Import upstream version 1.3.0+git20210317.976b208, md5 1886ed5160f597caf9eb364d4e3751c1
Kali Janitor
3 years ago
0 | Note regarding the Kali package ffuf | |
1 | ------------------------------------ | |
2 | ||
3 | Upstream | |
4 | ||
5 | As ffuf employs a sponsorware model and the Kali package of ffuf is using this exclusive | |
6 | codebase, the upstream repository for ffuf package is https://github.com/ffuf/ffuf-exclusive | |
7 | instead of the publicly available https://github.com/ffuf/ffuf | |
8 | ||
9 | The changes published in the ffuf-exclusive repository as well as directly in Kali Linux | |
10 | packages repository, will be made publicly available in https://github.com/ffuf/ffuf | |
11 | after 30 days of the initial release. | |
12 | ||
13 | More details of the model are available at https://github.com/ffuf/ffuf#sponsorware |
0 | ffuf (1.3.0-0kali1) kali-dev; urgency=medium | |
1 | ||
2 | [ Kali Janitor ] | |
3 | * Set upstream metadata fields: Repository, Repository-Browse. | |
4 | ||
5 | [ Arnaud Rebillout ] | |
6 | * Configure gbp import-dsc for a Debian-derived package | |
7 | ||
8 | [ Raphaël Hertzog ] | |
9 | * Pass build flags for the Kali specific version prepared by upstream | |
10 | ||
11 | [ Joona Hoikkala ] | |
12 | * Describe the upstream discrepancy in README.debian | |
13 | ||
14 | [ Sophie Brun ] | |
15 | * New upstream version 1.3.0 | |
16 | * Update debian/copyright | |
17 | ||
18 | -- Sophie Brun <[email protected]> Wed, 17 Mar 2021 08:36:42 +0100 | |
19 | ||
20 | ffuf (1.2.1-0kali1) kali-dev; urgency=medium | |
21 | ||
22 | [ Raphaël Hertzog ] | |
23 | * Monitor upstream releases in the Kali repository | |
24 | * Update Maintainer field | |
25 | * Update Vcs-* fields | |
26 | * Configure git-buildpackage for Kali | |
27 | * Add GitLab's CI configuration file | |
28 | * New upstream version 1.2.1 | |
29 | * Drop patches that don't apply | |
30 | ||
31 | [ Sophie Brun ] | |
32 | * Add missing Build-dep golang-github-pelletier-go-toml-dev | |
33 | * Bump Standards-Version to 4.5.1 (no changes) | |
34 | ||
35 | -- Sophie Brun <[email protected]> Mon, 22 Feb 2021 16:24:08 +0100 | |
36 | ||
37 | ffuf (1.1.0-1) unstable; urgency=medium | |
38 | ||
39 | * New upstream version 1.1.0 | |
40 | ||
41 | [ Marcio de Souza Oliveira ] | |
42 | * debian/tests/control: | |
43 | - Created the directory files. | |
44 | - Creted the file files/test-fuzz-list.txt. | |
45 | - Updated the test to simple fuzzing test. | |
46 | ||
47 | -- Pedro Loami Barbosa dos Santos <[email protected]> Thu, 10 Sep 2020 08:04:29 -0300 | |
48 | ||
49 | ffuf (1.0.2-2) unstable; urgency=medium | |
50 | ||
51 | * debian/control: | |
52 | - (Vcs-*): changed value to correct repository address. | |
53 | ||
54 | -- Pedro Loami Barbosa dos Santos <[email protected]> Mon, 22 Jun 2020 20:47:18 -0300 | |
55 | ||
56 | ffuf (1.0.2-1) unstable; urgency=medium | |
57 | ||
58 | * Initial release (Closes: 960067) | |
59 | ||
60 | -- Pedro Loami Barbosa dos Santos <[email protected]> Tue, 12 May 2020 18:06:42 -0300 |
0 | Source: ffuf | |
1 | XSBC-Original-Maintainer: Pedro Loami Barbosa dos Santos <[email protected]> | |
2 | Maintainer: Kali Developers <[email protected]> | |
3 | Section: devel | |
4 | Testsuite: autopkgtest-pkg-go | |
5 | Priority: optional | |
6 | Build-Depends: debhelper-compat (= 13), | |
7 | dh-golang, | |
8 | golang-any, | |
9 | golang-github-pelletier-go-toml-dev | |
10 | Standards-Version: 4.5.1 | |
11 | Vcs-Browser: https://gitlab.com/kalilinux/packages/ffuf | |
12 | Vcs-Git: https://gitlab.com/kalilinux/packages/ffuf.git | |
13 | Homepage: https://github.com/ffuf/ffuf | |
14 | Rules-Requires-Root: no | |
15 | XS-Go-Import-Path: github.com/ffuf/ffuf | |
16 | ||
