From 0295abb91798da34d8195c84990a7e895d8b9104 Mon Sep 17 00:00:00 2001 From: Tapio Vuorinen Date: Tue, 4 Jun 2019 12:20:31 +0000 Subject: [PATCH] Wordlist standard input mode (#36) * ignore the compiled binary * added possibility to read wordlist from standard input with -w - * Update README.md Co-Authored-By: Joona Hoikkala * Update main.go Co-Authored-By: Joona Hoikkala * updated changelog about the wordlist standard input mode * Update README.md Co-Authored-By: Joona Hoikkala --- .gitignore | 1 + README.md | 4 ++-- main.go | 2 +- pkg/input/wordlist.go | 23 +++++++++++++++++++---- 4 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bc37ca7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/ffuf diff --git a/README.md b/README.md index 5d3c1e0..8159843 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`- -u string Target URL -w string - Wordlist path + Wordlist file path or - to read from standard input -x string HTTP Proxy URL ``` @@ -143,8 +143,8 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs. - New CLI flag: -timeout to specify custom timeouts for all HTTP requests. - - Changed + - Wordlist can also be read from standard input - v0.9 - New diff --git a/main.go b/main.go index a972bca..1435456 100644 --- a/main.go +++ b/main.go @@ -54,7 +54,7 @@ func main() { flag.BoolVar(&conf.DirSearchCompat, "D", false, "DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e.") flag.Var(&opts.headers, "H", "Header `\"Name: Value\"`, separated by colon. Multiple -H flags are accepted.") flag.StringVar(&conf.Url, "u", "", "Target URL") - flag.StringVar(&conf.Wordlist, "w", "", "Wordlist path") + flag.StringVar(&conf.Wordlist, "w", "", "Wordlist file path or - to read from standard input") flag.BoolVar(&conf.TLSVerify, "k", false, "TLS identity verification") flag.StringVar(&opts.delay, "p", "", "Seconds of `delay` between requests, or a range of random delay. For example \"0.1\" or \"0.1-2.0\"") flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response") diff --git a/pkg/input/wordlist.go b/pkg/input/wordlist.go index 9bde3fb..7a42253 100644 --- a/pkg/input/wordlist.go +++ b/pkg/input/wordlist.go @@ -18,7 +18,16 @@ func NewWordlistInput(conf *ffuf.Config) (*WordlistInput, error) { var wl WordlistInput wl.config = conf wl.position = -1 - valid, err := wl.validFile(conf.Wordlist) + var valid bool + var err error + // stdin? + if conf.Wordlist == "-" { + // yes + valid = true + } else { + // no + valid, err = wl.validFile(conf.Wordlist) + } if err != nil { return &wl, err } @@ -63,9 +72,15 @@ func (w *WordlistInput) validFile(path string) (bool, error) { //readFile reads the file line by line to a byte slice func (w *WordlistInput) readFile(path string) error { - file, err := os.Open(path) - if err != nil { - return err + var file *os.File + var err error + if path == "-" { + file = os.Stdin + } else { + file, err = os.Open(path) + if err != nil { + return err + } } defer file.Close()