Merge pull request #321 from hahwul/dev

v2.6.1
hahwul · Dec 1, 2021 · 4ac6e1f · 4ac6e1f
2 parents 9ab9e6f + 741f6c0
commit 4ac6e1f
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 28 deletions.
diff --git a/lib/func.go b/lib/func.go
@@ -56,6 +56,11 @@ func Initialize(target Target, options Options) model.Options {
 		RemoteWordlists:   "",
 		OnlyPoC:           "",
 		OutputAll:         false,
+		PoCType:           "",
+		Sequence:          -1,
+		UseHeadless:       true,
+		UseDeepDXSS:       false,
+		WAFEvasion:        false,
 	}
 	if len(options.UniqParam) > 0 {
 		for _, v := range options.UniqParam {
@@ -133,6 +138,40 @@ func Initialize(target Target, options Options) model.Options {
 	if options.RemoteWordlists != "" {
 		newOptions.RemoteWordlists = options.RemoteWordlists
 	}
+	if options.PoCType != "" {
+		newOptions.PoCType = options.PoCType
+	}
+	if options.CustomPayloadFile != "" {
+		newOptions.CustomPayloadFile = options.CustomPayloadFile
+	}
+	if options.OutputFile != "" {
+		newOptions.OutputFile = options.OutputFile
+	}
+	if options.FoundAction != "" {
+		newOptions.FoundAction = options.FoundAction
+	}
+	if options.FoundActionShell != "" {
+		newOptions.FoundActionShell = options.FoundActionShell
+	}
+	if options.OutputFile != "" {
+		newOptions.OutputFile = options.OutputFile
+	}
+	if options.OnlyCustomPayload == true {
+		newOptions.OnlyCustomPayload = true
+	}
+	if options.UseHeadless == false {
+		newOptions.UseHeadless = false
+	}
+	if options.UseDeepDXSS == true {
+		newOptions.UseDeepDXSS = true
+	}
+	if options.WAFEvasion == true {
+		newOptions.WAFEvasion = true
+	}
+	if options.Sequence != -1 {
+		newOptions.Sequence = options.Sequence
+	}
+
 	return newOptions
 }
 

diff --git a/lib/func_test.go b/lib/func_test.go
@@ -32,6 +32,7 @@ func TestInitialize(t *testing.T) {
 		NoGrep:           true,
 		RemotePayloads:   "portswigger",
 		RemoteWordlists:  "burp",
+		PoCType:          "curl",
 	}
 	target := dalfox.Target{
 		URL:     "https://www.hahwul.com",

diff --git a/lib/interface.go b/lib/interface.go
@@ -8,30 +8,40 @@ import (
 
 // Options is dalfox options for lib
 type Options struct {
-	UniqParam        []string `json:"param"`
-	Cookie           string   `json:"cookie"`
-	Header           []string `json:"header"`
-	BlindURL         string   `json:"blind"`
-	CustomAlertValue string   `json:"custom-alert-value"`
-	CustomAlertType  string   `json:"custom-alert-type"`
-	Data             string   `json:"data"`
-	UserAgent        string   `json:"user-agent"`
-	ProxyAddress     string   `json:"proxy"`
-	Grep             string   `json:"grep"`
-	IgnoreReturn     string   `json:"ignore-return"`
-	Trigger          string   `json:"trigger"`
-	TriggerMethod    string   `json:"request-method"`
-	Timeout          int      `json:"timeout"`
-	Concurrence      int      `json:"worker"`
-	Delay            int      `json:"delay"`
-	OnlyDiscovery    bool     `json:"only-discovery"`
-	FollowRedirect   bool     `json:"follow-redirects"`
-	Mining           bool     `json:"mining-dict"`
-	FindingDOM       bool     `json:"mining-dom"`
-	NoBAV            bool     `json:"no-bav"`
-	NoGrep           bool     `json:"skip-grepping"`
-	RemotePayloads   string
-	RemoteWordlists  string
+	UniqParam         []string `json:"param"`
+	Cookie            string   `json:"cookie"`
+	Header            []string `json:"header"`
+	BlindURL          string   `json:"blind"`
+	CustomPayloadFile string   `json:"custom-payload-file"`
+	CustomAlertValue  string   `json:"custom-alert-value"`
+	CustomAlertType   string   `json:"custom-alert-type"`
+	Data              string   `json:"data"`
+	UserAgent         string   `json:"user-agent"`
+	OutputFile        string   `json:"output"`
+	FoundAction       string   `json:"found-action"`
+	FoundActionShell  string   `json:"found-action-shell"`
+	ProxyAddress      string   `json:"proxy"`
+	Grep              string   `json:"grep"`
+	IgnoreReturn      string   `json:"ignore-return"`
+	Trigger           string   `json:"trigger"`
+	TriggerMethod     string   `json:"request-method"`
+	Sequence          int      `json:"sequence"`
+	Timeout           int      `json:"timeout"`
+	Concurrence       int      `json:"worker"`
+	Delay             int      `json:"delay"`
+	OnlyDiscovery     bool     `json:"only-discovery"`
+	OnlyCustomPayload bool     `json:"only-custom-payload"`
+	FollowRedirect    bool     `json:"follow-redirects"`
+	Mining            bool     `json:"mining-dict"`
+	FindingDOM        bool     `json:"mining-dom"`
+	NoBAV             bool     `json:"no-bav"`
+	NoGrep            bool     `json:"skip-grepping"`
+	UseHeadless       bool     `json:"use-headless"`
+	UseDeepDXSS       bool     `json:"use-deepdxss"`
+	RemotePayloads    string
+	RemoteWordlists   string
+	PoCType           string `json:"poc-type"`
+	WAFEvasion        bool   `json:"waf-evasion"`
 }
 
 // Target is target object

diff --git a/pkg/model/options.go b/pkg/model/options.go
@@ -15,7 +15,7 @@ type Options struct {
 	Header            []string `json:"header"`
 	ConfigFile        string   `json:"config"`
 	BlindURL          string   `json:"blind"`
-	CustomPayloadFile string   `json:""`
+	CustomPayloadFile string   `json:"custom-payload-file"`
 	CustomAlertValue  string   `json:"custom-alert-value"`
 	CustomAlertType   string   `json:"custom-alert-type"`
 	Data              string   `json:"data"`

diff --git a/pkg/printing/version.go b/pkg/printing/version.go
@@ -1,4 +1,4 @@
 package printing
 
 // VERSION is version of dalfox
-const VERSION = "v2.6.0"
+const VERSION = "v2.6.1"
diff --git a/pkg/scanning/sendReq.go b/pkg/scanning/sendReq.go
@@ -1,15 +1,15 @@
 package scanning
 
 import (
+	"compress/gzip"
 	"encoding/json"
 	"errors"
-	"io/ioutil"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
 	"time"
-	"compress/gzip"
 
 	"github.com/hahwul/dalfox/v2/pkg/model"
 	"github.com/hahwul/dalfox/v2/pkg/optimization"