From 3bb230056c3d64a6e427352548580a86153ae50d Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer <105281+firefart@users.noreply.github.com> Date: Mon, 19 Dec 2022 11:47:58 +0100 Subject: [PATCH] Dev (#379) * update to go 1.17 * more go 1.17 updates * update sponsors * update makefile * gitignore * remove todo * Fixed errors mixing with progress in stderr by removing progress string with \r * Added --retry option for dir, fuzz, s3 and vhost modes * first dev version * wording * fix retries * update help text * first work for #298 allow for a totalrequests change from within a plugin * use defer * ignore invalid control character urls * add goreleaser * gitignore * output color, better status printing * more color output * fix nil panics * Added support for Google Cloud Storage (GCS) bucket scanning. The scanning finds all public buckets listable by anonymous users * fix gcs module * update readme * go 1.18 * go mod tidy * makefile * readme * readme * better error message * use generics for set * use the new netip type * update version * colors * cspell * improve readability of GobusterVhost (#334) * improve readability of GobusterVhost * fix for the merge side effect * lint * update * update * more work * remove unused method * retries * colored output * Closes issue #349 (#356) * fix version * Closes issue #349 Co-authored-by: firefart * Closes issue #315 (#359) * Closes issue #315 * Syntax fix * support mtls * readme * check for fuzz keyword * allow for http header fuzzing * better description * new option to not canonicalize header names * basic auth fuzzing * fix typo in vhost command (#361) * update * check error * error handling * dev * enable tls1.0 and 1.1 support * Bump golang.org/x/term from 0.1.0 to 0.2.0 (#369) Bumps [golang.org/x/term](https://github.com/golang/term) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/golang/term/releases) - [Commits](https://github.com/golang/term/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/crypto from 0.1.0 to 0.2.0 (#368) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Adds LF after the work end (#373) * typo * Reformat: Add `\n` after the end Co-authored-by: firefart <105281+firefart@users.noreply.github.com> * Bump golang.org/x/crypto from 0.2.0 to 0.3.0 (#374) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#376) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3.1.0 to 3.2.0 (#377) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add tftp mode * better output on tftp mode * Bump goreleaser/goreleaser-action from 3 to 4 (#378) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3 to 4. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3...v4) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * readme Signed-off-by: dependabot[bot] Co-authored-by: alexmozzhakov <5459149+alexmozzhakov@users.noreply.github.com> Co-authored-by: Nicolas Lykke Iversen Co-authored-by: Neal Caffery Co-authored-by: n30nx <22144985+n30nx@users.noreply.github.com> Co-authored-by: IPv4v6 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: _Magenta_ <0_magenta_0@mail.ru> --- .github/workflows/go.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/release.yml | 4 +- README.md | 7 +- cli/cmd/tftp.go | 78 +++++++++++++++ cli/gobuster.go | 1 + go.mod | 10 +- go.sum | 23 +++-- gobustertftp/gobustertftp.go | 142 ++++++++++++++++++++++++++++ gobustertftp/options.go | 16 ++++ gobustertftp/result.go | 46 +++++++++ libgobuster/http.go | 2 + libgobuster/version.go | 2 +- 13 files changed, 318 insertions(+), 17 deletions(-) create mode 100644 cli/cmd/tftp.go create mode 100644 gobustertftp/gobustertftp.go create mode 100644 gobustertftp/options.go create mode 100644 gobustertftp/result.go diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0912b24..9e7c348 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,7 +14,7 @@ jobs: go-version: ${{ matrix.go }} - name: Check out code - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 - name: build cache uses: actions/cache@v3 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 37705a0..5ed4a1f 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -5,7 +5,7 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v3.2.0 - uses: actions/setup-go@v3 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f0dfa84..dfb7a73 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.2.0 with: fetch-depth: 0 - name: Fetch all tags @@ -23,7 +23,7 @@ jobs: with: go-version: 1.19 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v3 + uses: goreleaser/goreleaser-action@v4 with: distribution: goreleaser version: latest diff --git a/README.md b/README.md index d469b93..9b5e4cf 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Gobuster v3.2.0 +# Gobuster Gobuster is a tool used to