17 | Package: ffuf | |
18 | Architecture: any | |
19 | Depends: ${misc:Depends}, | |
20 | ${shlibs:Depends} | |
21 | Built-Using: ${misc:Built-Using} | |
22 | Description: Fast web fuzzer written in Go (program) | |
23 | ffuf is a fest web fuzzer written in Go that allows typical directory | |
24 | discovery, virtual host discovery (without DNS records) and GET and POST | |
25 | parameter fuzzing. |
0 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ | |
1 | Upstream-Name: ffuf | |
2 | Upstream-Contact: https://github.com/ffuf/ffuf/issues | |
3 | Source: https://github.com/ffuf/ffuf | |
4 | ||
5 | Files: * | |
6 | Copyright: 2018-2021 Joona Hoikkala <[email protected]> | |
7 | License: MIT | |
8 | ||
9 | Files: debian/* | |
10 | Copyright: 2020 Pedro Loami Barbosa dos Santos <[email protected]> | |
11 | License: MIT | |
12 | Comment: Debian packaging is licensed under the same terms as upstream | |
13 | ||
14 | License: MIT | |
15 | Permission is hereby granted, free of charge, to any person obtaining a copy | |
16 | of this software and associated documentation files (the "Software"), to deal | |
17 | in the Software without restriction, including without limitation the rights | |
18 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
19 | copies of the Software, and to permit persons to whom the Software is | |
20 | furnished to do so, subject to the following conditions: | |
21 | . | |
22 | The above copyright notice and this permission notice shall be included in all | |
23 | copies or substantial portions of the Software. | |
24 | . | |
25 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
26 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
27 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
28 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
29 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
30 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
31 | SOFTWARE. |
0 | .\" Text automatically generated by txt2man | |
1 | .TH ffuf "1" "May 2020" "ffuf 1.0.2" "User Commands" | |
2 | .SH NAME | |
3 | \fBffuf \fP- Fast web fuzzer written in Go | |
4 | \fB | |
5 | .SH SYNOPSIS | |
6 | .nf | |
7 | .fam C | |
8 | \fBffuf\fP [\fBoptions\fP] | |
9 | ||
10 | .fam T | |
11 | .fi | |
12 | .fam T | |
13 | .fi | |
14 | .SH DESCRIPTION | |
15 | \fBffuf\fP is a fest web fuzzer written in Go that allows typical directory | |
16 | discovery, virtual host discovery (without DNS records) and GET and POST | |
17 | parameter fuzzing. | |
18 | .RE | |
19 | .SH OPTIONS | |
20 | .PP | |
21 | HTTP OPTIONS: | |
22 | .RS | |
23 | .TP | |
24 | .B | |
25 | \fB-H\fP | |
26 | Header "Name: Value", separated by colon. Multiple \fB-H\fP flags are accepted. | |
27 | .TP | |
28 | .B | |
29 | \fB-X\fP | |
30 | HTTP method to use (default: GET) | |
31 | .TP | |
32 | .B | |
33 | \fB-b\fP | |
34 | Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality. | |
35 | .TP | |
36 | .B | |
37 | \fB-d\fP | |
38 | POST data | |
39 | .TP | |
40 | .B | |
41 | \fB-r\fP | |
42 | Follow redirects (default: false) | |
43 | .TP | |
44 | .B | |
45 | \fB-recursion\fP | |
46 | Scan recursively. Only FUZZ keyword is supported, and URL (\fB-u\fP) has to end in it. (default: false) | |
47 | \fB-recursion-depth\fP Maximum recursion depth. (default: 0) | |
48 | .TP | |
49 | .B | |
50 | \fB-replay-proxy\fP | |
51 | Replay matched requests using this proxy. | |
52 | .TP | |
53 | .B | |
54 | \fB-timeout\fP | |
55 | HTTP request timeout in seconds. (default: 10) | |
56 | .TP | |
57 | .B | |
58 | \fB-u\fP | |
59 | Target URL | |
60 | .TP | |
61 | .B | |
62 | \fB-x\fP | |
63 | HTTP Proxy URL | |
64 | .RE | |
65 | .PP | |
66 | GENERAL OPTIONS: | |
67 | .RS | |
68 | .TP | |
69 | .B | |
70 | \fB-V\fP | |
