From 0b0e08ae4f836c77b045e79798ee2b6923c229ed Mon Sep 17 00:00:00 2001 From: epi Date: Fri, 17 Mar 2023 05:45:19 -0500 Subject: [PATCH] updated extract-links and collect-backups default to true --- Cargo.lock | 2 +- Cargo.toml | 2 +- shell_completions/_feroxbuster | 12 ++++++------ shell_completions/_feroxbuster.ps1 | 12 ++++++------ shell_completions/feroxbuster.elv | 12 ++++++------ src/config/container.rs | 23 +++++++++++++---------- src/config/tests.rs | 12 ++++++------ src/config/utils.rs | 10 ++++++++++ src/parser.rs | 4 ++-- 9 files changed, 51 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4c04eea..d39ce84 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -775,7 +775,7 @@ dependencies = [ [[package]] name = "feroxbuster" -version = "2.9.1" +version = "2.9.2" dependencies = [ "anyhow", "assert_cmd", diff --git a/Cargo.toml b/Cargo.toml index 05c0c33..fcda4e2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "feroxbuster" -version = "2.9.1" +version = "2.9.2" authors = ["Ben 'epi' Risher (@epi052)"] license = "MIT" edition = "2021" diff --git a/shell_completions/_feroxbuster b/shell_completions/_feroxbuster index 5231d20..5dd21c1 100644 --- a/shell_completions/_feroxbuster +++ b/shell_completions/_feroxbuster @@ -24,8 +24,8 @@ _feroxbuster() { '--replay-proxy=[Send only unfiltered requests through a Replay Proxy, instead of all requests]:REPLAY_PROXY:_urls' \ '*-R+[Status Codes to send through a Replay Proxy when found (default: --status-codes value)]:REPLAY_CODE: ' \ '*--replay-codes=[Status Codes to send through a Replay Proxy when found (default: --status-codes value)]:REPLAY_CODE: ' \ -'-a+[Sets the User-Agent (default: feroxbuster/2.9.1)]:USER_AGENT: ' \ -'--user-agent=[Sets the User-Agent (default: feroxbuster/2.9.1)]:USER_AGENT: ' \ +'-a+[Sets the User-Agent (default: feroxbuster/2.9.2)]:USER_AGENT: ' \ +'--user-agent=[Sets the User-Agent (default: feroxbuster/2.9.2)]:USER_AGENT: ' \ '*-x+[File extension(s) to search for (ex: -x php -x pdf js)]:FILE_EXTENSION: ' \ '*--extensions=[File extension(s) to search for (ex: -x php -x pdf js)]:FILE_EXTENSION: ' \ '*-m+[Which HTTP request method(s) should be sent (default: GET)]:HTTP_METHODS: ' \ @@ -85,16 +85,16 @@ _feroxbuster() { '-n[Do not scan recursively]' \ '--no-recursion[Do not scan recursively]' \ '(-n --no-recursion)--force-recursion[Force recursion attempts on all '\''found'\'' endpoints (still respects recursion depth)]' \ -'-e[Extract links from response body (html, javascript, etc...); make new requests based on findings]' \ -'--extract-links[Extract links from response body (html, javascript, etc...); make new requests based on findings]' \ +'-e[Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)]' \ +'--extract-links[Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)]' \ '(--auto-bail)--auto-tune[Automatically lower scan rate when an excessive amount of errors are encountered]' \ '--auto-bail[Automatically stop scanning when an excessive amount of errors are encountered]' \ '-D[Don'\''t auto-filter wildcard responses]' \ '--dont-filter[Don'\''t auto-filter wildcard responses]' \ '-E[Automatically discover extensions and add them to --extensions (unless they'\''re in --dont-collect)]' \ '--collect-extensions[Automatically discover extensions and add them to --extensions (unless they'\''re in --dont-collect)]' \ -'-B[Automatically request likely backup extensions for "found" urls]' \ -'--collect-backups[Automatically request likely backup extensions for "found" urls]' \ +'-B[Automatically request likely backup extensions for "found" urls (default: true)]' \ +'--collect-backups[Automatically request likely backup extensions for "found" urls (default: true)]' \ '-g[Automatically discover important words from within responses and add them to the wordlist]' \ '--collect-words[Automatically discover important words from within responses and add them to the wordlist]' \ '(--silent)*-v[Increase verbosity level (use -vv or more for greater effect. \[CAUTION\] 4 -v'\''s is probably too much)]' \ diff --git a/shell_completions/_feroxbuster.ps1 b/shell_completions/_feroxbuster.ps1 index b76f590..10d3097 100644 --- a/shell_completions/_feroxbuster.ps1 +++ b/shell_completions/_feroxbuster.ps1 @@ -30,8 +30,8 @@ Register-ArgumentCompleter -Native -CommandName 'feroxbuster' -ScriptBlock { [CompletionResult]::new('--replay-proxy', 'replay-proxy', [CompletionResultType]::ParameterName, 'Send only unfiltered requests through a Replay Proxy, instead of all requests') [CompletionResult]::new('-R', 'R', [CompletionResultType]::ParameterName, 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)') [CompletionResult]::new('--replay-codes', 'replay-codes', [CompletionResultType]::ParameterName, 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)') - [CompletionResult]::new('-a', 'a', [CompletionResultType]::ParameterName, 'Sets the User-Agent (default: feroxbuster/2.9.1)') - [CompletionResult]::new('--user-agent', 'user-agent', [CompletionResultType]::ParameterName, 'Sets the User-Agent (default: feroxbuster/2.9.1)') + [CompletionResult]::new('-a', 'a', [CompletionResultType]::ParameterName, 'Sets the User-Agent (default: feroxbuster/2.9.2)') + [CompletionResult]::new('--user-agent', 'user-agent', [CompletionResultType]::ParameterName, 'Sets the User-Agent (default: feroxbuster/2.9.2)') [CompletionResult]::new('-x', 'x', [CompletionResultType]::ParameterName, 'File extension(s) to search for (ex: -x php -x pdf js)') [CompletionResult]::new('--extensions', 'extensions', [CompletionResultType]::ParameterName, 'File extension(s) to search for (ex: -x php -x pdf js)') [CompletionResult]::new('-m', 'm', [CompletionResultType]::ParameterName, 'Which HTTP request method(s) should be sent (default: GET)') @@ -91,16 +91,16 @@ Register-ArgumentCompleter -Native -CommandName 'feroxbuster' -ScriptBlock { [CompletionResult]::new('-n', 'n', [CompletionResultType]::ParameterName, 'Do not scan recursively') [CompletionResult]::new('--no-recursion', 'no-recursion', [CompletionResultType]::ParameterName, 'Do not scan recursively') [CompletionResult]::new('--force-recursion', 'force-recursion', [CompletionResultType]::ParameterName, 'Force recursion attempts on all ''found'' endpoints (still respects recursion depth)') - [CompletionResult]::new('-e', 'e', [CompletionResultType]::ParameterName, 'Extract links from response body (html, javascript, etc...); make new requests based on findings') - [CompletionResult]::new('--extract-links', 'extract-links', [CompletionResultType]::ParameterName, 'Extract links from response body (html, javascript, etc...); make new requests based on findings') + [CompletionResult]::new('-e', 'e', [CompletionResultType]::ParameterName, 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)') + [CompletionResult]::new('--extract-links', 'extract-links', [CompletionResultType]::ParameterName, 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)') [CompletionResult]::new('--auto-tune', 'auto-tune', [CompletionResultType]::ParameterName, 'Automatically lower scan rate when an excessive amount of errors are encountered') [CompletionResult]::new('--auto-bail', 'auto-bail', [CompletionResultType]::ParameterName, 'Automatically stop scanning when an excessive amount of errors are encountered') [CompletionResult]::new('-D', 'D', [CompletionResultType]::ParameterName, 'Don''t auto-filter wildcard responses') [CompletionResult]::new('--dont-filter', 'dont-filter', [CompletionResultType]::ParameterName, 'Don''t auto-filter wildcard responses') [CompletionResult]::new('-E', 'E', [CompletionResultType]::ParameterName, 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)') [CompletionResult]::new('--collect-extensions', 'collect-extensions', [CompletionResultType]::ParameterName, 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)') - [CompletionResult]::new('-B', 'B', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls') - [CompletionResult]::new('--collect-backups', 'collect-backups', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls') + [CompletionResult]::new('-B', 'B', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls (default: true)') + [CompletionResult]::new('--collect-backups', 'collect-backups', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls (default: true)') [CompletionResult]::new('-g', 'g', [CompletionResultType]::ParameterName, 'Automatically discover important words from within responses and add them to the wordlist') [CompletionResult]::new('--collect-words', 'collect-words', [CompletionResultType]::ParameterName, 'Automatically discover important words from within responses and add them to the wordlist') [CompletionResult]::new('-v', 'v', [CompletionResultType]::ParameterName, 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)') diff --git a/shell_completions/feroxbuster.elv b/shell_completions/feroxbuster.elv index 6dbdd18..4107059 100644 --- a/shell_completions/feroxbuster.elv +++ b/shell_completions/feroxbuster.elv @@ -27,8 +27,8 @@ set edit:completion:arg-completer[feroxbuster] = {|@words| cand --replay-proxy 'Send only unfiltered requests through a Replay Proxy, instead of all requests' cand -R 