Purpose
Themindgard recon output-rendering command lets you test whether your target supports rendered responses e.g System responses rendered as HTML or other formats that may be visually distinguishable from normal text.
Usage
After you have logged into your Mindgard account in the CLI, run:--config-file (required) : Path to your TOML configuration file. More information on configuration files can be found here.
Results
At the end of the recon test you will be given a link to its results page. The results page will present detected capabilities as well as working prompt/response examples.
Inspecting the details of the detected or not detected capabilities may reveal adaptation opportunities for further vulnerability scanning techniques in the system.
For example, if the system supports HTML rendering, you may be able to use this to your advantage in testing or to circumvent guardrails by disguising malicious payloads as benign rendered content.
When to use it
- Early in an engagement to scope output rendering options for further vulnerability scanning techniques.
- When seeking options to circumvent guardrail systems or to identify potential vulnerabilities in the system’s handling of rendered data.