From 8cfbcb71236ac002ee56fe4cb672eb193f3f45b4 Mon Sep 17 00:00:00 2001 From: firefart Date: Thu, 28 Jan 2021 23:36:26 +0100 Subject: [PATCH] move tls ignore to basic so we can use it in s3 --- cli/cmd/http.go | 13 +++++++------ gobusterdir/gobusterdir.go | 8 ++++---- gobusterfuzz/gobusterfuzz.go | 8 ++++---- gobustervhost/gobustervhost.go | 8 ++++---- libgobuster/options_http.go | 22 +++++++++++----------- 5 files changed, 30 insertions(+), 29 deletions(-) diff --git a/cli/cmd/http.go b/cli/cmd/http.go index 6d99911a..1a88a73d 100644 --- a/cli/cmd/http.go +++ b/cli/cmd/http.go @@ -19,6 +19,7 @@ func addBasicHTTPOptions(cmd *cobra.Command) { cmd.Flags().BoolP("random-agent", "", false, "Use a random User-Agent string") cmd.Flags().StringP("proxy", "", "", "Proxy to use for requests [http(s)://host:port]") cmd.Flags().DurationP("timeout", "", 10*time.Second, "HTTP Timeout") + cmd.Flags().BoolP("no-tls-validation", "k", false, "Skip TLS certificate verification") } func addCommonHTTPOptions(cmd *cobra.Command) error { @@ -28,7 +29,6 @@ func addCommonHTTPOptions(cmd *cobra.Command) error { cmd.Flags().StringP("username", "U", "", "Username for Basic Auth") cmd.Flags().StringP("password", "P", "", "Password for Basic Auth") cmd.Flags().BoolP("follow-redirect", "r", false, "Follow redirects") - cmd.Flags().BoolP("no-tls-validation", "k", false, "Skip TLS certificate verification") cmd.Flags().StringArrayP("headers", "H", []string{""}, "Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'") cmd.Flags().StringP("method", "m", "GET", "Use the following HTTP method") @@ -68,6 +68,11 @@ func parseBasicHTTPOptions(cmd *cobra.Command) (libgobuster.BasicHTTPOptions, er if err != nil { return options, fmt.Errorf("invalid value for timeout: %w", err) } + + options.NoTLSValidation, err = cmd.Flags().GetBool("no-tls-validation") + if err != nil { + return options, fmt.Errorf("invalid value for no-tls-validation: %w", err) + } return options, nil } @@ -82,6 +87,7 @@ func parseCommonHTTPOptions(cmd *cobra.Command) (libgobuster.HTTPOptions, error) options.Proxy = basic.Proxy options.Timeout = basic.Timeout options.UserAgent = basic.UserAgent + options.NoTLSValidation = basic.NoTLSValidation options.URL, err = cmd.Flags().GetString("url") if err != nil { @@ -128,11 +134,6 @@ func parseCommonHTTPOptions(cmd *cobra.Command) (libgobuster.HTTPOptions, error) return options, fmt.Errorf("invalid value for follow-redirect: %w", err) } - options.NoTLSValidation, err = cmd.Flags().GetBool("no-tls-validation") - if err != nil { - return options, fmt.Errorf("invalid value for no-tls-validation: %w", err) - } - options.Method, err = cmd.Flags().GetString("method") if err != nil { return options, fmt.Errorf("invalid value for method: %w", err) diff --git a/gobusterdir/gobusterdir.go b/gobusterdir/gobusterdir.go index 6d3865fa..49277111 100644 --- a/gobusterdir/gobusterdir.go +++ b/gobusterdir/gobusterdir.go @@ -55,15 +55,15 @@ func NewGobusterDir(cont context.Context, globalopts *libgobuster.Options, opts } basicOptions := libgobuster.BasicHTTPOptions{ - Proxy: opts.Proxy, - Timeout: opts.Timeout, - UserAgent: opts.UserAgent, + Proxy: opts.Proxy, + Timeout: opts.Timeout, + UserAgent: opts.UserAgent, + NoTLSValidation: opts.NoTLSValidation, } httpOpts := libgobuster.HTTPOptions{ BasicHTTPOptions: basicOptions, FollowRedirect: opts.FollowRedirect, - NoTLSValidation: opts.NoTLSValidation, Username: opts.Username, Password: opts.Password, Headers: opts.Headers, diff --git a/gobusterfuzz/gobusterfuzz.go b/gobusterfuzz/gobusterfuzz.go index 196cb694..0f6aafb2 100644 --- a/gobusterfuzz/gobusterfuzz.go +++ b/gobusterfuzz/gobusterfuzz.go @@ -46,15 +46,15 @@ func NewGobusterFuzz(cont context.Context, globalopts *libgobuster.Options, opts } basicOptions := libgobuster.BasicHTTPOptions{ - Proxy: opts.Proxy, - Timeout: opts.Timeout, - UserAgent: opts.UserAgent, + Proxy: opts.Proxy, + Timeout: opts.Timeout, + UserAgent: opts.UserAgent, + NoTLSValidation: opts.NoTLSValidation, } httpOpts := libgobuster.HTTPOptions{ BasicHTTPOptions: basicOptions, FollowRedirect: opts.FollowRedirect, - NoTLSValidation: opts.NoTLSValidation, Username: opts.Username, Password: opts.Password, Headers: opts.Headers, diff --git a/gobustervhost/gobustervhost.go b/gobustervhost/gobustervhost.go index 00c8f123..2453499b 100644 --- a/gobustervhost/gobustervhost.go +++ b/gobustervhost/gobustervhost.go @@ -39,15 +39,15 @@ func NewGobusterVhost(cont context.Context, globalopts *libgobuster.Options, opt } basicOptions := libgobuster.BasicHTTPOptions{ - Proxy: opts.Proxy, - Timeout: opts.Timeout, - UserAgent: opts.UserAgent, + Proxy: opts.Proxy, + Timeout: opts.Timeout, + UserAgent: opts.UserAgent, + NoTLSValidation: opts.NoTLSValidation, } httpOpts := libgobuster.HTTPOptions{ BasicHTTPOptions: basicOptions, FollowRedirect: opts.FollowRedirect, - NoTLSValidation: opts.NoTLSValidation, Username: opts.Username, Password: opts.Password, Headers: opts.Headers, diff --git a/libgobuster/options_http.go b/libgobuster/options_http.go index 15c7afb1..4748244a 100644 --- a/libgobuster/options_http.go +++ b/libgobuster/options_http.go @@ -6,20 +6,20 @@ import ( // BasicHTTPOptions defines only core http options type BasicHTTPOptions struct { - UserAgent string - Proxy string - Timeout time.Duration + UserAgent string + Proxy string + NoTLSValidation bool + Timeout time.Duration } // HTTPOptions is the struct to pass in all http options to Gobuster type HTTPOptions struct { BasicHTTPOptions - Password string - URL string - Username string - Cookies string - Headers []HTTPHeader - FollowRedirect bool - NoTLSValidation bool - Method string + Password string + URL string + Username string + Cookies string + Headers []HTTPHeader + FollowRedirect bool + Method string }