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)' cand --replay-codes 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)' - cand -a 'Sets the User-Agent (default: feroxbuster/2.9.1)' - cand --user-agent 'Sets the User-Agent (default: feroxbuster/2.9.1)' + cand -a 'Sets the User-Agent (default: feroxbuster/2.9.2)' + cand --user-agent 'Sets the User-Agent (default: feroxbuster/2.9.2)' cand -x 'File extension(s) to search for (ex: -x php -x pdf js)' cand --extensions 'File extension(s) to search for (ex: -x php -x pdf js)' cand -m 'Which HTTP request method(s) should be sent (default: GET)' @@ -88,16 +88,16 @@ set edit:completion:arg-completer[feroxbuster] = {|@words| cand -n 'Do not scan recursively' cand --no-recursion 'Do not scan recursively' cand --force-recursion 'Force recursion attempts on all ''found'' endpoints (still respects recursion depth)' - cand -e 'Extract links from response body (html, javascript, etc...); make new requests based on findings' - cand --extract-links 'Extract links from response body (html, javascript, etc...); make new requests based on findings' + cand -e 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)' + cand --extract-links 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)' cand --auto-tune 'Automatically lower scan rate when an excessive amount of errors are encountered' cand --auto-bail 'Automatically stop scanning when an excessive amount of errors are encountered' cand -D 'Don''t auto-filter wildcard responses' cand --dont-filter 'Don''t auto-filter wildcard responses' cand -E 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)' cand --collect-extensions 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)' - cand -B 'Automatically request likely backup extensions for "found" urls' - cand --collect-backups 'Automatically request likely backup extensions for "found" urls' + cand -B 'Automatically request likely backup extensions for "found" urls (default: true)' + cand --collect-backups 'Automatically request likely backup extensions for "found" urls (default: true)' cand -g 'Automatically discover important words from within responses and add them to the wordlist' cand --collect-words 'Automatically discover important words from within responses and add them to the wordlist' cand -v 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)' diff --git a/src/config/container.rs b/src/config/container.rs index 5bebe2f..8136e68 100644 --- a/src/config/container.rs +++ b/src/config/container.rs @@ -1,6 +1,7 @@ use super::utils::{ - depth, ignored_extensions, methods, report_and_exit, save_state, serialized_type, status_codes, - threads, timeout, user_agent, wordlist, OutputLevel, RequesterPolicy, + depth, extract_links, ignored_extensions, methods, report_and_exit, save_state, collect_backups, + serialized_type, status_codes, threads, timeout, user_agent, wordlist, OutputLevel, + RequesterPolicy, }; use crate::config::determine_output_level; use crate::config::utils::determine_requester_policy; @@ -214,7 +215,7 @@ pub struct Configuration { pub no_recursion: bool, /// Extract links from html/javscript - #[serde(default)] + #[serde(default = "extract_links")] pub extract_links: bool, /// Append / to each request @@ -299,7 +300,7 @@ pub struct Configuration { pub dont_collect: Vec, /// Automatically request likely backup extensions on "found" urls - #[serde(default)] + #[serde(default = "collect_backups")] pub collect_backups: bool, /// Automatically discover important words from within responses and add them to the wordlist @@ -328,6 +329,8 @@ impl Default for Configuration { let kind = serialized_type(); let output_level = OutputLevel::Default; let requester_policy = RequesterPolicy::Default; + let extract_links = extract_links(); + let collect_backups = collect_backups(); Configuration { kind, @@ -336,7 +339,9 @@ impl Default for Configuration { user_agent, replay_codes, status_codes, + extract_links, replay_client, + collect_backups, requester_policy, dont_filter: false, auto_bail: false, @@ -355,10 +360,8 @@ impl Default for Configuration { insecure: false, redirects: false, no_recursion: false, - extract_links: false, random_agent: false, collect_extensions: false, - collect_backups: false, collect_words: false, save_state: true, force_recursion: false, @@ -398,7 +401,7 @@ impl Configuration { /// /// - **timeout**: `5` seconds /// - **redirects**: `false` - /// - **extract-links**: `false` + /// - **extract_links**: `true` /// - **wordlist**: [`DEFAULT_WORDLIST`](constant.DEFAULT_WORDLIST.html) /// - **config**: `None` /// - **threads**: `50` @@ -419,7 +422,7 @@ impl Configuration { /// - **insecure**: `false` (don't be insecure, i.e. don't allow invalid certs) /// - **extensions**: `None` /// - **collect_extensions**: `false` - /// - **collect_backups**: `false` + /// - **collect_backups**: `true` /// - **collect_words**: `false` /// - **dont_collect**: [`DEFAULT_IGNORED_EXTENSIONS`](constant.DEFAULT_RESPONSE_CODES.html) /// - **methods**: [`DEFAULT_METHOD`](constant.DEFAULT_METHOD.html) @@ -988,7 +991,7 @@ impl Configuration { update_if_not_default!