* Scraper functionality
* Handle matched only - case for scraper
* Add scraper output to different formats
* Fix the ancient merge reminders
* Load scraper rules from directory
* Scraper fixes
* Fix ioutil deprecation and use xdg paths instead (wip)
* Clean up deprecated ioutil references, add config directory structure creation and run entry creation
* Add wordlist position setting and FFUFHASH variable
* Save full wordlist paths and print out a raw request when searched
* Cast from string to 32bit integer, 2billion should be enough for a position
* Use correct format strings for float
* Add -json option
Prints newline-delimited JSON output to STDOUT
* sort
* Clear terminal line via STDERR foreach JSON result
For each JSON result being printed, prepend it with a TERMINAL_CLEAR_LINE via
STDERR. This clears the progress line (which is also being emitted via STDERR)
and leaves us with a clean stream of JSON lines in the terminal.
* Modify SimpleRunner to take a Request parameter, add base and copy functions for Requests
* Add Request structs to run queues
* Implemented sniper mode
* Added request and optionsparser tests for sniper mode
* Removed unneccesary print statements
* Updated readme.md and terminal output
* Enabled command inputs for sniper mode
* correctly initialize validmode in optionsparser
* Remove unnecessary print data in TestScrubTemplates
* Use InputProvider for sniper template characters
* Add a sniper-mode specific queue job execution log
* Added response time reporting and filtering
* Update to use the http config context
* Added changelog and contributor info
* Round time output in stdout to nearest millisecond
* Change stdout duration rounding to use Milliseconds()
* Go back to Round() for timing output
* Changed stdout to display millisecond durations
Co-authored-by: Joona Hoikkala <joohoi@users.noreply.github.com>
* Update .ffufrc to match 405 status code responses by default
* Updated README.md with the new default match status codes
* Updated default match codes to include 405 Method Not Allowed
405 Method not Allowed is returned by many api endpoints when accessed via an improper method. ffuf sends GET reqeusts by default and if an endpoint only supports POST it will return 405 and ffuf will not think it's a valid endpoint unless specifically told to match 405 status codes
* Added choket to contributors
* Update CHANGELOG.md
This change addresses two panics that happened while parsing the provided
wordlist flag in Windows systems.
- pkg/ffuf/util.go:40: panic happened when the provided path was
invalid. Example: ".\wordlist.txt:" as the os.Stat call returned an
error different than os.ErrNotExist.
- pkg/ffuf/optionsparser.go:179: panic happened when the provided value
did not existed and did not contain a colon character. Example:
".\asdf.txt" when the local file ".\asdf.txt" did not exist. This panic
happened due to strings.LastIndex returning -1 when the provided
substring does not appear. Therefore, v[:-1] panicking.
Fixes#333
Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com>
This change is an attempt to handle gosimple linter finfings in order to
make the code easier to follow. It includes the following changes:
- use strings.Contains instead of strings.Index != -1
- use time.Since which is the standard library helper. See https://github.com/golang/go/blob/go1.15.2/src/time/time.go#L866-L867
- remove unneeded return statements at the end of methods
- preallocate maps when their capacity is known
- avoid underscoring values when they can be omitted
- avoid fmt.Sprintf() calls when the only argument is already a string
Signed-off-by: Miguel Ángel Jimeno <miguelangel4b@gmail.com>
