Add a cli flag to disable interactive mode (#436)

CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Changelog
 - master
   - New
+    - Added a CLI flag to disable the interactive mode
   - Changed
     - Fixed the way the "size" is calculated, it should match content-length now
     - Fixed an issue with header canonicalization when a keyword was just a part of the header name  

README.md

@@ -158,7 +158,7 @@ parameter.
 To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`).
 
 ```
-Fuzz Faster U Fool - v1.2.0-git
+Fuzz Faster U Fool - v1.3.0-dev
 
 HTTP OPTIONS:
   -H                  Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
@@ -176,53 +176,55 @@ HTTP OPTIONS:
   -x                  Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
 
 GENERAL OPTIONS:
-  -V               Show version information. (default: false)
-  -ac              Automatically calibrate filtering options (default: false)
-  -acc             Custom auto-calibration string. Can be used multiple times. Implies -ac
-  -c               Colorize output. (default: false)
-  -config          Load configuration from a file
-  -maxtime         Maximum running time in seconds for entire process. (default: 0)
-  -maxtime-job     Maximum running time in seconds per job. (default: 0)
-  -p               Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
-  -rate            Rate of requests per second (default: 0)
-  -s               Do not print additional information (silent mode) (default: false)
-  -sa              Stop on all error cases. Implies -sf and -se. (default: false)
-  -se              Stop on spurious errors (default: false)
-  -sf              Stop when > 95% of responses return 403 Forbidden (default: false)
-  -t               Number of concurrent threads. (default: 40)
-  -v               Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
+  -V                  Show version information. (default: false)
+  -ac                 Automatically calibrate filtering options (default: false)
+  -acc                Custom auto-calibration string. Can be used multiple times. Implies -ac
+  -c                  Colorize output. (default: false)
+  -config             Load configuration from a file
+  -maxtime            Maximum running time in seconds for entire process. (default: 0)
+  -maxtime-job        Maximum running time in seconds per job. (default: 0)
+  -noninteractive     Disable the interactive console functionality (default: false)
+  -p                  Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
+  -rate               Rate of requests per second (default: 0)
+  -s                  Do not print additional information (silent mode) (default: false)
+  -sa                 Stop on all error cases. Implies -sf and -se. (default: false)
+  -se                 Stop on spurious errors (default: false)
+  -sf                 Stop when > 95% of responses return 403 Forbidden (default: false)
+  -t                  Number of concurrent threads. (default: 40)
+  -v                  Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
 
 MATCHER OPTIONS:
-  -mc              Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405)
-  -ml              Match amount of lines in response
-  -mr              Match regexp
-  -ms              Match HTTP response size
-  -mw              Match amount of words in response
+  -mc                 Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405)
+  -ml                 Match amount of lines in response
+  -mr                 Match regexp
+  -ms                 Match HTTP response size
+  -mw                 Match amount of words in response
 
 FILTER OPTIONS:
-  -fc              Filter HTTP status codes from response. Comma separated list of codes and ranges
-  -fl              Filter by amount of lines in response. Comma separated list of line counts and ranges
-  -fr              Filter regexp
-  -fs              Filter HTTP response size. Comma separated list of sizes and ranges
-  -fw              Filter by amount of words in response. Comma separated list of word counts and ranges
+  -fc                 Filter HTTP status codes from response. Comma separated list of codes and ranges
+  -fl                 Filter by amount of lines in response. Comma separated list of line counts and ranges
+  -fr                 Filter regexp
+  -fs                 Filter HTTP response size. Comma separated list of sizes and ranges
+  -fw                 Filter by amount of words in response. Comma separated list of word counts and ranges
 
 INPUT OPTIONS:
-  -D               DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
-  -e               Comma separated list of extensions. Extends FUZZ keyword.
-  -ic              Ignore wordlist comments (default: false)
-  -input-cmd       Command producing the input. --input-num is required when using this input method. Overrides -w.
-  -input-num       Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
-  -mode            Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
-  -request         File containing the raw http request
-  -request-proto   Protocol to use along with raw request (default: https)
-  -w               Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
+  -D                  DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
