Codebase list ffuf / 0b028be0-47a9-436e-999b-ff8152a8cd9e/upstream
Import upstream version 1.5.0+git20220406.1.4c77a17 Kali Janitor 1 year, 7 months ago
16 changed file(s) with 478 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+14
-0
debian/README.Debian less more
0 Note regarding the Kali package ffuf
1 ------------------------------------
2
3 Upstream
4
5 As ffuf employs a sponsorware model and the Kali package of ffuf is using this exclusive
6 codebase, the upstream repository for ffuf package is https://github.com/ffuf/ffuf-exclusive
7 instead of the publicly available https://github.com/ffuf/ffuf
8
9 The changes published in the ffuf-exclusive repository as well as directly in Kali Linux
10 packages repository, will be made publicly available in https://github.com/ffuf/ffuf
11 after 30 days of the initial release.
12
13 More details of the model are available at https://github.com/ffuf/ffuf#sponsorware
+86
-0
debian/changelog less more
0 ffuf (1.5.0-0kali1) kali-dev; urgency=medium
1
2 [ Ben Wilson ]
3 * README.Debian consistency
4 * Consistency with tabs to spaces
5 * Add Uploaders
6 * Add XSBC-Vcs-*
7
8 [ Arnaud Rebillout ]
9 * Fix upstream vcs field name
10
11 [ Sophie Brun ]
12 * New upstream version 1.5.0
13 * Remove useless debian/salsa-ci.yml
14 * Refresh patches
15 * Bump Standards-Version to 4.6.0
16
17 -- Sophie Brun <[email protected]> Wed, 06 Apr 2022 09:35:14 +0200
18
19 ffuf (1.3.1-0kali1) kali-dev; urgency=low
20
21 * New upstream release.
22
23 -- Kali Janitor <[email protected]> Thu, 29 Apr 2021 19:58:57 -0000
24
25 ffuf (1.3.0-0kali1) kali-dev; urgency=medium
26
27 [ Kali Janitor ]
28 * Set upstream metadata fields: Repository, Repository-Browse.
29
30 [ Arnaud Rebillout ]
31 * Configure gbp import-dsc for a Debian-derived package
32
33 [ Raphaël Hertzog ]
34 * Pass build flags for the Kali specific version prepared by upstream
35
36 [ Joona Hoikkala ]
37 * Describe the upstream discrepancy in README.debian
38
39 [ Sophie Brun ]
40 * New upstream version 1.3.0
41 * Update debian/copyright
42
43 -- Sophie Brun <[email protected]> Wed, 17 Mar 2021 08:36:42 +0100
44
45 ffuf (1.2.1-0kali1) kali-dev; urgency=medium
46
47 [ Raphaël Hertzog ]
48 * Monitor upstream releases in the Kali repository
49 * Update Maintainer field
50 * Update Vcs-* fields
51 * Configure git-buildpackage for Kali
52 * Add GitLab's CI configuration file
53 * New upstream version 1.2.1
54 * Drop patches that don't apply
55
56 [ Sophie Brun ]
57 * Add missing Build-dep golang-github-pelletier-go-toml-dev
58 * Bump Standards-Version to 4.5.1 (no changes)
59
60 -- Sophie Brun <[email protected]> Mon, 22 Feb 2021 16:24:08 +0100
61
62 ffuf (1.1.0-1) unstable; urgency=medium
63
64 * New upstream version 1.1.0
65
66 [ Marcio de Souza Oliveira ]
67 * debian/tests/control:
68 - Created the directory files.
69 - Creted the file files/test-fuzz-list.txt.
70 - Updated the test to simple fuzzing test.
71
72 -- Pedro Loami Barbosa dos Santos <[email protected]> Thu, 10 Sep 2020 08:04:29 -0300
73
74 ffuf (1.0.2-2) unstable; urgency=medium
75
76 * debian/control:
77 - (Vcs-*): changed value to correct repository address.