brute-force: @@ -22,6 +22,11 @@ All funds that are donated to this project will be donated to charity. A full lo # Changes +## 3.4 + +- Enable TLS1.0 and TLS1.1 support +- Add TFTP mode to search for files on tftp servers + ## 3.3 - Support TLS client certificates / mtls diff --git a/cli/cmd/tftp.go b/cli/cmd/tftp.go new file mode 100644 index 0000000..a7ddfed --- /dev/null +++ b/cli/cmd/tftp.go @@ -0,0 +1,78 @@ +package cmd + +import ( + "fmt" + "log" + "strings" + "time" + + "github.com/OJ/gobuster/v3/cli" + "github.com/OJ/gobuster/v3/gobustertftp" + "github.com/OJ/gobuster/v3/libgobuster" + "github.com/spf13/cobra" +) + +// nolint:gochecknoglobals +var cmdTFTP *cobra.Command + +func runTFTP(cmd *cobra.Command, args []string) error { + globalopts, pluginopts, err := parseTFTPOptions() + if err != nil { + return fmt.Errorf("error on parsing arguments: %w", err) + } + + plugin, err := gobustertftp.NewGobusterTFTP(globalopts, pluginopts) + if err != nil { + return fmt.Errorf("error on creating gobustertftp: %w", err) + } + + if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil { + return fmt.Errorf("error on running gobuster: %w", err) + } + return nil +} + +func parseTFTPOptions() (*libgobuster.Options, *gobustertftp.OptionsTFTP, error) { + globalopts, err := parseGlobalOptions() + if err != nil { + return nil, nil, err + } + pluginOpts := gobustertftp.NewOptionsTFTP() + + pluginOpts.Server, err = cmdTFTP.Flags().GetString("server") + if err != nil { + return nil, nil, fmt.Errorf("invalid value for domain: %w", err) + } + + if !strings.Contains(pluginOpts.Server, ":") { + pluginOpts.Server = fmt.Sprintf("%s:69", pluginOpts.Server) + } + + pluginOpts.Timeout, err = cmdTFTP.Flags().GetDuration("timeout") + if err != nil { + return nil, nil, fmt.Errorf("invalid value for timeout: %w", err) + } + + return globalopts, pluginOpts, nil +} + +// nolint:gochecknoinits +func init() { + cmdTFTP = &cobra.Command{ + Use: "tftp", + Short: "Uses TFTP enumeration mode", + RunE: runTFTP, + } + + cmdTFTP.Flags().StringP("server", "s", "", "The target TFTP server") + cmdTFTP.Flags().DurationP("timeout", "", time.Second, "TFTP timeout") + if err := cmdTFTP.MarkFlagRequired("server"); err != nil { + log.Fatalf("error on marking flag as required: %v", err) + } + + cmdTFTP.PersistentPreRun = func(cmd *cobra.Command, args []string) { + configureGlobalOptions() + } + + rootCmd.AddCommand(cmdTFTP) +} diff --git a/cli/gobuster.go b/cli/gobuster.go index 0918ea6..e04a4d2 100644 --- a/cli/gobuster.go +++ b/cli/gobuster.go @@ -87,6 +87,7 @@ func progressWorker(ctx context.Context, g *libgobuster.Gobuster, wg *sync.WaitG } } case <-ctx.Done(): + fmt.Println() return } } diff --git a/go.mod b/go.mod index 47a38df..65695bc 100644 --- a/go.mod +++ b/go.mod @@ -5,15 +5,17 @@ go 1.19 require ( github.com/fatih/color v1.13.0 github.com/google/uuid v1.3.0 + github.com/pin/tftp/v3 v3.0.0 github.com/spf13/cobra v1.6.1 - golang.org/x/crypto v0.1.0 - golang.org/x/term v0.1.0 + golang.org/x/crypto v0.4.0 + golang.org/x/term v0.3.0 ) require ( - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.16 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/sys v0.1.0 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/sys v0.3.0 // indirect ) diff --git a/go.sum b/go.sum index 521e1a5..0c42543 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,9 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= @@ -12,20 +13,28 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/pin/tftp/v3 v3.0.0 h1:o9cQpmWBSbgiaYXuN+qJAB12XBIv4dT7OuOONucn2l0= +github.com/pin/tftp/v3 v3.0.0/go.mod h1:xwQaN4viYL019tM4i8iecm++5cGxSqen6AJEOEyEI0w= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/gobustertftp/gobustertftp.go b/gobustertftp/gobustertftp.go new file mode 100644 index 0000000..3598391 --- /dev/null +++ b/gobustertftp/gobustertftp.go @@ -0,0 +1,142 @@ +package gobustertftp + +import ( + "bufio" + "bytes" + "context" + "fmt" + "strings" + "text/tabwriter" + + "github.com/OJ/gobuster/v3/libgobuster" + + "github.com/pin/tftp/v3" +) + +// GobusterTFTP is the main type to implement the interface +type GobusterTFTP struct { + globalopts *libgobuster.Options + options *OptionsTFTP +} + +// NewGobusterTFTP creates a new initialized NewGobusterTFTP +func NewGobusterTFTP(globalopts *libgobuster.Options, opts *OptionsTFTP) (*GobusterTFTP, error) { + if globalopts == nil { + return nil, fmt.Errorf("please provide valid global options") + } + + if opts == nil { + return nil, fmt.Errorf("please provide valid plugin options") + } + + g := GobusterTFTP{ + options: opts, + globalopts: globalopts, + } + return &g, nil +} + +// Name should return the name of the plugin +func (d *GobusterTFTP) Name() string { + return "TFTP