From 16df4ad2adc31da12849cc94685fc8623e454958 Mon Sep 17 00:00:00 2001 From: Timo Mueller Date: Mon, 8 Jun 2020 13:31:09 +0000 Subject: [PATCH 1/2] Added option to include the raw response within the json output --- README.md | 1 + cmd/httpx/httpx.go | 10 +++++++++- cmd/httpx/options.go | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dd556b5..013699e 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ This will display help for the tool. Here are all the switches it supports. | -verbose | Verbose Mode | httpx -verbose | | -version | Prints current version of the httpx | httpx -version | | -x | Request Method (default 'GET') | httpx -x HEAD | +| -response-in-stdout | Include response in stdout (only works with -json) | httpx -response-in-stdout | # Installation Instructions diff --git a/cmd/httpx/httpx.go b/cmd/httpx/httpx.go index 45892e7..9976a75 100644 --- a/cmd/httpx/httpx.go +++ b/cmd/httpx/httpx.go @@ -55,6 +55,7 @@ func main() { scanopts.StoreResponseDirectory = options.StoreResponseDir scanopts.Method = options.Method scanopts.OutputServerHeader = options.OutputServerHeader + scanopts.ResponseInStdout = options.responseInStdout // Try to create output folder if it doesnt exist if options.StoreResponse && options.StoreResponseDir != "" && options.StoreResponseDir != "." { @@ -178,6 +179,7 @@ type scanOptions struct { StoreResponse bool StoreResponseDirectory string OutputServerHeader bool + ResponseInStdout bool } func analyze(hp *httpx.HTTPX, protocol string, domain string, port int, scanopts *scanOptions, output chan Result) { @@ -243,6 +245,11 @@ retry: builder.WriteString(fmt.Sprintf(" [%s]", serverHeader)) } + var serverResponseRaw = "" + if scanopts.ResponseInStdout { + serverResponseRaw = resp.Raw + } + // check for virtual host isvhost := false if scanopts.VHost { @@ -262,7 +269,7 @@ retry: } } - output <- Result{URL: fullURL, ContentLength: resp.ContentLength, StatusCode: resp.StatusCode, Title: title, str: builder.String(), VHost: isvhost, WebServer: serverHeader} + output <- Result{URL: fullURL, ContentLength: resp.ContentLength, StatusCode: resp.StatusCode, Title: title, str: builder.String(), VHost: isvhost, WebServer: serverHeader, Response: serverResponseRaw} } // Result of a scan @@ -275,6 +282,7 @@ type Result struct { err error VHost bool `json:"vhost"` WebServer string `json:"webserver"` + Response string `json:"serverResponse,omitempty"` } // JSON the result diff --git a/cmd/httpx/options.go b/cmd/httpx/options.go index 481bf58..1d67d0b 100644 --- a/cmd/httpx/options.go +++ b/cmd/httpx/options.go @@ -37,6 +37,7 @@ type Options struct { Verbose bool NoColor bool OutputServerHeader bool + responseInStdout bool } // ParseOptions parses the command line options for application @@ -65,6 +66,7 @@ func ParseOptions() *Options { flag.BoolVar(&options.Verbose, "verbose", false, "Verbose Mode") flag.BoolVar(&options.NoColor, "no-color", false, "No Color") flag.BoolVar(&options.OutputServerHeader, "web-server", false, "Prints out the Server header content") + flag.BoolVar(&options.responseInStdout, "response-in-stdout", false, "Server response directly in the tool output (-json only)") flag.Parse() // Read the inputs and configure the logging From f9305765d6955dcb1dd5e90a4891d65ef05de5ac Mon Sep 17 00:00:00 2001 From: Timo Mueller Date: Mon, 8 Jun 2020 13:38:03 +0000 Subject: [PATCH 2/2] Changed flag name --- cmd/httpx/options.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/httpx/options.go b/cmd/httpx/options.go index 1d67d0b..9ce13bf 100644 --- a/cmd/httpx/options.go +++ b/cmd/httpx/options.go @@ -66,7 +66,7 @@ func ParseOptions() *Options { flag.BoolVar(&options.Verbose, "verbose", false, "Verbose Mode") flag.BoolVar(&options.NoColor, "no-color", false, "No Color") flag.BoolVar(&options.OutputServerHeader, "web-server", false, "Prints out the Server header content") - flag.BoolVar(&options.responseInStdout, "response-in-stdout", false, "Server response directly in the tool output (-json only)") + flag.BoolVar(&options.responseInStdout, "response-in-json", false, "Server response directly in the tool output (-json only)") flag.Parse() // Read the inputs and configure the logging