1.57b: Splash screen added (grr).
This commit is contained in:
parent
5d4c67bd53
commit
768867c93b
|
@ -1,3 +1,8 @@
|
||||||
|
Version 1.57b:
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- Splash screen added (grr).
|
||||||
|
|
||||||
Version 1.56b:
|
Version 1.56b:
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -20,7 +20,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
PROGNAME = skipfish
|
PROGNAME = skipfish
|
||||||
VERSION = 1.56b
|
VERSION = 1.57b
|
||||||
|
|
||||||
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
OBJFILES = http_client.c database.c crawler.c analysis.c report.c
|
||||||
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
|
||||||
|
|
2
config.h
2
config.h
|
@ -25,6 +25,8 @@
|
||||||
|
|
||||||
#define USE_COLOR 1 /* Use terminal colors */
|
#define USE_COLOR 1 /* Use terminal colors */
|
||||||
|
|
||||||
|
#define SHOW_SPLASH 1 /* Annoy user with a splash screen */
|
||||||
|
|
||||||
/* Default paths to runtime files: */
|
/* Default paths to runtime files: */
|
||||||
|
|
||||||
#define ASSETS_DIR "assets"
|
#define ASSETS_DIR "assets"
|
||||||
|
|
|
@ -75,10 +75,10 @@ static u32 keyword_cnt[WORD_HASH]; /* Per-bucket keyword counts */
|
||||||
static u8 **extension, /* Extension list */
|
static u8 **extension, /* Extension list */
|
||||||
**guess; /* Keyword candidate list */
|
**guess; /* Keyword candidate list */
|
||||||
|
|
||||||
static u32 guess_cnt, /* Number of keyword candidates */
|
u32 guess_cnt, /* Number of keyword candidates */
|
||||||
extension_cnt, /* Number of extensions */
|
extension_cnt, /* Number of extensions */
|
||||||
keyword_total_cnt, /* Current keyword count */
|
keyword_total_cnt, /* Current keyword count */
|
||||||
keyword_orig_cnt; /* At-boot keyword count */
|
keyword_orig_cnt; /* At-boot keyword count */
|
||||||
|
|
||||||
static u32 cur_xss_id, scan_id; /* Stored XSS manager IDs */
|
static u32 cur_xss_id, scan_id; /* Stored XSS manager IDs */
|
||||||
static struct http_request** xss_req; /* Stored XSS manager req cache */
|
static struct http_request** xss_req; /* Stored XSS manager req cache */
|
||||||
|
|
|
@ -335,6 +335,11 @@ extern u32 max_depth,
|
||||||
max_trylist,
|
max_trylist,
|
||||||
max_guesses;
|
max_guesses;
|
||||||
|
|
||||||
|
extern u32 guess_cnt,
|
||||||
|
extension_cnt,
|
||||||
|
keyword_total_cnt,
|
||||||
|
keyword_orig_cnt;
|
||||||
|
|
||||||
/* Check if the URL is permitted under current rules (0 = no, 1 = yes): */
|
/* Check if the URL is permitted under current rules (0 = no, 1 = yes): */
|
||||||
|
|
||||||
u8 url_allowed_host(struct http_request* req);
|
u8 url_allowed_host(struct http_request* req);
|
||||||
|
|
78
skipfish.c
78
skipfish.c
|
@ -55,7 +55,25 @@ const char* malloc_options = "jz";
|
||||||
const char* _malloc_options = "jz";
|
const char* _malloc_options = "jz";
|
||||||
|
|
||||||
|
|
||||||
void usage(char* argv0) {
|
/* Ctrl-C handler... */
|
||||||
|
|
||||||
|
static u8 stop_soon, clear_screen;
|
||||||
|
|
||||||
|
static void ctrlc_handler(int sig) {
|
||||||
|
stop_soon = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Screen resizing handler. */
|
||||||
|
|
||||||
|
static void resize_handler(int sig) {
|
||||||
|
clear_screen = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Usage info. */
|
||||||
|
|
||||||
|
static void usage(char* argv0) {
|
||||||
SAY("Usage: %s [ options ... ] -o output_dir start_url [ start_url2 ... ]\n\n"
|
SAY("Usage: %s [ options ... ] -o output_dir start_url [ start_url2 ... ]\n\n"
|
||||||
|
|
||||||
"Authentication and access options:\n\n"
|
"Authentication and access options:\n\n"
|
||||||
|
@ -123,20 +141,50 @@ void usage(char* argv0) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Ctrl-C handler... */
|
/* Welcome screen. */
|
||||||
|
|
||||||
static u8 stop_soon, clear_screen;
|
#ifdef SHOW_SPLASH
|
||||||
|
void splash_screen(void) {
|
||||||
|
char keybuf[8];
|
||||||
|
u32 time_cnt = 0;
|
||||||
|
|
||||||
static void ctrlc_handler(int sig) {
|
SAY("\x1b[H\x1b[J");
|
||||||
stop_soon = 1;
|
|
||||||
}
|
SAY(cBRI "Welcome to " cYEL "skipfish" cBRI ". Here are some useful tips:\n\n"
|
||||||
|
|
||||||
|
"1) To abort the scan at any time, press " cCYA "Ctrl-C" cBRI ". A partial report will be written\n"
|
||||||
/* Screen resizing handler. */
|
" to the specified location. To view a list of currently scanned URLs, you can\n"
|
||||||
|
" press " cCYA "space" cBRI " at any time during the scan.\n\n"
|
||||||
static void resize_handler(int sig) {
|
|
||||||
clear_screen = 1;
|
"2) Watch the number requests per second shown on the main screen. If this figure\n"
|
||||||
|
" drops below 100-200, the scan will likely take a very long time.\n\n"
|
||||||
|
|
||||||
|
"3) The scanner does not auto-limit the scope of the scan; on complex sites, you\n"
|
||||||
|
" may need to specify locations to exclude, or limit brute-force steps.\n\n"
|
||||||
|
|
||||||
|
"4) There are several new releases of the scanner every month. If you run into\n"
|
||||||
|
" trouble, check for a newer version first, let the author know next.\n\n"
|
||||||
|
|
||||||
|
"More info: " cYEL "http://code.google.com/p/skipfish/wiki/KnownIssues\n\n" cBRI);
|
||||||
|
|
||||||
|
if (!no_fuzz_ext && (keyword_orig_cnt * extension_cnt) > 1000) {
|
||||||
|
|
||||||
|
SAY(cLRD
|
||||||
|
|
||||||
|
"NOTE: The scanner is currently configured for directory brute-force attacks,\n"
|
||||||
|
"and will make about " cBRI "%u" cLRD " requests per every fuzzable location. If this is\n"
|
||||||
|
"not what you wanted, stop now and consult the documentation.\n\n",
|
||||||
|
keyword_orig_cnt * extension_cnt);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
SAY(cLBL "Press any key to continue (or wait 60 seconds)... ");
|
||||||
|
|
||||||
|
while (!stop_soon && fread(keybuf, 1, sizeof(keybuf), stdin) == 0 && time_cnt++ < 600)
|
||||||
|
usleep(100000);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
#endif /* SHOW_SPLASH */
|
||||||
|
|
||||||
|
|
||||||
/* Main entry point */
|
/* Main entry point */
|
||||||
|
@ -449,8 +497,12 @@ int main(int argc, char** argv) {
|
||||||
gettimeofday(&tv, NULL);
|
gettimeofday(&tv, NULL);
|
||||||
st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000;
|
st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000;
|
||||||
|
|
||||||
|
#ifdef SHOW_SPLASH
|
||||||
|
if (!be_quiet) splash_screen();
|
||||||
|
#endif /* SHOW_SPLASH */
|
||||||
|
|
||||||
if (!be_quiet) SAY("\x1b[H\x1b[J");
|
if (!be_quiet) SAY("\x1b[H\x1b[J");
|
||||||
else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");
|
else SAY(cLGN "[*] " cBRI "Scan in progress, please stay tuned...\n");
|
||||||
|
|
||||||
while ((next_from_queue() && !stop_soon) || (!show_once++)) {
|
while ((next_from_queue() && !stop_soon) || (!show_once++)) {
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue