mirror of
https://github.com/projectdiscovery/httpx.git
synced 2024-08-16 13:00:24 +03:00
Merge pull request #1761 from projectdiscovery/support_multiple_values
Support multiple values
This commit is contained in:
commit
e432123e95
104
README.md
104
README.md
@ -95,27 +95,28 @@ INPUT:
|
||||
-u, -target string[] input target host(s) to probe
|
||||
|
||||
PROBES:
|
||||
-sc, -status-code display response status-code
|
||||
-cl, -content-length display response content-length
|
||||
-ct, -content-type display response content-type
|
||||
-location display response redirect location
|
||||
-favicon display mmh3 hash for '/favicon.ico' file
|
||||
-hash string display response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)
|
||||
-jarm display jarm fingerprint hash
|
||||
-rt, -response-time display response time
|
||||
-lc, -line-count display response body line count
|
||||
-wc, -word-count display response body word count
|
||||
-title display page title
|
||||
-bp, -body-preview display first N characters of response body (default 100)
|
||||
-server, -web-server display server name
|
||||
-td, -tech-detect display technology in use based on wappalyzer dataset
|
||||
-method display http request method
|
||||
-websocket display server using websocket
|
||||
-ip display host ip
|
||||
-cname display host cname
|
||||
-asn display host asn information
|
||||
-cdn display cdn/waf in use (default true)
|
||||
-probe display probe status
|
||||
-sc, -status-code display response status-code
|
||||
-cl, -content-length display response content-length
|
||||
-ct, -content-type display response content-type
|
||||
-location display response redirect location
|
||||
-favicon display mmh3 hash for '/favicon.ico' file
|
||||
-hash string display response body hash (supported: md5,mmh3,simhash,sha1,sha256,sha512)
|
||||
-jarm display jarm fingerprint hash
|
||||
-rt, -response-time display response time
|
||||
-lc, -line-count display response body line count
|
||||
-wc, -word-count display response body word count
|
||||
-title display page title
|
||||
-bp, -body-preview display first N characters of response body (default 100)
|
||||
-server, -web-server display server name
|
||||
-td, -tech-detect display technology in use based on wappalyzer dataset
|
||||
-method display http request method
|
||||
-websocket display server using websocket
|
||||
-ip display host ip
|
||||
-cname display host cname
|
||||
-extract-fqdn, -efqdn get domain and subdomains from response body and header in jsonl/csv output
|
||||
-asn display host asn information
|
||||
-cdn display cdn/waf in use (default true)
|
||||
-probe display probe status
|
||||
|
||||
HEADLESS:
|
||||
-ss, -screenshot enable saving screenshot of the page using headless browser
|
||||
@ -131,15 +132,15 @@ MATCHERS:
|
||||
-mlc, -match-line-count string match response body with specified line count (-mlc 423,532)
|
||||
-mwc, -match-word-count string match response body with specified word count (-mwc 43,55)
|
||||
-mfc, -match-favicon string[] match response with specified favicon hash (-mfc 1494302000)
|
||||
-ms, -match-string string match response with specified string (-ms admin)
|
||||
-mr, -match-regex string match response with specified regex (-mr admin)
|
||||
-ms, -match-string string[] match response with specified string (-ms admin)
|
||||
-mr, -match-regex string[] match response with specified regex (-mr admin)
|
||||
-mcdn, -match-cdn string[] match host with specified cdn provider (cloudfront, fastly, google, leaseweb, stackpath)
|
||||
-mrt, -match-response-time string match response with specified response time in seconds (-mrt '< 1')
|
||||
-mdc, -match-condition string match response with dsl expression condition
|
||||
|
||||
EXTRACTOR:
|
||||
-er, -extract-regex string[] display response content with matched regex
|
||||
-ep, -extract-preset string[] display response content matched by a pre-defined regex (mail,url,ipv4)
|
||||
-ep, -extract-preset string[] display response content matched by a pre-defined regex (url,ipv4,mail)
|
||||
|
||||
FILTERS:
|
||||
-fc, -filter-code string filter response with specified status code (-fc 403,401)
|
||||
@ -148,8 +149,8 @@ FILTERS:
|
||||
-flc, -filter-line-count string filter response body with specified line count (-flc 423,532)
|
||||
-fwc, -filter-word-count string filter response body with specified word count (-fwc 423,532)
|
||||
-ffc, -filter-favicon string[] filter response with specified favicon hash (-ffc 1494302000)
|
||||
-fs, -filter-string string filter response with specified string (-fs admin)
|
||||
-fe, -filter-regex string filter response with specified regex (-fe admin)
|
||||
-fs, -filter-string string[] filter response with specified string (-fs admin)
|
||||
-fe, -filter-regex string[] filter response with specified regex (-fe admin)
|
||||
-fcdn, -filter-cdn string[] filter host with specified cdn provider (cloudfront, fastly, google, leaseweb, stackpath)
|
||||
-frt, -filter-response-time string filter response with specified response time in seconds (-frt '> 1')
|
||||
-fdc, -filter-condition string filter response with dsl expression condition
|
||||
@ -193,31 +194,32 @@ OUTPUT:
|
||||
-pr, -protocol string protocol to use (unknown, http11)
|
||||
|
||||
CONFIGURATIONS:
|
||||
-config string path to the httpx configuration file (default $HOME/.config/httpx/config.yaml)
|
||||
-auth configure projectdiscovery cloud (pdcp) api key (default true)
|
||||
-r, -resolvers string[] list of custom resolver (file or comma separated)
|
||||
-allow string[] allowed list of IP/CIDR's to process (file or comma separated)
|
||||
-deny string[] denied list of IP/CIDR's to process (file or comma separated)
|
||||
-sni, -sni-name string custom TLS SNI name
|
||||
-random-agent enable Random User-Agent to use (default true)
|
||||
-H, -header string[] custom http headers to send with request
|
||||
-http-proxy, -proxy string http proxy to use (eg http://127.0.0.1:8080)
|
||||
-unsafe send raw requests skipping golang normalization
|
||||
-resume resume scan using resume.cfg
|
||||
-fr, -follow-redirects follow http redirects
|
||||
-maxr, -max-redirects int max number of redirects to follow per host (default 10)
|
||||
-fhr, -follow-host-redirects follow redirects on the same host
|
||||
-rhsts, -respect-hsts respect HSTS response headers for redirect requests
|
||||
-vhost-input get a list of vhosts as input
|
||||
-x string request methods to probe, use 'all' to probe all HTTP methods
|
||||
-body string post body to include in http request
|
||||
-s, -stream stream mode - start elaborating input targets without sorting
|
||||
-sd, -skip-dedupe disable dedupe input items (only used with stream mode)
|
||||
-ldp, -leave-default-ports leave default http/https ports in host header (eg. http://host:80 - https://host:443
|
||||
-ztls use ztls library with autofallback to standard one for tls13
|
||||
-no-decode avoid decoding body
|
||||
-tlsi, -tls-impersonate enable experimental client hello (ja3) tls randomization
|
||||
-no-stdin Disable Stdin processing
|
||||
-config string path to the httpx configuration file (default $HOME/.config/httpx/config.yaml)
|
||||
-auth configure projectdiscovery cloud (pdcp) api key (default true)
|
||||
-r, -resolvers string[] list of custom resolver (file or comma separated)
|
||||
-allow string[] allowed list of IP/CIDR's to process (file or comma separated)
|
||||
-deny string[] denied list of IP/CIDR's to process (file or comma separated)
|
||||
-sni, -sni-name string custom TLS SNI name
|
||||
-random-agent enable Random User-Agent to use (default true)
|
||||
-H, -header string[] custom http headers to send with request
|
||||
-http-proxy, -proxy string http proxy to use (eg http://127.0.0.1:8080)
|
||||
-unsafe send raw requests skipping golang normalization
|
||||
-resume resume scan using resume.cfg
|
||||
-fr, -follow-redirects follow http redirects
|
||||
-maxr, -max-redirects int max number of redirects to follow per host (default 10)
|
||||
-fhr, -follow-host-redirects follow redirects on the same host
|
||||
-rhsts, -respect-hsts respect HSTS response headers for redirect requests
|
||||
-vhost-input get a list of vhosts as input
|
||||
-x string request methods to probe, use 'all' to probe all HTTP methods
|
||||
-body string post body to include in http request
|
||||
-s, -stream stream mode - start elaborating input targets without sorting
|
||||
-sd, -skip-dedupe disable dedupe input items (only used with stream mode)
|
||||
-ldp, -leave-default-ports leave default http/https ports in host header (eg. http://host:80 - https://host:443
|
||||
-ztls use ztls library with autofallback to standard one for tls13
|
||||
-no-decode avoid decoding body
|
||||
-tlsi, -tls-impersonate enable experimental client hello (ja3) tls randomization
|
||||
-no-stdin Disable Stdin processing
|
||||
-hae, -http-api-endpoint string experimental http api endpoint
|
||||
|
||||
DEBUG:
|
||||
-health-check, -hc run diagnostic check up
|
||||
|
@ -180,16 +180,16 @@ type Options struct {
|
||||
InputRawRequest string
|
||||
rawRequest string
|
||||
RequestBody string
|
||||
OutputFilterString string
|
||||
OutputMatchString string
|
||||
OutputFilterRegex string
|
||||
OutputMatchRegex string
|
||||
OutputFilterString goflags.StringSlice
|
||||
OutputMatchString goflags.StringSlice
|
||||
OutputFilterRegex goflags.StringSlice
|
||||
OutputMatchRegex goflags.StringSlice
|
||||
Retries int
|
||||
Threads int
|
||||
Timeout int
|
||||
Delay time.Duration
|
||||
filterRegex *regexp.Regexp
|
||||
matchRegex *regexp.Regexp
|
||||
filterRegexes []*regexp.Regexp
|
||||
matchRegexes []*regexp.Regexp
|
||||
VHost bool
|
||||
VHostInput bool
|
||||
Smuggling bool
|
||||
@ -359,8 +359,8 @@ func ParseOptions() *Options {
|
||||
flagSet.StringVarP(&options.OutputMatchLinesCount, "match-line-count", "mlc", "", "match response body with specified line count (-mlc 423,532)"),
|
||||
flagSet.StringVarP(&options.OutputMatchWordsCount, "match-word-count", "mwc", "", "match response body with specified word count (-mwc 43,55)"),
|
||||
flagSet.StringSliceVarP(&options.OutputMatchFavicon, "match-favicon", "mfc", nil, "match response with specified favicon hash (-mfc 1494302000)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringVarP(&options.OutputMatchString, "match-string", "ms", "", "match response with specified string (-ms admin)"),
|
||||
flagSet.StringVarP(&options.OutputMatchRegex, "match-regex", "mr", "", "match response with specified regex (-mr admin)"),
|
||||
flagSet.StringSliceVarP(&options.OutputMatchString, "match-string", "ms", nil, "match response with specified string (-ms admin)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringSliceVarP(&options.OutputMatchRegex, "match-regex", "mr", nil, "match response with specified regex (-mr admin)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringSliceVarP(&options.OutputMatchCdn, "match-cdn", "mcdn", nil, fmt.Sprintf("match host with specified cdn provider (%s)", cdncheck.DefaultCDNProviders), goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringVarP(&options.OutputMatchResponseTime, "match-response-time", "mrt", "", "match response with specified response time in seconds (-mrt '< 1')"),
|
||||
flagSet.StringVarP(&options.OutputMatchCondition, "match-condition", "mdc", "", "match response with dsl expression condition"),
|
||||
@ -378,8 +378,8 @@ func ParseOptions() *Options {
|
||||
flagSet.StringVarP(&options.OutputFilterLinesCount, "filter-line-count", "flc", "", "filter response body with specified line count (-flc 423,532)"),
|
||||
flagSet.StringVarP(&options.OutputFilterWordsCount, "filter-word-count", "fwc", "", "filter response body with specified word count (-fwc 423,532)"),
|
||||
flagSet.StringSliceVarP(&options.OutputFilterFavicon, "filter-favicon", "ffc", nil, "filter response with specified favicon hash (-ffc 1494302000)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringVarP(&options.OutputFilterString, "filter-string", "fs", "", "filter response with specified string (-fs admin)"),
|
||||
flagSet.StringVarP(&options.OutputFilterRegex, "filter-regex", "fe", "", "filter response with specified regex (-fe admin)"),
|
||||
