-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Eoghan West edited this page Nov 29, 2023
·
11 revisions
Welcome to the PenTestDB wiki! This document covers the installation and configuration of PenTestDB.
While PenTestDB is a very powerful tool, it is not all-powerful. bellow find a list of limitations.
- Certain kinds of fuzzers -- wfuzz, ffuf, etc -- won't get parsers in the forseable future. This is due to the limitations of automated command parsing. the parser does not know the implications of the output of, for example, ffuf. What I mean is, if one is using ffuf to handle directory bruteforcing, then in theory the parser could add data to the
web_dirstable in sql. However ffuf could also be used to bruteforce credentials or the data inside a post request. Making a parser that would understand that distinction based on context/the command would require reimplementing ffuf's entire CLI arguments and figuring out how to interret the output acoudingly. TL;DR ffuf and wfuzz are too powerful for their output to be automatically parsed. - Automating this kind of database work with dynamic data is tricky & complicated. There are bound to be situations where data doesn't get linked properly or gets over-written. In my testing these kinds of situations did not come up, but regardless, that is part of why PenTestDB does not replace manual note taking & saving the output of commands.