mirror of
https://github.com/epi052/feroxbuster.git
synced 2026-06-01 04:41:12 -03:00
c8bcfb8f01
* fixed requests/sec for small values * ensured limit var is never 0 in build_a_bucket, not just refill * removed unnecessary cooldown flag manipulation in cool_down func * removed minor toctou in should_enforce_policy * added new flag releases before returns from should_enforce_policy * cleaned up how limitheap is initialized from tune func * added (more) safety/bounds checks to limitheap * capped timeout to 30sec; added lock error logging * added per-trigger error tracking to policy data * updated requester to use new policy data per-trigger errors * fixed race condition in progress bar message display; fixed tests * touched up a few minor issues in nlp * fixed req/sec test * fixed more tests * added new test suite for tuning; fixed more tests * clippy/fmt * fixed possible deadlock in error path for tune/bail * fixed a handful of minor correctness issues * removed unnecessary array allocation for error tracking * --rate-limit now serves as a hard cap, in general and on --auto-tune if both are provided together * renamed test file * bumped version to 2.13.1 * added new dirlisting detection heuristics * clippy * nitpickery
133 lines
11 KiB
Plaintext
133 lines
11 KiB
Plaintext
|
|
use builtin;
|
|
use str;
|
|
|
|
set edit:completion:arg-completer[feroxbuster] = {|@words|
|
|
fn spaces {|n|
|
|
builtin:repeat $n ' ' | str:join ''
|
|
}
|
|
fn cand {|text desc|
|
|
edit:complex-candidate $text &display=$text' '(spaces (- 14 (wcswidth $text)))$desc
|
|
}
|
|
var command = 'feroxbuster'
|
|
for word $words[1..-1] {
|
|
if (str:has-prefix $word '-') {
|
|
break
|
|
}
|
|
set command = $command';'$word
|
|
}
|
|
var completions = [
|
|
&'feroxbuster'= {
|
|
cand -u 'The target URL (required, unless [--stdin || --resume-from || --request-file] used)'
|
|
cand --url 'The target URL (required, unless [--stdin || --resume-from || --request-file] used)'
|
|
cand --resume-from 'State file from which to resume a partially complete scan (ex. --resume-from ferox-1606586780.state)'
|
|
cand --request-file 'Raw HTTP request file to use as a template for all requests'
|
|
cand --data-urlencoded 'Set -H ''Content-Type: application/x-www-form-urlencoded'', --data to <data-urlencoded> (supports @file) and -m to POST'
|
|
cand --data-json 'Set -H ''Content-Type: application/json'', --data to <data-json> (supports @file) and -m to POST'
|
|
cand -p 'Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)'
|
|
cand --proxy 'Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)'
|
|
cand -P 'Send only unfiltered requests through a Replay Proxy, instead of all requests'
|
|
cand --replay-proxy 'Send only unfiltered requests through a Replay Proxy, instead of all requests'
|
|
cand -R 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)'
|
|
cand --replay-codes 'Status Codes to send through a Replay Proxy when found (default: --status-codes value)'
|
|
cand -a 'Sets the User-Agent (default: feroxbuster/2.13.1)'
|
|
cand --user-agent 'Sets the User-Agent (default: feroxbuster/2.13.1)'
|
|
cand -x 'File extension(s) to search for (ex: -x php -x pdf js); reads values (newline-separated) from file if input starts with an @ (ex: @ext.txt)'
|
|
cand --extensions 'File extension(s) to search for (ex: -x php -x pdf js); reads values (newline-separated) from file if input starts with an @ (ex: @ext.txt)'
|
|
cand -m 'Which HTTP request method(s) should be sent (default: GET)'
|
|
cand --methods 'Which HTTP request method(s) should be sent (default: GET)'
|
|
cand --data 'Request''s Body; can read data from a file if input starts with an @ (ex: @post.bin)'
|
|
