Codebase list ffuf / d4edfb3
Import upstream version 1.3.1+git20210505.1.f032167 Kali Janitor 2 years ago
17 changed file(s) with 448 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+14
-0
debian/README.debian less more
0 Note regarding the Kali package ffuf
1 ------------------------------------
2
3 Upstream
4
5 As ffuf employs a sponsorware model and the Kali package of ffuf is using this exclusive
6 codebase, the upstream repository for ffuf package is https://github.com/ffuf/ffuf-exclusive
7 instead of the publicly available https://github.com/ffuf/ffuf
8
9 The changes published in the ffuf-exclusive repository as well as directly in Kali Linux
10 packages repository, will be made publicly available in https://github.com/ffuf/ffuf
11 after 30 days of the initial release.
12
13 More details of the model are available at https://github.com/ffuf/ffuf#sponsorware
+67
-0
debian/changelog less more
0 ffuf (1.3.1-0kali1) kali-dev; urgency=low
1
2 * New upstream release.
3
4 -- Kali Janitor <[email protected]> Thu, 29 Apr 2021 19:58:57 -0000
5
6 ffuf (1.3.0-0kali1) kali-dev; urgency=medium
7
8 [ Kali Janitor ]
9 * Set upstream metadata fields: Repository, Repository-Browse.
10
11 [ Arnaud Rebillout ]
12 * Configure gbp import-dsc for a Debian-derived package
13
14 [ Raphaël Hertzog ]
15 * Pass build flags for the Kali specific version prepared by upstream
16
17 [ Joona Hoikkala ]
18 * Describe the upstream discrepancy in README.debian
19
20 [ Sophie Brun ]
21 * New upstream version 1.3.0
22 * Update debian/copyright
23
24 -- Sophie Brun <[email protected]> Wed, 17 Mar 2021 08:36:42 +0100
25
26 ffuf (1.2.1-0kali1) kali-dev; urgency=medium
27
28 [ Raphaël Hertzog ]
29 * Monitor upstream releases in the Kali repository
30 * Update Maintainer field
31 * Update Vcs-* fields
32 * Configure git-buildpackage for Kali
33 * Add GitLab's CI configuration file
34 * New upstream version 1.2.1
35 * Drop patches that don't apply
36
37 [ Sophie Brun ]
38 * Add missing Build-dep golang-github-pelletier-go-toml-dev
39 * Bump Standards-Version to 4.5.1 (no changes)
40
41 -- Sophie Brun <[email protected]> Mon, 22 Feb 2021 16:24:08 +0100
42
43 ffuf (1.1.0-1) unstable; urgency=medium
44
45 * New upstream version 1.1.0
46
47 [ Marcio de Souza Oliveira ]
48 * debian/tests/control:
49 - Created the directory files.
50 - Creted the file files/test-fuzz-list.txt.
51 - Updated the test to simple fuzzing test.
52
53 -- Pedro Loami Barbosa dos Santos <[email protected]> Thu, 10 Sep 2020 08:04:29 -0300
54
55 ffuf (1.0.2-2) unstable; urgency=medium
56
57 * debian/control:
58 - (Vcs-*): changed value to correct repository address.
59
60 -- Pedro Loami Barbosa dos Santos <[email protected]> Mon, 22 Jun 2020 20:47:18 -0300
61
62 ffuf (1.0.2-1) unstable; urgency=medium
63
64 * Initial release (Closes: 960067)
65
66 -- Pedro Loami Barbosa dos Santos <[email protected]> Tue, 12 May 2020 18:06:42 -0300
+26
-0
debian/control less more
0 Source: ffuf
1 XSBC-Original-Maintainer: Pedro Loami Barbosa dos Santos <[email protected]>
2 Maintainer: Kali Developers <[email protected]>
3 Section: devel
4 Testsuite: autopkgtest-pkg-go
5 Priority: optional
6 Build-Depends: debhelper-compat (= 13),
7 dh-golang,
8 golang-any,
9 golang-github-pelletier-go-toml-dev
10 Standards-Version: 4.5.1
11 Vcs-Browser: https://gitlab.com/kalilinux/packages/ffuf
12 Vcs-Git: https://gitlab.com/kalilinux/packages/ffuf.git
13 Homepage: https://github.com/ffuf/ffuf
14 Rules-Requires-Root: no
15 XS-Go-Import-Path: github.com/ffuf/ffuf
16
17 Package: ffuf
18 Architecture: any
19 Depends: ${misc:Depends},
20 ${shlibs:Depends}
21 Built-Using: ${misc:Built-Using}
22 Description: Fast web fuzzer written in Go (program)
23 ffuf is a fest web fuzzer written in Go that allows typical directory
24 discovery, virtual host discovery (without DNS records) and GET and POST
25 parameter fuzzing.
