Add OPSEC leak disclaimer when using active features
Maijin opened this issue · 3 comments
What is the feature that you are requesting?
Some features used in the tool can leak information to attackers and open source intelligence such as the scan to URLscan.
Therefore the tool should provide a one-shot disclaimer and a disclaimer likely in the README.
I would also suggest adding the passive alternative of scan -> search.
Additional information
Scanning on URLscan can lead to expose sensitive documents, sessions. It can also tip attacker that a specific campaign and even a specific email address is valid, information that they can use in a more advanced campaign.
Hi Maijin,
There's an open PR that sets the URLScan option to private instead to address this issue. The other options currently do not push by default to the various tools.
I've assigned the PR to this issue.
Thanks for raising it.
Yep that's a good progress, but don't forget that private or public scan more than the URLScan.io public listing, both will also reach-out to attacker infrastructure therefore tipping the attacker about their on-going campaign/valid email address etc.
So I'd still leave a disclaimer for the first scan and likely the README.md for that feature.
I can take a look at adding this in over the weekend! What would you think of providing the URLscan privacy policy instead? Something like:
"May want to check this out before submitting: [link]"