71 | Show version information. (default: false) | |
72 | .TP | |
73 | .B | |
74 | \fB-ac\fP | |
75 | Automatically calibrate filtering options (default: false) | |
76 | .TP | |
77 | .B | |
78 | \fB-acc\fP | |
79 | Custom auto-calibration string. Can be used multiple times. Implies \fB-ac\fP | |
80 | .TP | |
81 | .B | |
82 | \fB-c\fP | |
83 | Colorize output. (default: false) | |
84 | .TP | |
85 | .B | |
86 | \fB-maxtime\fP | |
87 | Maximum running time in seconds. (default: 0) | |
88 | .TP | |
89 | .B | |
90 | \fB-p\fP | |
91 | Seconds of 'delay' between requests, or a range of random delay. For example "0.1" or "0.1-2.0" | |
92 | .TP | |
93 | .B | |
94 | \fB-s\fP | |
95 | Do not print additional information (silent mode) (default: false) | |
96 | .TP | |
97 | .B | |
98 | \fB-sa\fP | |
99 | Stop on all error cases. Implies \fB-sf\fP and \fB-se\fP. (default: false) | |
100 | .TP | |
101 | .B | |
102 | \fB-se\fP | |
103 | Stop on spurious errors (default: false) | |
104 | .TP | |
105 | .B | |
106 | \fB-sf\fP | |
107 | Stop when > 95% of responses return 403 Forbidden (default: false) | |
108 | .TP | |
109 | .B | |
110 | \fB-t\fP | |
111 | Number of concurrent threads. (default: 40) | |
112 | .TP | |
113 | .B | |
114 | \fB-v\fP | |
115 | Verbose output, printing full URL and redirect location (if any) with the results. (default: false) | |
116 | .RE | |
117 | .PP | |
118 | MATCHER OPTIONS: | |
119 | .RS | |
120 | .TP | |
121 | .B | |
122 | \fB-mc\fP | |
123 | Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403) | |
124 | .TP | |
125 | .B | |
126 | \fB-ml\fP | |
127 | Match amount of lines in response | |
128 | .TP | |
129 | .B | |
130 | \fB-mr\fP | |
131 | Match regexp | |
132 | .TP | |
133 | .B | |
134 | \fB-ms\fP | |
135 | Match HTTP response size | |
136 | .TP | |
137 | .B | |
138 | \fB-mw\fP | |
139 | Match amount of words in response | |
140 | .RE | |
141 | .PP | |
142 | FILTER OPTIONS: | |
143 | .RS | |
144 | .TP | |
145 | .B | |
146 | \fB-fc\fP | |
147 | Filter HTTP status codes from response. Comma separated list of codes and ranges | |
148 | .TP | |
149 | .B | |
150 | \fB-fl\fP | |
151 | Filter by amount of lines in response. Comma separated list of line counts and ranges | |
152 | .TP | |
153 | .B | |
154 | \fB-fr\fP | |
155 | Filter regexp | |
156 | .TP | |
157 | .B | |
158 | \fB-fs\fP | |
159 | Filter HTTP response size. Comma separated list of sizes and ranges | |
160 | .TP | |
161 | .B | |
162 | \fB-fw\fP | |
163 | Filter by amount of words in response. Comma separated list of word counts and ranges | |
164 | .RE | |
165 | .PP | |
166 | INPUT OPTIONS: | |
167 | .RS | |
168 | .TP | |
169 | .B | |
170 | \fB-D\fP | |
171 | DirSearch wordlist compatibility mode. Used in conjunction with \fB-e\fP flag. (default: false) | |
172 | .TP | |
173 | .B | |
174 | \fB-e\fP | |
175 | Comma separated list of extensions. Extends FUZZ keyword. | |
176 | .TP | |
177 | .B | |
178 | \fB-ic\fP | |
179 | Ignore wordlist comments (default: false) | |
180 | .TP | |
181 | .B | |
182 | \fB-input-cmd\fP | |
183 | Command producing the input. \fB--input-num\fP is required when using this input method. Overrides \fB-w\fP. | |
184 | .TP | |
185 | .B | |
186 | \fB-input-num\fP | |
187 | Number of inputs to test. Used in conjunction with \fB--input-cmd\fP. (default: 100) | |
188 | .TP | |
189 | .B | |
190 | \fB-mode\fP | |
191 | Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb) | |
192 | .TP | |
193 | .B | |
194 | \fB-request\fP | |
195 | File containing the raw http request | |
196 | .TP | |
197 | .B | |
198 | \fB-request-proto\fP | |
199 | Protocol to use along with raw request (default: https) | |
200 | .TP | |
201 | .B | |
202 | \fB-w\fP | |