+32
-0
debian/copyright less more
0 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
1 Upstream-Name: ffuf
2 Upstream-Contact: https://github.com/ffuf/ffuf/issues
3 Source: https://github.com/ffuf/ffuf
4
5 Files: *
6 Copyright: 2018-2021 Joona Hoikkala <[email protected]>
7 License: MIT
8
9 Files: debian/*
10 Copyright: 2020 Pedro Loami Barbosa dos Santos <[email protected]>
11 License: MIT
12 Comment: Debian packaging is licensed under the same terms as upstream
13
14 License: MIT
15 Permission is hereby granted, free of charge, to any person obtaining a copy
16 of this software and associated documentation files (the "Software"), to deal
17 in the Software without restriction, including without limitation the rights
18 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
19 copies of the Software, and to permit persons to whom the Software is
20 furnished to do so, subject to the following conditions:
21 .
22 The above copyright notice and this permission notice shall be included in all
23 copies or substantial portions of the Software.
24 .
25 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
26 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
27 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
28 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
29 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
30 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 SOFTWARE.
+247
-0
debian/ffuf.1 less more
0 .\" Text automatically generated by txt2man
1 .TH ffuf "1" "May 2020" "ffuf 1.0.2" "User Commands"
2 .SH NAME
3 \fBffuf \fP- Fast web fuzzer written in Go
4 \fB
5 .SH SYNOPSIS
6 .nf
7 .fam C
8 \fBffuf\fP [\fBoptions\fP]
9
10 .fam T
11 .fi
12 .fam T
13 .fi
14 .SH DESCRIPTION
15 \fBffuf\fP is a fest web fuzzer written in Go that allows typical directory
16 discovery, virtual host discovery (without DNS records) and GET and POST
17 parameter fuzzing.
18 .RE
19 .SH OPTIONS
20 .PP
21 HTTP OPTIONS:
22 .RS
23 .TP
24 .B
25 \fB-H\fP
26 Header "Name: Value", separated by colon. Multiple \fB-H\fP flags are accepted.
27 .TP
28 .B
29 \fB-X\fP
30 HTTP method to use (default: GET)
31 .TP
32 .B
33 \fB-b\fP
34 Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality.
35 .TP
36 .B
37 \fB-d\fP
38 POST data
39 .TP
40 .B
41 \fB-r\fP
42 Follow redirects (default: false)
43 .TP
44 .B
45 \fB-recursion\fP
46 Scan recursively. Only FUZZ keyword is supported, and URL (\fB-u\fP) has to end in it. (default: false)
47 \fB-recursion-depth\fP Maximum recursion depth. (default: 0)
