1.57b: Splash screen added (grr).
This commit is contained in:
parent
5d4c67bd53
commit
768867c93b
|
@ -1,3 +1,8 @@
|
|||
Version 1.57b:
|
||||
--------------
|
||||
|
||||
- Splash screen added (grr).
|
||||
|
||||
Version 1.56b:
|
||||
--------------
|
||||
|
||||
|
|
2
Makefile
2
Makefile
|
@ -20,7 +20,7 @@
|
|||
#
|
||||
|
||||
PROGNAME = skipfish
|
||||
VERSION = 1.56b
|
||||
VERSION = 1.57b
|
||||
|
||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||
|
|
2
config.h
2
config.h
|
@ -25,6 +25,8 @@
|
|||
|
||||
#define USE_COLOR 1 /* Use terminal colors */
|
||||
|
||||
#define SHOW_SPLASH 1 /* Annoy user with a splash screen */
|
||||
|
||||
/* Default paths to runtime files: */
|
||||
|
||||
#define ASSETS_DIR "assets"
|
||||
|
|
|
@ -75,10 +75,10 @@ static u32 keyword_cnt[WORD_HASH]; /* Per-bucket keyword counts */
|
|||
static u8 **extension, /* Extension list */
|
||||
**guess; /* Keyword candidate list */
|
||||
|
||||
static u32 guess_cnt, /* Number of keyword candidates */
|
||||
extension_cnt, /* Number of extensions */
|
||||
keyword_total_cnt, /* Current keyword count */
|
||||
keyword_orig_cnt; /* At-boot keyword count */
|
||||
u32 guess_cnt, /* Number of keyword candidates */
|
||||
extension_cnt, /* Number of extensions */
|
||||
keyword_total_cnt, /* Current keyword count */
|
||||
keyword_orig_cnt; /* At-boot keyword count */
|
||||
|
||||
static u32 cur_xss_id, scan_id; /* Stored XSS manager IDs */
|
||||
static struct http_request** xss_req; /* Stored XSS manager req cache */
|
||||
|
|
|
@ -335,6 +335,11 @@ extern u32 max_depth,
|
|||
max_trylist,
|
||||
max_guesses;
|
||||
|
||||
extern u32 guess_cnt,
|
||||
extension_cnt,
|
||||
keyword_total_cnt,
|
||||
keyword_orig_cnt;
|
||||
|
||||
/* Check if the URL is permitted under current rules (0 = no, 1 = yes): */
|
||||
|
||||
u8 url_allowed_host(struct http_request* req);
|
||||
|
|
78
skipfish.c
78
skipfish.c
|
@ -55,7 +55,25 @@ const char* malloc_options = "jz";
|
|||
const char* _malloc_options = "jz";
|
||||
|
||||
|
||||
void usage(char* argv0) {
|
||||
/* Ctrl-C handler... */
|
||||
|
||||
static u8 stop_soon, clear_screen;
|
||||
|
||||
static void ctrlc_handler(int sig) {
|
||||
stop_soon = 1;
|
||||
}
|
||||
|
||||
|
||||
/* Screen resizing handler. */
|
||||
|
||||
static void resize_handler(int sig) {
|
||||
clear_screen = 1;
|
||||
}
|
||||
|
||||
|
||||
/* Usage info. */
|
||||
|
||||
static void usage(char* argv0) {
|
||||
SAY("Usage: %s [ options ... ] -o output_dir start_url [ start_url2 ... ]\n\n"
|
||||
|
||||
"Authentication and access options:\n\n"
|
||||
|
@ -123,20 +141,50 @@ void usage(char* argv0) {
|
|||
}
|
||||
|
||||
|
||||
/* Ctrl-C handler... */
|
||||
/* Welcome screen. */
|
||||
|
||||
static u8 stop_soon, clear_screen;
|
||||
#ifdef SHOW_SPLASH
|
||||
void splash_screen(void) {
|
||||
char keybuf[8];
|
||||
u32 time_cnt = 0;
|
||||
|
||||
static void ctrlc_handler(int sig) {
|
||||
stop_soon = 1;
|
||||
}
|
||||
|
||||
|
||||
/* Screen resizing handler. */
|
||||
|
||||
static void resize_handler(int sig) {
|
||||
clear_screen = 1;
|
||||
SAY("\x1b[H\x1b[J");
|
||||
|
||||
SAY(cBRI "Welcome to " cYEL "skipfish" cBRI ". Here are some useful tips:\n\n"
|
||||
|
||||
"1) To abort the scan at any time, press " cCYA "Ctrl-C" cBRI ". A partial report will be written\n"
|
||||
" to the specified location. To view a list of currently scanned URLs, you can\n"
|
||||
" press " cCYA "space" cBRI " at any time during the scan.\n\n"
|
||||
|
||||
"2) Watch the number requests per second shown on the main screen. If this figure\n"
|
||||
" drops below 100-200, the scan will likely take a very long time.\n\n"
|
||||
|
||||
"3) The scanner does not auto-limit the scope of the scan; on complex sites, you\n"
|
||||
" may need to specify locations to exclude, or limit brute-force steps.\n\n"
|
||||
|
||||
"4) There are several new releases of the scanner every month. If you run into\n"
|
||||
" trouble, check for a newer version first, let the author know next.\n\n"
|
||||
|
||||
"More info: " cYEL "http://code.google.com/p/skipfish/wiki/KnownIssues\n\n" cBRI);
|
||||
|
||||
if (!no_fuzz_ext && (keyword_orig_cnt * extension_cnt) > 1000) {
|
||||
|
||||
SAY(cLRD
|
||||
|
||||
"NOTE: The scanner is currently configured for directory brute-force attacks,\n"
|
||||
"and will make about " cBRI "%u" cLRD " requests per every fuzzable location. If this is\n"
|
||||
"not what you wanted, stop now and consult the documentation.\n\n",
|
||||
keyword_orig_cnt * extension_cnt);
|
||||
|
||||
}
|
||||
|
||||
SAY(cLBL "Press any key to continue (or wait 60 seconds)... ");
|
||||
|
||||
while (!stop_soon && fread(keybuf, 1, sizeof(keybuf), stdin) == 0 && time_cnt++ < 600)
|
||||
usleep(100000);
|
||||
|
||||
}
|
||||
#endif /* SHOW_SPLASH */
|
||||
|
||||
|
||||
/* Main entry point */
|
||||
|
@ -449,8 +497,12 @@ int main(int argc, char** argv) {
|
|||
gettimeofday(&tv, NULL);
|
||||
st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000;
|
||||
|
||||
#ifdef SHOW_SPLASH
|
||||
if (!be_quiet) splash_screen();
|
||||
#endif /* SHOW_SPLASH */
|
||||
|
||||
if (!be_quiet) SAY("\x1b[H\x1b[J");
|
||||
else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");
|
||||
else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");
|
||||
|
||||
while ((next_from_queue() && !stop_soon) || (!show_once++)) {
|
||||
|
||||
|
|
Loading…
Reference in New Issue