foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow input-shell option (#344)

Browse Source 
* Allow input-shell option

* Markdown files

* Changelog
* Contributors
This commit is contained in:
Jesus Galvan 2021-01-24 17:55:23 +01:00 committed by GitHub
parent 6a7bdc0f93
commit 5b75e9018f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,6 +8,7 @@
are overwritten by the ones provided on CLI. are overwritten by the ones provided on CLI.
- Change banner logging to stderr instead of stdout. - Change banner logging to stderr instead of stdout.
- New CLI flag `-or` to avoid creating result files if we didn't get any. - New CLI flag `-or` to avoid creating result files if we didn't get any.
- New CLI flag `-input-shell` to set the shell to be used by `input-cmd`
- Changed - Changed
- Pre-flight errors are now displayed also after the usage text to prevent the need to scroll through backlog. - Pre-flight errors are now displayed also after the usage text to prevent the need to scroll through backlog.

1
CONTRIBUTORS.md
View File

@ -18,6 +18,7 @@
* [JamTookTheBait](https://github.com/JamTookTheBait) * [JamTookTheBait](https://github.com/JamTookTheBait)
* [jimen0](https://github.com/jimen0) * [jimen0](https://github.com/jimen0)
* [joohoi](https://github.com/joohoi) * [joohoi](https://github.com/joohoi)
* [jsgv](https://github.com/jsgv)
* [jvesiluoma](https://github.com/jvesiluoma) * [jvesiluoma](https://github.com/jvesiluoma)
* [Kiblyn11](https://github.com/Kiblyn11) * [Kiblyn11](https://github.com/Kiblyn11)
* [lc](https://github.com/lc) * [lc](https://github.com/lc)

1
main.go
View File

@ -96,6 +96,7 @@ func ParseFlags(opts *ffuf.ConfigOptions) *ffuf.ConfigOptions {
flag.StringVar(&opts.HTTP.URL, "u", opts.HTTP.URL, "Target URL") flag.StringVar(&opts.HTTP.URL, "u", opts.HTTP.URL, "Target URL")
flag.StringVar(&opts.Input.Extensions, "e", opts.Input.Extensions, "Comma separated list of extensions. Extends FUZZ keyword.") flag.StringVar(&opts.Input.Extensions, "e", opts.Input.Extensions, "Comma separated list of extensions. Extends FUZZ keyword.")
flag.StringVar(&opts.Input.InputMode, "mode", opts.Input.InputMode, "Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork") flag.StringVar(&opts.Input.InputMode, "mode", opts.Input.InputMode, "Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork")
flag.StringVar(&opts.Input.InputShell, "input-shell", opts.Input.InputShell, "Shell to be used for running command")
flag.StringVar(&opts.Input.Request, "request", opts.Input.Request, "File containing the raw http request") flag.StringVar(&opts.Input.Request, "request", opts.Input.Request, "File containing the raw http request")
flag.StringVar(&opts.Input.RequestProto, "request-proto", opts.Input.RequestProto, "Protocol to use along with raw request") flag.StringVar(&opts.Input.RequestProto, "request-proto", opts.Input.RequestProto, "Protocol to use along with raw request")
flag.StringVar(&opts.Matcher.Lines, "ml", opts.Matcher.Lines, "Match amount of lines in response") flag.StringVar(&opts.Matcher.Lines, "ml", opts.Matcher.Lines, "Match amount of lines in response")

2
pkg/ffuf/config.go
View File

@ -25,6 +25,7 @@ type Config struct {
InputMode string `json:"inputmode"` InputMode string `json:"inputmode"`
InputNum int `json:"cmd_inputnum"` InputNum int `json:"cmd_inputnum"`
InputProviders []InputProviderConfig `json:"inputproviders"` InputProviders []InputProviderConfig `json:"inputproviders"`
InputShell string `json:"inputshell"`
Matchers map[string]FilterProvider `json:"matchers"` Matchers map[string]FilterProvider `json:"matchers"`
MaxTime int `json:"maxtime"` MaxTime int `json:"maxtime"`
MaxTimeJob int `json:"maxtime_job"` MaxTimeJob int `json:"maxtime_job"`
@ -71,6 +72,7 @@ func NewConfig(ctx context.Context, cancel context.CancelFunc) Config {
conf.IgnoreWordlistComments = false conf.IgnoreWordlistComments = false
conf.InputMode = "clusterbomb" conf.InputMode = "clusterbomb"
conf.InputNum = 0 conf.InputNum = 0
conf.InputShell = ""
conf.InputProviders = make([]InputProviderConfig, 0) conf.InputProviders = make([]InputProviderConfig, 0)
conf.Matchers = make(map[string]FilterProvider) conf.Matchers = make(map[string]FilterProvider)
conf.MaxTime = 0 conf.MaxTime = 0

2
pkg/ffuf/optionsparser.go
View File

@ -64,6 +64,7 @@ type InputOptions struct {
IgnoreWordlistComments bool IgnoreWordlistComments bool
InputMode string InputMode string
InputNum int InputNum int
InputShell string
Inputcommands []string Inputcommands []string
Request string Request string
RequestProto string RequestProto string
@ -374,6 +375,7 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
conf.Colors = parseOpts.General.Colors conf.Colors = parseOpts.General.Colors
conf.InputNum = parseOpts.Input.InputNum conf.InputNum = parseOpts.Input.InputNum
conf.InputMode = parseOpts.Input.InputMode conf.InputMode = parseOpts.Input.InputMode
conf.InputShell = parseOpts.Input.InputShell
conf.OutputFile = parseOpts.Output.OutputFile conf.OutputFile = parseOpts.Output.OutputFile
conf.OutputDirectory = parseOpts.Output.OutputDirectory conf.OutputDirectory = parseOpts.Output.OutputDirectory
conf.OutputCreateEmptyFile = parseOpts.Output.OutputCreateEmptyFile conf.OutputCreateEmptyFile = parseOpts.Output.OutputCreateEmptyFile

9
pkg/input/command.go
View File

@ -14,6 +14,7 @@ type CommandInput struct {
count int count int
keyword string keyword string
command string command string
shell string
} }
func NewCommandInput(keyword string, value string, conf *ffuf.Config) (*CommandInput, error) { func NewCommandInput(keyword string, value string, conf *ffuf.Config) (*CommandInput, error) {
@ -22,6 +23,12 @@ func NewCommandInput(keyword string, value string, conf *ffuf.Config) (*CommandI
cmd.config = conf cmd.config = conf
cmd.count = 0 cmd.count = 0
cmd.command = value cmd.command = value
cmd.shell = SHELL_CMD
if cmd.config.InputShell != "" {
cmd.shell = cmd.config.InputShell
}
return &cmd, nil return &cmd, nil
} }
@ -54,7 +61,7 @@ func (c *CommandInput) Next() bool {
func (c *CommandInput) Value() []byte { func (c *CommandInput) Value() []byte {
var stdout bytes.Buffer var stdout bytes.Buffer
os.Setenv("FFUF_NUM", strconv.Itoa(c.count)) os.Setenv("FFUF_NUM", strconv.Itoa(c.count))
cmd := exec.Command(SHELL_CMD, SHELL_ARG, c.command) cmd := exec.Command(c.shell, SHELL_ARG, c.command)
cmd.Stdout = &stdout cmd.Stdout = &stdout
err := cmd.Run() err := cmd.Run()
if err != nil { if err != nil {