added extensions option

2026-06-06 17:31:12 -03:00 · 2020-09-03 06:22:05 -05:00
parent 863613f409
commit 20df8a0a04
4 changed files with 43 additions and 8 deletions
--- a/feroxbuster.toml.example
+++ b/feroxbuster.toml.example
@@ -13,4 +13,8 @@
 # proxy = "http://127.0.0.1:8080"
 # verbosity = 1
 # quiet = true
-# output = "/targets/ellingson_mineral_company/gibson.txt"
+# output = "/targets/ellingson_mineral_company/gibson.txt"
+# useragent = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
+# follow_redirects = true
+# insecure = true
+# extensions = ["php", "html"]
--- a/src/client.rs
+++ b/src/client.rs
@@ -10,10 +10,9 @@ pub fn initialize(
    proxy: Option<&str>,
 ) -> Client {
    // todo: integration test for this as well, specifically redirect, timeout, proxy, etc
-    let policy= if follow_redirects {
+    let policy = if follow_redirects {
        Policy::limited(10)
-    }
-    else {
+    } else {
        Policy::none()
    };

--- a/src/config.rs
+++ b/src/config.rs
@@ -49,10 +49,11 @@ pub struct Configuration {
    pub follow_redirects: bool,
    #[serde(default)]
    pub insecure: bool,
-
+    #[serde(default)]
+    pub extensions: Vec<String>,
 }

-// functions timeout, threads, extensions, useragent, and wordlist are used to provide defaults in the
+// functions timeout, threads, statuscodes, useragent, and wordlist are used to provide defaults in the
 // event that a feroxbuster.toml is found but one or more of the values below aren't listed
 // in the config.  This way, we get the correct defaults upon Deserialization
 fn timeout() -> u64 {
@@ -91,6 +92,7 @@ impl Default for Configuration {
            proxy: String::new(),
            output: String::new(),
            target_url: String::new(),
+            extensions: Vec::new(),
            threads: threads(),
            wordlist: wordlist(),
            statuscodes: statuscodes(),
@@ -114,6 +116,7 @@ impl Configuration {
    /// - quiet: false
    /// - useragent: "feroxbuster/VERSION"
    /// - insecure: false (don't be insecure, i.e. don't allow invalid certs)
+    /// - extensions: None
    ///
    /// After which, any values defined in a
    /// [feroxbuster.toml](constant.DEFAULT_CONFIG_NAME.html) config file will override the
@@ -146,6 +149,7 @@ impl Configuration {
            config.useragent = settings.useragent;
            config.follow_redirects = settings.follow_redirects;
            config.insecure = settings.insecure;
+            config.extensions = settings.extensions;
        }

        let args = parser::initialize().get_matches();
@@ -180,6 +184,14 @@ impl Configuration {
                .collect();
        }

+        if args.values_of("extensions").is_some() {
+            config.extensions = args
+                .values_of("extensions")
+                .unwrap()
+                .map(|val| String::from(val))
+                .collect();
+        }
+
        if args.is_present("quiet") {
            // the reason this is protected by an if statement:
            // consider a user specifying quiet = true in feroxbuster.toml
@@ -289,6 +301,7 @@ mod tests {
            output = "/some/otherpath"
            follow_redirects = true
            insecure = true
+            statuscodes = [html, php, js]
        "#;
        let tmp_dir = TempDir::new().unwrap();
        let file = tmp_dir.path().join(DEFAULT_CONFIG_NAME);
@@ -309,6 +322,7 @@ mod tests {
        assert_eq!(config.quiet, false);
        assert_eq!(config.follow_redirects, false);
        assert_eq!(config.insecure, false);
+        assert_eq!(config.extensions, Vec::new());
    }

    #[test]
@@ -371,4 +385,10 @@ mod tests {
        assert_eq!(config.insecure, true);
    }

+    #[test]
+    fn config_reads_extensions() {
+        let config = setup_config_test();
+        assert_eq!(config.extensions, vec!["html", "php", "js"]);
+    }
+
 }
--- a/src/parser.rs
+++ b/src/parser.rs
@@ -97,14 +97,26 @@ pub fn initialize() -> App<'static, 'static> {
                .short("r")
                .long("follow_redirects")
                .takes_value(false)
-                .help("Follow redirects")
+                .help("Follow redirects (default: false)")
        )
        .arg(
            Arg::with_name("insecure")
                .short("k")
                .long("insecure")
                .takes_value(false)
-                .help("Disables TLS certificate validation")
+                .help("Disables TLS certificate validation (default: false)")
+        )
+        .arg(
+            Arg::with_name("extensions")
+                .short("x")
+                .long("extensions")
+                .value_name("FILE_EXTENSION")
+                .takes_value(true)
+                .multiple(true)
+                .use_delimiter(true)
+                .help(
+                    "File extension(s) to search for (accepts multi-flag and comma-delimited: -x php -x pdf,js)",
+                ),
        )

 }