From 833dc11eaded644b8f5b765766d1984577884a43 Mon Sep 17 00:00:00 2001
From: jav0x <53537268+fatguru@users.noreply.github.com>
Date: Thu, 11 Dec 2025 11:57:20 -0300
Subject: [PATCH] feat: Add random path probing to bypass middleware redirects

---
 scanner.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scanner.py b/scanner.py
index 9d0bdb2..572ec4d 100755
--- a/scanner.py
+++ b/scanner.py
@@ -325,7 +325,11 @@ def check_vulnerability(host: str, timeout: int = 10, verify_ssl: bool = True, f
     if paths:
         test_paths = paths
     else:
-        test_paths = ["/"]  # Default to root path
+        # Default behavior: Test root AND a random path.
+        # Why? Root (/) often redirects (307/308) causing False Negatives.
+        # A random path triggers the 404 RSC handler, forcing payload processing.
+        random_path = '/' + ''.join(random.choices(string.ascii_lowercase + string.digits, k=6))
+        test_paths = ["/", random_path]
 
     if safe_check:
         body, content_type = build_safe_payload()