Prepare for v2.0 release (#635)

2023-02-04 15:06:35 +02:00 · 2023-02-04 15:06:35 +02:00 · 77cc45cd98
commit 77cc45cd98
parent c7d0fb5cf5
4 changed files with 47 additions and 59 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,13 +1,22 @@
 ## Changelog
 - master
  - New
  - Changed
 - v2.0.0
  - New
    - Added a new, dynamic keyword `FFUFHASH` that generates hash from job configuration and wordlist position to map blind payloads back to the initial request.
    - New command line parameter for searching a hash: `-search FFUFHASH`
    - Data scraper functionality
    - Requests per second rate can be configured in the interactive mode
  - Changed
    - Multiline output prints out alphabetically sorted by keyword
    - Default configuration directories now follow `XDG_CONFIG_HOME` variable (less spam in your home directory)
    - Fixed issue with autocalibration of line & words filter
    - Rate doesn't have initial burst anymore and is more robust in general
    - Sniper mode template parsing fixes
    - Time-based matcher now works properly
    - Proxy URLs are verified to avoid hard to debug issues
    - Made JSON (`-json`) output format take precedence over quiet output mode, to allow JSON output without the banner etc
--- a/README.md
+++ b/README.md
@ -13,25 +13,14 @@ A fast web fuzzer written in Go.
    - [Configuration files](https://github.com/ffuf/ffuf#configuration-files)
 - [Help](https://github.com/ffuf/ffuf#usage)
    - [Interactive mode](https://github.com/ffuf/ffuf#interactive-mode)
 - [Sponsorware?](https://github.com/ffuf/ffuf#sponsorware)
 ## Sponsors
 [![Offensive Security](_img/offsec-logo.png)](https://www.offensive-security.com/)
 ## Official Discord Channel
 ffuf has a channel at Porchetta Industries Discord server alongside of channels for many other tools.
 Come to hang out & to discuss about ffuf, it's usage and development!
 [![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner2)](https://discord.gg/VWcdZCUsQP)
 ## Installation
 - [Download](https://github.com/ffuf/ffuf/releases/latest) a prebuilt binary from [releases page](https://github.com/ffuf/ffuf/releases/latest), unpack and run!
  _or_
- If you are on mac with [homebrew](https://brew.sh) installed `brew install ffuf`
+- If you are on macOS with [homebrew](https://brew.sh), ffuf can be installed with: `brew install ffuf`
  _or_
 - If you have recent go compiler installed: `go install github.com/ffuf/ffuf@latest` (the same command works for updating)
@ -45,6 +34,9 @@ Ffuf depends on Go 1.16 or greater.
 The usage examples below show just the simplest tasks you can accomplish using `ffuf`. 
 More elaborate documentation that goes through many features with a lot of examples is
 available in the ffuf wiki at [https://github.com/ffuf/ffuf/wiki](https://github.com/ffuf/ffuf/wiki)
 For more extensive documentation, with real life usage examples and tips, be sure to check out the awesome guide:
 "[Everything you need to know about FFUF](https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html)" by 
 Michael Skelton ([@codingo](https://github.com/codingo)).
@ -133,12 +125,15 @@ ffuf --input-cmd 'cat $FFUF_NUM.txt' -H "Content-Type: application/json" -X POST
 ### Configuration files
-When running ffuf, it first checks if a default configuration file exists. The file path for it is `~/.ffufrc` / `$HOME/.ffufrc`
+When running ffuf, it first checks if a default configuration file exists. Default path for a `ffufrc` file is
-for most *nixes (for example `/home/joohoi/.ffufrc`) and `%USERPROFILE%\.ffufrc` for Windows. You can configure one or 
+`$XDG_CONFIG_HOME/ffuf/ffufrc`.  You can configure one or multiple options in this file, and they will be applied on 
-multiple options in this file, and they will be applied on every subsequent ffuf job. An example of .ffufrc file can be
+every subsequent ffuf job. An example of ffufrc file can be found 
-found [here](https://github.com/ffuf/ffuf/blob/master/ffufrc.example). 
+[here](https://github.com/ffuf/ffuf/blob/master/ffufrc.example). 
-The configuration options provided on the command line override the ones loaded from `~/.ffufrc`.
+A more detailed description about configuration file locations can be found in the wiki: 
 [https://github.com/ffuf/ffuf/wiki/Configuration](https://github.com/ffuf/ffuf/wiki/Configuration)
 The configuration options provided on the command line override the ones loaded from the default `ffufrc` file.
 Note: this does not apply for CLI flags that can be provided more than once. One of such examples is `-H` (header) flag.
 In this case, the `-H` values provided on the command line will be _appended_ to the ones from the config file instead.
@ -155,7 +150,7 @@ parameter.
 To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`).