78
79 -- Pedro Loami Barbosa dos Santos <[email protected]> Mon, 22 Jun 2020 20:47:18 -0300
80
81 ffuf (1.0.2-1) unstable; urgency=medium
82
83 * Initial release (Closes: 960067)
84
85 -- Pedro Loami Barbosa dos Santos <[email protected]> Tue, 12 May 2020 18:06:42 -0300
+29
-0
debian/control less more
0 Source: ffuf
1 XSBC-Original-Maintainer: Pedro Loami Barbosa dos Santos <[email protected]>
2 Maintainer: Kali Developers <[email protected]>
3 Uploaders: Sophie Brun <[email protected]>,
4 Section: devel
5 Testsuite: autopkgtest-pkg-go
6 Priority: optional
7 Build-Depends: debhelper-compat (= 13),
8 dh-golang,
9 golang-any,
10 golang-github-pelletier-go-toml-dev
11 Standards-Version: 4.6.0
12 XS-Debian-Vcs-Browser: https://salsa.debian.org/debian/ffuf/
13 XS-Debian-Vcs-Git: https://salsa.debian.org/debian/ffuf.git
14 Vcs-Browser: https://gitlab.com/kalilinux/packages/ffuf
15 Vcs-Git: https://gitlab.com/kalilinux/packages/ffuf.git
16 Homepage: https://github.com/ffuf/ffuf
17 Rules-Requires-Root: no
18 XS-Go-Import-Path: github.com/ffuf/ffuf
19
20 Package: ffuf
21 Architecture: any
22 Depends: ${misc:Depends},
23 ${shlibs:Depends}
24 Built-Using: ${misc:Built-Using}
25 Description: Fast web fuzzer written in Go (program)
26 ffuf is a fest web fuzzer written in Go that allows typical directory
27 discovery, virtual host discovery (without DNS records) and GET and POST
28 parameter fuzzing.
+32
-0
debian/copyright less more
0 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
1 Upstream-Name: ffuf
2 Upstream-Contact: https://github.com/ffuf/ffuf/issues
3 Source: https://github.com/ffuf/ffuf
4
5 Files: *
6 Copyright: 2018-2021 Joona Hoikkala <[email protected]>
7 License: MIT
8
9 Files: debian/*
10 Copyright: 2020 Pedro Loami Barbosa dos Santos <[email protected]>
11 License: MIT
12 Comment: Debian packaging is licensed under the same terms as upstream
13
14 License: MIT
15 Permission is hereby granted, free of charge, to any person obtaining a copy
16 of this software and associated documentation files (the "Software"), to deal
17 in the Software without restriction, including without limitation the rights
18 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
19 copies of the Software, and to permit persons to whom the Software is
20 furnished to do so, subject to the following conditions:
21 .
22 The above copyright notice and this permission notice shall be included in all
23 copies or substantial portions of the Software.
24 .
25 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
26 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
27 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
28 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
29 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
30 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 SOFTWARE.
+247
-0
debian/ffuf.1 less more
0 .\" Text automatically generated by txt2man
1 .TH ffuf "1" "May 2020" "ffuf 1.0.2" "User Commands"
2 .SH NAME
3 \fBffuf \fP- Fast web fuzzer written in Go
4 \fB
5 .SH SYNOPSIS
6 .nf
7 .fam C
8 \fBffuf\fP [\fBoptions\fP]
9
10 .fam T
11 .fi
12 .fam T
13 .fi
14 .SH DESCRIPTION
15 \fBffuf\fP is a fest web fuzzer written in Go that allows typical directory
16 discovery, virtual host discovery (without DNS records) and GET and POST
17 parameter fuzzing.
18 .RE
19 .SH OPTIONS
20 .PP
21 HTTP OPTIONS:
22 .RS
23 .TP
24 .B
25 \fB-H\fP
26 Header "Name: Value", separated by colon. Multiple \fB-H\fP flags are accepted.
27 .TP
28 .B
29 \fB-X\fP
30 HTTP method to use (default: GET)
31 .TP
32 .B
33 \fB-b\fP
34 Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality.
35 .TP
36 .B
37 \fB-d\fP
38 POST data
39 .TP
40 .B
41 \fB-r\fP
42 Follow redirects (default: false)
43 .TP
44 .B
45 \fB-recursion\fP
46 Scan recursively. Only FUZZ keyword is supported, and URL (\fB-u\fP) has to end in it. (default: false)
47 \fB-recursion-depth\fP Maximum recursion depth. (default: 0)
