Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pattern flag adds to the number of requests #480

Open
DozyDoh opened this issue Jan 13, 2024 · 1 comment
Open

Pattern flag adds to the number of requests #480

DozyDoh opened this issue Jan 13, 2024 · 1 comment

Comments

@DozyDoh
Copy link

DozyDoh commented Jan 13, 2024

When using -p to provide a file with patterns to be tested, the regular command (without p) is still processed. This adds to the number of requests which might be unnecessary. It would be nice when using -p to only process queries per line in the pattern file, and skip the regular query
@husnain-ce
Copy link

Yes, It should have to be like that.

acammack added a commit to acammack/gobuster that referenced this issue Jan 29, 2025
@acammack
Account for patterns in total tries
d8d3936 
Specifying patterns for the word list will no longer cause progress to
go past 100%. Additionally, the GobusterDir transformations for file
extensions and backups will be applied after pattern expansion.

Fixes OJ#405, OJ#480, and OJ#533
@acammack acammack mentioned this issue Jan 29, 2025
Merged
2 tasks
firefart pushed a commit that referenced this issue Feb 19, 2025
@acammack
Fix progress with patterns and backup discovery (#548)
02b8391 
* Account for patterns in total tries

Specifying patterns for the word list will no longer cause progress to
go past 100%. Additionally, the GobusterDir transformations for file
extensions and backups will be applied after pattern expansion.

Fixes #405, #480, and #533

* Run backup detection on success only

This is done by re-arranging the code from exiting on channel close to
using the contexts and the results counters to signal the end of work
processing. A little more work is needed to prevent infinite loops
caused by devious services/misconfiguration and to expose to the cli the
ability to have patterns run on successful finds.

Fixes #298

* Prioritize stopping when the context is done

From the Go spec:
> If one or more of the communications can proceed, a single one that
> can proceed is chosen via a uniform pseudo-random selection.

Previously, this meant that some indeterminate amount of work could have
been completed after the context's cancel function had been called.

* Prevent recursion of discovery guess

Successful guesses from the wordlist or a pattern will have discovery
patterns generated based on them and successful discovery guesses will
not. Further processing should require human curation to avoid
automatically generating an unbounded amount of traffic.

Also fixes reading the wordlist from standard in by making it more like
reading from a file now that we have dynamic progress updates.

* Add option for arbitrary discovery patterns

* Test only patterns if provided a pattern file

* Update discover pattern option description
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@husnain-ce @DozyDoh