foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a cli flag to disable interactive mode (#436)

Browse Source
This commit is contained in:
Joona Hoikkala 2021-04-26 23:04:12 +03:00 committed by GitHub
parent aaa8f31865
commit 8ffe1bd64e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 59 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -1,6 +1,7 @@
## Changelog ## Changelog
- master - master
- New - New
- Added a CLI flag to disable the interactive mode
- Changed - Changed
- Fixed the way the "size" is calculated, it should match content-length now - Fixed the way the "size" is calculated, it should match content-length now
- Fixed an issue with header canonicalization when a keyword was just a part of the header name - Fixed an issue with header canonicalization when a keyword was just a part of the header name

6
README.md
View File

@ -158,7 +158,7 @@ parameter.
To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`). To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`).
``` ```
Fuzz Faster U Fool - v1.2.0-git Fuzz Faster U Fool - v1.3.0-dev
HTTP OPTIONS: HTTP OPTIONS:
-H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted. -H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
@ -183,6 +183,7 @@ GENERAL OPTIONS:
-config Load configuration from a file -config Load configuration from a file
-maxtime Maximum running time in seconds for entire process. (default: 0) -maxtime Maximum running time in seconds for entire process. (default: 0)
-maxtime-job Maximum running time in seconds per job. (default: 0) -maxtime-job Maximum running time in seconds per job. (default: 0)
-noninteractive Disable the interactive console functionality (default: false)
-p Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0" -p Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
-rate Rate of requests per second (default: 0) -rate Rate of requests per second (default: 0)
-s Do not print additional information (silent mode) (default: false) -s Do not print additional information (silent mode) (default: false)
@ -212,6 +213,7 @@ INPUT OPTIONS:
-ic Ignore wordlist comments (default: false) -ic Ignore wordlist comments (default: false)
-input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w. -input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w.
-input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100) -input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
-input-shell Shell to be used for running command
-mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb) -mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
-request File containing the raw http request -request File containing the raw http request
-request-proto Protocol to use along with raw request (default: https) -request-proto Protocol to use along with raw request (default: https)
@ -222,7 +224,7 @@ OUTPUT OPTIONS:
-o Write output to file -o Write output to file
-od Directory path to store matched results to. -od Directory path to store matched results to.
-of Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json) -of Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json)
-or Don't create the output file if we don't have results -or Don't create the output file if we don't have results (default: false)
EXAMPLE USAGE: EXAMPLE USAGE:
Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42. Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42.

1
ffufrc.example
View File

@ -31,6 +31,7 @@
delay = "" delay = ""
maxtime = 0 maxtime = 0
maxtimejob = 0 maxtimejob = 0
noninteractive = false
quiet = false quiet = false
rate = 0 rate = 0
stopon403 = false stopon403 = false

2
help.go
View File

@ -61,7 +61,7 @@ func Usage() {
Description: "", Description: "",
Flags: make([]UsageFlag, 0), Flags: make([]UsageFlag, 0),
Hidden: false, Hidden: false,
ExpectedFlags: []string{"ac", "acc", "c", "config", "maxtime", "maxtime-job", "p", "rate", "s", "sa", "se", "sf", "t", "v", "V"}, ExpectedFlags: []string{"ac", "acc", "c", "config", "maxtime", "maxtime-job", "noninteractive", "p", "rate", "s", "sa", "se", "sf", "t", "v", "V"},
} }
u_compat := UsageSection{ u_compat := UsageSection{
Name: "COMPATIBILITY OPTIONS", Name: "COMPATIBILITY OPTIONS",

3
main.go
View File

@ -61,6 +61,7 @@ func ParseFlags(opts *ffuf.ConfigOptions) *ffuf.ConfigOptions {
