Add open redirect, subdomain takeover, and info disclosure prompt modules

[Trusthoodies]

Adds three comprehensive vulnerability detection guides following the existing template structure.

Closes #131

Changes

• ✅ Added open_redirect.jinja - Parser differentials, OAuth exploitation, SSRF chaining
• ✅ Added subdomain_takeover.jinja - DNS enumeration, service fingerprinting, exploitation
• ✅ Added information_disclosure.jinja - Error analysis, source exposure, config leaks

Testing

All guides follow the established 180-line format and include:

• Critical context and scope
• Methodology (5 steps)
• Injection points
• Advanced techniques with examples
• Framework-specific exploitation
• Validation criteria
• Pro tips

Examples

Open Redirect

• Parser differentials: https://trusted.com@evil.com
• Protocol bypasses: //evil.com, javascript:alert(1)
• OAuth token theft flows with redirect_uri manipulation

Subdomain Takeover

• Service fingerprinting: S3 NoSuchBucket, GitHub Pages, Heroku
• DNS CNAME enumeration via crt.sh and passive recon
• Impact: session hijacking via cookie scope, OAuth callbacks

Information Disclosure

• Stack trace extraction: framework paths, versions, credentials
• Git exposure: /.git/HEAD, full repo dumping
• Config leaks: .env, web.config, API keys in JS bundles

[0xallam]

LGTM :)

Thanks! @Trusthoodies

[Trusthoodies]

No problem! Thanks for the fast reply and the merge!!

[Trusthoodies]

Is it a good idea to add the vulnerabilities to the system_prompt.jinja so that the agents are instructed to include them as well?
@0xallam

Like this for example?

<vulnerability_focus>
PRIMARY TARGETS (Test ALL of these):

1. Insecure Direct Object Reference (IDOR) - Unauthorized data access
2. SQL Injection - Database compromise and data exfiltration
3. Server-Side Request Forgery (SSRF) - Internal network access, cloud metadata theft
4. Cross-Site Scripting (XSS) - Session hijacking, credential theft
5. XML External Entity (XXE) - File disclosure, SSRF, DoS
6. Remote Code Execution (RCE) - Complete system compromise
7. Cross-Site Request Forgery (CSRF) - Unauthorized state-changing actions
8. Open Redirect - Unvalidated navigation enabling phishing, OAuth token leakage, redirect-based attacks, or trust abuse
9. Race Conditions/TOCTOU - Financial fraud, authentication bypass
10. Business Logic Flaws - Financial manipulation, workflow abuse
11. Authentication & JWT Vulnerabilities - Account takeover, privilege escalation
12. Subdomain Takeover - Unclaimed DNS mappings allowing hostile control of trusted subdomains and brand-secure hosting
13. Information Disclosure - Sensitive data exposure through debug endpoints, backups, metadata, logs, or misconfiguration

[0xallam]

@Trusthoodies

The list of all prompt modules is dynamically fetched and given into the agent system prompt at the start, so no need to add it manually :)

[Trusthoodies]

Ah, okay. Thanks for the clarification! :)