Custom autocalibration strings (#56)

* removed dead(?) code

* Added -acc for custom auto-calibration strings. Resolves #53

* don't use the calibration url templates when custom calibration paths are given

* added changelog entry about -acc flag

README.md

@@ -100,6 +100,8 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
     	HTTP method to use (default "GET")
   -ac
     	Automatically calibrate filtering options
+  -acc
+      Custom auto-calibration string. Can be used multiple times. Implies -ac
   -i
       Dummy flag for copy as curl functionality (ignored)
   -b "NAME1=VALUE1; NAME2=VALUE2"
@@ -183,6 +185,7 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
 
   - New
     - New CLI flag: -l, shows target location of redirect responses
+    - New CLI flac: -acc, custom auto-calibration strings
   - Changed
     - New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
     - New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.

main.go

@@ -32,6 +32,7 @@ type cliOptions struct {
 	outputFormat           string
 	headers                multiStringFlag
 	cookies                multiStringFlag
+	AutoCalibrationStrings multiStringFlag
 	showVersion            bool
 }
 
@@ -89,6 +90,7 @@ func main() {
 	flag.BoolVar(&conf.StopOnAll, "sa", false, "Stop on all error cases. Implies -sf and -se")
 	flag.BoolVar(&conf.FollowRedirects, "r", false, "Follow redirects")
 	flag.BoolVar(&conf.AutoCalibration, "ac", false, "Automatically calibrate filtering options")
+	flag.Var(&opts.AutoCalibrationStrings, "acc", "Custom auto-calibration string. Can be used multiple times. Implies -ac")
 	flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.")
 	flag.IntVar(&conf.Timeout, "timeout", 10, "HTTP request timeout in seconds.")
 	flag.BoolVar(&opts.showVersion, "V", false, "Show version information.")
@@ -285,6 +287,13 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
 		}
 	}
 
+	// Auto-calibration strings
+	conf.AutoCalibrationStrings = parseOpts.AutoCalibrationStrings
+	// Using -acc implies -ac
+	if len(conf.AutoCalibrationStrings) > 0 {
+		conf.AutoCalibration = true
+	}
+
 	// Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP
 	if conf.Method == "GET" {
 		if len(conf.Data) > 0 {

pkg/ffuf/config.go

@@ -36,6 +36,7 @@ type Config struct {
 	StopOnAll              bool
 	FollowRedirects        bool
 	AutoCalibration        bool
+	AutoCalibrationStrings []string
 	ShowRedirectLocation   bool
 	Timeout                int
 	ProgressFrequency      int
@@ -75,31 +76,3 @@ func NewConfig(ctx context.Context) Config {
 	conf.DirSearchCompat = false
 	return conf
 }
-
-type CliOptions struct {
-	extensions    string
-	delay         string
-	filterStatus  string
-	filterSize    string
-	filterRegexp  string
-	filterWords   string
-	matcherStatus string
-	matcherSize   string
-	matcherRegexp string
-	matcherWords  string
-	proxyURL      string
-	outputFormat  string
-	headers       multiStringFlag
-	showVersion   bool
-}
-
-type multiStringFlag []string
-
-func (m *multiStringFlag) String() string {
-	return ""
-}
-
-func (m *multiStringFlag) Set(value string) error {
-	*m = append(*m, value)
-	return nil
-}

pkg/ffuf/job.go

@@ -194,10 +194,14 @@ func (j *Job) runTask(input []byte, position int, retried bool) {
 //CalibrateResponses returns slice of Responses for randomly generated filter autocalibration requests
 func (j *Job) CalibrateResponses() ([]Response, error) {
 	cInputs := make([]string, 0)
+	if len(j.Config.AutoCalibrationStrings) < 1 {
 		cInputs = append(cInputs, "admin"+RandomString(16)+"/")
 		cInputs = append(cInputs, ".htaccess"+RandomString(16))
 		cInputs = append(cInputs, RandomString(16)+"/")
 		cInputs = append(cInputs, RandomString(16))
+	} else {
+		cInputs = append(cInputs, j.Config.AutoCalibrationStrings...)
+	}
 
 	results := make([]Response, 0)
 	for _, input := range cInputs {