cand -H 'Specify HTTP headers to be used in each request (ex: -H Header:val -H ''stuff: things'')'
|
|
cand --headers 'Specify HTTP headers to be used in each request (ex: -H Header:val -H ''stuff: things'')'
|
|
cand -b 'Specify HTTP cookies to be used in each request (ex: -b stuff=things)'
|
|
cand --cookies 'Specify HTTP cookies to be used in each request (ex: -b stuff=things)'
|
|
cand -Q 'Request''s URL query parameters (ex: -Q token=stuff -Q secret=key)'
|
|
cand --query 'Request''s URL query parameters (ex: -Q token=stuff -Q secret=key)'
|
|
cand --protocol 'Specify the protocol to use when targeting via --request-file or --url with domain only (default: https)'
|
|
cand --dont-scan 'URL(s) or Regex Pattern(s) to exclude from recursion/scans'
|
|
cand --scope 'Additional domains/URLs to consider in-scope for scanning (in addition to current domain)'
|
|
cand -S 'Filter out messages of a particular size (ex: -S 5120 -S 4927,1970)'
|
|
cand --filter-size 'Filter out messages of a particular size (ex: -S 5120 -S 4927,1970)'
|
|
cand -X 'Filter out messages via regular expression matching on the response''s body/headers (ex: -X ''^ignore me$'')'
|
|
cand --filter-regex 'Filter out messages via regular expression matching on the response''s body/headers (ex: -X ''^ignore me$'')'
|
|
cand -W 'Filter out messages of a particular word count (ex: -W 312 -W 91,82)'
|
|
cand --filter-words 'Filter out messages of a particular word count (ex: -W 312 -W 91,82)'
|
|
cand -N 'Filter out messages of a particular line count (ex: -N 20 -N 31,30)'
|
|
cand --filter-lines 'Filter out messages of a particular line count (ex: -N 20 -N 31,30)'
|
|
cand -C 'Filter out status codes (deny list) (ex: -C 200 -C 401)'
|
|
cand --filter-status 'Filter out status codes (deny list) (ex: -C 200 -C 401)'
|
|
cand --filter-similar-to 'Filter out pages that are similar to the given page (ex. --filter-similar-to http://site.xyz/soft404)'
|
|
cand -s 'Status Codes to include (allow list) (default: All Status Codes)'
|
|
cand --status-codes 'Status Codes to include (allow list) (default: All Status Codes)'
|
|
cand -T 'Number of seconds before a client''s request times out (default: 7)'
|
|
cand --timeout 'Number of seconds before a client''s request times out (default: 7)'
|
|
cand --server-certs 'Add custom root certificate(s) for servers with unknown certificates'
|
|
cand --client-cert 'Add a PEM encoded certificate for mutual authentication (mTLS)'
|
|
cand --client-key 'Add a PEM encoded private key for mutual authentication (mTLS)'
|
|
cand -t 'Number of concurrent threads (default: 50)'
|
|
cand --threads 'Number of concurrent threads (default: 50)'
|
|
cand -d 'Maximum recursion depth, a depth of 0 is infinite recursion (default: 4)'
|
|
cand --depth 'Maximum recursion depth, a depth of 0 is infinite recursion (default: 4)'
|
|
cand -L 'Limit total number of concurrent scans (default: 0, i.e. no limit)'
|
|
cand --scan-limit 'Limit total number of concurrent scans (default: 0, i.e. no limit)'
|
|
cand --parallel 'Run parallel feroxbuster instances (one child process per url passed via stdin)'
|
|
cand --rate-limit 'Limit number of requests per second (per directory) (default: 0, i.e. no limit)'
|
|
cand --response-size-limit 'Limit size of response body to read in bytes (default: 4MB)'
|
|
cand --time-limit 'Limit total run time of all scans (ex: --time-limit 10m)'
|
|
cand -w 'Path or URL of the wordlist'
|
|
cand --wordlist 'Path or URL of the wordlist'
|
|
cand -B 'Automatically request likely backup extensions for "found" urls (default: ~, .bak, .bak2, .old, .1)'
|
|
cand --collect-backups 'Automatically request likely backup extensions for "found" urls (default: ~, .bak, .bak2, .old, .1)'
|
|
