Clean up README.md and add CONTRIBUTORS.md (#128)

ffuf · Dec 30, 2019 · fef5f0c · fef5f0c
1 parent 7032f0e
commit fef5f0c
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 101 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,72 @@
+## Changelog
+
+- master
+  - New
+    - New CLI flag `-od` (output directory) to enable writing requests and responses for matched results to a file for postprocessing or debugging purposes.
+    - New CLI flag `-maxtime` to limit the running time of ffuf
+  - Changed
+    - Limit the use of `-e` (extensions) to a single keyword: FUZZ
+    - Regexp matching and filtering (-mr/-fr) allow using keywords in patterns
+    - Take 429 responses into account when -sa (stop on all error cases) is used
+
+- v0.12
+  - New
+    - Added a new flag to select a multi wordlist operation mode: `--mode`, possible values: `clusterbomb` and `pitchfork`.
+    - Added a new output file format eJSON, for always base64 encoding the input data.
+    - Redirect location is always shown in the output files (when using `-o`)
+    - Full URL is always shown in the output files (when using `-o`)
+    - HTML output format got [DataTables](https://datatables.net/) support allowing realtime searches, sorting by column etc.
+    - New CLI flag `-v` for verbose output. Including full URL, and redirect location.
+    - SIGTERM monitoring, in order to catch keyboard interrupts an such, to be able to write `-o` files before exiting.
+  - Changed
+    - Fixed a bug in the default multi wordlist mode
+    - Fixed JSON output regression, where all the input data was always encoded in base64
+    - `--debug-log` no correctly logs connection errors
+    - Removed `-l` flag in favor of `-v`
+    - More verbose information in banner shown in startup.
+
+- v0.11
+  - New
+
+    - New CLI flag: -l, shows target location of redirect responses
+    - New CLI flac: -acc, custom auto-calibration strings
+    - New CLI flag: -debug-log, writes the debug logging to the specified file.
+    - New CLI flags -ml and -fl, filters/matches line count in response
+    - Ability to use multiple wordlists / keywords by defining multiple -w command line flags. The if no keyword is defined, the default is FUZZ to keep backwards compatibility. Example: `-w "wordlists/custom.txt:CUSTOM" -H "RandomHeader: CUSTOM"`.
+
+  - Changed
+    - New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
+    - New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.
+    - New Output format are available: HTML and Markdown table.
+    - New CLI flag: -l, shows target location of redirect responses
+    - Filtering and matching by status code, response size or word count now allow using ranges in addition to single values
+    - The internal logging information to be discarded, and can be written to a file with the new `-debug-log` flag.
+
+- v0.10
+  - New
+    - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
+    - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.
+    - New CLI flag: --data for compatibility with copy as curl functionality of browsers.
+    - New CLI flag: --compressed, dummy flag that does nothing. for compatibility with copy as curl.
+    - New CLI flags: --input-cmd, and --input-num to handle input generation using external commands. Mutators for example. Environment variable FFUF_NUM will be updated on every call of the command.
+    - When --input-cmd is used, display position instead of the payload in results. The output file (of all formats) will include the payload in addition to the position however.
+
+  - Changed
+    - Wordlist can also be read from standard input
+    - Defining -d or --data implies POST method if -X doesn't set it to something else than GET
+
+- v0.9
+  - New
+    - New output file formats: CSV and eCSV (CSV with base64 encoded input field to avoid CSV breakage with payloads containing a comma)
+    - New CLI flag to follow redirects
+    - Erroring connections will be retried once
+    - Error counter in status bar
+    - New CLI flags: -se (stop on spurious errors) and -sa (stop on all errors, implies -se and -sf)
+    - New CLI flags: -e to provide a list of extensions to add to wordlist entries, and -D to provide DirSearch wordlist format compatibility.
+    - Wildcard option for response status code matcher.
+- v0.8
+  - New
+    - New CLI flag to write output to a file in JSON format
+    - New CLI flag to stop on spurious 403 responses
+  - Changed
+    - Regex matching / filtering now matches the headers alongside of the response body
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -0,0 +1,16 @@
+# Contributors
+
+* [ccsplit](https://github.com/ccsplit)
+* [delic](https://github.com/delic)
+* [eur0pa](https://github.com/eur0pa)
+* [fang0654](https://github.com/fang0654)
+* [JamTookTheBait](https://github.com/JamTookTheBait)
+* [joohoi](https://github.com/joohoi)
+* [jvesiluoma](https://github.com/jvesiluoma)
+* [lc](https://github.com/lc)
+* [nnwakelam](https://twitter.com/nnwakelam)
+* [oh6hay](https://github.com/oh6hay)
+* [putsi](https://github.com/putsi)
+* [SakiiR](https://github.com/SakiiR)
+* [seblw](https://github.com/seblw)
+* [SolomonSklash](https://github.com/SolomonSklash)
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018 Joona Hoikkala
+Copyright (c) 2020 Joona Hoikkala
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -11,17 +11,15 @@
 
 A fast web fuzzer written in Go.
 
-Heavily inspired by the great projects [gobuster](https://github.com/OJ/gobuster) and [wfuzz](https://github.com/xmendez/wfuzz).
+## Installation
 
-## Features
+- [Download](https://github.com/ffuf/ffuf/releases/latest) a prebuilt binary from [releases page](https://github.com/ffuf/ffuf/releases/latest), unpack and run!
+  or
+- If you have go compiler installed: `go get github.com/ffuf/ffuf`
 
-- Fast!
-- Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values
-- Silent mode (`-s`) for clean output that's easy to use in pipes to other processes.
-- Modularized architecture that allows integration with existing toolchains with reasonable effort
-- Easy-to-add filters and matchers (they are interoperable)
+The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard library are needed.
 