flagSet.StringSliceVarP(&options.OutputFilterString, "filter-string", "fs", nil, "filter response with specified string (-fs admin)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringSliceVarP(&options.OutputFilterRegex, "filter-regex", "fe", nil, "filter response with specified regex (-fe admin)", goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringSliceVarP(&options.OutputFilterCdn, "filter-cdn", "fcdn", nil, fmt.Sprintf("filter host with specified cdn provider (%s)", cdncheck.DefaultCDNProviders), goflags.NormalizedStringSliceOptions),
|
||||
flagSet.StringVarP(&options.OutputFilterResponseTime, "filter-response-time", "frt", "", "filter response with specified response time in seconds (-frt '> 1')"),
|
||||
flagSet.StringVarP(&options.OutputFilterCondition, "filter-condition", "fdc", "", "filter response with dsl expression condition"),
|
||||
@ -610,16 +610,22 @@ func (options *Options) ValidateOptions() error {
|
||||
if options.filterContentLength, err = stringz.StringToSliceInt(options.OutputFilterContentLength); err != nil {
|
||||
return errors.Wrap(err, "Invalid value for filter content length option")
|
||||
}
|
||||
if options.OutputFilterRegex != "" {
|
||||
if options.filterRegex, err = regexp.Compile(options.OutputFilterRegex); err != nil {
|
||||
for _, filterRegexStr := range options.OutputFilterRegex {
|
||||
filterRegex, err := regexp.Compile(filterRegexStr)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "Invalid value for regex filter option")
|
||||
}
|
||||
options.filterRegexes = append(options.filterRegexes, filterRegex)
|
||||
}
|
||||
if options.OutputMatchRegex != "" {
|
||||
if options.matchRegex, err = regexp.Compile(options.OutputMatchRegex); err != nil {
|
||||
|
||||
for _, matchRegexStr := range options.OutputMatchRegex {
|
||||
matchRegex, err := regexp.Compile(matchRegexStr)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "Invalid value for match regex option")
|
||||
}
|
||||
options.matchRegexes = append(options.matchRegexes, matchRegex)
|
||||
}
|
||||
|
||||
if options.matchLinesCount, err = stringz.StringToSliceInt(options.OutputMatchLinesCount); err != nil {
|
||||
return errors.Wrap(err, "Invalid value for match lines count option")
|
||||
}
|
||||
|
@ -846,10 +846,19 @@ func (r *Runner) RunEnumeration() {
|
||||
if len(r.options.filterWordsCount) > 0 && sliceutil.Contains(r.options.filterWordsCount, resp.Words) {
|
||||
continue
|
||||
}
|
||||
if r.options.filterRegex != nil && r.options.filterRegex.MatchString(resp.Raw) {
|
||||
continue
|
||||
if r.options.filterRegexes != nil {
|
||||
shouldContinue := false
|
||||
for _, filterRegex := range r.options.filterRegexes {
|
||||
if filterRegex.MatchString(resp.Raw) {
|
||||
shouldContinue = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if shouldContinue {
|
||||
continue
|
||||
}
|
||||
}
|
||||
if r.options.OutputFilterString != "" && stringsutil.ContainsAnyI(resp.Raw, r.options.OutputFilterString) {
|
||||
if len(r.options.OutputFilterString) > 0 && stringsutil.EqualFoldAny(resp.Raw, r.options.OutputFilterString...) {
|
||||
continue
|
||||
}
|
||||
if len(r.options.OutputFilterFavicon) > 0 && stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputFilterFavicon...) {
|
||||
@ -861,10 +870,19 @@ func (r *Runner) RunEnumeration() {
|
||||
if len(r.options.matchContentLength) > 0 && !sliceutil.Contains(r.options.matchContentLength, resp.ContentLength) {
|
||||
continue
|
||||
}
|
||||
if r.options.matchRegex != nil && !r.options.matchRegex.MatchString(resp.Raw) {
|
||||
continue
|
||||
if r.options.matchRegexes != nil {
|
||||
shouldContinue := false
|
||||
for _, matchRegex := range r.options.matchRegexes {
|
||||
if !matchRegex.MatchString(resp.Raw) {
|
||||
shouldContinue = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if shouldContinue {
|
||||
continue
|
||||
}
|
||||
}
|
||||
if r.options.OutputMatchString != "" && !stringsutil.ContainsAnyI(resp.Raw, r.options.OutputMatchString) {
|
||||
if len(r.options.OutputMatchString) > 0 && !stringsutil.ContainsAnyI(resp.Raw, r.options.OutputMatchString...) {
|
||||
continue
|
||||
}
|
||||
if len(r.options.OutputMatchFavicon) > 0 && !stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputMatchFavicon...) {
|
||||
|
Loading…
Reference in New Issue
Block a user