mirror/ gobuster
1
1
Fork 0
mirror of https://github.com/OJ/gobuster.git synced 2024-05-13 12:56:03 +02:00
Code Issues

Compare commits

base: mirror:d627152cb865686f10914cac11871e23553b65eb
Branches Tags
mirror:master
mirror:dev
mirror:dependabot/go_modules/golang.org/x/crypto-0.17.0
mirror:v3.6.0
mirror:v3.5.0
mirror:v3.4.0
mirror:v3.3.0
mirror:v3.2.0
mirror:v3.1.0
mirror:v3.0.1
mirror:v3.0.0
mirror:v2.0.1
mirror:v2.0.0
mirror:v1.4.2
mirror:v1.4.1
mirror:v1.4
mirror:v1.3
mirror:v1.2
mirror:v1.1
mirror:v1.0
mirror:v0.9
mirror:v0.7
mirror:v0.8
...
compare: mirror:17c761893822009010e46c726112192ae593db82
Branches Tags
mirror:dev
mirror:master
mirror:dependabot/go_modules/golang.org/x/crypto-0.17.0
mirror:v3.6.0
mirror:v3.5.0
mirror:v3.4.0
mirror:v3.3.0
mirror:v3.2.0
mirror:v3.1.0
mirror:v3.0.1
mirror:v3.0.0
mirror:v2.0.1
mirror:v2.0.0
mirror:v1.4.2
mirror:v1.4.1
mirror:v1.4
mirror:v1.3
mirror:v1.2
mirror:v1.1
mirror:v1.0
mirror:v0.9
mirror:v0.7
mirror:v0.8

2 Commits
d627152cb8 ... 17c7618938

Author SHA1 Message Date
Christian Mehlmauer 17c7618938 add changelog entry 2024-03-09 17:26:21 +01:00
Christian Mehlmauer 7335c31227 add warning for #317 2024-03-09 17:25:23 +01:00
2 changed files with 10 additions and 0 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -42,6 +42,7 @@ All funds that are donated to this project will be donated to charity. A full lo
- allow fuzzing of Host header in fuzz mode
- automatically disable progress output when output is redirected
- fix extra special characters when run with `--no-progress`
- warn when using vhost mode with a proxy and http based urls as this might not work as expected
## 3.6

9
cli/vhost/vhost.go
View File

@ -2,6 +2,7 @@ package vhost
import (
"fmt"
"strings"
internalcli "github.com/OJ/gobuster/v3/cli"
"github.com/OJ/gobuster/v3/gobustervhost"
@ -28,6 +29,7 @@ func getFlags() []cli.Flag {
&cli.StringFlag{Name: "exclude-length", Aliases: []string{"xl"}, Usage: "exclude the following content lengths. You can separate multiple lengths by comma and it also supports ranges like 203-206"},
&cli.StringFlag{Name: "exclude-status", Aliases: []string{"xs"}, Usage: "exclude the following status codes. Can also handle ranges like 200,300-400,404.", Value: ""},
&cli.StringFlag{Name: "domain", Aliases: []string{"do"}, Usage: "the domain to append when using an IP address as URL. If left empty and you specify a domain based URL the hostname from the URL is extracted"},
&cli.BoolFlag{Name: "force", Value: false, Usage: "Force execution even when result is not guaranteed."},
}...)
return flags
@ -64,6 +66,13 @@ func run(c *cli.Context) error {
return err
}
force := c.Bool("force")
if !force &&
(strings.HasPrefix(pluginOpts.Proxy, "http://") || strings.HasPrefix(pluginOpts.Proxy, "https://")) &&
strings.HasPrefix(pluginOpts.URL, "http://") {
return fmt.Errorf("VHOST mode does not work with a http proxy when using plain text http urls as golang strictly adheres to the http standard. This results in always sending the requests to the IP of the VHOST domain instead of the specified target. See https://github.com/golang/go/issues/30775 for example. You need to either disable the proxy, use a https based url or use the --force switch to continue. When using --force you may need to do some rewrites in your proxy to get the expected result.")
}
log := libgobuster.NewLogger(globalOpts.Debug)
plugin, err := gobustervhost.New(&globalOpts, pluginOpts, log)