplete misconfig-mapper\n```\n\n#### ZSH (OhMyZsh)\n\n```zsh\n#!/bin/zsh\n#compdef misconfig-mapper\n\n_auto_completion_misconfig_mapper() {\n    local -a options=(\"-target\" \"-service\" \"-permutations\" \"-skip-misconfiguration-checks\" \"-list-services\" \"-max-redirects\" \"-headers\" \"-delay\" \"-timeout\" \"-update-templates\" \"-verbose\")\n\n    _arguments \\\n        '*: :-\u003eargs' \\\n        \"*: :(${(j:|:)options})\"\n\n    case $state in\n        (args)\n            # Handle arguments completion here\n            ;;\n        (*)\n            # Handle options completion here\n            compadd -a options\n            ;;\n    esac\n}\n\n_auto_completion_misconfig_mapper \"$@\"\n```\n\n\u003e [!IMPORTANT]\n\u003e Make sure to save this file as `_auto_completion_misconfig_mapper` under your `$fpath`.\n\u003e Afterwards, you will have to initialize the completion system with:\n\u003e ```\n\u003e autoload -U compinit\n\u003e compinit\n\u003e ```\n\n# Usage\n\n**Example 1:** Perform a scan to enumerate all misconfigured third-party services\n\n```basic\n$ ./misconfig-mapper -target \"yourcompanyname\" -service \"*\" -delay 1000\n```\n\n![Example 1](.github/assets/images/example_1.png \"Example 1\")\n\n**Example 2:** Perform a detection-only scan to enumerate all third-party services (without checking for any misconfigurations)\n\n```bash\n$ ./misconfig-mapper -target \"yourcompanyname\" -service \"*\" -skip-misconfiguration-checks true\n```\n\n![Example 2](.github/assets/images/example_2.png \"Example 2\")\n\n**Example 3:** Only test for one specific service (by ID or name)\n\n```bash\n$ ./misconfig-mapper -target \"yourcompanyname\" -service 1\n```\n\n```bash\n$ ./misconfig-mapper -target \"yourcompanyname\" -service \"drupal\"\n```\n\n![Example 3](.github/assets/images/example_3.png \"Example 3\")\n\n**Example 4:** Print out all loaded services\n\n```bash\n$ ./misconfig-mapper -list-services\n```\n\n![Example 4](.github/assets/images/example_4.png \"Example 4\")\n\nAdditionally, you can pass request headers using the `-headers` flag to comply with any request requirements (separate each header using a **double semi-colon**):\n\n```\n-headers \"User-Agent: xyz;; Cookie: session=eyJ...;;\"\n```\n\n```\nUsage of ./misconfig-mapper:\n  -delay int\n    \tSpecify a delay between each request sent in milliseconds to enforce a rate limit.\n  -headers string\n    \tSpecify request headers to send with requests (separate each header with a double semi-colon: \"User-Agent: xyz;; Cookie: xyz...;;\")\n  -list-services\n    \tPrint all services with their associated IDs\n  -max-redirects int\n    \tSpecify the max amount of redirects to follow. (default 5)\n  -permutations string\n    \tEnable permutations and look for several other keywords of your target. (default \"true\")\n  -service string\n    \tSpecify the service ID you'd like to check for: \"0\" for Atlassian Jira Open Signups. Wildcards are also accepted to check for all services. (default \"0\")\n  -skip-misconfiguration-checks string\n    \tOnly check for existing instances (and skip checks for potential security misconfigurations). (default \"false\")\n  -target string\n    \tSpecify your target domain name or company/organization name: \"intigriti.com\" or \"intigriti\" (files are also accepted)\n  -templates string\n        Specify the templates folder location (default \"./templates\")\n  -timeout int\n    \tSpecify a timeout for each request sent in milliseconds. (default 7000)\n  -update-templates\n    \tPull the latest templates \u0026 update your current services.json file\n  -verbose\n    \tPrint verbose messages\n```\n\n# Templates\n\nYou can easily define more templates to scan for. Templates are in a structured JSON object and read from `services.json`\\\n\\\nTo define more services, edit the services.json file and separate each misconfiguration in your `services.json` file.\n\nAn example template definition schema is available [here](.github/assets/template-schema.json).\n\n\u003e [!TIP]\n\u003e To update the service.json file to the latest version, simply run:\n\u003e ```\n\u003e ./misconfig-mapper -update-templates\n\u003e ```\n\u003e This command will pull the latest templates from Github.