New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add warning if wordlist item begins with forward slash #716
Comments
good morning! take a look at the link below, follow some of its suggestions, and see how it goes: https://epi052.github.io/feroxbuster-docs/docs/examples/force_recursion/ typically with an api endpoint, a little more manual investigation is needed to get the results back out. If you think there is an actual bug, it would be helpful to have an endpoint that exhibits the behavior you're seeing and to know what you expect to happen instead. Thanks! |
This is not the effect I want. What I mean is to scan xxx.com/a/api/, that is, to scan the api directory and not to scan other directories |
maybe you're looking for |
With the -n parameter, it will only scan the root directory of the website, and will not scan the contents of the specified /a/api/ directory |
Hmm, if that's true, that might be a bug. I'll look into it here shortly |
can you screenshot your banner (like what i showed in my screenshot), so i can see exactly what settings are turned on/off? |
interesting; can you run the same command, and add the options shown below, then upload the resulting debug file?
You don't need to do a full scan, just a few seconds of scanning should be ok for now. |
|
Is this a bug? |
not sure yet, can you upload your wordlist as well? |
yea, the leading forward slashes are treated as a fully-formed url path, and overwrite the existing path instead of appending to it. I'm not inclined to call this a bug, as you're providing a list of paths (not a wordlist). As a workaround, you can simply adjust your wordlist
|
Can you improve this function in the program? Because it is true that some websites have weird paths. |
At least improve, or better highlights the behavior during engagement. |
@duokebei @roumy yea, we can add a warning when reading in the wordlist, but that's really as far as i care to take this. passing full paths like this in the wordlist is effectively working against the tool. Consider the list above if you, instead, split the wordlist into
through recursion, you'd find all of those resources. I'm fine with emitting a warning, so folks don't have to come to github to search issues to figure out what's going on 😂, but my overall recommendation here is to process your wordlist into something that allows ferox to do its best work. |
Can the dear author make an adjustment for this situation in the program source code? Only append the path after the specified url, specify the recursion level, and recurse the level after the specified url, without generating redundant actions. thanks |
I have no problem by editing the wordlist, |
Another request to the author for this feature change. |
@all-contributors add @duokebei for ideas |
I've put up a pull request to add @duokebei! 🎉 |
Hello author:
When I use feroxbuster, for example: http://xxx.com/a/api/, my idea is to scan the /api/ directory, but I look at the results of feroxbuster, it will scan the directory under xxx.com/, But it will not scan the directory under /a/api/. In fact, there are results in the /api/ directory. I have seen it under ffuf. Does feroxbuster have this parameter?
The text was updated successfully, but these errors were encountered: