From 768867c93b76c1edcbefd35e0b51506395b65382 Mon Sep 17 00:00:00 2001 From: Steve Pinkham Date: Fri, 20 Aug 2010 17:38:17 -0400 Subject: [PATCH] 1.57b: Splash screen added (grr). --- ChangeLog | 5 ++++ Makefile | 2 +- config.h | 2 ++ database.c | 8 +++--- database.h | 5 ++++ skipfish.c | 78 +++++++++++++++++++++++++++++++++++++++++++++--------- 6 files changed, 82 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index d2fa944..514481a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Version 1.57b: +-------------- + + - Splash screen added (grr). + Version 1.56b: -------------- diff --git a/Makefile b/Makefile index 280c0d7..afe6f8a 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ # PROGNAME = skipfish -VERSION = 1.56b +VERSION = 1.57b OBJFILES = http_client.c database.c crawler.c analysis.c report.c INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \ diff --git a/config.h b/config.h index 76f0e4a..aaa1ddb 100644 --- a/config.h +++ b/config.h @@ -25,6 +25,8 @@ #define USE_COLOR 1 /* Use terminal colors */ +#define SHOW_SPLASH 1 /* Annoy user with a splash screen */ + /* Default paths to runtime files: */ #define ASSETS_DIR "assets" diff --git a/database.c b/database.c index 68fb566..f755516 100644 --- a/database.c +++ b/database.c @@ -75,10 +75,10 @@ static u32 keyword_cnt[WORD_HASH]; /* Per-bucket keyword counts */ static u8 **extension, /* Extension list */ **guess; /* Keyword candidate list */ -static u32 guess_cnt, /* Number of keyword candidates */ - extension_cnt, /* Number of extensions */ - keyword_total_cnt, /* Current keyword count */ - keyword_orig_cnt; /* At-boot keyword count */ +u32 guess_cnt, /* Number of keyword candidates */ + extension_cnt, /* Number of extensions */ + keyword_total_cnt, /* Current keyword count */ + keyword_orig_cnt; /* At-boot keyword count */ static u32 cur_xss_id, scan_id; /* Stored XSS manager IDs */ static struct http_request** xss_req; /* Stored XSS manager req cache */ diff --git a/database.h b/database.h index 64aa740..806e89c 100644 --- a/database.h +++ b/database.h @@ -335,6 +335,11 @@ extern u32 max_depth, max_trylist, max_guesses; +extern u32 guess_cnt, + extension_cnt, + keyword_total_cnt, + keyword_orig_cnt; + /* Check if the URL is permitted under current rules (0 = no, 1 = yes): */ u8 url_allowed_host(struct http_request* req); diff --git a/skipfish.c b/skipfish.c index 544a9c8..e9813e7 100644 --- a/skipfish.c +++ b/skipfish.c @@ -55,7 +55,25 @@ const char* malloc_options = "jz"; const char* _malloc_options = "jz"; -void usage(char* argv0) { +/* Ctrl-C handler... */ + +static u8 stop_soon, clear_screen; + +static void ctrlc_handler(int sig) { + stop_soon = 1; +} + + +/* Screen resizing handler. */ + +static void resize_handler(int sig) { + clear_screen = 1; +} + + +/* Usage info. */ + +static void usage(char* argv0) { SAY("Usage: %s [ options ... ] -o output_dir start_url [ start_url2 ... ]\n\n" "Authentication and access options:\n\n" @@ -123,20 +141,50 @@ void usage(char* argv0) { } -/* Ctrl-C handler... */ +/* Welcome screen. */ -static u8 stop_soon, clear_screen; +#ifdef SHOW_SPLASH +void splash_screen(void) { + char keybuf[8]; + u32 time_cnt = 0; -static void ctrlc_handler(int sig) { - stop_soon = 1; -} - - -/* Screen resizing handler. */ - -static void resize_handler(int sig) { - clear_screen = 1; + SAY("\x1b[H\x1b[J"); + + SAY(cBRI "Welcome to " cYEL "skipfish" cBRI ". Here are some useful tips:\n\n" + + "1) To abort the scan at any time, press " cCYA "Ctrl-C" cBRI ". A partial report will be written\n" + " to the specified location. To view a list of currently scanned URLs, you can\n" + " press " cCYA "space" cBRI " at any time during the scan.\n\n" + + "2) Watch the number requests per second shown on the main screen. If this figure\n" + " drops below 100-200, the scan will likely take a very long time.\n\n" + + "3) The scanner does not auto-limit the scope of the scan; on complex sites, you\n" + " may need to specify locations to exclude, or limit brute-force steps.\n\n" + + "4) There are several new releases of the scanner every month. If you run into\n" + " trouble, check for a newer version first, let the author know next.\n\n" + + "More info: " cYEL "http://code.google.com/p/skipfish/wiki/KnownIssues\n\n" cBRI); + + if (!no_fuzz_ext && (keyword_orig_cnt * extension_cnt) > 1000) { + + SAY(cLRD + + "NOTE: The scanner is currently configured for directory brute-force attacks,\n" + "and will make about " cBRI "%u" cLRD " requests per every fuzzable location. If this is\n" + "not what you wanted, stop now and consult the documentation.\n\n", + keyword_orig_cnt * extension_cnt); + + } + + SAY(cLBL "Press any key to continue (or wait 60 seconds)... "); + + while (!stop_soon && fread(keybuf, 1, sizeof(keybuf), stdin) == 0 && time_cnt++ < 600) + usleep(100000); + } +#endif /* SHOW_SPLASH */ /* Main entry point */ @@ -449,8 +497,12 @@ int main(int argc, char** argv) { gettimeofday(&tv, NULL); st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000; +#ifdef SHOW_SPLASH + if (!be_quiet) splash_screen(); +#endif /* SHOW_SPLASH */ + if (!be_quiet) SAY("\x1b[H\x1b[J"); - else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n"); + else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n"); while ((next_from_queue() && !stop_soon) || (!show_once++)) {