1.57b: Splash screen added (grr).

2010-08-20 17:38:17 -04:00 · 2010-08-20 17:38:17 -04:00 · 768867c93b
parent 5d4c67bd53
commit 768867c93b
6 changed files with 82 additions and 18 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Version 1.57b:
+--------------
+
+  - Splash screen added (grr).
+
 Version 1.56b:
 --------------

--- a/2
+++ b/2
@ -20,7 +20,7 @@
 #

 PROGNAME   = skipfish
-VERSION    = 1.56b
+VERSION    = 1.57b

 OBJFILES   = http_client.c database.c crawler.c analysis.c report.c
 INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
--- a/config.h
+++ b/config.h
@ -25,6 +25,8 @@

 #define USE_COLOR               1       /* Use terminal colors             */

+#define SHOW_SPLASH             1       /* Annoy user with a splash screen */
+
 /* Default paths to runtime files: */

 #define ASSETS_DIR              "assets"
--- a/database.c
+++ b/database.c
@ -75,10 +75,10 @@ static u32 keyword_cnt[WORD_HASH];      /* Per-bucket keyword counts       */
 static u8 **extension,                  /* Extension list                  */
          **guess;                      /* Keyword candidate list          */

-static u32 guess_cnt,                   /* Number of keyword candidates    */
-           extension_cnt,               /* Number of extensions            */
-           keyword_total_cnt,           /* Current keyword count           */
-           keyword_orig_cnt;            /* At-boot keyword count           */
+u32 guess_cnt,                          /* Number of keyword candidates    */
+    extension_cnt,                      /* Number of extensions            */
+    keyword_total_cnt,                  /* Current keyword count           */
+    keyword_orig_cnt;                   /* At-boot keyword count           */

 static u32 cur_xss_id, scan_id;         /* Stored XSS manager IDs          */
 static struct http_request** xss_req;   /* Stored XSS manager req cache    */
--- a/database.h
+++ b/database.h
@ -335,6 +335,11 @@ extern u32 max_depth,
           max_trylist,
           max_guesses;

+extern u32 guess_cnt,
+           extension_cnt,
+           keyword_total_cnt,
+           keyword_orig_cnt;
+
 /* Check if the URL is permitted under current rules (0 = no, 1 = yes): */

 u8 url_allowed_host(struct http_request* req);
--- a/skipfish.c
+++ b/skipfish.c
@ -55,7 +55,25 @@ const char* malloc_options  = "jz";
 const char* _malloc_options = "jz";


-void usage(char* argv0) {
+/* Ctrl-C handler... */
+
+static u8 stop_soon, clear_screen;
+
+static void ctrlc_handler(int sig) {
+  stop_soon = 1;
+}
+
+
+/* Screen resizing handler. */
+
+static void resize_handler(int sig) {
+  clear_screen = 1;
+}
+
+
+/* Usage info. */
+
+static void usage(char* argv0) {
  SAY("Usage: %s [ options ... ] -o output_dir start_url [ start_url2 ... ]\n\n"

      "Authentication and access options:\n\n"
@ -123,20 +141,50 @@ void usage(char* argv0) {
 }


-/* Ctrl-C handler... */
+/* Welcome screen. */

-static u8 stop_soon, clear_screen;
+#ifdef SHOW_SPLASH
+void splash_screen(void) {
+  char keybuf[8];
+  u32  time_cnt = 0;

-static void ctrlc_handler(int sig) {
-  stop_soon = 1;
-}
-
-
-/* Screen resizing handler. */
-
-static void resize_handler(int sig) {
-  clear_screen = 1;
+  SAY("\x1b[H\x1b[J");
+
+  SAY(cBRI "Welcome to " cYEL "skipfish" cBRI ". Here are some useful tips:\n\n"
+
+      "1) To abort the scan at any time, press " cCYA "Ctrl-C" cBRI ". A partial report will be written\n"
+      "   to the specified location. To view a list of currently scanned URLs, you can\n"
+      "   press " cCYA "space" cBRI " at any time during the scan.\n\n"
+
+      "2) Watch the number requests per second shown on the main screen. If this figure\n"
+      "   drops below 100-200, the scan will likely take a very long time.\n\n"
+
+      "3) The scanner does not auto-limit the scope of the scan; on complex sites, you\n"
+      "   may need to specify locations to exclude, or limit brute-force steps.\n\n"
+
+      "4) There are several new releases of the scanner every month. If you run into\n"
+      "   trouble, check for a newer version first, let the author know next.\n\n"
+
+      "More info: " cYEL "http://code.google.com/p/skipfish/wiki/KnownIssues\n\n" cBRI);
+
+  if (!no_fuzz_ext && (keyword_orig_cnt * extension_cnt) > 1000) {
+
+    SAY(cLRD 
+
+        "NOTE: The scanner is currently configured for directory brute-force attacks,\n"
+        "and will make about " cBRI "%u" cLRD " requests per every fuzzable location. If this is\n"
+        "not what you wanted, stop now and consult the documentation.\n\n",
+        keyword_orig_cnt * extension_cnt);
+
+  }
+
+  SAY(cLBL "Press any key to continue (or wait 60 seconds)... ");
+
+  while (!stop_soon && fread(keybuf, 1, sizeof(keybuf), stdin) == 0 && time_cnt++ < 600) 
+    usleep(100000);
+  
 }
+#endif /* SHOW_SPLASH */


 /* Main entry point */
@ -449,8 +497,12 @@ int main(int argc, char** argv) {
  gettimeofday(&tv, NULL);
  st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000;

+#ifdef SHOW_SPLASH
+  if (!be_quiet) splash_screen();
+#endif /* SHOW_SPLASH */
+
  if (!be_quiet) SAY("\x1b[H\x1b[J");
-    else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");
+  else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");

  while ((next_from_queue() && !stop_soon) || (!show_once++)) {