48 .TP
49 .B
50 \fB-replay-proxy\fP
51 Replay matched requests using this proxy.
52 .TP
53 .B
54 \fB-timeout\fP
55 HTTP request timeout in seconds. (default: 10)
56 .TP
57 .B
58 \fB-u\fP
59 Target URL
60 .TP
61 .B
62 \fB-x\fP
63 HTTP Proxy URL
64 .RE
65 .PP
66 GENERAL OPTIONS:
67 .RS
68 .TP
69 .B
70 \fB-V\fP
71 Show version information. (default: false)
72 .TP
73 .B
74 \fB-ac\fP
75 Automatically calibrate filtering options (default: false)
76 .TP
77 .B
78 \fB-acc\fP
79 Custom auto-calibration string. Can be used multiple times. Implies \fB-ac\fP
80 .TP
81 .B
82 \fB-c\fP
83 Colorize output. (default: false)
84 .TP
85 .B
86 \fB-maxtime\fP
87 Maximum running time in seconds. (default: 0)
88 .TP
89 .B
90 \fB-p\fP
91 Seconds of 'delay' between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
92 .TP
93 .B
94 \fB-s\fP
95 Do not print additional information (silent mode) (default: false)
96 .TP
97 .B
98 \fB-sa\fP
99 Stop on all error cases. Implies \fB-sf\fP and \fB-se\fP. (default: false)
100 .TP
101 .B
102 \fB-se\fP
103 Stop on spurious errors (default: false)
104 .TP
105 .B
106 \fB-sf\fP
107 Stop when > 95% of responses return 403 Forbidden (default: false)
108 .TP
109 .B
110 \fB-t\fP
111 Number of concurrent threads. (default: 40)
112 .TP
113 .B
114 \fB-v\fP
115 Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
116 .RE
117 .PP
118 MATCHER OPTIONS:
119 .RS
120 .TP
121 .B
122 \fB-mc\fP
123 Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403)
124 .TP
125 .B
126 \fB-ml\fP
127 Match amount of lines in response
128 .TP
129 .B
130 \fB-mr\fP
131 Match regexp
132 .TP
133 .B
134 \fB-ms\fP
135 Match HTTP response size
136 .TP
137 .B
138 \fB-mw\fP
139 Match amount of words in response
140 .RE
141 .PP
142 FILTER OPTIONS:
143 .RS
144 .TP
145 .B
146 \fB-fc\fP
147 Filter HTTP status codes from response. Comma separated list of codes and ranges
148 .TP
149 .B
150 \fB-fl\fP
151 Filter by amount of lines in response. Comma separated list of line counts and ranges
152 .TP
153 .B
154 \fB-fr\fP
155 Filter regexp
156 .TP
157 .B
158 \fB-fs\fP
159 Filter HTTP response size. Comma separated list of sizes and ranges
160 .TP
161 .B
162 \fB-fw\fP
163 Filter by amount of words in response. Comma separated list of word counts and ranges
164 .RE
165 .PP
166 INPUT OPTIONS:
167 .RS
168 .TP
169 .B
170 \fB-D\fP
171 DirSearch wordlist compatibility mode. Used in conjunction with \fB-e\fP flag. (default: false)
172 .TP
173 .B
174 \fB-e\fP
175 Comma separated list of extensions. Extends FUZZ keyword.
176 .TP
177 .B
178 \fB-ic\fP
179 Ignore wordlist comments (default: false)
180 .TP
181 .B
182 \fB-input-cmd\fP
183 Command producing the input. \fB--input-num\fP is required when using this input method. Overrides \fB-w\fP.
184 .TP
185 .B
186 \fB-input-num\fP
187 Number of inputs to test. Used in conjunction with \fB--input-cmd\fP. (default: 100)
188 .TP
189 .B
190 \fB-mode\fP
191 Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
192 .TP
193 .B
194 \fB-request\fP
195 File containing the raw http request
196 .TP
197 .B
198 \fB-request-proto\fP
199 Protocol to use along with raw request (default: https)
200 .TP
201 .B
202 \fB-w\fP
203 Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
204 .RE
205 .PP
206 OUTPUT OPTIONS:
207 .RS
208 .TP
209 .B
210 \fB-debug-log\fP
211 Write all of the internal logging to the specified file.
212 .TP
213 .B
214 \fB-o\fP
215 Write output to file
216 .TP
217 .B
218 \fB-od\fP
219 Directory path to store matched results to.
220 .TP
221 .B
222 \fB-of\fP
223 Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)
224 .RE
225 .PP
226 .SH EXAMPLE USAGE:
227 Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42.
228 Colored, verbose output.
229 \fBffuf\fP \fB-w\fP wordlist.txt \fB-u\fP https://example.org/FUZZ \fB-mc\fP all \fB-fs\fP 42 \fB-c\fP \fB-v\fP
230 .RS
231 .PP
232 Fuzz Host-header, match HTTP 200 responses.
233 \fBffuf\fP \fB-w\fP hosts.txt \fB-u\fP https://example.org/ \fB-H\fP "Host: FUZZ" \fB-mc\fP 200
234 .PP
235 Fuzz POST JSON data. Match all responses not containing text "error".
236 \fBffuf\fP \fB-w\fP entries.txt \fB-u\fP https://example.org/ \fB-X\fP POST \fB-H\fP "Content-Type: application/json" \
237 \fB-d\fP '{"name": "FUZZ", "anotherkey": "anothervalue"}' \fB-fr\fP "error"
238 .PP
239 Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored.