\n\n## Template Type Definitions\n\n### **ID**\n\n**Type:** number\\\n\\\nThe `id` field is used to identify the service when the `-service` flag is provided. It should be a numerical value that follows the sequence of previous IDs.\n\n## Request\n\n### **Method**\n\n**Type:** string\n\nThe `method` field is used to provide a HTTP method.\n\n### **BaseURL**\n\n**Type:** string\n\nThe `baseURL` field is used to locate the third-party service, if it exists.\n\n\u003e [!TIP]\n\u003e The CLI tool can auto-detect and replace the **\"{TARGET}\"** template variable with the target provided using the target flag.\\\n\u003e \\\n\u003e Example: https://{TARGET}.example.com will allow the tool to look for:\n\u003e\n\u003e -   https://yourcompanyname.example.com\n\u003e -   https://yourcompanyname-app.example.com\n\u003e -   https://yourcompanyname-eu.example.com\n\u003e -   ...\n\n### **Path**\n\n**Type:** string\n\nThe `path` field checks whether the service is vulnerable by observing the response.\n\n\u003e [!TIP]\n\u003e The CLI tool can auto-detect and replace the **\"{TARGET}\"** template variable with the target provided using the target flag.\\\n\u003e \\\n\u003e Example: /app/{TARGET} will allow the tool to look for:\n\u003e\n\u003e -   https://example.com/app/yourcompanyname\n\u003e -   https://example.com/app/yourcompanyname-app\n\u003e -   https://example.com/app/yourcompanyname-eu\n\u003e -   ...\n\n### **Headers**\n\n**Type:** object array\n\nThe `headers` field is used to supply any required request headers.\n\n### **Body**\n\n**Type:** string | null\n\nThe `body` field is used to supply a raw request body.\n\n\u003e [!NOTE]\n\u003e Set the request body to **null** if there's no need to send a request body.\n\n## Response\n\n### **StatusCode**\n\n**Type:** int\n\nThe `statusCode` field is used to validate the matching response status code and further minimize the chances of false positive results.\n\n### **Detection Fingerprints**\n\n**Type:** string array\n\nThe `detectionFingerprints` field supports enumeration \u0026 validation of a third-party service for your target. These fingerprints are used to mark the detection of a service or instance. Make sure to define strict regex patterns or keywords to minimize the chances of false positive results.\n\n\u003e [!TIP]\n\u003e Regex patterns are supported!\n\n### **Fingerprints**\n\n**Type:** string array\n\nThe `fingerprints` field is used to validate the existence of a misconfigured third-party service for your target. Make sure to define strict regex patterns or keywords to minimize the chances of false positive results.\n\n\u003e [!TIP]\n\u003e Regex patterns are supported!\n\n## Metadata\n\n### **Service**\n\n**Type:** string\n\nThe `service` field is used to display the service name in the CLI output results to visually confirm which service is currently being scanned.\n\n### **Description**\n\n**Type:** string\n\nThe `description` field displays the service description in the CLI output once a service has been enumerated or identified and confirmed vulnerable.\n\n### **Reproduction Steps**\n\n**Type:** string array\n\nThe `reproductionSteps` field reports back on how to reproduce the found misconfiguration. These steps are derived from this documentation.\n\n\u003e [!NOTE]\n\u003e Each step should be in a separate array entry. You can specify as many steps as you'd like to.\n\n### **References**\n\n**Type:** string array\n\nThe' references' field documents enumerated and misconfigured services. These references are derived from this documentation.\n\n\u003e [!NOTE]\n\u003e Each reference should be in a separate array entry. You can specify as many references as you'd like to.\n\n# Contributions\n\nMisconfig Mapper is open-source and made for the community! We encourage you to contribute to the project! Please see the [Contributing guideline](CONTRIBUTING.md) on how to contribute and further improve Misconfig Mapper!\n\n# License\n\nThis project is licensed and available under the [MIT License](LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintigriti%2Fmisconfig-mapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fintigriti%2Fmisconfig-mapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintigriti%2Fmisconfig-mapper/lists"}