Vulnerability Level and Vulnerability Filtering Feature

[secfb]

In general, I have just discovered this tool and I use it in my tests. It would be really great if it had only this feature.

It would be great if we could filter the scans as info, low, medium, high, critical in vulnerability scan tests. For example, I do not want to see low, medium scans. I only want to scan for high and critical vulnerabilities.

We can select plugins in vulnerability scan tests. In addition to these, there are some unnecessary vulnerabilities, I want to exclude them without scanning them individually or scan only for that vulnerability.

[chushuai]

When Wscan is run for the first time, it will generate a file named config.yaml.

version: "1.9"
parallel: 30
http:
    proxy: ""
    proxy_rule: []
    dial_timeout: 5
    read_timeout: 18
    max_conns_per_host: 50
    enable_http2: false
    pkcs12:
        path: ""
        password: ""
    fail_retries: 0
    max_redirect: 5
    max_resp_body_size: 2097152
    max_qps: 500
    allow_methods:
        - HEAD
        - GET
        - POST
        - PUT
        - PATCH
        - DELETE
        - OPTIONS
        - CONNECT
        - TRACE
        - MOVE
        - PROPFIND
    headers:
        User-Agent: 'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0'
reverse:
    db_file_path: ""
    token: ""
    http:
        enabled: false
        listen_ip: 0.0.0.0
        listen_port: ""
        ip_header: ""
    dns:
        enabled: false
        listen_ip: 0.0.0.0
        domain: ""
        is_domain_name_server: false
        resolve:
            - type: A
              record: localhost
              value: 127.0.0.1
              ttl: 60
    client:
        remote_server: false
        http_base_url: ""
        dns_server_ip: ""
mitm:
    ca_cert: ./ca.crt
    ca_key: ./ca.key
    basic_auth:
        username: ""
        password: ""
    allow_ip_range: []
    restriction:
        hostname_allowed: []
        hostname_disallowed:
            - '*google*'
            - '*github*'
            - '*.gov.cn'
            - '*.edu.cn'
        port_allowed: []
        port_disallowed: []
        path_allowed: []
        path_disallowed: []
        query_key_allowed: []
        query_key_disallowed: []
        fragment_allowed: []
        fragment_disallowed: []
        post_key_allowed: []
        post_key_disallowed: []
    queue:
        max_length: 3000
    proxy_header:
        via: ""
        x_forwarded: false
    upstream_proxy: ""
basic-crawler:
    max_depth: 0
    max_count_of_links: 0
    allow_visit_parent_path: false
    restriction:
        hostname_allowed: []
        hostname_disallowed:
            - '*google*'
            - '*github*'
            - '*.gov.cn'
            - '*.edu.cn'
        port_allowed: []
        port_disallowed: []
        path_allowed: []
        path_disallowed: []
        query_key_allowed: []
        query_key_disallowed: []
        fragment_allowed: []
        fragment_disallowed: []
        post_key_allowed: []
        post_key_disallowed: []
    basic_auth:
        username: ""
        password: ""
browser-crawler:
    exec_path: ""
    disable_headless: false
    force_sandbox: false
    enable_image: false
    parent_path_detect: false
    proxy: ""
    user_agent: ""
    domain_headers: []
    max_depth: 10
    navigate_timeout_second: 10
    load_timeout_second: 10
    retry: 0
    page_analyze_timeout_second: 10
    max_interactive: 0
    max_interactive_depth: 0
    max_page_concurrent: 10
    max_page_visit: 500
    max_page_visit_per_site: 200
    element_filter_strength: 0
    restriction:
        hostname_allowed: []
        hostname_disallowed:
            - '*google*'
            - '*github*'
            - '*.gov.cn'
            - '*.edu.cn'
        port_allowed: []
        port_disallowed: []
        path_allowed: []
        path_disallowed: []
        query_key_allowed: []
        query_key_disallowed: []
        fragment_allowed: []
        fragment_disallowed: []
        post_key_allowed: []
        post_key_disallowed: []
plugins:
    baseline:
        enabled: false
        detect_cors_header_config: false
        detect_server_error_page: false
        detect_system_path_leak: false
        detect_outdated_ssl_version: false
        detect_http_header_config: false
        detect_cookie_httponly: false
        detect_china_id_card_number: false
        detect_china_phone_number: false
        detect_china_bank_card: false
        detect_private_ip: false
    brute-force:
        enabled: true
        username_dictionary: ""
        password_dictionary: ""
    cmd-injection:
        enabled: true
    crlf-injection:
        enabled: true
    custom:
        enabled: true
        depth: 0
        auto_load_tmpl: false
        include_tmpl: []
        exclude_tmpl: []
    dirscan:
        enabled: true
        depth: 1
        dictionary: ""
    fastjson:
        enabled: true
    fingerprint:
        enabled: true
    js:
        enabled: true
        sensitive_content_check: ""
    jsonp:
        enabled: true
    path_traversal:
        enabled: true
    prometheus:
        enabled: true
        depth: 1
        auto_load_poc: false
        include_poc: []
        exclude_poc: []
    redirect:
        enabled: true
    shiro:
        enabled: true
        cookie_name: ""
        aes_key: []
    sqldet:
        enabled: true
        boolean_based_detection: true
        error_based_detection: true
        time_based_detection: true
        use_comment_in_payload: false
        detect_sqli_in_cookie: true
    ssrf:
        enabled: true
    struts:
        enabled: true
    thinkphp:
        enabled: true
        detect_thinkphp_sqli: false
    upload:
        enabled: true
    waftest:
        enabled: true
        depth: 0
        auto_load_tmpl: false
        include_tmpl: []
        exclude_tmpl: []
        block_status_codes:
            - 403
        pass_status_codes:
            - 200
            - 404
        block_regex: ""
        pass_regex: ""
        non_blocked_as_passed: false
    xss:
        enabled: true
        detect_xss_in_cookie: true
        detect_xss_in_referer: true
        ie_feature: true
    xstream:
        enabled: true
    xxe:
        enabled: true

[secfb]

So, once we edit this config file, how can we use it for future scans? Can we save this config file as ~/.config/wscan/config.yaml?