foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Custom autocalibration strings (#56)

Browse Source 
* removed dead(?) code

* Added -acc for custom auto-calibration strings. Resolves #53

* don't use the calibration url templates when custom calibration paths are given

* added changelog entry about -acc flag
This commit is contained in:
Tapio Vuorinen 2019-10-15 12:38:45 +00:00 committed by Joona Hoikkala
parent adec6a9074
commit 44723e2b06
4 changed files with 66 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -100,6 +100,8 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
HTTP method to use (default "GET") HTTP method to use (default "GET")
-ac -ac
Automatically calibrate filtering options Automatically calibrate filtering options
-acc
Custom auto-calibration string. Can be used multiple times. Implies -ac
-i -i
Dummy flag for copy as curl functionality (ignored) Dummy flag for copy as curl functionality (ignored)
-b "NAME1=VALUE1; NAME2=VALUE2" -b "NAME1=VALUE1; NAME2=VALUE2"
@ -183,6 +185,7 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
- New - New
- New CLI flag: -l, shows target location of redirect responses - New CLI flag: -l, shows target location of redirect responses
- New CLI flac: -acc, custom auto-calibration strings
- Changed - Changed
- New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl. - New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
- New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl. - New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.

39
main.go
View File

@ -18,21 +18,22 @@ import (
) )
type cliOptions struct { type cliOptions struct {
extensions string extensions string
delay string delay string
filterStatus string filterStatus string
filterSize string filterSize string
filterRegexp string filterRegexp string
filterWords string filterWords string
matcherStatus string matcherStatus string
matcherSize string matcherSize string
matcherRegexp string matcherRegexp string
matcherWords string matcherWords string
proxyURL string proxyURL string
outputFormat string outputFormat string
headers multiStringFlag headers multiStringFlag
cookies multiStringFlag cookies multiStringFlag
showVersion bool AutoCalibrationStrings multiStringFlag
showVersion bool
} }
type multiStringFlag []string type multiStringFlag []string
@ -89,6 +90,7 @@ func main() {
flag.BoolVar(&conf.StopOnAll, "sa", false, "Stop on all error cases. Implies -sf and -se") flag.BoolVar(&conf.StopOnAll, "sa", false, "Stop on all error cases. Implies -sf and -se")
flag.BoolVar(&conf.FollowRedirects, "r", false, "Follow redirects") flag.BoolVar(&conf.FollowRedirects, "r", false, "Follow redirects")
flag.BoolVar(&conf.AutoCalibration, "ac", false, "Automatically calibrate filtering options") flag.BoolVar(&conf.AutoCalibration, "ac", false, "Automatically calibrate filtering options")
flag.Var(&opts.AutoCalibrationStrings, "acc", "Custom auto-calibration string. Can be used multiple times. Implies -ac")
flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.") flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.")
flag.IntVar(&conf.Timeout, "timeout", 10, "HTTP request timeout in seconds.") flag.IntVar(&conf.Timeout, "timeout", 10, "HTTP request timeout in seconds.")
flag.BoolVar(&opts.showVersion, "V", false, "Show version information.") flag.BoolVar(&opts.showVersion, "V", false, "Show version information.")
@ -285,6 +287,13 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
} }
} }
// Auto-calibration strings
conf.AutoCalibrationStrings = parseOpts.AutoCalibrationStrings
// Using -acc implies -ac
if len(conf.AutoCalibrationStrings) > 0 {
conf.AutoCalibration = true
}
// Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP // Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP
if conf.Method == "GET" { if conf.Method == "GET" {
if len(conf.Data) > 0 { if len(conf.Data) > 0 {

89
pkg/ffuf/config.go
View File

@ -16,36 +16,37 @@ type optRange struct {
} }
type Config struct { type Config struct {
StaticHeaders map[string]string StaticHeaders map[string]string
FuzzHeaders map[string]string FuzzHeaders map[string]string
Extensions []string Extensions []string
DirSearchCompat bool DirSearchCompat bool
Method string Method string
Url string Url string
TLSVerify bool TLSVerify bool
Data string Data string
Quiet bool Quiet bool
Colors bool Colors bool
Wordlist string Wordlist string
InputCommand string InputCommand string
InputNum int InputNum int
OutputFile string OutputFile string
OutputFormat string OutputFormat string
StopOn403 bool StopOn403 bool
StopOnErrors bool StopOnErrors bool
StopOnAll bool StopOnAll bool
FollowRedirects bool FollowRedirects bool
AutoCalibration bool AutoCalibration bool
ShowRedirectLocation bool AutoCalibrationStrings []string
Timeout int ShowRedirectLocation bool
ProgressFrequency int Timeout int
Delay optRange ProgressFrequency int
Filters []FilterProvider Delay optRange
Matchers []FilterProvider Filters []FilterProvider
Threads int Matchers []FilterProvider
Context context.Context Threads int
ProxyURL func(*http.Request) (*url.URL, error) Context context.Context
CommandLine string ProxyURL func(*http.Request) (*url.URL, error)
CommandLine string
} }
func NewConfig(ctx context.Context) Config { func NewConfig(ctx context.Context) Config {
@ -75,31 +76,3 @@ func NewConfig(ctx context.Context) Config {
conf.DirSearchCompat = false conf.DirSearchCompat = false
return conf return conf
} }
type CliOptions struct {
extensions string
delay string
filterStatus string
filterSize string
filterRegexp string
filterWords string
matcherStatus string
matcherSize string
matcherRegexp string
matcherWords string
proxyURL string
outputFormat string
headers multiStringFlag
showVersion bool
}
type multiStringFlag []string
func (m *multiStringFlag) String() string {
return ""
}
func (m *multiStringFlag) Set(value string) error {
*m = append(*m, value)
return nil
}

12
pkg/ffuf/job.go
View File

@ -194,10 +194,14 @@ func (j *Job) runTask(input []byte, position int, retried bool) {
//CalibrateResponses returns slice of Responses for randomly generated filter autocalibration requests //CalibrateResponses returns slice of Responses for randomly generated filter autocalibration requests
func (j *Job) CalibrateResponses() ([]Response, error) { func (j *Job) CalibrateResponses() ([]Response, error) {
cInputs := make([]string, 0) cInputs := make([]string, 0)
cInputs = append(cInputs, "admin"+RandomString(16)+"/") if len(j.Config.AutoCalibrationStrings) < 1 {
cInputs = append(cInputs, ".htaccess"+RandomString(16)) cInputs = append(cInputs, "admin"+RandomString(16)+"/")
cInputs = append(cInputs, RandomString(16)+"/") cInputs = append(cInputs, ".htaccess"+RandomString(16))
cInputs = append(cInputs, RandomString(16)) cInputs = append(cInputs, RandomString(16)+"/")
cInputs = append(cInputs, RandomString(16))
} else {
cInputs = append(cInputs, j.Config.AutoCalibrationStrings...)
}
results := make([]Response, 0) results := make([]Response, 0)
for _, input := range cInputs { for _, input := range cInputs {