203 | Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD' | |
204 | .RE | |
205 | .PP | |
206 | OUTPUT OPTIONS: | |
207 | .RS | |
208 | .TP | |
209 | .B | |
210 | \fB-debug-log\fP | |
211 | Write all of the internal logging to the specified file. | |
212 | .TP | |
213 | .B | |
214 | \fB-o\fP | |
215 | Write output to file | |
216 | .TP | |
217 | .B | |
218 | \fB-od\fP | |
219 | Directory path to store matched results to. | |
220 | .TP | |
221 | .B | |
222 | \fB-of\fP | |
223 | Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json) | |
224 | .RE | |
225 | .PP | |
226 | .SH EXAMPLE USAGE: | |
227 | Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42. | |
228 | Colored, verbose output. | |
229 | \fBffuf\fP \fB-w\fP wordlist.txt \fB-u\fP https://example.org/FUZZ \fB-mc\fP all \fB-fs\fP 42 \fB-c\fP \fB-v\fP | |
230 | .RS | |
231 | .PP | |
232 | Fuzz Host-header, match HTTP 200 responses. | |
233 | \fBffuf\fP \fB-w\fP hosts.txt \fB-u\fP https://example.org/ \fB-H\fP "Host: FUZZ" \fB-mc\fP 200 | |
234 | .PP | |
235 | Fuzz POST JSON data. Match all responses not containing text "error". | |
236 | \fBffuf\fP \fB-w\fP entries.txt \fB-u\fP https://example.org/ \fB-X\fP POST \fB-H\fP "Content-Type: application/json" \ | |
237 | \fB-d\fP '{"name": "FUZZ", "anotherkey": "anothervalue"}' \fB-fr\fP "error" | |
238 | .PP | |
239 | Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored. | |
240 | \fBffuf\fP \fB-w\fP params.txt:PARAM \fB-w\fP values.txt:VAL \fB-u\fP https://example.org/?PARAM=VAL \fB-mr\fP "VAL" \fB-c\fP | |
241 | .PP | |
242 | More information and examples: https://github.com/\fBffuf\fP/\fBffuf\fP | |
243 | .PP | |
244 | .SH AUTHOR | |
245 | This manual page was written based on the author's README by Pedro Loami Barbosa dos Santos <[email protected]> for the Debian project (but may be used by others). | |
246 |
0 | debian/ffuf.1 |
0 | [DEFAULT] | |
1 | debian-branch = kali/master | |
2 | debian-tag = kali/%(version)s | |
3 | pristine-tar = True | |
4 | ||
5 | [pq] | |
6 | patch-numbers = False | |
7 | ||
8 | [dch] | |
9 | multimaint-merge = True | |
10 | ||
11 | [import-dsc] | |
12 | debian-branch = debian/master | |
13 | debian-tag = debian/%(version)s |
0 | # Author: Pedro Loami Barbosa dos Santos <[email protected]> | |
1 | # Date: May 11 2020 | |
2 | # Description: Fix spelling on /pkg/ffuf/multierror.go | |
3 | Index: ffuf-1.0.2/pkg/ffuf/multierror.go | |
4 | =================================================================== | |
5 | --- ffuf-1.0.2.orig/pkg/ffuf/multierror.go | |
6 | +++ ffuf-1.0.2/pkg/ffuf/multierror.go | |
7 | @@ -20,7 +20,7 @@ func (m *Multierror) Add(err error) { | |
8 | func (m *Multierror) ErrorOrNil() error { | |
9 | var errString string | |
10 | if len(m.errors) > 0 { | |
11 | - errString += fmt.Sprintf("%d errors occured.\n", len(m.errors)) | |
12 | + errString += fmt.Sprintf("%d errors occurred.\n", len(m.errors)) | |
13 | for _, e := range m.errors { | |
14 | errString += fmt.Sprintf("\t* %s\n", e) | |
15 | } |
0 | 10-fix-spelling.patch |
0 | #!/usr/bin/make -f | |
1 | ||
2 | %: | |
3 | dh $@ --builddirectory=_build --buildsystem=golang --with=golang | |
4 | ||
5 | override_dh_auto_build: | |
6 | # Pass build flags for the Kali exclusive version | |
7 | dh_auto_build -- -ldflags="-X 'github.com/ffuf/ffuf/pkg/ffuf.VERSION_APPENDIX= Kali Exclusive <3'" | |
8 | ||
9 | override_dh_auto_install: | |
10 | dh_auto_install -- --no-source |
0 | --- | |
1 | include: | |
2 | - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml | |
3 | - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml |
0 | 3.0 (quilt) |
0 | Test-Command: ffuf -w debian/tests/files/test-fuzz-list.txt -u https://www.debian.org/FUZZ | |
1 | Depends: @ | |
2 | Restrictions: allow-stderr |