From 8094b17afcbb56471716c3d321cf0dfb8ede44be Mon Sep 17 00:00:00 2001
From: epi <epibar052@gmail.com>
Date: Fri, 4 Sep 2020 10:03:52 -0500
Subject: [PATCH] added --stdin flag; url/stdin mutually exclusive

---
 README.md                 |  1 +
 ferox-config.toml.example |  1 +
 src/config.rs             | 22 ++++++++++++++++++++--
 src/parser.rs             | 14 +++++++++++---
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 7b37e2e..eb93505 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ extensions = ["php", "html"]
 headers = {"Accept" = "application/json"}
 norecursion = true
 addslash = true
+stdin = true
 ```
 
 ### Command Line Parsing
diff --git a/ferox-config.toml.example b/ferox-config.toml.example
index e80e8ba..bb43ec8 100644
--- a/ferox-config.toml.example
+++ b/ferox-config.toml.example
@@ -20,6 +20,7 @@
 # extensions = ["php", "html"]
 # norecursion = true
 # addslash = true
+# stdin = true
 
 
 # headers can be specified on multiple lines or as an inline table
diff --git a/src/config.rs b/src/config.rs
index cd966c0..98f2a9e 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -61,6 +61,9 @@ pub struct Configuration {
     pub norecursion: bool,
     #[serde(default)]
     pub addslash: bool,
+    #[serde(default)]
+    pub stdin: bool,
+
 }
 
 // functions timeout, threads, statuscodes, useragent, and wordlist are used to provide defaults in the
@@ -96,6 +99,7 @@ impl Default for Configuration {
             timeout,
             useragent,
             quiet: false,
+            stdin: false,
             verbosity: 0,
             addslash: false,
             insecure: false,
@@ -133,6 +137,7 @@ impl Configuration {
     /// - headers: None
     /// - norecursion: false (don't recursively bust enumerated sub-directories)
     /// - addslash: false
+    /// - stdin: false
     ///
     /// After which, any values defined in a
     /// [ferox-config.toml](constant.DEFAULT_CONFIG_NAME.html) config file will override the
@@ -172,6 +177,7 @@ impl Configuration {
                         config.headers = settings.headers;
                         config.norecursion = settings.norecursion;
                         config.addslash = settings.addslash;
+                        config.stdin = settings.stdin;
                     }
                 }
                 None => {}
@@ -240,8 +246,12 @@ impl Configuration {
             config.addslash = args.is_present("addslash");
         }
 
-        // target_url is required, so no if statement is required
-        config.target_url = String::from(args.value_of("url").unwrap());
+        if args.is_present("stdin") {
+            config.stdin = args.is_present("stdin");
+        }
+        else {
+            config.target_url = String::from(args.value_of("url").unwrap());
+        }
 
         ////
         // organizational breakpoint; all options below alter the Client configuration
@@ -356,6 +366,7 @@ mod tests {
             headers = {stuff = "things", mostuff = "mothings"}
             norecursion = true
             addslash = true
+            stdin = true
         "#;
         let tmp_dir = TempDir::new().unwrap();
         let file = tmp_dir.path().join(DEFAULT_CONFIG_NAME);
@@ -375,6 +386,7 @@ mod tests {
         assert_eq!(config.verbosity, 0);
         assert_eq!(config.quiet, false);
         assert_eq!(config.norecursion, false);
+        assert_eq!(config.stdin, false);
         assert_eq!(config.addslash, false);
         assert_eq!(config.redirects, false);
         assert_eq!(config.insecure, false);
@@ -448,6 +460,12 @@ mod tests {
         assert_eq!(config.norecursion, true);
     }
 
+    #[test]
+    fn config_reads_stdin() {
+        let config = setup_config_test();
+        assert_eq!(config.stdin, true);
+    }
+
     #[test]
     fn config_reads_addslash() {
         let config = setup_config_test();
diff --git a/src/parser.rs b/src/parser.rs
index 5e088b6..a59e516 100644
--- a/src/parser.rs
+++ b/src/parser.rs
@@ -19,9 +19,9 @@ pub fn initialize() -> App<'static, 'static> {
             Arg::with_name("url")
                 .short("u")
                 .long("url")
-                .required(true)
+                .required_unless("stdin")
                 .value_name("URL")
-                .help("The target URL (required, unless passing urls on STDIN)"),
+                .help("The target URL (required, unless --stdin used)"),
         )
         .arg(
             Arg::with_name("threads")
@@ -146,6 +146,14 @@ pub fn initialize() -> App<'static, 'static> {
                 .takes_value(false)
                 .help("Append / to each request")
         )
+        .arg(
+            Arg::with_name("stdin")
+                .long("stdin")
+                .takes_value(false)
+                .help("Read url(s) from STDIN")
+                .conflicts_with("url")
+        )
+
         .after_help(r#"NOTE:
     Options that take multiple values are very flexible.  Consider the following ways of specifying
     extensions:
@@ -162,7 +170,7 @@ EXAMPLES:
         ./feroxbuster -u http://[::1] --norecursion -vv
 
     Read urls from STDIN; pipe only resulting urls out to another tool
-        cat targets | ./feroxbuster -q -s 200 301 302 --redirects -x js | fff -s 200 -o js-files
+        cat targets | ./feroxbuster --stdin -q -s 200 301 302 --redirects -x js | fff -s 200 -o js-files
 
     Ludicrous speed... go!
         ./feroxbuster -u http://127.1 -t 200