Purpose
Themindgard recon output-formatting command lets you test whether your target supports formatted responses e.g XML, JSON, or other structured formats.
Usage
After you have logged into your Mindgard account in the CLI, run:--config-file (required) : Path to your TOML configuration file. More information on configuration files can be found here.
Results
At the end of the recon test you will be given a link to its results page. The results page will present detected capabilities as well as working prompt/response examples.
Inspecting the details of the detected or not detected capabilities may reveal adaptation opportunities for further vulnerability scanning techniques in the system. For example, if the system supports JSON formatting, you may be able to use this to your advantage in testing or to circumvent guardrails by disguising malicious payloads as benign structured data.
When to use it
- Early in an engagement to scope output formatting options for further vulnerability scanning techniques.
- When seeking options to circumvent guardrail systems or to identify potential vulnerabilities in the system’s handling of structured data.