Mirrors/ffuf
2
0
Fork 0
mirror of https://github.com/ffuf/ffuf synced 2024-11-10 06:04:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Custom autocalibration strings (#56)

Browse source 
* removed dead(?) code

* Added -acc for custom auto-calibration strings. Resolves #53

* don't use the calibration url templates when custom calibration paths are given

* added changelog entry about -acc flag
This commit is contained in:
Tapio Vuorinen 2019-10-15 12:38:45 +00:00 committed by Joona Hoikkala
parent adec6a9074
commit 44723e2b06
4 changed files with 66 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -100,6 +100,8 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
HTTP method to use (default "GET")
-ac
Automatically calibrate filtering options
-acc
Custom auto-calibration string. Can be used multiple times. Implies -ac
-i
Dummy flag for copy as curl functionality (ignored)
-b "NAME1=VALUE1; NAME2=VALUE2"
@ -183,6 +185,7 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
- New
- New CLI flag: -l, shows target location of redirect responses
- New CLI flac: -acc, custom auto-calibration strings
- Changed
- New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
- New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.

39
main.go
View file

@ -18,21 +18,22 @@ import (
)
type cliOptions struct {
extensions string
delay string
filterStatus string
filterSize string
filterRegexp string
filterWords string
matcherStatus string
matcherSize string
matcherRegexp string
matcherWords string
proxyURL string
outputFormat string
headers multiStringFlag
cookies multiStringFlag
showVersion bool
extensions string
delay string
filterStatus string
filterSize string
filterRegexp string
filterWords string
matcherStatus string
matcherSize string
matcherRegexp string
matcherWords string
proxyURL string
outputFormat string
headers multiStringFlag
cookies multiStringFlag
AutoCalibrationStrings multiStringFlag
showVersion bool
}
type multiStringFlag []string
@ -89,6 +90,7 @@ func main() {
flag.BoolVar(&conf.StopOnAll, "sa", false, "Stop on all error cases. Implies -sf and -se")
flag.BoolVar(&conf.FollowRedirects, "r", false, "Follow redirects")
flag.BoolVar(&conf.AutoCalibration, "ac", false, "Automatically calibrate filtering options")
flag.Var(&opts.AutoCalibrationStrings, "acc", "Custom auto-calibration string. Can be used multiple times. Implies -ac")
flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.")
flag.IntVar(&conf.Timeout, "timeout", 10, "HTTP request timeout in seconds.")
flag.BoolVar(&opts.showVersion, "V", false, "Show version information.")
@ -285,6 +287,13 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
}
}
// Auto-calibration strings
conf.AutoCalibrationStrings = parseOpts.AutoCalibrationStrings
// Using -acc implies -ac
if len(conf.AutoCalibrationStrings) > 0 {
conf.AutoCalibration = true
}
// Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP
if conf.Method == "GET" {
if len(conf.Data) > 0 {

89
pkg/ffuf/config.go
View file

@ -16,36 +16,37 @@ type optRange struct {
}
type Config struct {
StaticHeaders map[string]string
FuzzHeaders map[string]string
Extensions []string
DirSearchCompat bool
Method string
Url string
TLSVerify bool
Data string
Quiet bool
Colors bool
Wordlist string
InputCommand string
InputNum int
OutputFile string
OutputFormat string
StopOn403 bool
StopOnErrors bool
StopOnAll bool
FollowRedirects bool
AutoCalibration bool
ShowRedirectLocation bool
Timeout int
ProgressFrequency int
Delay optRange
Filters []FilterProvider
Matchers []FilterProvider
Threads int
Context context.Context
ProxyURL func(*http.Request) (*url.URL, error)
CommandLine string
StaticHeaders map[string]string
FuzzHeaders map[string]string
Extensions []string
DirSearchCompat bool
Method string
Url string
TLSVerify bool
Data string
Quiet bool
Colors bool
Wordlist string
InputCommand string
InputNum int
OutputFile string
OutputFormat string
StopOn403 bool
StopOnErrors bool
StopOnAll bool
FollowRedirects bool
AutoCalibration bool
AutoCalibrationStrings []string
ShowRedirectLocation bool
Timeout int
ProgressFrequency int
Delay optRange
Filters []FilterProvider
Matchers []FilterProvider
Threads int
Context context.Context
ProxyURL func(*http.Request) (*url.URL, error)
CommandLine string
}
func NewConfig(ctx context.Context) Config {
@ -75,31 +76,3 @@ func NewConfig(ctx context.Context) Config {
conf.DirSearchCompat = false
return conf
}
type CliOptions struct {
extensions string
delay string
filterStatus string
filterSize string
filterRegexp string
filterWords string
matcherStatus string
matcherSize string
matcherRegexp string
matcherWords string
proxyURL string
outputFormat string
headers multiStringFlag
showVersion bool
}
type multiStringFlag []string
func (m *multiStringFlag) String() string {
return ""
}
func (m *multiStringFlag) Set(value string) error {
*m = append(*m, value)
return nil
}

12
pkg/ffuf/job.go
View file

@ -194,10 +194,14 @@ func (j *Job) runTask(input []byte, position int, retried bool) {
//CalibrateResponses returns slice of Responses for randomly generated filter autocalibration requests
func (j *Job) CalibrateResponses() ([]Response, error) {
cInputs := make([]string, 0)
cInputs = append(cInputs, "admin"+RandomString(16)+"/")
cInputs = append(cInputs, ".htaccess"+RandomString(16))
cInputs = append(cInputs, RandomString(16)+"/")
cInputs = append(cInputs, RandomString(16))
if len(j.Config.AutoCalibrationStrings) < 1 {
cInputs = append(cInputs, "admin"+RandomString(16)+"/")
cInputs = append(cInputs, ".htaccess"+RandomString(16))
cInputs = append(cInputs, RandomString(16)+"/")
cInputs = append(cInputs, RandomString(16))
} else {
cInputs = append(cInputs, j.Config.AutoCalibrationStrings...)
}
results := make([]Response, 0)
for _, input := range cInputs {