fix: Generate only one PoC per domain and improve screenshot naming

Rafael Brinhosa · Rafael Brinhosa · commit 53bdf157c81c · 2025-03-17T19:07:09.000Z
- Modified apidetectorv2.py to generate only one PoC per domain/subdomain
- Improved screenshot filename generation in pocgenerator.py
- Updated HTML template to handle the new screenshot naming format
- Added domain information to screenshot filenames for better organization
diff --git a/apidetectorv2.py b/apidetectorv2.py
@@ -25,7 +25,7 @@
 """
 
 # Function to test a single endpoint
-def test_endpoint(url, error_content, verbose, user_agent):
+def test_endpoint(url, error_content, verbose, user_agent, poc_already_generated=False):
     headers = {'User-Agent': user_agent}
     try:
         response = requests.get(url, headers=headers, timeout=30, allow_redirects=False)
@@ -37,18 +37,27 @@ def test_endpoint(url, error_content, verbose, user_agent):
                 swagger_patterns = ['/swagger-ui', '/api-docs', '/openapi', '/swagger.', '/swagger-resources']
                 is_swagger = any(pattern in url for pattern in swagger_patterns)
                 
-                if is_swagger:
+                # Only generate PoC if we haven't already generated one for this domain
+                # and this is a Swagger/OpenAPI endpoint
+                if is_swagger and not poc_already_generated:
                     print(f"Calling PoC generator for {url}")
                     current_dir = os.path.dirname(os.path.abspath(__file__))
                     pocgenerator_path = os.path.join(current_dir, 'pocgenerator.py')
                     
+                    # Extract the domain from the URL for use in the filename
+                    from urllib.parse import urlparse
+                    parsed_url = urlparse(url)
+                    domain = parsed_url.netloc
+                    
                     # Add configUrl parameter for Swagger UI endpoints
                     endpoint_url = url
                     if '/swagger-ui' in url:
                         endpoint_url += "?configUrl=https://raw.githubusercontent.com/brinhosa/payloads/master/testswagger.json"
                     
                     # Pass the SCREENSHOT_PATH environment variable if it exists
                     env = os.environ.copy()
+                    # Add domain information to help with filename generation
+                    env['DOMAIN'] = domain
                     subprocess.run(['python3', pocgenerator_path, endpoint_url], env=env)
                 return url
     except requests.RequestException as e:
@@ -96,12 +105,19 @@ def test_subdomain_endpoints(subdomain, common_endpoints, mixed_mode, verbose, u
         except requests.RequestException:
             pass
 
+    # Flag to track if we've already generated a PoC for this domain
+    poc_generated = False
+    
     for protocol in protocols:
         for endpoint in common_endpoints:
             url = f"{protocol}{subdomain}{endpoint}"
-            result = test_endpoint(url, error_content, verbose, user_agent)
+            result = test_endpoint(url, error_content, verbose, user_agent, poc_generated)
             if result:
                 valid_urls.append(result)
+                # If this is a Swagger/OpenAPI endpoint, mark that we've generated a PoC
+                swagger_patterns = ['/swagger-ui', '/api-docs', '/openapi', '/swagger.', '/swagger-resources']
+                if any(pattern in url for pattern in swagger_patterns):
+                    poc_generated = True
                 if verbose:
                     print(f"Found: {url}")
     return valid_urls
diff --git a/pocgenerator.py b/pocgenerator.py
@@ -16,11 +16,35 @@
 nest_asyncio.apply()
 
 def generate_output_filename(url):
-    # Remove the http or https part
-    url = re.sub(r'^https?:\/\/', '', url)
-    # Replace non-alphanumeric characters with underscores
-    filename = re.sub(r'[^a-zA-Z0-9]', '_', url)
-    return f"{filename[:60]}.png"
+    # Get domain from environment if available
+    domain = os.environ.get('DOMAIN', '')
+    
+    # Extract endpoint path from URL
+    url_path = url.split('://')[-1]  # Remove protocol
+    if '/' in url_path:
+        # Split at first slash after domain
+        parts = url_path.split('/', 1)
+        if len(parts) > 1:
+            endpoint = parts[1]
+        else:
+            endpoint = ''
+    else:
+        endpoint = ''
+    
+    # Use domain and endpoint for filename
+    if domain:
+        # Create a clean domain name
+        clean_domain = re.sub(r'[^a-zA-Z0-9]', '_', domain)
+        # Create a clean endpoint name
+        clean_endpoint = re.sub(r'[^a-zA-Z0-9]', '_', endpoint)
+        # Combine them with a meaningful separator
+        filename = f"{clean_domain}_{clean_endpoint[:40]}".strip('_')
+    else:
+        # Fallback to old method if domain not provided
+        url_no_protocol = re.sub(r'^https?:\/\/', '', url)
+        filename = re.sub(r'[^a-zA-Z0-9]', '_', url_no_protocol)[:60]
+    
+    return f"{filename}.png"
 
 async def generate_poc_screenshot(url, output_file):
     try:
diff --git a/templates/index.html b/templates/index.html
@@ -316,7 +316,30 @@ <h2 class="text-xl font-semibold">Discovered Endpoints</h2>
                                         <div class="border-t border-gray-200 pt-3">
                                             <h4 class="text-sm font-semibold text-secondary-700 mb-2">Proof of Concept:</h4>
                                             <div class="relative">
-                                                <img :src="'/screenshots/' + result.replace(/https?:///g, '').replace(/[^a-zA-Z0-9]/g, '_') + '.png'" 
+                                                <!-- Extract domain and endpoint for screenshot filename -->
+                                                <img x-init="
+                                                    let url = result;
+                                                    let domain = '';
+                                                    let endpoint = '';
+                                                    
+                                                    // Extract domain
+                                                    if (url.includes('://')) {
+                                                        let urlNoProtocol = url.split('://')[1];
+                                                        if (urlNoProtocol.includes('/')) {
+                                                            domain = urlNoProtocol.split('/')[0];
+                                                            endpoint = urlNoProtocol.substring(urlNoProtocol.indexOf('/'));
+                                                        } else {
+                                                            domain = urlNoProtocol;
+                                                        }
+                                                    }
+                                                    
+                                                    // Clean domain and endpoint for filename
+                                                    let cleanDomain = domain.replace(/[^a-zA-Z0-9]/g, '_');
+                                                    let cleanEndpoint = endpoint.replace(/[^a-zA-Z0-9]/g, '_');
+                                                    
+                                                    // Set the src attribute
+                                                    $el.src = '/screenshots/' + cleanDomain + '_' + cleanEndpoint.substring(0, 40) + '.png';
+                                                "
                                                      class="w-full h-auto rounded-lg border border-gray-300" 
                                                      alt="PoC Screenshot" 
                                                      @error="$el.classList.add('hidden'); $el.nextElementSibling.classList.remove('hidden')"