240 \fBffuf\fP \fB-w\fP params.txt:PARAM \fB-w\fP values.txt:VAL \fB-u\fP https://example.org/?PARAM=VAL \fB-mr\fP "VAL" \fB-c\fP
241 .PP
242 More information and examples: https://github.com/\fBffuf\fP/\fBffuf\fP
243 .PP
244 .SH AUTHOR
245 This manual page was written based on the author's README by Pedro Loami Barbosa dos Santos <[email protected]> for the Debian project (but may be used by others).
246
+1
-0
debian/ffuf.manpages less more
0 debian/ffuf.1
+14
-0
debian/gbp.conf less more
0 [DEFAULT]
1 debian-branch = kali/master
2 debian-tag = kali/%(version)s
3 pristine-tar = True
4
5 [pq]
6 patch-numbers = False
7
8 [dch]
9 multimaint-merge = True
10
11 [import-dsc]
12 debian-branch = debian/master
13 debian-tag = debian/%(version)s
+2
-0
debian/kali-ci.yml less more
0 include:
1 - https://gitlab.com/kalilinux/tools/kali-ci-pipeline/raw/master/recipes/kali.yml
+28
-0
debian/patches/10-fix-spelling.patch less more
0 From: Kali Developers <[email protected]>
1 Date: Wed, 6 Apr 2022 09:29:08 +0200
2 Subject: fix-spelling
3
4 # Author: Pedro Loami Barbosa dos Santos <[email protected]>
5 # Date: May 11 2020
6 # Description: Fix spelling on /pkg/ffuf/multierror.go
7
8 # Author: Pedro Loami Barbosa dos Santos <[email protected]>
9 # Date: May 11 2020
10 # Description: Fix spelling on /pkg/ffuf/multierror.go
11 ---
12 pkg/ffuf/multierror.go | 2 +-
13 1 file changed, 1 insertion(+), 1 deletion(-)
14
15 diff --git a/pkg/ffuf/multierror.go b/pkg/ffuf/multierror.go
16 index d83bdc6..b5d9a09 100644
17 --- a/pkg/ffuf/multierror.go
18 +++ b/pkg/ffuf/multierror.go
19 @@ -20,7 +20,7 @@ func (m *Multierror) Add(err error) {
20 func (m *Multierror) ErrorOrNil() error {
21 var errString string
22 if len(m.errors) > 0 {
23 - errString += fmt.Sprintf("%d errors occured.\n", len(m.errors))
24 + errString += fmt.Sprintf("%d errors occurred.\n", len(m.errors))
25 for _, e := range m.errors {
26 errString += fmt.Sprintf("\t* %s\n", e)
27 }
+1
-0
debian/patches/series less more
0 10-fix-spelling.patch
+11
-0
debian/rules less more
0 #!/usr/bin/make -f
1
2 %:
3 dh $@ --builddirectory=_build --buildsystem=golang --with=golang
4
5 override_dh_auto_build:
6 # Pass build flags for the Kali exclusive version
7 dh_auto_build -- -ldflags="-X 'github.com/ffuf/ffuf/pkg/ffuf.VERSION_APPENDIX= Kali Exclusive <3'"
8
9 override_dh_auto_install:
10 dh_auto_install -- --no-source
+1
-0
debian/source/format less more
0 3.0 (quilt)
+3
-0
debian/tests/control less more
0 Test-Command: ffuf -w debian/tests/files/test-fuzz-list.txt -u https://www.debian.org/FUZZ
1 Depends: @
2 Restrictions: allow-stderr
+3
-0
debian/tests/files/test-fuzz-list.txt less more
0 intro
1 about
2 devel
+3
-0
debian/upstream/metadata less more
0 ---
1 Repository: https://gitlab.com/kalilinux/packages/ffuf.git
2 Repository-Browse: https://gitlab.com/kalilinux/packages/ffuf
+3
-0
debian/watch less more
0 version=4
1 opts="uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/" \
2 https://gitlab.com/kalilinux/packages/ffuf/-/tags .*/ffuf-v?(\d.*)\.tar\.gz