Ability to Not Print "Not Reflected" Reports of Paramminer on Output.ndjson

[TheTechromancer]

Discussed in #1329

^{Originally posted by amiremami April 29, 2024}
That would be great if possible to add a config option for paramminer to not print not reflected items into output.ndjson

Thanks 🙏

[liquidsec]

I think i'd rather have the generic ability to filter by tags in the output module, rather than something specific just for this one tag in paramminer. @TheTechromancer thoughts?

[TheTechromancer]

Tags are a good idea but we should try and consider users who are only scanning for vulnerabilities and don't plan on doing manual fuzzing. To them I think only the reflected ones would be interesting, so it might make sense to have a filter option on the module.

On the other hand, even the reflected ones sometimes don't result in a vulnerability. So until we have a more complete web scanning family with PARAM events, if we just want to say the paramminer modules are for advanced users only, that's fine too.

[liquidsec]

Lightfuzz branch will change how all of these works, so I am very hesitant to make changes like this now (there will be an entirely new event type, WEB_PARAMETER). This is also why I was leaning towards making a generic option to filter by tags.