Wordlist standard input mode (#36)

* ignore the compiled binary * added possibility to read wordlist from standard input with -w - * Update README.md Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com> * Update main.go Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com> * updated changelog about the wordlist standard input mode * Update README.md Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com>
2024-12-01 15:49:18 +00:00 · 2019-06-04 12:20:31 +00:00 · 2019-06-04 12:20:31 +00:00 · 0295abb917
commit 0295abb917
parent 7fe5786c24
4 changed files with 23 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/ffuf
--- a/README.md
+++ b/README.md
@ -121,7 +121,7 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
  -u string
    	Target URL
  -w string
-    	Wordlist path
+    	Wordlist file path or - to read from standard input
  -x string
    	HTTP Proxy URL
 ```
@ -143,8 +143,8 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
      - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
      - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.

-
   - Changed
+      - Wordlist can also be read from standard input

 - v0.9
   - New
--- a/main.go
+++ b/main.go
@ -54,7 +54,7 @@ func main() {
 	flag.BoolVar(&conf.DirSearchCompat, "D", false, "DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e.")
 	flag.Var(&opts.headers, "H", "Header `\"Name: Value\"`, separated by colon. Multiple -H flags are accepted.")
 	flag.StringVar(&conf.Url, "u", "", "Target URL")
-	flag.StringVar(&conf.Wordlist, "w", "", "Wordlist path")
+	flag.StringVar(&conf.Wordlist, "w", "", "Wordlist file path or - to read from standard input")
 	flag.BoolVar(&conf.TLSVerify, "k", false, "TLS identity verification")
 	flag.StringVar(&opts.delay, "p", "", "Seconds of `delay` between requests, or a range of random delay. For example \"0.1\" or \"0.1-2.0\"")
 	flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
--- a/pkg/input/wordlist.go
+++ b/pkg/input/wordlist.go
@ -18,7 +18,16 @@ func NewWordlistInput(conf *ffuf.Config) (*WordlistInput, error) {
 	var wl WordlistInput
 	wl.config = conf
 	wl.position = -1
-	valid, err := wl.validFile(conf.Wordlist)
+	var valid bool
+	var err error
+	// stdin?
+	if conf.Wordlist == "-" {
+		// yes
+		valid = true
+	} else {
+		// no
+		valid, err = wl.validFile(conf.Wordlist)
+	}
 	if err != nil {
 		return &wl, err
 	}
@ -63,9 +72,15 @@ func (w *WordlistInput) validFile(path string) (bool, error) {

 //readFile reads the file line by line to a byte slice
 func (w *WordlistInput) readFile(path string) error {
-	file, err := os.Open(path)
-	if err != nil {
-		return err
+	var file *os.File
+	var err error
+	if path == "-" {
+		file = os.Stdin
+	} else {
+		file, err = os.Open(path)
+		if err != nil {
+			return err
+		}
 	}
 	defer file.Close()