enumeration" +} + +// PreRun is the pre run implementation of gobustertftp +func (d *GobusterTFTP) PreRun(ctx context.Context) error { + _, err := tftp.NewClient(d.options.Server) + if err != nil { + return err + } + return nil +} + +// ProcessWord is the process implementation of gobustertftp +func (d *GobusterTFTP) ProcessWord(ctx context.Context, word string, progress *libgobuster.Progress) error { + c, err := tftp.NewClient(d.options.Server) + if err != nil { + return err + } + c.SetTimeout(d.options.Timeout) + wt, err := c.Receive(word, "octet") + if err != nil { + // file not found + if d.globalopts.Verbose { + progress.ResultChan <- Result{ + Filename: word, + Found: false, + ErrorMessage: err.Error(), + } + } + + return nil + } + result := Result{ + Filename: word, + Found: true, + } + if n, ok := wt.(tftp.IncomingTransfer).Size(); ok { + result.Size = n + } + progress.ResultChan <- result + return nil +} + +func (d *GobusterTFTP) AdditionalWords(word string) []string { + return []string{} +} + +// GetConfigString returns the string representation of the current config +func (d *GobusterTFTP) GetConfigString() (string, error) { + var buffer bytes.Buffer + bw := bufio.NewWriter(&buffer) + tw := tabwriter.NewWriter(bw, 0, 5, 3, ' ', 0) + o := d.options + + if _, err := fmt.Fprintf(tw, "[+] Server:\t%s\n", o.Server); err != nil { + return "", err + } + + if _, err := fmt.Fprintf(tw, "[+] Threads:\t%d\n", d.globalopts.Threads); err != nil { + return "", err + } + + if d.globalopts.Delay > 0 { + if _, err := fmt.Fprintf(tw, "[+] Delay:\t%s\n", d.globalopts.Delay); err != nil { + return "", err + } + } + + if _, err := fmt.Fprintf(tw, "[+] Timeout:\t%s\n", o.Timeout.String()); err != nil { + return "", err + } + + wordlist := "stdin (pipe)" + if d.globalopts.Wordlist != "-" { + wordlist = d.globalopts.Wordlist + } + if _, err := fmt.Fprintf(tw, "[+] Wordlist:\t%s\n", wordlist); err != nil { + return "", err + } + + if d.globalopts.PatternFile != "" { + if _, err := fmt.Fprintf(tw, "[+] Patterns:\t%s (%d entries)\n", d.globalopts.PatternFile, len(d.globalopts.Patterns)); err != nil { + return "", err + } + } + + if d.globalopts.Verbose { + if _, err := fmt.Fprintf(tw, "[+] Verbose:\ttrue\n"); err != nil { + return "", err + } + } + + if err := tw.Flush(); err != nil { + return "", fmt.Errorf("error on tostring: %w", err) + } + + if err := bw.Flush(); err != nil { + return "", fmt.Errorf("error on tostring: %w", err) + } + + return strings.TrimSpace(buffer.String()), nil +} diff --git a/gobustertftp/options.go b/gobustertftp/options.go new file mode 100644 index 0000000..af23ccd --- /dev/null +++ b/gobustertftp/options.go @@ -0,0 +1,16 @@ +package gobustertftp + +import ( + "time" +) + +// OptionsTFTP holds all options for the tftp plugin +type OptionsTFTP struct { + Server string + Timeout time.Duration +} + +// NewOptionsTFTP returns a new initialized OptionsTFTP +func NewOptionsTFTP() *OptionsTFTP { + return &OptionsTFTP{} +} diff --git a/gobustertftp/result.go b/gobustertftp/result.go new file mode 100644 index 0000000..1b77737 --- /dev/null +++ b/gobustertftp/result.go @@ -0,0 +1,46 @@ +package gobustertftp + +import ( + "bytes" + "fmt" + + "github.com/fatih/color" +) + +var ( + red = color.New(color.FgRed).FprintfFunc() + green = color.New(color.FgGreen).FprintfFunc() +) + +// Result represents a single result +type Result struct { + Filename string + Found bool + Size int64 + ErrorMessage string +} + +// ResultToString converts the Result to it's textual representation +func (r Result) ResultToString() (string, error) { + buf := &bytes.Buffer{} + + if r.Found { + green(buf, "Found: ") + if _, err := fmt.Fprintf(buf, "%s", r.Filename); err != nil { + return "", err + } + if r.Size > 0 { + if _, err := fmt.Fprintf(buf, " [%d]", r.Size); err != nil { + return "", err + } + } + } else { + red(buf, "Missed: ") + if _, err := fmt.Fprintf(buf, "%s - %s", r.Filename, r.ErrorMessage); err != nil { + return "", err + } + } + + s := buf.String() + return s, nil +} diff --git a/libgobuster/http.go b/libgobuster/http.go index 8b8648c..a069693 100644 --- a/libgobuster/http.go +++ b/libgobuster/http.go @@ -70,6 +70,8 @@ func NewHTTPClient(opt *HTTPOptions) (*HTTPClient, error) { tlsConfig := tls.Config{ InsecureSkipVerify: opt.NoTLSValidation, + // enable TLS1.0 and TLS1.1 support + MinVersion: tls.VersionTLS10, } if opt.TLSCertificate != nil { tlsConfig.Certificates = []tls.Certificate{*opt.TLSCertificate} diff --git a/libgobuster/version.go b/libgobuster/version.go index f0e3c1f..05f8e67 100644 --- a/libgobuster/version.go +++ b/libgobuster/version.go @@ -2,5 +2,5 @@ package libgobuster const ( // VERSION contains the current gobuster version - VERSION = "3.3" + VERSION = "3.4" )