add --hl/--sl options

z3pp · Oct 8, 2019 · 03415b9 · 03415b9
1 parent 6c91268
commit 03415b9
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 6 deletions.
diff --git a/zfuzz/cli.py b/zfuzz/cli.py
@@ -19,7 +19,7 @@ def __init__(self):
         self.green = fg(77)
         self.grey = fg(245)
         self.blue = fg(69)
-        self.magenta = fg(170) + self.bold
+        self.magenta = fg(170) + self.bold  # 170
         self.default = attr("reset")
 
     def print_banner(self):
@@ -52,6 +52,7 @@ def print_help(self):
     [--timeout]      -- Requests timeout
     [--hc/sc]        -- HTTP Code(s) to hide/show
     [--hs/ss]        -- Response to hide/show with the given str
+    [--hl/sl]        -- Response lenght to hide/show
     """.format(self.bold, sys.argv[0], self.default)
 
         self.print_banner()
@@ -113,6 +114,12 @@ def parse_args(self, argv):
         parser.add_argument("--ss",
                             type=str)
 
+        parser.add_argument("--hl",
+                            type=int)
+
+        parser.add_argument("--sl",
+                            type=int)
+
         return parser.parse_args(argv)
 
     def main(self, argv):

diff --git a/zfuzz/fuzzer.py b/zfuzz/fuzzer.py
@@ -23,14 +23,17 @@ class Fuzz(object):
         :param keyword: Fuzzing keyword to use
         :param timeout: Requests timeout
         :param delay: Delay between requests
+        :param follow: Follow HTTP redirection
         :param hc: HTTP Code(s) to hide
         :param sc: HTTP Code(s) to show
         :param hs: Hide reponse with the given str
         :param ss: Show reponse with the given str
+        :param hl: Response lenght to show
+        :param sl: Response lenght to hide
     """
 
     def __init__(self, url, wordlist, headers, data, cookies, threads,
-                 keyword, timeout, delay, follow, hc, sc, hs, ss):
+                 keyword, timeout, delay, follow, hc, sc, hs, ss, hl, sl):
 
         self.colors = ZFuzzCLI()
 
@@ -48,6 +51,8 @@ def __init__(self, url, wordlist, headers, data, cookies, threads,
         self._sc = sc
         self._hs = hs
         self._ss = ss
+        self._hl = hl
+        self._sl = sl
 
         self._method = requests.post if data else requests.get
 
@@ -73,11 +78,13 @@ def fuzz(self, i, q):
 
                 time.sleep(self._delay)
                 code = res.status_code
-                if is_matching(code, self._hc, self._sc, str(res.content),
-                               self._hs, self._ss):
+                if is_matching(code, self._hc, self._sc, str(res.text),
+                               self._hs, self._ss, self._hl, self._sl):
 
                     color = get_code_color(code)
-                    log.warn(f"[{color}{code}{self.colors.default}]: {i}\n")
+                    p = "{:<24} [Code: {}{}{}, Size:{}]\n"
+                    log.warn(p.format(i, color, code,
+                                      self.colors.default, len(res.text)))
 
             except Exception:
                 pass

diff --git a/zfuzz/utils.py b/zfuzz/utils.py
@@ -38,7 +38,7 @@ def get_code_color(code):
     return color
 
 
-def is_matching(code, hc, sc, content, hs, ss):
+def is_matching(code, hc, sc, content, hs, ss, hl, sl):
 
     """ Determinate if the given response match the given filters
 
@@ -48,12 +48,19 @@ def is_matching(code, hc, sc, content, hs, ss):
         :param content: Response content
         :param hs: Hide response with hs
         :param ss: Show response with ss
+        :param hl: Response lenght to hide
+        :param sl: Response lenght to show
 
         :returns: True/False, depending of the filter
     """
 
     ret = True
 
+    if hl is not None:
+        ret = False if len(content) == hl else ret
+    if sl is not None:
+        ret = ret if len(content) == sl else False
+
     if len(sc) > 0:
         ret = ret if code in sc else False
     if len(hc) > 0: