Commit graph

75 commits

Author SHA1 Message Date
Joona Hoikkala
77cc45cd98
Prepare for v2.0 release (#635) 2023-02-04 15:06:35 +02:00
Joona Hoikkala
643f6b883f
Scraper functionality (#633)
* Scraper functionality

* Handle matched only - case for scraper

* Add scraper output to different formats

* Fix the ancient merge reminders

* Load scraper rules from directory

* Scraper fixes
2023-02-04 13:23:31 +02:00
Tom Hudson
633893cea0
Change precedence of quiet and JSON output to favour JSON (#570)
* Changes precedence of quiet and JSON output to favour JSON

* Adds JSON output precedence change to CHANGELOG; TomNomNom to CONTRIBUTORS

---------

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
2023-02-02 17:03:54 +02:00
Joona Hoikkala
9bddff79b9
New functionality to map fired blind payloads back to the initial request (#632)
* Fix ioutil deprecation and use xdg paths instead (wip)

* Clean up deprecated ioutil references, add config directory structure creation and run entry creation

* Add wordlist position setting and FFUFHASH variable

* Save full wordlist paths and print out a raw request when searched

* Cast from string to 32bit integer, 2billion should be enough for a position

* Use correct format strings for float
2023-02-02 11:51:11 +02:00
Joona Hoikkala
b7adc5038d
Fix jsonlines output while in silent mode (#630) 2023-01-31 17:10:08 +02:00
Joona Hoikkala
3328a284d2
Fix linter workflow and autocalibration for lines & words match (#614)
* Fix autocalibration for lines & words match

* Fix golangci-lint workflow
2022-12-07 18:26:06 +02:00
Joona Hoikkala
5c489aea78 Prepare for 1.5.0 release (#23) 2022-05-19 09:33:57 +03:00
Joona Hoikkala
21a19a1f3d Choose between 'and' and 'or' matching and filtering (#20) 2022-05-19 09:32:34 +03:00
Joona Hoikkala
9fa0a5d20a
Ac rewrite
* Full revamp of filtering, and autocalibration settings.

* Fix concurrency issue in calibration

* Fix linting
2022-05-19 09:31:54 +03:00
Joona Hoikkala
0aa69b527c
Prepare point release v1.4.1 (#538) 2022-04-04 01:22:50 +03:00
Joona Hoikkala
2345bfa86d
Fixes to recursion and wordlist handling for queued jobs (#537) 2022-04-04 01:19:39 +03:00
Joona Hoikkala
f6735d56dc
Prepare for release 1.4.0 (#535)
* Prepare for release 1.4.0

* Prep changelog
2022-03-26 11:01:25 +02:00
h1x
571b3397db
Fix a recursion bug when redirected to the same domain and a port was specified (#377) (#522)
This fixes the situation where the URL port is specified from the
command line and the "Location" redirection header contains an
absolute URL path.
2022-03-06 18:14:52 +02:00
Justin Steven
4c1a75498b
Add -json option (#509)
* Add -json option

Prints newline-delimited JSON output to STDOUT

* sort

* Clear terminal line via STDERR foreach JSON result

For each JSON result being printed, prepend it with a TERMINAL_CLEAR_LINE via
STDERR. This clears the progress line (which is also being emitted via STDERR)
and leaves us with a clean stream of JSON lines in the terminal.
2022-03-06 16:39:33 +02:00
Maxime Catrice
80a4aa7783
Fix -of all output and add HTTP/2 support (#451) (#462)
* Fix -of all output (#451)

* Add HTTP/2 support
2022-01-28 17:49:53 +02:00
Joona Hoikkala
2fdbd25655
Fix reading wordlists from cfg (#511)
* Fix issue with wordlists being defined in the ffufrc file

* Add changelog entry
2022-01-22 19:50:57 +02:00
Alexandre ZANNI
3cc6557fc4
500 Internal Server Error -> default matched status codes (#510)
* match 500 status code responses by default

