From bb59f50cbe08bf77e6cf4a660766ed19a0cb25b6 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 30 Jan 2020 00:28:28 +0200 Subject: [PATCH] Prepare for release 1.0 (#144) --- README.md | 169 +++++++++++++++++++++------------------------- pkg/ffuf/const.go | 2 +- 2 files changed, 78 insertions(+), 93 deletions(-) diff --git a/README.md b/README.md index c2cfbb66..86b76d81 100644 --- a/README.md +++ b/README.md @@ -90,98 +90,83 @@ ffuf --input-cmd 'cat $FFUF_NUM.txt' -H "Content-Type: application/json" -X POST To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`). ``` -Usage of ffuf: - -D DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e. - -H "Name: Value" - Header "Name: Value", separated by colon. Multiple -H flags are accepted. - -V Show version information. - -X string - HTTP method to use (default "GET") - -ac - Automatically calibrate filtering options - -acc value - Custom auto-calibration string. Can be used multiple times. Implies -ac - -b "NAME1=VALUE1; NAME2=VALUE2" - Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality. - Results unpredictable when combined with -H "Cookie: ..." - -c Colorize output. - -compressed - Dummy flag for copy as curl functionality (ignored) (default true) - -cookie value - Cookie data (alias of -b) - -d string - POST data - -data string - POST data (alias of -d) - -data-ascii string - POST data (alias of -d) - -data-binary string - POST data (alias of -d) - -debug-log string - Write all of the internal logging to the specified file. - -e string - Comma separated list of extensions to apply. Each extension provided will extend the wordlist entry once. Only extends a wordlist with (default) FUZZ keyword. - -fc string - Filter HTTP status codes from response. Comma separated list of codes and ranges - -fl string - Filter by amount of lines in response. Comma separated list of line counts and ranges - -fr string - Filter regexp - -fs string - Filter HTTP response size. Comma separated list of sizes and ranges - -fw string - Filter by amount of words in response. Comma separated list of word counts and ranges - -i Dummy flag for copy as curl functionality (ignored) (default true) - -input-cmd value - Command producing the input. --input-num is required when using this input method. Overrides -w. - -input-num int - Number of inputs to test. Used in conjunction with --input-cmd. (default 100) - -k TLS identity verification - -maxtime int - Maximum running time in seconds. (default 0 = inf.) - -mc string - Match HTTP status codes from respose, use "all" to match every response code. (default "200,204,301,302,307,401,403") - -ml string - Match amount of lines in response - -mode string - Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default "clusterbomb") - -mr string - Match regexp - -ms string - Match HTTP response size - -mw string - Match amount of words in response - -o string - Write output to file - -od string - Directory path to store matched results to. - -of string - Output file format. Available formats: json, ejson, html, md, csv, ecsv (default "json") - -p delay - Seconds of delay between requests, or a range of random delay. For example "0.1" or "0.1-2.0" - -r Follow redirects - -s Do not print additional information (silent mode) - -sa - Stop on all error cases. Implies -sf and -se. Also stops on spurious 429 response codes. - -se - Stop on spurious errors - -sf - Stop when > 95% of responses return 403 Forbidden - -t int - Number of concurrent threads. (default 40) - -timeout int - HTTP request timeout in seconds. (default 10) - -u string - Target URL - -v Verbose output, printing full URL and redirect location (if any) with the results. - -w value - Wordlist file path and (optional) custom fuzz keyword, using colon as delimiter. Use file path '-' to read from standard input. Can be supplied multiple times. Format: '/path/to/wordlist:KEYWORD' - -x string - HTTP Proxy URL -``` - -eg. `ffuf -u https://example.org/FUZZ -w /path/to/wordlist` - +Fuzz Faster U Fool - v1.0 + +HTTP OPTIONS: + -H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted. + -X HTTP method to use (default: GET) + -b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality. + -d POST data + -r Follow redirects (default: false) + -recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false) + -recursion-depth Maximum recursion depth. (default: 0) + -replay-proxy Replay matched requests using this proxy. + -timeout HTTP request timeout in seconds. (default: 10) + -u Target URL + -x HTTP Proxy URL + +GENERAL OPTIONS: + -V Show version information. (default: false) + -ac Automatically calibrate filtering options (default: false) + -acc Custom auto-calibration string. Can be used multiple times. Implies -ac + -c Colorize output. (default: false) + -maxtime Maximum running time in seconds. (default: 0) + -p Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0" + -s Do not print additional information (silent mode) (default: false) + -sa Stop on all error cases. Implies -sf and -se. (default: false) + -se Stop on spurious errors (default: false) + -sf Stop when > 95% of responses return 403 Forbidden (default: false) + -t Number of concurrent threads. (default: 40) + -v Verbose output, printing full URL and redirect location (if any) with the results. (default: false) + +MATCHER OPTIONS: + -mc Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403) + -ml Match amount of lines in response + -mr Match regexp + -ms Match HTTP response size + -mw Match amount of words in response + +FILTER OPTIONS: + -fc Filter HTTP status codes from response. Comma separated list of codes and ranges + -fl Filter by amount of lines in response. Comma separated list of line counts and ranges + -fr Filter regexp + -fs Filter HTTP response size. Comma separated list of sizes and ranges + -fw Filter by amount of words in response. Comma separated list of word counts and ranges + +INPUT OPTIONS: + -D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false) + -e Comma separated list of extensions. Extends FUZZ keyword. + -ic Ignore wordlist comments (default: false) + -input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w. + -input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100) + -mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb) + -request File containing the raw http request + -request-proto Protocol to use along with raw request (default: https) + -w Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD' + +OUTPUT OPTIONS: + -debug-log Write all of the internal logging to the specified file. + -o Write output to file + -od Directory path to store matched results to. + -of Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json) + +EXAMPLE USAGE: + Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42. + Colored, verbose output. + ffuf -w wordlist.txt -u https://example.org/FUZZ -mc all -fs 42 -c -v + + Fuzz Host-header, match HTTP 200 responses. + ffuf -w hosts.txt -u https://example.org/ -H "Host: FUZZ" -mc 200 + + Fuzz POST JSON data. Match all responses not containing text "error". + ffuf -w entries.txt -u https://example.org/ -X POST -H "Content-Type: application/json" \ + -d '{"name": "FUZZ", "anotherkey": "anothervalue"}' -fr "error" + + Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored. + ffuf -w params.txt:PARAM -w values.txt:VAL -u https://example.org/?PARAM=VAL -mr "VAL" -c + + More information and examples: https://github.com/ffuf/ffuf +``` ## License diff --git a/pkg/ffuf/const.go b/pkg/ffuf/const.go index 7e5c1c05..7a5c4acf 100644 --- a/pkg/ffuf/const.go +++ b/pkg/ffuf/const.go @@ -2,5 +2,5 @@ package ffuf const ( //VERSION holds the current version number - VERSION = "1.0-rc1" + VERSION = "1.0" )