better wildcard checking

2024-05-18 14:26:04 +02:00 · 2019-05-17 14:41:41 +02:00 · 2019-05-17 14:41:41 +02:00 · 6aff466090
parent a42f51f505
commit 6aff466090
7 changed files with 29 additions and 17 deletions
--- a/TODO.md
+++ b/TODO.md
@ -1,4 +1,3 @@
 # TODO

-* return specific errors and do not mention command line switches in libgobuster
-* no log.Printf and fmt.Printf inside libgobuster
+* no log.Printf inside of plugins
--- a/cli/cmd/dir.go
+++ b/cli/cmd/dir.go
@ -25,6 +25,9 @@ func runDir(cmd *cobra.Command, args []string) error {
 	}

 	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+		if err == gobusterdir.ErrWildcard {
+			return fmt.Errorf("the server returns the same status code for every request. To force processing of Wildcard responses, specify the '--wildcard' switch")
+		}
 		return fmt.Errorf("error on running goubster: %v", err)
 	}
 	return nil
--- a/cli/cmd/dns.go
+++ b/cli/cmd/dns.go
@ -26,6 +26,9 @@ func runDNS(cmd *cobra.Command, args []string) error {
 	}

 	if err := cli.Gobuster(mainContext, globalopts, plugin); err != nil {
+		if err == gobusterdns.ErrWildcard {
+			return fmt.Errorf("the DNS Server returned to same IP for every domain. To force processing of Wildcard DNS, specify the '--wildcard' switch")
+		}
 		return fmt.Errorf("error on running goubster: %v", err)
 	}
 	return nil
--- a/cli/cmd/root.go
+++ b/cli/cmd/root.go
@ -13,7 +13,8 @@ import (
 )

 var rootCmd = &cobra.Command{
-	Use: "gobuster",
+	Use:          "gobuster",
+	SilenceUsage: true,
 }

 var mainContext context.Context
--- a/cli/gobuster.go
+++ b/cli/gobuster.go
@ -108,7 +108,7 @@ func Gobuster(prevCtx context.Context, opts *libgobuster.Options, plugin libgobu

 	gobuster, err := libgobuster.NewGobuster(ctx, opts, plugin)
 	if err != nil {
-		log.Fatalf("[!] %v", err)
+		return err
 	}

 	if !opts.Quiet {
@ -118,7 +118,7 @@ func Gobuster(prevCtx context.Context, opts *libgobuster.Options, plugin libgobu
 		ruler()
 		c, err := gobuster.GetConfigString()
 		if err != nil {
-			log.Fatalf("error on creating config string: %v", err)
+			return fmt.Errorf("error on creating config string: %v", err)
 		}
 		fmt.Println(c)
 		ruler()
@ -141,16 +141,19 @@ func Gobuster(prevCtx context.Context, opts *libgobuster.Options, plugin libgobu
 		go progressWorker(ctx, gobuster, &wg)
 	}

-	if err := gobuster.Start(); err != nil {
-		log.Printf("[!] %v", err)
-	}
+	err = gobuster.Start()

 	// call cancel func so progressWorker will exit (the only goroutine in this
 	// file using the context) and to free ressources
 	cancel()
-	// wait for all spun up goroutines to finsih (all have to call wg.Done())
+	// wait for all spun up goroutines to finish (all have to call wg.Done())
 	wg.Wait()

+	// Late error checking to finish all threads
+	if err != nil {
+		return err
+	}
+
 	if !opts.Quiet {
 		gobuster.ClearProgress()
 		ruler()
--- a/gobusterdir/gobusterdir.go
+++ b/gobusterdir/gobusterdir.go
@ -4,8 +4,8 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
-	"log"
 	"strings"
 	"text/tabwriter"

@ -13,6 +13,9 @@ import (
 	"github.com/google/uuid"
 )

+// ErrWildcard is returned if a wildcard response is found
+var ErrWildcard = errors.New("wildcard found")
+
 // GobusterDir is the main type to implement the interface
 type GobusterDir struct {
 	options    *OptionsDir
@ -78,11 +81,8 @@ func (d *GobusterDir) PreRun() error {
 		return err
 	}

-	if d.options.StatusCodesParsed.Contains(*wildcardResp) {
-		log.Printf("[-] Wildcard response found: %s => %d", url, *wildcardResp)
-		if !d.options.WildcardForced {
-			return fmt.Errorf("To force processing of Wildcard responses, specify the '--wildcard' switch.")
-		}
+	if d.options.StatusCodesParsed.Contains(*wildcardResp) && !d.options.WildcardForced {
+		return ErrWildcard
 	}

 	return nil
--- a/gobusterdns/gobusterdns.go
+++ b/gobusterdns/gobusterdns.go
@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"log"
 	"net"
@ -15,6 +16,9 @@ import (
 	"github.com/google/uuid"
 )

+// ErrWildcard is returned if a wildcard response is found
+var ErrWildcard = errors.New("wildcard found")
+
 // GobusterDNS is the main type to implement the interface
 type GobusterDNS struct {
 	resolver    *net.Resolver
@ -69,9 +73,8 @@ func (d *GobusterDNS) PreRun() error {
 	if err == nil {
 		d.isWildcard = true
 		d.wildcardIps.AddRange(wildcardIps)
-		log.Printf("[-] Wildcard DNS found. IP address(es): %s", d.wildcardIps.Stringify())
 		if !d.options.WildcardForced {
-			return fmt.Errorf("To force processing of Wildcard DNS, specify the '--wildcard' switch.")
+			return ErrWildcard
 		}
 	}