* include 500 into default match codes

* match 500: update help message

* Update CHANGELOG.md
2022-01-22 18:58:07 +02:00
Gustavo Costa
3c78f89c83
Include full line colors (#446)
* Include full line colors

* Update CHANGELOG and CONTRIBUTORS
2021-05-17 01:35:55 +03:00
DoI
965f282c0b
Response time logging and filtering (#433)
* Added response time reporting and filtering

* Update to use the http config context

* Added changelog and contributor info

* Round time output in stdout to nearest millisecond

* Change stdout duration rounding to use Milliseconds()

* Go back to Round() for timing output

* Changed stdout to display millisecond durations

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
2021-05-17 00:10:56 +03:00
Joona Hoikkala
b56de007d4
Print results found during interactive mode after exiting it (#445) 2021-05-14 00:13:24 +03:00
Samuel Erb
5ad06815cd
Add TLS SNI Support (#441)
* add SNI support to ffuf

* remove change to keywordPresent

* Update CONTRIBUTORS.md

* Update CHANGELOG.md
2021-05-13 23:46:29 +03:00
Joona Hoikkala
ee0705e224
Fix an issue where output file was created regardless of -or (#444)
* Fix an issue where output file was created regardless of -or

* Add CHANGELOG entry
2021-05-13 19:07:00 +03:00
Joona Hoikkala
958f738b7d
Prepare for release v1.3.1 (#439) 2021-04-27 23:33:55 +03:00
Joona Hoikkala
33f3ecb65c
Trim the newline at the end of raw request file (#438) 2021-04-27 09:01:15 +03:00
Joona Hoikkala
25fc4e4b49
Fixed an issue with storing the matches for recursion jobs (#437) 2021-04-27 00:10:11 +03:00
Joona Hoikkala
8ffe1bd64e
Add a cli flag to disable interactive mode (#436) 2021-04-26 23:04:12 +03:00
Joona Hoikkala
aaa8f31865
Fix header canonicalization (#435) 2021-04-26 22:48:44 +03:00
Joona Hoikkala
d6b273332b
Fix size calculation (#434)
* Fix size calculation
2021-04-26 22:39:08 +03:00
Joona Hoikkala
4daf2b6fcb Fix changelog entries 2021-04-18 13:40:55 +03:00
Massimo Prencipe
a513e2767e Fix: Create output directory recursively instead of silently failing to produce output (#413)
* Fix: Create output directory recursively instead of silently failing to write output. Fixes issue #395.

* Update changelog, contributors
2021-04-18 13:40:44 +03:00
Joona Hoikkala
f97c2f7600
Interactive mode and recursion-strategy (#426)
* Add new feature: recursion-strategy

* Implementation of interactive mode (#8)

* Add interactive mode documentation (#9)

* Prepare for release 1.3.0 (#11)
2021-04-18 12:54:17 +03:00
Alexandre ZANNI
f1c39bec3a
replace badchar with a space (#390)
* replace badchar with a space

* add noraj to contribs

* add changelog

* remove PR ref & shoutouts

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>

* re-order

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
2021-02-23 13:49:54 +02:00
layton
0c991947a7
Adding Content-Type to all output formats (#336) (#341)
* adding content-type to csv and json output (#336)

* added to contributors and changelog

* changed 'type' to 'content-type'

* added content-type for html and md output

* updated changelog

Co-authored-by: layton <layton@desktop-manjaro.fritz.box>
Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
2021-02-21 15:52:41 +02:00
Joona Hoikkala
825bd3231d
Prepare 1.3.0 (#382) 2021-01-24 22:43:10 +02:00
Joona Hoikkala
9a5a067bca
Prepare release 1.2.0 (#378) 2021-01-24 19:02:46 +02:00
Jesus Galvan
5b75e9018f
Allow input-shell option (#344)
* Allow input-shell option

* Markdown files

* Changelog
* Contributors
2021-01-24 18:55:23 +02:00
Stefan Stojanovski
6a7bdc0f93
Added 405 Method Not Allowed to the list of status codes matched by default (#373)
* Update .ffufrc to match 405 status code responses by default

* Updated README.md with the new default match status codes

* Updated default match codes to include 405 Method Not Allowed

405 Method not Allowed is returned by many api endpoints when accessed via an improper method. ffuf sends GET reqeusts by default and if an endpoint only supports POST it will return 405 and ffuf will not think it's a valid endpoint unless specifically told to match 405 status codes

* Added choket to contributors

* Update CHANGELOG.md
2021-01-24 18:54:30 +02:00
Bp0lr
bc5e61ecc3
Empty filter (#330)
* add support to filter empty result files.

* update readme

* add contributors.

* add changelog

* Update ffufrc.example
2020-11-23 20:39:06 +02:00
M. Ángel Jimeno
c6a6293499
pkg/ffuf: fix panic in Windows when parsing wordlist flag (#335)
This change addresses two panics that happened while parsing the provided
wordlist flag in Windows systems.

- pkg/ffuf/util.go:40: panic happened when the provided path was
invalid. Example: ".\wordlist.txt:" as the os.Stat call returned an
error different than os.ErrNotExist.

- pkg/ffuf/optionsparser.go:179: panic happened when the provided value
did not existed and did not contain a colon character. Example:
".\asdf.txt" when the local file ".\asdf.txt" did not exist. This panic
happened due to strings.LastIndex returning -1 when the provided
substring does not appear. Therefore, v[:-1] panicking.

Fixes #333

Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com>
2020-10-26 23:43:09 +02:00
Fabio
2be8b878f8
issue/274 * made links in HTML report clickable (#323)
* issue/274 * made links in HTML report clickable

* issue/274 * updated changelog and contributors

* fixed contributors order
2020-10-05 11:05:02 +03:00
bjhulst
2abc72018d
Bug 231 (#312)
* Update filter.go

* Upsert filter options

Insert or update filter options.

* Indent.

* Updated CHANGELOG.md

fix for: Option -ac overwriting other existing filters #231
2020-10-03 11:20:21 +03:00
Joona Hoikkala
1f89295d25
Add CHANGELOG.md entry for the config file stuff (#309) 2020-09-27 19:28:56 +03:00
Kiblyn11
79fe3c0c91
Change banner logging to stderr (#282)
* Change banner logging to stderr

* Edit CHANGELOG and CONTRIBUTORS

* fix: add to contributors according to sort order
2020-09-24 12:09:03 +03:00
Joona Hoikkala
dc24ad2639
Make SIGINT more responsive, and handle zombied TCP connections properly (#302) 2020-09-24 12:04:31 +03:00
Stephen Haywood
a71f1c0105
Comma separated -w flags (#294)
* Comma separated -w flags.

* Remove printf

* Updated changelog and contributors

* Alphabetical order
2020-09-14 23:13:21 +03:00
Joona Hoikkala
a4b3154484
Better pre-flight errors (#288) 2020-08-30 15:22:06 +03:00
Joona Hoikkala
0ce941326b
Throttle rate of requests per second (#287)
* Add the functionality to perform req/sec limiting (for humans)

* Add documentation
2020-08-30 13:51:41 +03:00
Joona Hoikkala
d61ceb3eb2
Release 1.1 (#266) 2020-07-23 13:38:56 +03:00
Joona Hoikkala
bef2dc04ed
Fix crash with 3xx requests without location header (#265)
Co-authored-by: Joona Hoikkala <joohoi@io.fi>
2020-07-23 13:13:27 +03:00
bjhulst
9bb613050e
Update random seed logic (#262)
* Update util.go

* Update job.go

rand.Seed updated just before usage

* Update util.go

revert

* Updated CHANGELOG.MD with a description of the bug fix.

Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
2020-07-23 12:28:31 +03:00