 ```
-Fuzz Faster U Fool - v1.5.0-dev
+Fuzz Faster U Fool - v2.0.0
 HTTP OPTIONS:
  -H                  Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
@ -191,7 +186,10 @@ GENERAL OPTIONS:
  -rate               Rate of requests per second (default: 0)
  -s                  Do not print additional information (silent mode) (default: false)
  -sa                 Stop on all error cases. Implies -sf and -se. (default: false)
  -scraperfile        Custom scraper file path
  -scrapers           Active scraper groups (default: all)
  -se                 Stop on spurious errors (default: false)
  -search             Search for a FFUFHASH payload from ffuf history
  -sf                 Stop when > 95% of responses return 403 Forbidden (default: false)
  -t                  Number of concurrent threads. (default: 40)
  -v                  Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
@ -202,7 +200,7 @@ MATCHER OPTIONS:
  -mmode              Matcher set operator. Either of: and, or (default: or)
  -mr                 Match regexp
  -ms                 Match HTTP response size
-  -mt                 Match how many milliseconds to the first response byte, either greater or less than. EG: ">100" or "<100"
+  -mt                 Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100
  -mw                 Match amount of words in response
 FILTER OPTIONS:
@ -211,7 +209,7 @@ FILTER OPTIONS:
  -fmode              Filter set operator. Either of: and, or (default: or)
  -fr                 Filter regexp
  -fs                 Filter HTTP response size. Comma separated list of sizes and ranges
-  -ft                 Filter by number of milliseconds to the first response byte, either greater or less than. EG: ">100" or "<100"
+  -ft                 Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
  -fw                 Filter by amount of words in response. Comma separated list of word counts and ranges
 INPUT OPTIONS:
@ -249,7 +247,6 @@ EXAMPLE USAGE:
    ffuf -w params.txt:PARAM -w values.txt:VAL -u https://example.org/?PARAM=VAL -mr "VAL" -c
  More information and examples: https://github.com/ffuf/ffuf
 ```
 ### Interactive mode
@ -261,18 +258,25 @@ type "help" for a list of commands, or ENTER to resume.
 > help
 available commands:
- fc [value]             - (re)configure status code filter 
+ afc  [value]             - append to status code filter 
- fl [value]             - (re)configure line count filter 
+ fc   [value]             - (re)configure status code filter 
- fw [value]             - (re)configure word count filter 
+ afl  [value]             - append to line count filter 
- fs [value]             - (re)configure size filter 
+ fl   [value]             - (re)configure line count filter 
- queueshow              - show recursive job queue
+ afw  [value]             - append to word count filter 
- queuedel [number]      - delete a recursion job in the queue
+ fw   [value]             - (re)configure word count filter 
- queueskip              - advance to the next queued recursion job
+ afs  [value]             - append to size filter 
- restart                - restart and resume the current ffuf job
+ fs   [value]             - (re)configure size filter 
- resume                 - resume current ffuf job (or: ENTER) 
+ aft  [value]             - append to time filter 
- show                   - show results for the current job
+ ft   [value]             - (re)configure time filter 
- savejson [filename]    - save current matches to a file
+ rate [value]             - adjust rate of requests per second (active: 0)
- help                   - you are looking at it
+ queueshow                - show job queue
 queuedel [number]        - delete a job in the queue
 queueskip                - advance to the next queued job
 restart                  - restart and resume the current ffuf job
 resume                   - resume current ffuf job (or: ENTER) 
 show                     - show results for the current job
 savejson [filename]      - save current matches to a file
 help                     - you are looking at it
 > 
 ```
@ -292,30 +296,6 @@ job from the beginning.
  <img width="250" src="_img/ffuf_waving_250.png">
 </p>
 ## Sponsorware
 `ffuf` employs a sponsorware model. This means that all new features developed by its author are initially exclusively 
 available for their sponsors. 30 days after the exclusive release, all the new features will be released at the freely
 available open source repository at https://github.com/ffuf/ffuf . 
 This model enables me to provide concrete benefits for the generous individuals and companies that enable me to work on 
 `ffuf`. The different sponsorship tiers can be seen [here](https://github.com/sponsors/joohoi).
 All the community contributions are and will be available directly in the freely available open source repository. The
 exclusive version benefits only include new features created by [@joohoi](https://github.com/joohoi)
 ### Access the sponsorware through code contributions
 People that create significant contributions to the `ffuf` project itself should and will have access to the sponsorware
 as well. If you are planning to create such a contribution, please contact [@joohoi](https://github.com/joohoi)
 first to ensure that there aren't other people working on the same feature.
 ## Helper scripts and advanced payloads
 See [ffuf-scripts](https://github.com/ffuf/ffuf-scripts) repository for helper scripts and payload generators
 for different workflows and usage scenarios.
 ## License
 ffuf is released under MIT license. See [LICENSE](https://github.com/ffuf/ffuf/blob/master/LICENSE).
--- a/ffufrc.example
+++ b/ffufrc.example
@ -61,7 +61,6 @@
        "/path/to/hostlist:HOST"
    ]
 [output]
    debuglog = "debug.log"
    outputdirectory = "/tmp/rawoutputdir"
--- a/pkg/ffuf/constants.go
+++ b/pkg/ffuf/constants.go
@ -7,7 +7,7 @@ import (
 var (
 	//VERSION holds the current version number
-	VERSION = "1.5.0"
+	VERSION = "2.0.0"
 	//VERSION_APPENDIX holds additional version definition
 	VERSION_APPENDIX = "-dev"
 	CONFIGDIR        = filepath.Join(xdg.ConfigHome, "ffuf")