flag.BoolVar(&opts.Output.OutputCreateEmptyFile, "or", opts.Output.OutputCreateEmptyFile, "Don't create the output file if we don't have results") flag.BoolVar(&opts.Output.OutputCreateEmptyFile, "or", opts.Output.OutputCreateEmptyFile, "Don't create the output file if we don't have results")
flag.BoolVar(&opts.General.AutoCalibration, "ac", opts.General.AutoCalibration, "Automatically calibrate filtering options") flag.BoolVar(&opts.General.AutoCalibration, "ac", opts.General.AutoCalibration, "Automatically calibrate filtering options")
flag.BoolVar(&opts.General.Colors, "c", opts.General.Colors, "Colorize output.") flag.BoolVar(&opts.General.Colors, "c", opts.General.Colors, "Colorize output.")
flag.BoolVar(&opts.General.Noninteractive, "noninteractive", opts.General.Noninteractive, "Disable the interactive console functionality")
flag.BoolVar(&opts.General.Quiet, "s", opts.General.Quiet, "Do not print additional information (silent mode)") flag.BoolVar(&opts.General.Quiet, "s", opts.General.Quiet, "Do not print additional information (silent mode)")
flag.BoolVar(&opts.General.ShowVersion, "V", opts.General.ShowVersion, "Show version information.") flag.BoolVar(&opts.General.ShowVersion, "V", opts.General.ShowVersion, "Show version information.")
flag.BoolVar(&opts.General.StopOn403, "sf", opts.General.StopOn403, "Stop when > 95% of responses return 403 Forbidden") flag.BoolVar(&opts.General.StopOn403, "sf", opts.General.StopOn403, "Stop when > 95% of responses return 403 Forbidden")
@ -198,12 +199,14 @@ func main() {
fmt.Fprintf(os.Stderr, "Error in autocalibration, exiting: %s\n", err) fmt.Fprintf(os.Stderr, "Error in autocalibration, exiting: %s\n", err)
os.Exit(1) os.Exit(1)
} }
if !conf.Noninteractive {
go func() { go func() {
err := interactive.Handle(job) err := interactive.Handle(job)
if err != nil { if err != nil {
log.Printf("Error while trying to initialize interactive session: %s", err) log.Printf("Error while trying to initialize interactive session: %s", err)
} }
}() }()
}
// Job handles waiting for goroutines to complete itself // Job handles waiting for goroutines to complete itself
job.Start() job.Start()

2
pkg/ffuf/config.go
View File

@ -30,6 +30,7 @@ type Config struct {
MaxTime int `json:"maxtime"` MaxTime int `json:"maxtime"`
MaxTimeJob int `json:"maxtime_job"` MaxTimeJob int `json:"maxtime_job"`
Method string `json:"method"` Method string `json:"method"`
Noninteractive bool `json:"noninteractive"`
OutputDirectory string `json:"outputdirectory"` OutputDirectory string `json:"outputdirectory"`
OutputFile string `json:"outputfile"` OutputFile string `json:"outputfile"`
OutputFormat string `json:"outputformat"` OutputFormat string `json:"outputformat"`
@ -79,6 +80,7 @@ func NewConfig(ctx context.Context, cancel context.CancelFunc) Config {
conf.MaxTime = 0 conf.MaxTime = 0
conf.MaxTimeJob = 0 conf.MaxTimeJob = 0
conf.Method = "GET" conf.Method = "GET"
conf.Noninteractive = false
conf.ProgressFrequency = 125 conf.ProgressFrequency = 125
conf.ProxyURL = "" conf.ProxyURL = ""
conf.Quiet = false conf.Quiet = false

3
pkg/ffuf/optionsparser.go
View File

@ -49,6 +49,7 @@ type GeneralOptions struct {
Delay string Delay string
MaxTime int MaxTime int
MaxTimeJob int MaxTimeJob int
Noninteractive bool
Quiet bool Quiet bool
Rate int Rate int
ShowVersion bool `toml:"-"` ShowVersion bool `toml:"-"`
@ -109,6 +110,7 @@ func NewConfigOptions() *ConfigOptions {
c.General.Delay = "" c.General.Delay = ""
c.General.MaxTime = 0 c.General.MaxTime = 0
c.General.MaxTimeJob = 0 c.General.MaxTimeJob = 0
c.General.Noninteractive = false
c.General.Quiet = false c.General.Quiet = false
c.General.Rate = 0 c.General.Rate = 0
c.General.ShowVersion = false c.General.ShowVersion = false
@ -395,6 +397,7 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
conf.Timeout = parseOpts.HTTP.Timeout conf.Timeout = parseOpts.HTTP.Timeout
conf.MaxTime = parseOpts.General.MaxTime conf.MaxTime = parseOpts.General.MaxTime
conf.MaxTimeJob = parseOpts.General.MaxTimeJob conf.MaxTimeJob = parseOpts.General.MaxTimeJob
conf.Noninteractive = parseOpts.General.Noninteractive
conf.Verbose = parseOpts.General.Verbose conf.Verbose = parseOpts.General.Verbose
// Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP // Handle copy as curl situation where POST method is implied by --data flag. If method is set to anything but GET, NOOP