-## Example cases
+## Example usage
 
 ### Typical directory discovery
 
@@ -139,6 +137,8 @@ Usage of ffuf:
   -input-num int
     	Number of inputs to test. Used in conjunction with --input-cmd. (default 100)
   -k	TLS identity verification
+  -maxtime int
+      Maximum running time in seconds. (default 0 = inf.)
   -mc string
     	Match HTTP status codes from respose, use "all" to match every response code. (default "200,204,301,302,307,401,403")
   -ml string
@@ -171,8 +171,6 @@ Usage of ffuf:
     	Number of concurrent threads. (default 40)
   -timeout int
     	HTTP request timeout in seconds. (default 10)
-  -maxtime int
-      Maximum running time in seconds. (default 0 = inf.)
   -u string
     	Target URL
   -v	Verbose output, printing full URL and redirect location (if any) with the results.
@@ -184,95 +182,7 @@ Usage of ffuf:
 
 eg. `ffuf -u https://example.org/FUZZ -w /path/to/wordlist`
 
-## Installation
 
-- [Download](https://github.com/ffuf/ffuf/releases/latest) a prebuilt binary from [releases page](https://github.com/ffuf/ffuf/releases/latest), unpack and run!
-  or
-- If you have go compiler installed: `go get github.com/ffuf/ffuf`
-
-The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard library are needed.
+## License
 
-## Changelog
-
-- master
-  - New
-    - New CLI flag `-od` (output directory) to enable writing requests and responses for matched results to a file for postprocessing or debugging purposes.
-    - New CLI flag `-maxtime` to limit the running time of ffuf
-  - Changed
-    - Limit the use of `-e` (extensions) to a single keyword: FUZZ
-    - Regexp matching and filtering (-mr/-fr) allow using keywords in patterns
-    - Take 429 responses into account when -sa (stop on all error cases) is used
-
-- v0.12
-  - New
-    - Added a new flag to select a multi wordlist operation mode: `--mode`, possible values: `clusterbomb` and `pitchfork`.
-    - Added a new output file format eJSON, for always base64 encoding the input data.
-    - Redirect location is always shown in the output files (when using `-o`)
-    - Full URL is always shown in the output files (when using `-o`)
-    - HTML output format got [DataTables](https://datatables.net/) support allowing realtime searches, sorting by column etc.
-    - New CLI flag `-v` for verbose output. Including full URL, and redirect location.
-    - SIGTERM monitoring, in order to catch keyboard interrupts an such, to be able to write `-o` files before exiting.
-  - Changed
-    - Fixed a bug in the default multi wordlist mode
-    - Fixed JSON output regression, where all the input data was always encoded in base64
-    - `--debug-log` no correctly logs connection errors
-    - Removed `-l` flag in favor of `-v`
-    - More verbose information in banner shown in startup.
-
-- v0.11
-
-  - New
-
-    - New CLI flag: -l, shows target location of redirect responses
-    - New CLI flac: -acc, custom auto-calibration strings
-    - New CLI flag: -debug-log, writes the debug logging to the specified file.
-    - New CLI flags -ml and -fl, filters/matches line count in response
-    - Ability to use multiple wordlists / keywords by defining multiple -w command line flags. The if no keyword is defined, the default is FUZZ to keep backwards compatibility. Example: `-w "wordlists/custom.txt:CUSTOM" -H "RandomHeader: CUSTOM"`.
-
-  - Changed
-
-    - New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
-    - New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.
-    - New Output format are available: HTML and Markdown table.
-    - New CLI flag: -l, shows target location of redirect responses
-    - Filtering and matching by status code, response size or word count now allow using ranges in addition to single values
-    - The internal logging information to be discarded, and can be written to a file with the new `-debug-log` flag.
-
-- v0.10
-
-  - New
-
-    - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
-    - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.
-    - New CLI flag: --data for compatibility with copy as curl functionality of browsers.
-    - New CLI flag: --compressed, dummy flag that does nothing. for compatibility with copy as curl.
-    - New CLI flags: --input-cmd, and --input-num to handle input generation using external commands. Mutators for example. Environment variable FFUF_NUM will be updated on every call of the command.
-    - When --input-cmd is used, display position instead of the payload in results. The output file (of all formats) will include the payload in addition to the position however.
-
-  - Changed
-    - Wordlist can also be read from standard input
-    - Defining -d or --data implies POST method if -X doesn't set it to something else than GET
-
-- v0.9
-  - New
-    - New output file formats: CSV and eCSV (CSV with base64 encoded input field to avoid CSV breakage with payloads containing a comma)
-    - New CLI flag to follow redirects
-    - Erroring connections will be retried once
-    - Error counter in status bar
-    - New CLI flags: -se (stop on spurious errors) and -sa (stop on all errors, implies -se and -sf)
-    - New CLI flags: -e to provide a list of extensions to add to wordlist entries, and -D to provide DirSearch wordlist format compatibility.
-    - Wildcard option for response status code matcher.
-- v0.8
-  - New
-    - New CLI flag to write output to a file in JSON format
-    - New CLI flag to stop on spurious 403 responses
-  - Changed
-    - Regex matching / filtering now matches the headers alongside of the response body
-
-## TODO
-
-- Tests!
-- Optional scope for redirects
-- Client / server architecture to queue jobs and fetch the results later
-- Fuzzing multiple values at the same time
-- Output module to push the results to an HTTP API
+ffuf is released under MIT license. See [LICENSE](https://github.com/ffuf/ffuf/blob/master/LICENSE).