diff --git a/src/drivers/npm/README.md b/src/drivers/npm/README.md index 0e2e5e022..986e7c784 100644 --- a/src/drivers/npm/README.md +++ b/src/drivers/npm/README.md @@ -35,6 +35,7 @@ wappalyzer [options] -r, --recursive Follow links on pages (crawler) -a, --user-agent=... Set the user agent string -n, --no-scripts Disabled JavaScript on web pages +-N, --no-redirect Disable cross-domain redirects ``` @@ -66,6 +67,7 @@ const options = { htmlMaxCols: 2000, htmlMaxRows: 2000, noScripts: false, + noRedirect: false, }; const wappalyzer = new Wappalyzer(options) diff --git a/src/drivers/npm/cli.js b/src/drivers/npm/cli.js index d6e53d5a2..423ab999a 100755 --- a/src/drivers/npm/cli.js +++ b/src/drivers/npm/cli.js @@ -22,6 +22,7 @@ const aliases = { r: 'recursive', w: 'maxWait', n: 'noScripts', + N: 'noRedirect', } while (true) { @@ -75,6 +76,7 @@ Options: -r, --recursive Follow links on pages (crawler) -a, --user-agent=... Set the user agent string -n, --no-scripts Disabled JavaScript on web pages + -N, --no-redirect Disable cross-domain redirects `) process.exit(1) diff --git a/src/drivers/npm/driver.js b/src/drivers/npm/driver.js index 32d64365e..a0dfaf602 100644 --- a/src/drivers/npm/driver.js +++ b/src/drivers/npm/driver.js @@ -610,21 +610,33 @@ class Site { ] }) + // Prevent cross-domain redirects if (response.status() >= 300 && response.status() < 400) { if (headers.location) { - url = new URL(headers.location.slice(-1), url) + const _url = new URL(headers.location.slice(-1), url) + + if ( + _url.hostname.replace(/^www\./, '') === + this.originalUrl.hostname.replace(/^www\./, '') || + (Object.keys(this.analyzedUrls).length === 1 && + !this.options.noRedirect) + ) { + url = _url + + return + } } - } else { - responseReceived = true + } - const certIssuer = response.securityDetails() - ? response.securityDetails().issuer() - : '' + responseReceived = true - await this.onDetect(url, await analyze({ headers, certIssuer })) + const certIssuer = response.securityDetails() + ? response.securityDetails().issuer() + : '' - await this.emit('response', { page, response, headers, certIssuer }) - } + await this.onDetect(url, await analyze({ headers, certIssuer })) + + await this.emit('response', { page, response, headers, certIssuer }) } } catch (error) { this.error(error) @@ -983,7 +995,7 @@ class Site { ]) } catch (error) { this.analyzedUrls[url.href] = { - status: 0, + status: this.analyzedUrls[url.href]?.status || 0, error: error.message || error.toString(), }