1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
package main
import (
"flag"
"fmt"
"log"
"strconv"
"strings"
)
var (
// boolean flags
color bool
verbose bool
dryrun bool
followRedirects bool
// string values
proxy string
url string
payload string
wordlist string
data string
header string
// int values
threads int
delay int
httpServerPort int
// string values defining what request to show or hide
hideCode string
hideLine string
hideWord string
hideChar string
showCode string
showLine string
showWord string
showChar string
hide Hide
show Show
)
func registerFlags() {
log.Printf("%s Reading flags", green("[i]"))
shortcut := " (shortcut)"
// Boolean values
colorUsage := "Output with color"
flag.BoolVar(&color, "color", false, colorUsage)
flag.BoolVar(&color, "c", false, colorUsage+shortcut)
verboseUsage := "Verbose output"
flag.BoolVar(&verbose, "verbose", false, verboseUsage)
flag.BoolVar(&verbose, "v", false, verboseUsage+shortcut)
dryrunUsage := "Print the results of applying the requests without actually making any HTTP requests"
flag.BoolVar(&dryrun, "dryrun", false, dryrunUsage)
flag.BoolVar(&dryrun, "D", false, dryrunUsage+shortcut)
followRedirectsUsage := "Follow HTTP redirects"
flag.BoolVar(&followRedirects, "followRedirects", false, followRedirectsUsage)
flag.BoolVar(&followRedirects, "L", false, followRedirectsUsage+shortcut)
// Strings
proxyUsage := "Proxy to use"
flag.StringVar(&proxy, "proxy", "", proxyUsage)
flag.StringVar(&proxy, "p", "", proxyUsage+shortcut)
urlUsage := "url to use"
flag.StringVar(&url, "url", "", urlUsage)
flag.StringVar(&url, "u", "", urlUsage+shortcut)
payloadUsage := "payload type"
flag.StringVar(&payload, "payload", "file", payloadUsage)
flag.StringVar(&payload, "P", "file", payloadUsage+shortcut)
wordlistUsage := "wordlist type"
flag.StringVar(&wordlist, "wordlist", "", wordlistUsage)
flag.StringVar(&wordlist, "w", "", wordlistUsage+shortcut)
headerUsage := "Define the headers to set"
flag.StringVar(&header, "header", "", headerUsage)
flag.StringVar(&header, "h", "", headerUsage+shortcut)
// Ints
threadsUsage := "Amount of threads connections to use"
flag.IntVar(&threads, "threads", 1, threadsUsage)
flag.IntVar(&threads, "t", 1, threadsUsage+shortcut)
delayUsage := "Amount of delay in between the requests"
flag.IntVar(&delay, "delay", 0, delayUsage)
flag.IntVar(&delay, "d", 0, delayUsage+shortcut)
httpServerPortUsage := "Port the http server exposing the findings should listen on"
flag.IntVar(&httpServerPort, "httpServerPort", 8080, httpServerPortUsage)
flag.IntVar(&httpServerPort, "hsp", 8080, httpServerPortUsage+shortcut)
// hide / show
hideCodeUsage := "Status codes to hide, comma seperated"
flag.StringVar(&hideCode, "hideCode", "", hideCodeUsage)
flag.StringVar(&hideCode, "hc", "", hideCodeUsage+shortcut)
hideLineUsage := "Response body with given amount of words to hide, comma seperated"
flag.StringVar(&hideLine, "hideLine", "", hideLineUsage)
flag.StringVar(&hideLine, "hl", "", hideLineUsage+shortcut)
hideWordUsage := "Response body with given amount of words to hide, comma seperated"
flag.StringVar(&hideWord, "hideWord", "", hideWordUsage)
flag.StringVar(&hideWord, "hw", "", hideWordUsage+shortcut)
hideCharUsage := "Response body with given amount of chars to hide, comma seperated"
flag.StringVar(&hideChar, "hideChar", "", hideCharUsage)
flag.StringVar(&hideChar, "hch", "", hideCharUsage+shortcut)
showCodeUsage := "Status codes to show, comma seperated"
flag.StringVar(&showCode, "showCode", "", showCodeUsage)
flag.StringVar(&showCode, "sc", "", showCodeUsage+shortcut)
showLineUsage := "Response body with given amount of words to show, comma seperated"
flag.StringVar(&showLine, "showLine", "", showLineUsage)
flag.StringVar(&showLine, "sl", "", showLineUsage+shortcut)
showWordUsage := "Response body with given amount of words to show, comma seperated"
flag.StringVar(&showWord, "showWord", "", showWordUsage)
flag.StringVar(&showWord, "sw", "", showWordUsage+shortcut)
showCharUsage := "Response body with given amount of chars to show, comma seperated"
flag.StringVar(&showChar, "showChar", "", showCharUsage)
flag.StringVar(&showChar, "sch", "", showCharUsage+shortcut)
// parse the flags
flag.Parse()
hide = Hide{
HideCode: parseIntList(hideCode),
HideLine: parseIntList(hideLine),
HideWord: parseIntList(hideWord),
HideChar: parseIntList(hideChar),
}
show = Show{
ShowCode: parseIntList(showCode),
ShowLine: parseIntList(showLine),
ShowWord: parseIntList(showWord),
ShowChar: parseIntList(showChar),
}
log.Printf("%s Done reading flags", boldGreen("[+]"))
}
// parseIntList parses the given string by spliting it at commas returning a list of all ints
func parseIntList(inputStringList string) []int {
// if the input list is empty, return an empty list
if inputStringList == "" {
return []int{}
}
// define an array to store the black or whitelisted values in
var intList []int
// split the input
elementList := strings.Split(inputStringList, ",")
// parse all elements inserting the into the intList
for _, element := range elementList {
rawInt, err := strconv.Atoi(element)
if err != nil {
fmt.Println("Could not parse: %s", err)
} else {
intList = append(intList, rawInt)
}
}
log.Println(intList)
// return the intList
return intList
}
|
