Wordlist standard input mode (#36)

* ignore the compiled binary * added possibility to read wordlist from standard input with -w - * Update README.md Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com> * Update main.go Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com> * updated changelog about the wordlist standard input mode * Update README.md Co-Authored-By: Joona Hoikkala <joohoi@users.noreply.github.com>
2019-06-04 12:20:31 +00:00 · 2019-06-04 12:20:31 +00:00 · 0295abb917
commit 0295abb917
parent 7fe5786c24
4 changed files with 23 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 /ffuf
--- a/README.md
+++ b/README.md
@ -121,7 +121,7 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
  -u string
    	Target URL
  -w string
-    	Wordlist path
+    	Wordlist file path or - to read from standard input
  -x string
    	HTTP Proxy URL
 ```
@ -143,8 +143,8 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
      - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
      - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.
   - Changed
      - Wordlist can also be read from standard input
 - v0.9
   - New
--- a/main.go
+++ b/main.go
@ -54,7 +54,7 @@ func main() {
 	flag.BoolVar(&conf.DirSearchCompat, "D", false, "DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e.")
 	flag.Var(&opts.headers, "H", "Header `\"Name: Value\"`, separated by colon. Multiple -H flags are accepted.")
 	flag.StringVar(&conf.Url, "u", "", "Target URL")
-	flag.StringVar(&conf.Wordlist, "w", "", "Wordlist path")
+	flag.StringVar(&conf.Wordlist, "w", "", "Wordlist file path or - to read from standard input")
 	flag.BoolVar(&conf.TLSVerify, "k", false, "TLS identity verification")
 	flag.StringVar(&opts.delay, "p", "", "Seconds of `delay` between requests, or a range of random delay. For example \"0.1\" or \"0.1-2.0\"")
 	flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
--- a/pkg/input/wordlist.go
+++ b/pkg/input/wordlist.go
@ -18,7 +18,16 @@ func NewWordlistInput(conf *ffuf.Config) (*WordlistInput, error) {
 	var wl WordlistInput
 	wl.config = conf
 	wl.position = -1
-	valid, err := wl.validFile(conf.Wordlist)
+	var valid bool
 	var err error
 	// stdin?
 	if conf.Wordlist == "-" {
 		// yes
 		valid = true
 	} else {
 		// no
 		valid, err = wl.validFile(conf.Wordlist)
 	}
 	if err != nil {
 		return &wl, err
 	}
@ -63,9 +72,15 @@ func (w *WordlistInput) validFile(path string) (bool, error) {
 //readFile reads the file line by line to a byte slice
 func (w *WordlistInput) readFile(path string) error {
-	file, err := os.Open(path)
+	var file *os.File
-	if err != nil {
+	var err error
-		return err
+	if path == "-" {
 		file = os.Stdin
 	} else {
 		file, err = os.Open(path)
 		if err != nil {
 			return err
 		}
 	}
 	defer file.Close()