(&mut conf.auto_bail, new.auto_bail, false); update_if_not_default!(&mut conf.auto_tune, new.auto_tune, false); update_if_not_default!(&mut conf.collect_extensions, new.collect_extensions, false); - update_if_not_default!(&mut conf.collect_backups, new.collect_backups, false); + update_if_not_default!(&mut conf.collect_backups, new.collect_backups, collect_backups()); update_if_not_default!(&mut conf.collect_words, new.collect_words, false); // use updated quiet/silent values to determine output level; same for requester policy conf.output_level = determine_output_level(conf.quiet, conf.silent); @@ -997,7 +1000,7 @@ impl Configuration { update_if_not_default!(&mut conf.redirects, new.redirects, false); update_if_not_default!(&mut conf.insecure, new.insecure, false); update_if_not_default!(&mut conf.force_recursion, new.force_recursion, false); - update_if_not_default!(&mut conf.extract_links, new.extract_links, false); + update_if_not_default!(&mut conf.extract_links, new.extract_links, extract_links()); update_if_not_default!(&mut conf.extensions, new.extensions, Vec::::new()); update_if_not_default!(&mut conf.methods, new.methods, methods()); update_if_not_default!(&mut conf.data, new.data, Vec::::new()); diff --git a/src/config/tests.rs b/src/config/tests.rs index 778ece4..4beaeca 100644 --- a/src/config/tests.rs +++ b/src/config/tests.rs @@ -30,7 +30,7 @@ fn setup_config_test() -> Configuration { resume_from = "/some/state/file" redirects = true insecure = true - collect_backups = true + collect_backups = false collect_extensions = true collect_words = true extensions = ["html", "php", "js"] @@ -45,7 +45,7 @@ fn setup_config_test() -> Configuration { add_slash = true stdin = true dont_filter = true - extract_links = true + extract_links = false json = true save_state = false depth = 1 @@ -98,10 +98,10 @@ fn default_configuration() { assert!(!config.add_slash); assert!(!config.force_recursion); assert!(!config.redirects); - assert!(!config.extract_links); + assert!(config.extract_links); assert!(!config.insecure); assert!(!config.collect_extensions); - assert!(!config.collect_backups); + assert!(config.collect_backups); assert!(!config.collect_words); assert!(config.regex_denylist.is_empty()); assert_eq!(config.queries, Vec::new()); @@ -305,7 +305,7 @@ fn config_reads_add_slash() { /// parse the test config and see that the value parsed is correct fn config_reads_extract_links() { let config = setup_config_test(); - assert!(config.extract_links); + assert!(!config.extract_links); } #[test] @@ -319,7 +319,7 @@ fn config_reads_collect_extensions() { /// parse the test config and see that the value parsed is correct fn config_reads_collect_backups() { let config = setup_config_test(); - assert!(config.collect_backups); + assert!(!config.collect_backups); } #[test] diff --git a/src/config/utils.rs b/src/config/utils.rs index 594e98a..10608d3 100644 --- a/src/config/utils.rs +++ b/src/config/utils.rs @@ -84,6 +84,16 @@ pub(super) fn depth() -> usize { 4 } +/// default extract links +pub(super) fn extract_links() -> bool { + true +} + +/// default collect backups +pub(super) fn collect_backups() -> bool { + true +} + /// enum representing the three possible states for informational output (not logging verbosity) #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub enum OutputLevel { diff --git a/src/parser.rs b/src/parser.rs index 2dc726d..b8a7eab 100644 --- a/src/parser.rs +++ b/src/parser.rs @@ -433,7 +433,7 @@ pub fn initialize() -> Command { .long("extract-links") .num_args(0) .help_heading("Scan settings") - .help("Extract links from response body (html, javascript, etc...); make new requests based on findings") + .help("Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)") ) .arg( Arg::new("scan_limit") @@ -514,7 +514,7 @@ pub fn initialize() -> Command { .long("collect-backups") .num_args(0) .help_heading("Dynamic collection settings") - .help("Automatically request likely backup extensions for \"found\" urls") + .help("Automatically request likely backup extensions for \"found\" urls (default: true)") ).arg( Arg::new("collect_words") .short('g')