cand -I 'File extension(s) to Ignore while collecting extensions (only used with --collect-extensions)'
|
|
cand --dont-collect 'File extension(s) to Ignore while collecting extensions (only used with --collect-extensions)'
|
|
cand -o 'Output file to write results to (use w/ --json for JSON entries)'
|
|
cand --output 'Output file to write results to (use w/ --json for JSON entries)'
|
|
cand --debug-log 'Output file to write log entries (use w/ --json for JSON entries)'
|
|
cand --limit-bars 'Number of directory scan bars to show at any given time (default: no limit)'
|
|
cand --stdin 'Read url(s) from STDIN'
|
|
cand --burp 'Set --proxy to http://127.0.0.1:8080 and set --insecure to true'
|
|
cand --burp-replay 'Set --replay-proxy to http://127.0.0.1:8080 and set --insecure to true'
|
|
cand --smart 'Set --auto-tune, --collect-words, and --collect-backups to true'
|
|
cand --thorough 'Use the same settings as --smart and set --collect-extensions and --scan-dir-listings to true'
|
|
cand -A 'Use a random User-Agent'
|
|
cand --random-agent 'Use a random User-Agent'
|
|
cand -f 'Append / to each request''s URL'
|
|
cand --add-slash 'Append / to each request''s URL'
|
|
cand --unique 'Only show unique responses'
|
|
cand -r 'Allow client to follow redirects'
|
|
cand --redirects 'Allow client to follow redirects'
|
|
cand -k 'Disables TLS certificate validation in the client'
|
|
cand --insecure 'Disables TLS certificate validation in the client'
|
|
cand -n 'Do not scan recursively'
|
|
cand --no-recursion 'Do not scan recursively'
|
|
cand --force-recursion 'Force recursion attempts on all ''found'' endpoints (still respects recursion depth)'
|
|
cand -e 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)'
|
|
cand --extract-links 'Extract links from response body (html, javascript, etc...); make new requests based on findings (default: true)'
|
|
cand --dont-extract-links 'Don''t extract links from response body (html, javascript, etc...)'
|
|
cand --auto-tune 'Automatically lower scan rate when an excessive amount of errors are encountered'
|
|
cand --auto-bail 'Automatically stop scanning when an excessive amount of errors are encountered'
|
|
cand -D 'Don''t auto-filter wildcard responses'
|
|
cand --dont-filter 'Don''t auto-filter wildcard responses'
|
|
cand -E 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)'
|
|
cand --collect-extensions 'Automatically discover extensions and add them to --extensions (unless they''re in --dont-collect)'
|
|
cand -g 'Automatically discover important words from within responses and add them to the wordlist'
|
|
cand --collect-words 'Automatically discover important words from within responses and add them to the wordlist'
|
|
cand --scan-dir-listings 'Force scans to recurse into directory listings'
|
|
cand -v 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)'
|
|
cand --verbosity 'Increase verbosity level (use -vv or more for greater effect. [CAUTION] 4 -v''s is probably too much)'
|
|
cand --silent 'Only print URLs (or JSON w/ --json) + turn off logging (good for piping a list of urls to other commands)'
|
|
cand -q 'Hide progress bars and banner (good for tmux windows w/ notifications)'
|
|
cand --quiet 'Hide progress bars and banner (good for tmux windows w/ notifications)'
|
|
cand --json 'Emit JSON logs to --output and --debug-log instead of normal text'
|
|
cand --no-state 'Disable state output file (*.state)'
|
|
cand -U 'Update feroxbuster to the latest version'
|
|
cand --update 'Update feroxbuster to the latest version'
|
|
cand -h 'Print help (see more with ''--help'')'
|
|
cand --help 'Print help (see more with ''--help'')'
|
|
cand -V 'Print version'
|
|
cand --version 'Print version'
|
|
}
|
|
]
|
|
$completions[$command]
|
|
}
|