diff --git a/shell_completions/_feroxbuster b/shell_completions/_feroxbuster index 478c0ad..e2d2fdb 100644 --- a/shell_completions/_feroxbuster +++ b/shell_completions/_feroxbuster @@ -72,7 +72,7 @@ _feroxbuster() { '(-u --url)--stdin[Read url(s) from STDIN]' \ '(-p --proxy -k --insecure --burp-replay)--burp[Set --proxy to http://127.0.0.1:8080 and set --insecure to true]' \ '(-P --replay-proxy -k --insecure)--burp-replay[Set --replay-proxy to http://127.0.0.1:8080 and set --insecure to true]' \ -'(--rate-limit --auto-bail)--smart[Set --auto-tune and --collect-words to true]' \ +'(--rate-limit --auto-bail)--smart[Set --auto-tune, --collect-words, and --collect-backups to true]' \ '(--rate-limit --auto-bail)--thorough[Use the same settings as --smart and set --collect-extensions to true]' \ '-A[Use a random User-Agent]' \ '--random-agent[Use a random User-Agent]' \ @@ -96,7 +96,6 @@ _feroxbuster() { '--collect-extensions[Automatically discover extensions and add them to --extensions (unless they'\''re in --dont-collect)]' \ '-B[Automatically request likely backup extensions for "found" urls]' \ '--collect-backups[Automatically request likely backup extensions for "found" urls]' \ -'--dont-collect-backups[Don'\''t automatically request likely backup extensions for "found" urls]' \ '-g[Automatically discover important words from within responses and add them to the wordlist]' \ '--collect-words[Automatically discover important words from within responses and add them to the wordlist]' \ '(--silent)*-v[Increase verbosity level (use -vv or more for greater effect. \[CAUTION\] 4 -v'\''s is probably too much)]' \ diff --git a/shell_completions/_feroxbuster.ps1 b/shell_completions/_feroxbuster.ps1 index 6c71db6..e3dc6c8 100644 --- a/shell_completions/_feroxbuster.ps1 +++ b/shell_completions/_feroxbuster.ps1 @@ -78,7 +78,7 @@ Register-ArgumentCompleter -Native -CommandName 'feroxbuster' -ScriptBlock { [CompletionResult]::new('--stdin', 'stdin', [CompletionResultType]::ParameterName, 'Read url(s) from STDIN') [CompletionResult]::new('--burp', 'burp', [CompletionResultType]::ParameterName, 'Set --proxy to http://127.0.0.1:8080 and set --insecure to true') [CompletionResult]::new('--burp-replay', 'burp-replay', [CompletionResultType]::ParameterName, 'Set --replay-proxy to http://127.0.0.1:8080 and set --insecure to true') - [CompletionResult]::new('--smart', 'smart', [CompletionResultType]::ParameterName, 'Set --auto-tune and --collect-words to true') + [CompletionResult]::new('--smart', 'smart', [CompletionResultType]::ParameterName, 'Set --auto-tune, --collect-words, and --collect-backups to true') [CompletionResult]::new('--thorough', 'thorough', [CompletionResultType]::ParameterName, 'Use the same settings as --smart and set --collect-extensions to true') [CompletionResult]::new('-A', 'A', [CompletionResultType]::ParameterName, 'Use a random User-Agent') [CompletionResult]::new('--random-agent', 'random-agent', [CompletionResultType]::ParameterName, 'Use a random User-Agent') @@ -102,7 +102,6 @@ Register-ArgumentCompleter -Native -CommandName 'feroxbuster' -ScriptBlock { [CompletionResult]::new('--collect-extensions', 'collect-extensions', [CompletionResultType]::ParameterName, 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)') [CompletionResult]::new('-B', 'B', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls') [CompletionResult]::new('--collect-backups', 'collect-backups', [CompletionResultType]::ParameterName, 'Automatically request likely backup extensions for "found" urls') - [CompletionResult]::new('--dont-collect-backups', 'dont-collect-backups', [CompletionResultType]::ParameterName, 'Don''t automatically request likely backup extensions for "found" urls') [CompletionResult]::new('-g', 'g', [CompletionResultType]::ParameterName, 'Automatically discover important words from within responses and add them to the wordlist') [CompletionResult]::new('--collect-words', 'collect-words', [CompletionResultType]::ParameterName, 'Automatically discover important words from within responses and add them to the wordlist') [CompletionResult]::new('-v', 'v', [CompletionResultType]::ParameterName, 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)') diff --git a/shell_completions/feroxbuster.bash b/shell_completions/feroxbuster.bash index 19b937b..143aebf 100644 --- a/shell_completions/feroxbuster.bash +++ b/shell_completions/feroxbuster.bash @@ -19,7 +19,7 @@ _feroxbuster() { case "${cmd}" in feroxbuster) - opts="-u -p -P -R -a -A -x -m -H -b -Q -f -S -X -W -N -C -s -T -r -k -t -n -d -e -L -w -D -E -B -g -I -v -q -o -U -h -V --url --stdin --resume-from --burp --burp-replay --smart --thorough --proxy --replay-proxy --replay-codes --user-agent --random-agent --extensions --methods --data --headers --cookies --query --add-slash --dont-scan --filter-size --filter-regex --filter-words --filter-lines --filter-status --filter-similar-to --status-codes --timeout --redirects --insecure --threads --no-recursion --depth --force-recursion --extract-links --dont-extract-links --scan-limit --parallel --rate-limit --time-limit --wordlist --auto-tune --auto-bail --dont-filter --collect-extensions --collect-backups --dont-collect-backups --collect-words --dont-collect --verbosity --silent --quiet --json --output --debug-log --no-state --update --help --version" + opts="-u -p -P -R -a -A -x -m -H -b -Q -f -S -X -W -N -C -s -T -r -k -t -n -d -e -L -w -D -E -B -g -I -v -q -o -U -h -V --url --stdin --resume-from --burp --burp-replay --smart --thorough --proxy --replay-proxy --replay-codes --user-agent --random-agent --extensions --methods --data --headers --cookies --query --add-slash --dont-scan --filter-size --filter-regex --filter-words --filter-lines --filter-status --filter-similar-to --status-codes --timeout --redirects --insecure --threads --no-recursion --depth --force-recursion --extract-links --dont-extract-links --scan-limit --parallel --rate-limit --time-limit --wordlist --auto-tune --auto-bail --dont-filter --collect-extensions --collect-backups --collect-words --dont-collect --verbosity --silent --quiet --json --output --debug-log --no-state --update --help --version" if [[ ${cur} == -* || ${COMP_CWORD} -eq 1 ]] ; then COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") ) return 0 diff --git a/shell_completions/feroxbuster.elv b/shell_completions/feroxbuster.elv index 8e500df..a67b3bb 100644 --- a/shell_completions/feroxbuster.elv +++ b/shell_completions/feroxbuster.elv @@ -75,7 +75,7 @@ set edit:completion:arg-completer[feroxbuster] = {|@words| cand --stdin 'Read url(s) from STDIN' cand --burp 'Set --proxy to http://127.0.0.1:8080 and set --insecure to true' cand --burp-replay 'Set --replay-proxy to http://127.0.0.1:8080 and set --insecure to true' - cand --smart 'Set --auto-tune and --collect-words to true' + cand --smart 'Set --auto-tune, --collect-words, and --collect-backups to true' cand --thorough 'Use the same settings as --smart and set --collect-extensions to true' cand -A 'Use a random User-Agent' cand --random-agent 'Use a random User-Agent' @@ -99,7 +99,6 @@ set edit:completion:arg-completer[feroxbuster] = {|@words| cand --collect-extensions 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)' cand -B 'Automatically request likely backup extensions for "found" urls' cand --collect-backups 'Automatically request likely backup extensions for "found" urls' - cand --dont-collect-backups 'Don''t automatically request likely backup extensions for "found" urls' cand -g 'Automatically discover important words from within responses and add them to the wordlist' cand --collect-words 'Automatically discover important words from within responses and add them to the wordlist' cand -v 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)' diff --git a/src/config/container.rs b/src/config/container.rs index 8136e68..073bb4a 100644 --- a/src/config/container.rs +++ b/src/config/container.rs @@ -1,6 +1,6 @@ use super::utils::{ - depth, extract_links, ignored_extensions, methods, report_and_exit, save_state, collect_backups, - serialized_type, status_codes, threads, timeout, user_agent, wordlist, OutputLevel, + depth, extract_links, ignored_extensions, methods, report_and_exit, + save_state, serialized_type, status_codes, threads, timeout, user_agent, wordlist, OutputLevel, RequesterPolicy, }; use crate::config::determine_output_level; @@ -300,7 +300,7 @@ pub struct Configuration { pub dont_collect: Vec, /// Automatically request likely backup extensions on "found" urls - #[serde(default = "collect_backups")] + #[serde(default)] pub collect_backups: bool, /// Automatically discover important words from within responses and add them to the wordlist @@ -330,7 +330,6 @@ impl Default for Configuration { let output_level = OutputLevel::Default; let requester_policy = RequesterPolicy::Default; let extract_links = extract_links(); - let collect_backups = collect_backups(); Configuration { kind, @@ -341,7 +340,6 @@ impl Default for Configuration { status_codes, extract_links, replay_client, - collect_backups, requester_policy, dont_filter: false, auto_bail: false, @@ -362,6 +360,7 @@ impl Default for Configuration { no_recursion: false, random_agent: false, collect_extensions: false, + collect_backups: false, collect_words: false, save_state: true, force_recursion: false, @@ -422,7 +421,7 @@ impl Configuration { /// - **insecure**: `false` (don't be insecure, i.e. don't allow invalid certs) /// - **extensions**: `None` /// - **collect_extensions**: `false` - /// - **collect_backups**: `true` + /// - **collect_backups**: `false` /// - **collect_words**: `false` /// - **dont_collect**: [`DEFAULT_IGNORED_EXTENSIONS`](constant.DEFAULT_RESPONSE_CODES.html) /// - **methods**: [`DEFAULT_METHOD`](constant.DEFAULT_METHOD.html) @@ -810,11 +809,8 @@ impl Configuration { config.add_slash = true; } - if came_from_cli!(args, "extract_links") - || came_from_cli!(args, "smart") - || came_from_cli!(args, "thorough") - { - config.extract_links = true; + if came_from_cli!(args, "dont_extract_links") { + config.extract_links = false; } if came_from_cli!(args, "json") { @@ -991,7 +987,11 @@ impl Configuration { update_if_not_default!(&mut conf.auto_bail, new.auto_bail, false); update_if_not_default!(&mut conf.auto_tune, new.auto_tune, false); update_if_not_default!(&mut conf.collect_extensions, new.collect_extensions, false); - update_if_not_default!(&mut conf.collect_backups, new.collect_backups, collect_backups()); + update_if_not_default!( + &mut conf.collect_backups, + new.collect_backups, + false + ); update_if_not_default!(&mut conf.collect_words, new.collect_words, false); // use updated quiet/silent values to determine output level; same for requester policy conf.output_level = determine_output_level(conf.quiet, conf.silent); diff --git a/src/config/tests.rs b/src/config/tests.rs index 4beaeca..7af9ee8 100644 --- a/src/config/tests.rs +++ b/src/config/tests.rs @@ -30,7 +30,7 @@ fn setup_config_test() -> Configuration { resume_from = "/some/state/file" redirects = true insecure = true - collect_backups = false + collect_backups = true collect_extensions = true collect_words = true extensions = ["html", "php", "js"] @@ -101,7 +101,7 @@ fn default_configuration() { assert!(config.extract_links); assert!(!config.insecure); assert!(!config.collect_extensions); - assert!(config.collect_backups); + assert!(!config.collect_backups); assert!(!config.collect_words); assert!(config.regex_denylist.is_empty()); assert_eq!(config.queries, Vec::new()); @@ -319,7 +319,7 @@ fn config_reads_collect_extensions() { /// parse the test config and see that the value parsed is correct fn config_reads_collect_backups() { let config = setup_config_test(); - assert!(!config.collect_backups); + assert!(config.collect_backups); } #[test] diff --git a/src/config/utils.rs b/src/config/utils.rs index 10608d3..e45c0ea 100644 --- a/src/config/utils.rs +++ b/src/config/utils.rs @@ -89,11 +89,6 @@ pub(super) fn extract_links() -> bool { true } -/// default collect backups -pub(super) fn collect_backups() -> bool { - true -} - /// enum representing the three possible states for informational output (not logging verbosity) #[derive(Debug, Copy, Clone, PartialEq, Eq)] pub enum OutputLevel { diff --git a/src/parser.rs b/src/parser.rs index 7271fbf..b9dd856 100644 --- a/src/parser.rs +++ b/src/parser.rs @@ -92,7 +92,7 @@ pub fn initialize() -> Command { .num_args(0) .help_heading("Composite settings") .conflicts_with_all(["rate_limit", "auto_bail"]) - .help("Set --auto-tune and --collect-words to true"), + .help("Set --auto-tune, --collect-words, and --collect-backups to true"), ) .arg( Arg::new("thorough") @@ -524,13 +524,6 @@ pub fn initialize() -> Command { .num_args(0) .help_heading("Dynamic collection settings") .help("Automatically request likely backup extensions for \"found\" urls") - .hide(true) - ).arg( - Arg::new("dont_collect_backups") - .long("dont-collect-backups") - .num_args(0) - .help_heading("Dynamic collection settings") - .help("Don't automatically request likely backup extensions for \"found\" urls") ) .arg( Arg::new("collect_words") diff --git a/src/scan_manager/tests.rs b/src/scan_manager/tests.rs index 29590ba..b0d039c 100644 --- a/src/scan_manager/tests.rs +++ b/src/scan_manager/tests.rs @@ -500,7 +500,7 @@ fn feroxstates_feroxserialize_implementation() { r#""headers""#, r#""server":"nginx/1.16.1"#, r#""collect_extensions":true"#, - r#""collect_backups":true"#, + r#""collect_backups":false"#, r#""collect_words":false"#, r#""filters":[{"filter_code":100},{"word_count":200},{"content_length":300},{"line_count":400},{"compiled":".*","raw_string":".*"},{"hash":1,"original_url":"http://localhost:12345/"}]"#, r#""collected_extensions":["php"]"#,