+  -e                  Comma separated list of extensions. Extends FUZZ keyword.
+  -ic                 Ignore wordlist comments (default: false)
+  -input-cmd          Command producing the input. --input-num is required when using this input method. Overrides -w.
+  -input-num          Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
+  -input-shell        Shell to be used for running command
+  -mode               Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
+  -request            File containing the raw http request
+  -request-proto      Protocol to use along with raw request (default: https)
+  -w                  Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
 
 OUTPUT OPTIONS:
-  -debug-log       Write all of the internal logging to the specified file.
-  -o               Write output to file
-  -od              Directory path to store matched results to.
-  -of              Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json)
-  -or              Don't create the output file if we don't have results
+  -debug-log          Write all of the internal logging to the specified file.
+  -o                  Write output to file
+  -od                 Directory path to store matched results to.
+  -of                 Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json)
+  -or                 Don't create the output file if we don't have results (default: false)
 
 EXAMPLE USAGE:
   Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42.

ffufrc.example

@@ -31,6 +31,7 @@
     delay = ""
     maxtime = 0
     maxtimejob = 0
+    noninteractive = false
     quiet = false
     rate = 0
     stopon403 = false

help.go

@@ -61,7 +61,7 @@ func Usage() {
 		Description:   "",
 		Flags:         make([]UsageFlag, 0),
 		Hidden:        false,
-		ExpectedFlags: []string{"ac", "acc", "c", "config", "maxtime", "maxtime-job", "p", "rate", "s", "sa", "se", "sf", "t", "v", "V"},
+		ExpectedFlags: []string{"ac", "acc", "c", "config", "maxtime", "maxtime-job", "noninteractive", "p", "rate", "s", "sa", "se", "sf", "t", "v", "V"},
 	}
 	u_compat := UsageSection{
 		Name:          "COMPATIBILITY OPTIONS",

main.go

@@ -61,6 +61,7 @@ func ParseFlags(opts *ffuf.ConfigOptions) *ffuf.ConfigOptions {
 	flag.BoolVar(&opts.Output.OutputCreateEmptyFile, "or", opts.Output.OutputCreateEmptyFile, "Don't create the output file if we don't have results")
 	flag.BoolVar(&opts.General.AutoCalibration, "ac", opts.General.AutoCalibration, "Automatically calibrate filtering options")
 	flag.BoolVar(&opts.General.Colors, "c", opts.General.Colors, "Colorize output.")
+	flag.BoolVar(&opts.General.Noninteractive, "noninteractive", opts.General.Noninteractive, "Disable the interactive console functionality")
 	flag.BoolVar(&opts.General.Quiet, "s", opts.General.Quiet, "Do not print additional information (silent mode)")
 	flag.BoolVar(&opts.General.ShowVersion, "V", opts.General.ShowVersion, "Show version information.")
 	flag.BoolVar(&opts.General.StopOn403, "sf", opts.General.StopOn403, "Stop when > 95% of responses return 403 Forbidden")
@@ -198,12 +199,14 @@ func main() {
 		fmt.Fprintf(os.Stderr, "Error in autocalibration, exiting: %s\n", err)
 		os.Exit(1)
 	}
-	go func() {
-		err := interactive.Handle(job)
-		if err != nil {
-			log.Printf("Error while trying to initialize interactive session: %s", err)
-		}
-	}()
+	if !conf.Noninteractive {
+		go func() {
+			err := interactive.Handle(job)
+			if err != nil {
+				log.Printf("Error while trying to initialize interactive session: %s", err)
+			}
+		}()
+	}
 
 	// Job handles waiting for goroutines to complete itself
 	job.Start()

pkg/ffuf/config.go

@@ -30,6 +30,7 @@ type Config struct {
 	MaxTime                int                       `json:"maxtime"`
 	MaxTimeJob             int                       `json:"maxtime_job"`
 	Method                 string                    `json:"method"`
+	Noninteractive         bool                      `json:"noninteractive"`
 	OutputDirectory        string                    `json:"outputdirectory"`
 	OutputFile             string                    `json:"outputfile"`
 	OutputFormat           string                    `json:"outputformat"`
@@ -79,6 +80,7 @@ func NewConfig(ctx context.Context, cancel context.CancelFunc) Config {
 	conf.MaxTime = 0
 	conf.MaxTimeJob = 0
 	conf.Method = "GET"
+	conf.Noninteractive = false
 	conf.ProgressFrequency = 125
 	conf.ProxyURL = ""
 	conf.Quiet = false

pkg/ffuf/optionsparser.go

@@ -49,6 +49,7 @@ type GeneralOptions struct {
 	Delay                  string
 	MaxTime                int
 	MaxTimeJob             int
+	Noninteractive         bool
 	Quiet                  bool
 	Rate                   int
 	ShowVersion            bool `toml:"-"`
@@ -109,6 +110,7 @@ func NewConfigOptions() *ConfigOptions {
 	c.General.Delay = ""
 	c.General.MaxTime = 0
 	c.General.MaxTimeJob = 0
+	c.General.Noninteractive = false
 	c.General.Quiet = false
 	c.General.Rate = 0
 	c.General.ShowVersion = false
@@ -395,6 +397,7 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
 	conf.Timeout = parseOpts.HTTP.Timeout
 	conf.MaxTime = parseOpts.General.MaxTime
 	conf.MaxTimeJob = parseOpts.General.MaxTimeJob
+	conf.Noninteractive = parseOpts.General.Noninteractive
 	conf.Verbose = parseOpts.General.Verbose
 
 	// Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP