From ef1aac3a1e69a1643045f60b700d4a765758c704 Mon Sep 17 00:00:00 2001 From: bjhulst Date: Fri, 20 Mar 2020 12:42:54 +0200 Subject: [PATCH] Feature178 (#186) * feature 178 * sync * sync * sync * sync Co-authored-by: bjhulst --- CHANGELOG.md | 2 ++ main.go | 12 ++++++++++++ pkg/ffuf/config.go | 1 + pkg/runner/simple.go | 2 +- 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a08251e..540d2ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ - New - New CLI flag `-maxtime-job` to set max. execution time per job. - Changed behaviour of `-maxtime`, can now be used for entire process. + - A new flag `-ignore-body` so ffuf does not fetch the response content. Default value=false. + - Changed - Added tls renegotiation flag to fix #193 in http.Client diff --git a/main.go b/main.go index 826c49a..a894990 100644 --- a/main.go +++ b/main.go @@ -39,6 +39,7 @@ type cliOptions struct { requestProto string URL string outputFormat string + ignoreBody bool wordlists multiStringFlag inputcommands multiStringFlag headers multiStringFlag @@ -102,6 +103,7 @@ func main() { flag.StringVar(&conf.OutputFile, "o", "", "Write output to file") flag.StringVar(&opts.outputFormat, "of", "json", "Output file format. Available formats: json, ejson, html, md, csv, ecsv") flag.StringVar(&conf.OutputDirectory, "od", "", "Directory path to store matched results to.") + flag.BoolVar(&conf.IgnoreBody, "ignore-body", false, "Do not fetch the response content.") flag.BoolVar(&conf.Quiet, "s", false, "Do not print additional information (silent mode)") flag.BoolVar(&conf.StopOn403, "sf", false, "Stop when > 95% of responses return 403 Forbidden") flag.BoolVar(&conf.StopOnErrors, "se", false, "Stop on spurious errors") @@ -197,21 +199,25 @@ func prepareFilters(parseOpts *cliOptions, conf *ffuf.Config) error { // If any other matcher is set, ignore -mc default value matcherSet := false statusSet := false + warningIgnoreBody := false flag.Visit(func(f *flag.Flag) { if f.Name == "mc" { statusSet = true } if f.Name == "ms" { matcherSet = true + warningIgnoreBody = true } if f.Name == "ml" { matcherSet = true + warningIgnoreBody = true } if f.Name == "mr" { matcherSet = true } if f.Name == "mw" { matcherSet = true + warningIgnoreBody = true } }) if statusSet || !matcherSet { @@ -226,6 +232,7 @@ func prepareFilters(parseOpts *cliOptions, conf *ffuf.Config) error { } } if parseOpts.filterSize != "" { + warningIgnoreBody = true if err := filter.AddFilter(conf, "size", parseOpts.filterSize); err != nil { errs.Add(err) } @@ -236,11 +243,13 @@ func prepareFilters(parseOpts *cliOptions, conf *ffuf.Config) error { } } if parseOpts.filterWords != "" { + warningIgnoreBody = true if err := filter.AddFilter(conf, "word", parseOpts.filterWords); err != nil { errs.Add(err) } } if parseOpts.filterLines != "" { + warningIgnoreBody = true if err := filter.AddFilter(conf, "line", parseOpts.filterLines); err != nil { errs.Add(err) } @@ -265,6 +274,9 @@ func prepareFilters(parseOpts *cliOptions, conf *ffuf.Config) error { errs.Add(err) } } + if conf.IgnoreBody && warningIgnoreBody { + fmt.Printf("*** Warning: possible undesired combination of -ignore-body and the response options: fl,fs,fw,ml,ms and mw.\n") + } return errs.ErrorOrNil() } diff --git a/pkg/ffuf/config.go b/pkg/ffuf/config.go index 0ccc015..b170d5f 100644 --- a/pkg/ffuf/config.go +++ b/pkg/ffuf/config.go @@ -20,6 +20,7 @@ type Config struct { OutputDirectory string `json:"outputdirectory"` OutputFile string `json:"outputfile"` OutputFormat string `json:"outputformat"` + IgnoreBody bool `json:"ignorebody"` IgnoreWordlistComments bool `json:"ignore_wordlist_comments"` StopOn403 bool `json:"stop_403"` StopOnErrors bool `json:"stop_errors"` diff --git a/pkg/runner/simple.go b/pkg/runner/simple.go index 6eb0375..68eedcc 100644 --- a/pkg/runner/simple.go +++ b/pkg/runner/simple.go @@ -127,7 +127,7 @@ func (r *SimpleRunner) Execute(req *ffuf.Request) (ffuf.Response, error) { size, err := strconv.Atoi(httpresp.Header.Get("Content-Length")) if err == nil { resp.ContentLength = int64(size) - if size > MAX_DOWNLOAD_SIZE { + if (r.config.IgnoreBody) || (size > MAX_DOWNLOAD_SIZE) { resp.Cancelled = true return resp, nil }