From 7032f0eb47179c5f25905430c1681cc84f3a9454 Mon Sep 17 00:00:00 2001 From: Tapio Vuorinen Date: Mon, 30 Dec 2019 10:49:34 +0000 Subject: [PATCH] -maxtime cli flag to limit running time of ffuf. resolves #85 (#127) --- README.md | 3 +++ main.go | 1 + pkg/ffuf/config.go | 2 ++ pkg/ffuf/job.go | 12 +++++++++++- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bfce9d..c45d906 100644 --- a/README.md +++ b/README.md @@ -171,6 +171,8 @@ Usage of ffuf: Number of concurrent threads. (default 40) -timeout int HTTP request timeout in seconds. (default 10) + -maxtime int + Maximum running time in seconds. (default 0 = inf.) -u string Target URL -v Verbose output, printing full URL and redirect location (if any) with the results. @@ -195,6 +197,7 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l - master - New - New CLI flag `-od` (output directory) to enable writing requests and responses for matched results to a file for postprocessing or debugging purposes. + - New CLI flag `-maxtime` to limit the running time of ffuf - Changed - Limit the use of `-e` (extensions) to a single keyword: FUZZ - Regexp matching and filtering (-mr/-fr) allow using keywords in patterns diff --git a/main.go b/main.go index 349c592..20e3a76 100644 --- a/main.go +++ b/main.go @@ -103,6 +103,7 @@ func main() { flag.Var(&opts.AutoCalibrationStrings, "acc", "Custom auto-calibration string. Can be used multiple times. Implies -ac") flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.") flag.IntVar(&conf.Timeout, "timeout", 10, "HTTP request timeout in seconds.") + flag.IntVar(&conf.MaxTime, "maxtime", 0, "Maximum running time in seconds.") flag.BoolVar(&conf.Verbose, "v", false, "Verbose output, printing full URL and redirect location (if any) with the results.") flag.BoolVar(&opts.showVersion, "V", false, "Show version information.") flag.StringVar(&opts.debugLog, "debug-log", "", "Write all of the internal logging to the specified file.") diff --git a/pkg/ffuf/config.go b/pkg/ffuf/config.go index 2e58ccf..6173724 100644 --- a/pkg/ffuf/config.go +++ b/pkg/ffuf/config.go @@ -48,6 +48,7 @@ type Config struct { ProxyURL func(*http.Request) (*url.URL, error) CommandLine string Verbose bool + MaxTime int } type InputProviderConfig struct { @@ -82,5 +83,6 @@ func NewConfig(ctx context.Context) Config { conf.ProgressFrequency = 100 conf.DirSearchCompat = false conf.Verbose = false + conf.MaxTime = 0 return conf } diff --git a/pkg/ffuf/job.go b/pkg/ffuf/job.go index 7517df2..eb6efb4 100644 --- a/pkg/ffuf/job.go +++ b/pkg/ffuf/job.go @@ -77,6 +77,7 @@ func (j *Job) Start() { j.Output.Banner() } j.Running = true + j.startTime = time.Now() // Monitor for SIGTERM and do cleanup properly (writing the output files etc) j.interruptMonitor() var wg sync.WaitGroup @@ -131,7 +132,6 @@ func (j *Job) interruptMonitor() { func (j *Job) runProgress(wg *sync.WaitGroup) { defer wg.Done() - j.startTime = time.Now() totalProgress := j.Input.Total() for j.Counter <= totalProgress { if !j.Running { @@ -290,6 +290,16 @@ func (j *Job) CheckStop() { j.Stop() } } + + // check for maximum running time + if j.Config.MaxTime > 0 { + dur := time.Now().Sub(j.startTime) + runningSecs := int(dur / time.Second) + if runningSecs >= j.Config.MaxTime { + j.Error = "Maximum running time reached, exiting." + j.Stop() + } + } } //Stop the execution of the Job