Mirrors/ffuf
2
0
Fork 0
mirror of https://github.com/ffuf/ffuf synced 2024-11-22 03:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Prepare for v2.1.0 release (#724)

Browse source
This commit is contained in:
Joona Hoikkala 2023-09-16 15:18:12 +03:00 committed by GitHub
parent 36124a1afe
commit 7a2756a8f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -1,10 +1,16 @@
## Changelog ## Changelog
- master - master
- New
- Changed
- v2.1.0
- New - New
- autocalibration-strategy refactored to support extensible strategy configuration - autocalibration-strategy refactored to support extensible strategy configuration
- New cli flag `-raw` to omit urlencoding for URIs - New cli flag `-raw` to omit urlencoding for URIs
- New cli flags `-ck` and `-cc` to enable the use of client side certificate authentication
- Integration with `github.com/ffuf/pencode` library, added `-enc` cli flag to do various in-fly encodings for input data - Integration with `github.com/ffuf/pencode` library, added `-enc` cli flag to do various in-fly encodings for input data
- Changed - Changed
- Fix multiline output
- Explicitly allow TLS1.0 - Explicitly allow TLS1.0
- Fix markdown output file format - Fix markdown output file format
- Fix csv output file format - Fix csv output file format
@ -12,6 +18,7 @@
- Automatic brotli and deflate decompression - Automatic brotli and deflate decompression
- Report if request times out when a time based matcher or filter is active - Report if request times out when a time based matcher or filter is active
- All 2XX status codes are now matched - All 2XX status codes are now matched
- Allow adding "unused" wordlists in config file
- v2.0.0 - v2.0.0
- New - New

10
README.md
View file

@ -150,16 +150,19 @@ parameter.
To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`). To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`).
``` ```
Fuzz Faster U Fool - v2.0.0 Fuzz Faster U Fool - v2.1.0
HTTP OPTIONS: HTTP OPTIONS:
-H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted. -H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
-X HTTP method to use -X HTTP method to use
-b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality. -b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality.
-cc Client cert for authentication. Client key needs to be defined as well for this to work
-ck Client key for authentication. Client certificate needs to be defined as well for this to work
-d POST data -d POST data
-http2 Use HTTP2 protocol (default: false) -http2 Use HTTP2 protocol (default: false)
-ignore-body Do not fetch the response content. (default: false) -ignore-body Do not fetch the response content. (default: false)
-r Follow redirects (default: false) -r Follow redirects (default: false)
-raw Do not encode URI (default: false)
-recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false) -recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-recursion-depth Maximum recursion depth. (default: 0) -recursion-depth Maximum recursion depth. (default: 0)
-recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default) -recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default)
@ -175,7 +178,7 @@ GENERAL OPTIONS:
-acc Custom auto-calibration string. Can be used multiple times. Implies -ac -acc Custom auto-calibration string. Can be used multiple times. Implies -ac
-ach Per host autocalibration (default: false) -ach Per host autocalibration (default: false)
-ack Autocalibration keyword (default: FUZZ) -ack Autocalibration keyword (default: FUZZ)
-acs Autocalibration strategy: "basic" or "advanced" (default: basic) -acs Custom auto-calibration strategies. Can be used multiple times. Implies -ac
-c Colorize output. (default: false) -c Colorize output. (default: false)
-config Load configuration from a file -config Load configuration from a file
-json JSON output, printing newline-delimited JSON records (default: false) -json JSON output, printing newline-delimited JSON records (default: false)
@ -195,7 +198,7 @@ GENERAL OPTIONS:
-v Verbose output, printing full URL and redirect location (if any) with the results. (default: false) -v Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
MATCHER OPTIONS: MATCHER OPTIONS:
-mc Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405,500) -mc Match HTTP status codes, or "all" for everything. (default: 200-299,301,302,307,401,403,405,500)
-ml Match amount of lines in response -ml Match amount of lines in response
-mmode Matcher set operator. Either of: and, or (default: or) -mmode Matcher set operator. Either of: and, or (default: or)
-mr Match regexp -mr Match regexp
@ -215,6 +218,7 @@ FILTER OPTIONS:
INPUT OPTIONS: INPUT OPTIONS:
-D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false) -D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
-e Comma separated list of extensions. Extends FUZZ keyword. -e Comma separated list of extensions. Extends FUZZ keyword.
-enc Encoders for keywords, eg. 'FUZZ:urlencode b64encode'
-ic Ignore wordlist comments (default: false) -ic Ignore wordlist comments (default: false)
-input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w. -input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w.
-input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100) -input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)

2
pkg/ffuf/constants.go
View file

@ -7,7 +7,7 @@ import (
var ( var (
//VERSION holds the current version number //VERSION holds the current version number
VERSION = "2.0.0" VERSION = "2.1.0"
//VERSION_APPENDIX holds additional version definition //VERSION_APPENDIX holds additional version definition
VERSION_APPENDIX = "-dev" VERSION_APPENDIX = "-dev"
CONFIGDIR = filepath.Join(xdg.ConfigHome, "ffuf") CONFIGDIR = filepath.Join(xdg.ConfigHome, "ffuf")