From 6a7bdc0f93d2164727332148e8758f0832dc9c9d Mon Sep 17 00:00:00 2001
From: Stefan Stojanovski <47993064+choket@users.noreply.github.com>
Date: Sun, 24 Jan 2021 17:54:30 +0100
Subject: [PATCH] Added 405 Method Not Allowed to the list of status codes
 matched by default (#373)

* Update .ffufrc to match 405 status code responses by default

* Updated README.md with the new default match status codes

* Updated default match codes to include 405 Method Not Allowed

405 Method not Allowed is returned by many api endpoints when accessed via an improper method. ffuf sends GET reqeusts by default and if an endpoint only supports POST it will return 405 and ffuf will not think it's a valid endpoint unless specifically told to match 405 status codes

* Added choket to contributors

* Update CHANGELOG.md
---
 CHANGELOG.md              | 1 +
 CONTRIBUTORS.md           | 1 +
 README.md                 | 2 +-
 ffufrc.example            | 2 +-
 pkg/ffuf/optionsparser.go | 2 +-
 5 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3424505..71b6e19 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## Changelog
 - master
   - New
+    - Added 405 Method Not Allowed to list of status codes matched by default.
     - New CLI flag `-rate` to set maximum rate of requests per second. The adjustment is dynamic.
     - New CLI flag `-config` to define a configuration file with preconfigured settings for the job.
     - Ffuf now reads a default configuration file `$HOME/.ffufrc` upon startup. Options set in this file
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 1c739b6..a5c02e0 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -4,6 +4,7 @@
 * [bjhulst](https://github.com/bjhulst)
 * [bsysop](https://twitter.com/bsysop)
 * [ccsplit](https://github.com/ccsplit)
+* [choket](https://github.com/choket)
 * [codingo](https://github.com/codingo)
 * [c_sto](https://github.com/c-sto)
 * [Damian89](https://github.com/Damian89)
diff --git a/README.md b/README.md
index c44de54..66f743a 100644
--- a/README.md
+++ b/README.md
@@ -166,7 +166,7 @@ GENERAL OPTIONS:
   -v               Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
 
 MATCHER OPTIONS:
-  -mc              Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403)
+  -mc              Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405)
   -ml              Match amount of lines in response
   -mr              Match regexp
   -ms              Match HTTP response size
diff --git a/ffufrc.example b/ffufrc.example
index eb6912a..f3684be 100644
--- a/ffufrc.example
+++ b/ffufrc.example
@@ -73,5 +73,5 @@
     lines = ""
     regexp = ""
     size = ""
-    status = "200,204,301,302,307,401,403"
+    status = "200,204,301,302,307,401,403,405"
     words = ""
diff --git a/pkg/ffuf/optionsparser.go b/pkg/ffuf/optionsparser.go
index 61009dc..61a3d15 100644
--- a/pkg/ffuf/optionsparser.go
+++ b/pkg/ffuf/optionsparser.go
@@ -135,7 +135,7 @@ func NewConfigOptions() *ConfigOptions {
 	c.Matcher.Lines = ""
 	c.Matcher.Regexp = ""
 	c.Matcher.Size = ""
-	c.Matcher.Status = "200,204,301,302,307,401,403"
+	c.Matcher.Status = "200,204,301,302,307,401,403,405"
 	c.Matcher.Words = ""
 	c.Output.DebugLog = ""
 	c.Output.OutputDirectory = ""