48 .TP
49 .B
50 \fB-replay-proxy\fP
51 Replay matched requests using this proxy.
52 .TP
53 .B
54 \fB-timeout\fP
55 HTTP request timeout in seconds. (default: 10)
56 .TP
57 .B
58 \fB-u\fP
59 Target URL
60 .TP
61 .B
62 \fB-x\fP
63 HTTP Proxy URL
64 .RE
65 .PP
66 GENERAL OPTIONS:
67 .RS
68 .TP
69 .B
70 \fB-V\fP
71 Show version information. (default: false)
72 .TP
73 .B
74 \fB-ac\fP
75 Automatically calibrate filtering options (default: false)
76 .TP
77 .B
78 \fB-acc\fP
79 Custom auto-calibration string. Can be used multiple times. Implies \fB-ac\fP
80 .TP
81 .B
82 \fB-c\fP
83 Colorize output. (default: false)
84 .TP
85 .B
86 \fB-maxtime\fP
87 Maximum running time in seconds. (default: 0)
88 .TP
89 .B
90 \fB-p\fP
91 Seconds of 'delay' between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
92 .TP
93 .B
94 \fB-s\fP
95 Do not print additional information (silent mode) (default: false)
96 .TP
97 .B
98 \fB-sa\fP
99 Stop on all error cases. Implies \fB-sf\fP and \fB-se\fP. (default: false)
100 .TP
101 .B
102 \fB-se\fP
103 Stop on spurious errors (default: false)
104 .TP
105 .B
106 \fB-sf\fP
107 Stop when > 95% of responses return 403 Forbidden (default: false)
108 .TP
109 .B
110 \fB-t\fP
111 Number of concurrent threads. (default: 40)
112 .TP
113 .B
114 \fB-v\fP
115 Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
116 .RE
117 .PP
118 MATCHER OPTIONS:
119 .RS
120 .TP
121 .B
122 \fB-mc\fP
123 Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403)
124 .TP
125 .B
126 \fB-ml\fP
127 Match amount of lines in response
128 .TP
129 .B
130 \fB-mr\fP
131 Match regexp
132 .TP
133 .B
134 \fB-ms\fP
135 Match HTTP response size
136 .TP
137 .B
138 \fB-mw\fP
139 Match amount of words in response
140 .RE
141 .PP
142 FILTER OPTIONS:
143 .RS
144 .TP
145 .B
146 \fB-fc\fP
147 Filter HTTP status codes from response. Comma separated list of codes and ranges
148 .TP
149 .B
150 \fB-fl\fP
151 Filter by amount of lines in response. Comma separated list of line counts and ranges
152 .TP
153 .B
154 \fB-fr\fP
155 Filter regexp
156 .TP
157 .B
158 \fB-fs\fP
159 Filter HTTP response size. Comma separated list of sizes and ranges
160 .TP
161 .B
162 \fB-fw\fP
163 Filter by amount of words in response. Comma separated list of word counts and ranges
164 .RE
165 .PP
166 INPUT OPTIONS:
167 .RS
168 .TP
169 .B
170 \fB-D\fP
171 DirSearch wordlist compatibility mode. Used in conjunction with \fB-e\fP flag. (default: false)
172 .TP
173 .B
174 \fB-e\fP
175 Comma separated list of extensions. Extends FUZZ keyword.
176 .TP
177 .B
178 \fB-ic\fP
179 Ignore wordlist comments (default: false)
180 .TP
181 .B
182 \fB-input-cmd\fP
183 Command producing the input. \fB--input-num\fP is required when using this input method. Overrides \fB-w\fP.
184 .TP
185 .B
186 \fB-input-num\fP
187 Number of inputs to test. Used in conjunction with \fB--input-cmd\fP. (default: 100)
188 .TP
189 .B
190 \fB-mode\fP
191 Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
192 .TP
193 .B
194 \fB-request\fP
195 File containing the raw http request
196 .TP
197 .B
198 \fB-request-proto\fP
199 Protocol to use along with raw request (default: https)
200 .TP
201 .B
202 \fB-w\fP
203 Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
204 .RE
205 .PP
206 OUTPUT OPTIONS:
207 .RS
208 .TP
209 .B
210 \fB-debug-log\fP
211 Write all of the internal logging to the specified file.
212 .TP
213 .B
214 \fB-o\fP
215 Write output to file
216 .TP
217 .B
218 \fB-od\fP
219 Directory path to store matched results to.
220 .TP
221 .B
222 \fB-of\fP
223 Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)
224 .RE
225 .PP
226 .SH EXAMPLE USAGE:
227 Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42.
228 Colored, verbose output.
229 \fBffuf\fP \fB-w\fP wordlist.txt \fB-u\fP https://example.org/FUZZ \fB-mc\fP all \fB-fs\fP 42 \fB-c\fP \fB-v\fP
230 .RS
231 .PP
232 Fuzz Host-header, match HTTP 200 responses.
233 \fBffuf\fP \fB-w\fP hosts.txt \fB-u\fP https://example.org/ \fB-H\fP "Host: FUZZ" \fB-mc\fP 200
234 .PP
235 Fuzz POST JSON data. Match all responses not containing text "error".
236 \fBffuf\fP \fB-w\fP entries.txt \fB-u\fP https://example.org/ \fB-X\fP POST \fB-H\fP "Content-Type: application/json" \
237 \fB-d\fP '{"name": "FUZZ", "anotherkey": "anothervalue"}' \fB-fr\fP "error"
238 .PP
239 Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored.
240 \fBffuf\fP \fB-w\fP params.txt:PARAM \fB-w\fP values.txt:VAL \fB-u\fP https://example.org/?PARAM=VAL \fB-mr\fP "VAL" \fB-c\fP
241 .PP
242 More information and examples: https://github.com/\fBffuf\fP/\fBffuf\fP
243 .PP
244 .SH AUTHOR
245 This manual page was written based on the author's README by Pedro Loami Barbosa dos Santos <[email protected]> for the Debian project (but may be used by others).
246
+1
-0
debian/ffuf.manpages less more
0 debian/ffuf.1
+14
-0
debian/gbp.conf less more
0 [DEFAULT]
1 debian-branch = kali/master
2 debian-tag = kali/%(version)s
3 pristine-tar = True
4
5 [pq]
6 patch-numbers = False
7
8 [dch]
9 multimaint-merge = True
10
11 [import-dsc]
12 debian-branch = debian/master
13 debian-tag = debian/%(version)s
+2
-0
debian/kali-ci.yml less more
0 include:
1 - https://gitlab.com/kalilinux/tools/kali-ci-pipeline/raw/master/recipes/kali.yml
+16
-0
debian/patches/10-fix-spelling.patch less more
0 # Author: Pedro Loami Barbosa dos Santos <[email protected]>
1 # Date: May 11 2020
2 # Description: Fix spelling on /pkg/ffuf/multierror.go
3 Index: ffuf/pkg/ffuf/multierror.go
4 ===================================================================
5 --- ffuf.orig/pkg/ffuf/multierror.go
6 +++ ffuf/pkg/ffuf/multierror.go
7 @@ -20,7 +20,7 @@ func (m *Multierror) Add(err error) {
8 func (m *Multierror) ErrorOrNil() error {
9 var errString string
10 if len(m.errors) > 0 {
11 - errString += fmt.Sprintf("%d errors occured.\n", len(m.errors))
12 + errString += fmt.Sprintf("%d errors occurred.\n", len(m.errors))
13 for _, e := range m.errors {
14 errString += fmt.Sprintf("\t* %s\n", e)
15 }
+1
-0
debian/patches/series less more
0 10-fix-spelling.patch
+11
-0
debian/rules less more
0 #!/usr/bin/make -f
1
2 %:
3 dh $@ --builddirectory=_build --buildsystem=golang --with=golang
4
5 override_dh_auto_build:
6 # Pass build flags for the Kali exclusive version
7 dh_auto_build -- -ldflags="-X 'github.com/ffuf/ffuf/pkg/ffuf.VERSION_APPENDIX= Kali Exclusive <3'"
8
9 override_dh_auto_install:
10 dh_auto_install -- --no-source
+4
-0
debian/salsa-ci.yml less more
0 ---
1 include:
2 - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
3 - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+1
-0
debian/source/format less more
0 3.0 (quilt)
+3
-0
debian/tests/control less more
0 Test-Command: ffuf -w debian/tests/files/test-fuzz-list.txt -u https://www.debian.org/FUZZ
1 Depends: @
2 Restrictions: allow-stderr
+3
-0
debian/tests/files/test-fuzz-list.txt less more
0 intro
1 about
2 devel
+3
-0
debian/upstream/metadata less more
0 ---
1 Repository: https://gitlab.com/kalilinux/packages/ffuf.git
2 Repository-Browse: https://gitlab.com/kalilinux/packages/ffuf
+3
-0
debian/watch less more
0 version=4
1 opts="uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/" \
2 https://gitlab.com/kalilinux/packages/ffuf/-/tags .*/ffuf-v?(\d.*)\.tar\.gz