Added ignore comment option (#138)

* Added ignore comment option

* Ignore blank lines & added changelog entry

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 - master
   - New
+    - New CLI flag `-ic` to ignore comments from wordlist.
     - New CLI flags `-request` to specify the raw request file to build the actual request from and `-request-proto` to define the new request format.
     - New CLI flag `-od` (output directory) to enable writing requests and responses for matched results to a file for postprocessing or debugging purposes.
     - New CLI flag `-maxtime` to limit the running time of ffuf

main.go

@@ -62,6 +62,7 @@ func main() {
 	conf := ffuf.NewConfig(ctx)
 	opts := cliOptions{}
 	var ignored bool
+	flag.BoolVar(&conf.IgnoreWordlistComments, "ic", false, "Ignore wordlist comments")
 	flag.StringVar(&opts.extensions, "e", "", "Comma separated list of extensions to apply. Each extension provided will extend the wordlist entry once. Only extends a wordlist with (default) FUZZ keyword.")
 	flag.BoolVar(&conf.DirSearchCompat, "D", false, "DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e.")
 	flag.Var(&opts.headers, "H", "Header `\"Name: Value\"`, separated by colon. Multiple -H flags are accepted.")

pkg/ffuf/config.go

@@ -20,6 +20,7 @@ type Config struct {
 	OutputDirectory        string                    `json:"outputdirectory"`
 	OutputFile             string                    `json:"outputfile"`
 	OutputFormat           string                    `json:"outputformat"`
+	IgnoreWordlistComments bool                      `json:"ignore_wordlist_comments"`
 	StopOn403              bool                      `json:"stop_403"`
 	StopOnErrors           bool                      `json:"stop_errors"`
 	StopOnAll              bool                      `json:"stop_all"`
@@ -55,6 +56,7 @@ func NewConfig(ctx context.Context) Config {
 	conf.Url = ""
 	conf.Data = ""
 	conf.Quiet = false
+	conf.IgnoreWordlistComments = false
 	conf.StopOn403 = false
 	conf.StopOnErrors = false
 	conf.StopOnAll = false

pkg/input/wordlist.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"os"
 	"regexp"
+	"strings"
 
 	"github.com/ffuf/ffuf/pkg/ffuf"
 )
@@ -106,6 +107,7 @@ func (w *WordlistInput) readFile(path string) error {
 	defer file.Close()
 
 	var data [][]byte
+	var ok bool
 	reader := bufio.NewScanner(file)
 	re := regexp.MustCompile(`(?i)%ext%`)
 	for reader.Scan() {
@@ -117,13 +119,29 @@ func (w *WordlistInput) readFile(path string) error {
 					data = append(data, []byte(contnt))
 				}
 			} else {
-				data = append(data, []byte(reader.Text()))
+				text := reader.Text()
+
+				if w.config.IgnoreWordlistComments {
+					text, ok = stripComments(text)
+					if !ok {
+						continue
+					}
+				}
+				data = append(data, []byte(text))
 			}
 		} else {
-			data = append(data, []byte(reader.Text()))
+			text := reader.Text()
+
+			if w.config.IgnoreWordlistComments {
+				text, ok = stripComments(text)
+				if !ok {
+					continue
+				}
+			}
+			data = append(data, []byte(text))
 			if w.keyword == "FUZZ" && len(w.config.Extensions) > 0 {
 				for _, ext := range w.config.Extensions {
-					data = append(data, []byte(reader.Text()+ext))
+					data = append(data, []byte(text+ext))
 				}
 			}
 		}
@@ -131,3 +149,20 @@ func (w *WordlistInput) readFile(path string) error {
 	w.data = data
 	return reader.Err()
 }
+
+// stripComments removes all kind of comments from the word
+func stripComments(text string) (string, bool) {
+	// If the line starts with a # ignoring any space on the left,
+	// return blank.
+	if strings.HasPrefix(strings.TrimLeft(text, " "), "#") {
+		return "", false
+	}
+
+	// If the line has # later after a space, that's a comment.
+	// Only send the word upto space to the routine.
+	index := strings.Index(text, " #")
+	if index == -1 {
+		return text, true
+	}
+	return text[:index], true
+}