foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support for more curl opts (-i, --data-ascii/-binary, -b/--cookie) (#38)

Browse Source 
* added -data-ascii and -data-binary for curl compatibility

* README update

* README update regarding -i and -cookie

* README update on -data-ascii and -data-binary
This commit is contained in:
Tapio Vuorinen 2019-06-26 19:44:52 +00:00 committed by Joona Hoikkala
parent 0210d423de
commit cb37501616
2 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -101,11 +101,22 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
HTTP method to use (default "GET") HTTP method to use (default "GET")
-ac -ac
Automatically calibrate filtering options Automatically calibrate filtering options
-i
Dummy flag for copy as curl functionality (ignored)
-b "NAME1=VALUE1; NAME2=VALUE2"
Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality.
Results unpredictable when combined with -H "Cookie: ..."
-cookie
Cookie data (alias of -b)
-c Colorize output. -c Colorize output.
-compressed -compressed
Dummy flag for copy as curl functionality (ignored) (default true) Dummy flag for copy as curl functionality (ignored) (default true)
-d string -d string
POST data POST data
-data-ascii
POST data (alias of -d)
-data-binary
POST data (alias of -d)
-data string -data string
POST data (alias of -d) POST data (alias of -d)
-e string -e string
@ -172,13 +183,15 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
- master - master
- New - New
- Changed - Changed
- New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
- New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.
- v0.10 - v0.10
- New - New
- New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs. - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
- New CLI flag: -timeout to specify custom timeouts for all HTTP requests. - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.
- New CLI flag: --data for compatibility with copy as curl functionality of browsers. - New CLI flag: --data for compatibility with copy as curl functionality of browsers.
- New CLI flag: --compress, dummy flag that does nothing. for compatibility with copy as curl. - New CLI flag: --compressed, dummy flag that does nothing. for compatibility with copy as curl.
- New CLI flags: --input-cmd, and --input-num to handle input generation using external commands. Mutators for example. Environment variable FFUF_NUM will be updated on every call of the command. - New CLI flags: --input-cmd, and --input-num to handle input generation using external commands. Mutators for example. Environment variable FFUF_NUM will be updated on every call of the command.
- When --input-cmd is used, display position instead of the payload in results. The output file (of all formats) will include the payload in addition to the position however. - When --input-cmd is used, display position instead of the payload in results. The output file (of all formats) will include the payload in addition to the position however.

10
main.go
View File

@ -31,6 +31,7 @@ type cliOptions struct {
proxyURL string proxyURL string
outputFormat string outputFormat string
headers multiStringFlag headers multiStringFlag
cookies multiStringFlag
showVersion bool showVersion bool
} }
@ -64,10 +65,15 @@ func main() {
flag.StringVar(&opts.filterWords, "fw", "", "Filter by amount of words in response") flag.StringVar(&opts.filterWords, "fw", "", "Filter by amount of words in response")
flag.StringVar(&conf.Data, "d", "", "POST data") flag.StringVar(&conf.Data, "d", "", "POST data")
flag.StringVar(&conf.Data, "data", "", "POST data (alias of -d)") flag.StringVar(&conf.Data, "data", "", "POST data (alias of -d)")
flag.StringVar(&conf.Data, "data-ascii", "", "POST data (alias of -d)")
flag.StringVar(&conf.Data, "data-binary", "", "POST data (alias of -d)")
flag.BoolVar(&conf.Colors, "c", false, "Colorize output.") flag.BoolVar(&conf.Colors, "c", false, "Colorize output.")
flag.BoolVar(&ignored, "compressed", true, "Dummy flag for copy as curl functionality (ignored)") flag.BoolVar(&ignored, "compressed", true, "Dummy flag for copy as curl functionality (ignored)")
flag.StringVar(&conf.InputCommand, "input-cmd", "", "Command producing the input. --input-num is required when using this input method. Overrides -w.") flag.StringVar(&conf.InputCommand, "input-cmd", "", "Command producing the input. --input-num is required when using this input method. Overrides -w.")
flag.IntVar(&conf.InputNum, "input-num", 100, "Number of inputs to test. Used in conjunction with --input-cmd.") flag.IntVar(&conf.InputNum, "input-num", 100, "Number of inputs to test. Used in conjunction with --input-cmd.")
flag.BoolVar(&ignored, "i", true, "Dummy flag for copy as curl functionality (ignored)")
flag.Var(&opts.cookies, "b", "Cookie data `\"NAME1=VALUE1; NAME2=VALUE2\"` for copy as curl functionality.\nResults unpredictable when combined with -H \"Cookie: ...\"")
flag.Var(&opts.cookies, "cookie", "Cookie data (alias of -b)")
flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307,401,403", "Match HTTP status codes from respose, use \"all\" to match every response code.") flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307,401,403", "Match HTTP status codes from respose, use \"all\" to match every response code.")
flag.StringVar(&opts.matcherSize, "ms", "", "Match HTTP response size") flag.StringVar(&opts.matcherSize, "ms", "", "Match HTTP response size")
flag.StringVar(&opts.matcherRegexp, "mr", "", "Match regexp") flag.StringVar(&opts.matcherRegexp, "mr", "", "Match regexp")
@ -206,6 +212,10 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
conf.Extensions = extensions conf.Extensions = extensions
} }
// Convert cookies to a header
if len(parseOpts.cookies) > 0 {
parseOpts.headers.Set("Cookie: " + strings.Join(parseOpts.cookies, "; "))
}
//Prepare headers //Prepare headers
for _, v := range parseOpts.headers { for _, v := range parseOpts.headers {
hs := strings.SplitN(v, ":", 2) hs := strings.SplitN(v, ":", 2)