Skip to content

Added negative status code option #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Added negative status code option #73

wants to merge 1 commit into from

Conversation

dave-au
Copy link

@dave-au dave-au commented Jan 23, 2018

I've added "-S" to define negative status codes (instead of "-s").
There are no defaults for "-S".
If "-S" is specified, the values provided will overwrite the "-s" defaults (or any values specified by the user for "-s").

Example would be...
gobuster -m dir -w words -u http://host/ -S 404

fingers crossed This is literally my first pull request ever. I hope it is OK.

@OJ OJ added this to the Version 1.5 milestone Jan 23, 2018
@OJ OJ added the enhancement label Jan 23, 2018
@OJ OJ self-assigned this Jan 23, 2018
0xdevalias
0xdevalias suggested changes Mar 12, 2018
View reviewed changes
Copy link
Contributor

@0xdevalias 0xdevalias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some thoughts/notes inline.

libgobuster/dir.go
fmt.Println("[-] Wildcard response found:", fmt.Sprintf("%s%s", s.Url, guid), "=>", *wildcardResp)
if !s.WildcardForced {
fmt.Println("[-] To force processing of Wildcard responses, specify the '-fw' switch.")
if s.NegStatusCodes.Stringify() == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would probably be better to use len?

libgobuster/dir.go
@@ -156,34 +168,68 @@ func PrintDirResult(s *State, r *Result) {

// Prefix if we're in verbose mode
if s.Verbose {
if s.StatusCodes.Contains(r.Status) {
output = "Found : "
if s.NegStatusCodes.Stringify() == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above:

libgobuster/helpers.go
@@ -59,7 +59,11 @@ func ShowConfig(s *State) {
}

if s.Mode == "dir" {
fmt.Printf("[+] Status codes : %s\n", s.StatusCodes.Stringify())
if s.NegStatusCodes.Stringify() == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above:

libgobuster/statehelpers.go
@@ -86,7 +88,7 @@ func ValidateState(
}

if s.Mode == "dir" {
if err := ValidateDirModeState(s, extensions, codes, proxy, errorList); err.ErrorOrNil() != nil {
if err := ValidateDirModeState(s, extensions, codes, negcodes, proxy, errorList); err.ErrorOrNil() != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given they are mutually exclusive, can we just pass in 'codes' and then the state of the -s or -S (possibly passed as a bool somewhere) determines whether we treat them as 'positive' or 'negative' code? Feels cleaner.

@OJ
Copy link
Owner

OJ commented Aug 27, 2018

Apologies for the delay on this, can I please request that you rebase your changes on 2.0.0 now that I've finally landed #79? Thank you so much.

@OJ
Copy link
Owner

OJ commented Mar 21, 2019

Hey @dave-au, you still keen for this? v3.0-working is our new working branch, would love to see you get your PR rebased onto that so we can move ahead. Cheers, and apologies for the delay.

@cbaker730
Copy link

I hope @dave-au adds this - I was just looking for this option and would love to see it included

@firefart
Copy link
Collaborator

firefart commented Aug 15, 2019
edited
Loading

We now have this feature in v3:

  -s, --statuscodes string            Positive status codes (will be overwritten with statuscodesblacklist if set) (default "200,204,301,302,307,401,403")
  -b, --statuscodesblacklist string   Negative status codes (will override statuscodes if set)

@firefart firefart closed this Aug 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xdevalias 0xdevalias 0xdevalias requested changes

Assignees

@OJ OJ

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dave-au @OJ @cbaker730 @firefart @0xdevalias