introduce path flag for -fep (#1830)

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2024-10-04 04:47:32 +03:00 · 2024-07-30 19:43:17 +03:00 · 2024-07-30 19:43:17 +03:00 · fe00d47fbf
commit fe00d47fbf
parent 4b5a0eb2b3
3 changed files with 34 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -134,7 +134,7 @@ MATCHERS:
   -mfc, -match-favicon string[]      match response with specified favicon hash (-mfc 1494302000)
   -ms, -match-string string[]        match response with specified string (-ms admin)
   -mr, -match-regex string[]         match response with specified regex (-mr admin)
-   -mcdn, -match-cdn string[]         match host with specified cdn provider (leaseweb, stackpath, cloudfront, fastly, google)
+   -mcdn, -match-cdn string[]         match host with specified cdn provider (cloudfront, fastly, google)
   -mrt, -match-response-time string  match response with specified response time in seconds (-mrt '< 1')
   -mdc, -match-condition string      match response with dsl expression condition

@ -151,7 +151,7 @@ FILTERS:
   -ffc, -filter-favicon string[]      filter response with specified favicon hash (-ffc 1494302000)
   -fs, -filter-string string[]        filter response with specified string (-fs admin)
   -fe, -filter-regex string[]         filter response with specified regex (-fe admin)
-   -fcdn, -filter-cdn string[]         filter host with specified cdn provider (leaseweb, stackpath, cloudfront, fastly, google)
+   -fcdn, -filter-cdn string[]         filter host with specified cdn provider (cloudfront, fastly, google)
   -frt, -filter-response-time string  filter response with specified response time in seconds (-frt '> 1')
   -fdc, -filter-condition string      filter response with dsl expression condition
   -strip                              strips all tags in response. supported formats: html,xml (default html)
@ -178,21 +178,22 @@ UPDATE:
   -duc, -disable-update-check  disable automatic httpx update check

 OUTPUT:
-   -o, -output string                  file to write output results
-   -oa, -output-all                    filename to write output results in all formats
-   -sr, -store-response                store http response to output directory
-   -srd, -store-response-dir string    store http response to custom directory
-   -ob, -omit-body                     omit response body in output
-   -csv                                store output in csv format
-   -csvo, -csv-output-encoding string  define output encoding
-   -j, -json                           store output in JSONL(ines) format
-   -irh, -include-response-header      include http response (headers) in JSON output (-json only)
-   -irr, -include-response             include http request/response (headers + body) in JSON output (-json only)
-   -irrb, -include-response-base64     include base64 encoded http request/response in JSON output (-json only)
-   -include-chain                      include redirect http chain in JSON output (-json only)
-   -store-chain                        include http redirect chain in responses (-sr only)
-   -svrc, -store-vision-recon-cluster  include visual recon clusters (-ss and -sr only)
-   -pr, -protocol string               protocol to use (unknown, http11)
+   -o, -output string                     file to write output results
+   -oa, -output-all                       filename to write output results in all formats
+   -sr, -store-response                   store http response to output directory
+   -srd, -store-response-dir string       store http response to custom directory
+   -ob, -omit-body                        omit response body in output
+   -csv                                   store output in csv format
+   -csvo, -csv-output-encoding string     define output encoding
+   -j, -json                              store output in JSONL(ines) format
+   -irh, -include-response-header         include http response (headers) in JSON output (-json only)
+   -irr, -include-response                include http request/response (headers + body) in JSON output (-json only)
+   -irrb, -include-response-base64        include base64 encoded http request/response in JSON output (-json only)
+   -include-chain                         include redirect http chain in JSON output (-json only)
+   -store-chain                           include http redirect chain in responses (-sr only)
+   -svrc, -store-vision-recon-cluster     include visual recon clusters (-ss and -sr only)
+   -pr, -protocol string                  protocol to use (unknown, http11)
+   -fepp, -filter-error-page-path string  path to store filtered error pages (default "filtered_error_page.json")

 CONFIGURATIONS:
   -config string                   path to the httpx configuration file (default $HOME/.config/httpx/config.yaml)
@ -237,7 +238,7 @@ DEBUG:

 OPTIMIZATIONS:
   -nf, -no-fallback                  display both probed protocol (HTTPS and HTTP)
-   -nfs, -no-fallback-scheme          probe with protocol scheme specified in input
+   -nfs, -no-fallback-scheme          probe with protocol scheme specified in input 
   -maxhr, -max-host-error int        max error count per host before skipping remaining path/s (default 30)
   -e, -exclude string[]              exclude host matching specified filter ('cdn', 'private-ips', cidr, ip, regex)
   -retries int                       number of retries
--- a/runner/options.go
+++ b/runner/options.go
@ -308,6 +308,7 @@ type Options struct {
 	// HeadlessOptionalArguments specifies optional arguments to pass to Chrome
 	HeadlessOptionalArguments goflags.StringSlice
 	Protocol                  string
+	OutputFilterErrorPagePath string
 	// AssetUpload
 	AssetUpload bool
 	// AssetName
@ -447,6 +448,7 @@ func ParseOptions() *Options {
 		flagSet.BoolVar(&options.StoreChain, "store-chain", false, "include http redirect chain in responses (-sr only)"),
 		flagSet.BoolVarP(&options.StoreVisionReconClusters, "store-vision-recon-cluster", "svrc", false, "include visual recon clusters (-ss and -sr only)"),
 		flagSet.StringVarP(&options.Protocol, "protocol", "pr", "", "protocol to use (unknown, http11)"),
+		flagSet.StringVarP(&options.OutputFilterErrorPagePath, "filter-error-page-path", "fepp", "filtered_error_page.json", "path to store filtered error pages"),
 	)

 	flagSet.CreateGroup("configs", "Configurations",
--- a/runner/runner.go
+++ b/runner/runner.go
@ -868,7 +868,7 @@ func (r *Runner) RunEnumeration() {
 			}

 			if r.options.OutputFilterErrorPage && resp.KnowledgeBase["PageType"] == "error" {
-				logFilteredErrorPage(resp.URL)
+				logFilteredErrorPage(r.options.OutputFilterErrorPagePath, resp.URL)
 				continue
 			}
 			if len(r.options.filterStatusCode) > 0 && sliceutil.Contains(r.options.filterStatusCode, resp.StatusCode) {
@ -1251,9 +1251,17 @@ func (r *Runner) RunEnumeration() {
 	}
 }

-func logFilteredErrorPage(url string) {
-	fileName := "filtered_error_page.json"
-	file, err := os.OpenFile(fileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
+func logFilteredErrorPage(fileName, url string) {
+	dir := filepath.Dir(fileName)
+	if !fileutil.FolderExists(dir) {
+		err := fileutil.CreateFolder(dir)
+		if err != nil {
+			gologger.Fatal().Msgf("Could not create directory '%s': %s\n", dir, err)
+			return
+		}
+	}
+
+	file, err := fileutil.OpenOrCreateFile(fileName)
 	if err != nil {
 		gologger.Fatal().Msgf("Could not open/create output file '%s': %s\n", fileName, err)
 		return
@ -1281,6 +1289,7 @@ func logFilteredErrorPage(url string) {
 		return
 	}
 }
+
 func openOrCreateFile(resume bool, filename string) *os.File {
 	var err error
 	var f *os.File