You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For example, I wanted to display only URL where the response content matched a regexp. Sow I searched how to do that.
-mr, -match-regex string[] regex or list of regex to match on output url (cli, file) is a fake friend, it matches on katana output not the HTTP response output, I'm not sure if this one is confusing or if it's just me. Because I'm used to ffuf and on ffuf -mr matches on HTTP response content.
Anyway, I had to look into the issues to find that to do that I have to use -mdc. The help message says: -mdc, -match-condition string match response with dsl based condition. Right, what's the dsl? Maybe I try the README. CTRL+F on the README on -match-conditio pointed me to https://github.com/projectdiscovery/katana#advance-filtering. By reading the katana README, it seems I could use some status_code or contains but without much explanation and those are just a few examples.
At the end of the section there is a link to the dsl project (https://github.com/projectdiscovery/dsl), for sure I'll find all I need there? No. The DSL README does not mention status_code even only once, for contains it just tell me Verifies if a string contains a substring but I have no idea of the field/variable I could use for the string, like endpoint which is the only example listed on katana README.
After reading the documentation of both katana and the dsl I had still no clue on how to match based on body content.
I found this one from last week #725 where the user was using 'contains(body, "dummy")'. It's how I learn how to do it.
So I feel either katana or dsl project lack of documentation about how to use the dsl for katana, like an exhaustive list of all fields that can be used inside contains() or and exhaustive list of methods that can be used in katana (status_code is undocumented on dsl project and is mentioned in katana README, are there others like this one ?).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
For example, I wanted to display only URL where the response content matched a regexp. Sow I searched how to do that.
-mr, -match-regex string[] regex or list of regex to match on output url (cli, file)is a fake friend, it matches on katana output not the HTTP response output, I'm not sure if this one is confusing or if it's just me. Because I'm used toffufand on ffuf-mrmatches on HTTP response content.Anyway, I had to look into the issues to find that to do that I have to use
-mdc. The help message says:-mdc, -match-condition string match response with dsl based condition. Right, what's the dsl? Maybe I try the README. CTRL+F on the README on-match-conditiopointed me to https://github.com/projectdiscovery/katana#advance-filtering. By reading the katana README, it seems I could use somestatus_codeorcontainsbut without much explanation and those are just a few examples.At the end of the section there is a link to the dsl project (https://github.com/projectdiscovery/dsl), for sure I'll find all I need there? No. The DSL README does not mention
status_codeeven only once, forcontainsit just tell meVerifies if a string contains a substringbut I have no idea of the field/variable I could use for the string, likeendpointwhich is the only example listed on katana README.After reading the documentation of both katana and the dsl I had still no clue on how to match based on body content.
To find some clues, I had to search
contentin the issue tracker, and I looked into closed issues: https://github.com/projectdiscovery/katana/issues?q=is%3Aissue+content+is%3Aclosed.I found this one from last week #725 where the user was using
'contains(body, "dummy")'. It's how I learn how to do it.So I feel either katana or dsl project lack of documentation about how to use the dsl for katana, like an exhaustive list of all fields that can be used inside
contains()or and exhaustive list of methods that can be used in katana (status_codeis undocumented on dsl project and is mentioned in katana README, are there others like this one ?).Beta Was this translation helpful? Give feedback.
All reactions