From baf9921f425342a2d2dce91f4cd4ab9d706ea63d Mon Sep 17 00:00:00 2001 From: Steve Pinkham Date: Mon, 10 Jan 2011 14:22:09 -0500 Subject: [PATCH] 1.84b: Option -S removed. --- ChangeLog | 5 +++++ Makefile | 2 +- README | 3 +-- database.c | 3 --- database.h | 3 +-- skipfish.1 | 3 --- skipfish.c | 8 +------- 7 files changed, 9 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 69d624e..af4aa88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Version 1.84b: +-------------- + + - Option -S removed. + Version 1.83b: -------------- diff --git a/Makefile b/Makefile index b1e63c1..3f895ed 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ # PROGNAME = skipfish -VERSION = 1.83b +VERSION = 1.84b OBJFILES = http_client.c database.c crawler.c analysis.c report.c INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \ diff --git a/README b/README index aa61f7a..cca6e67 100644 --- a/README +++ b/README @@ -280,8 +280,7 @@ $ ./skipfish -X /logout/logout.aspx ...other parameters... The -X option is also useful for speeding up your scans by excluding /icons/, /doc/, /manuals/, and other standard, mundane locations along these lines. In -general, you can use -X, plus -I (only spider URLs matching a substring) and --S (ignore links on pages where a substring appears in response body) to +general, you can use -X and -I (only spider URLs matching a substring) to limit the scope of a scan any way you like - including restricting it only to a specific protocol and port: diff --git a/database.c b/database.c index 9df417b..f41098e 100644 --- a/database.c +++ b/database.c @@ -39,14 +39,12 @@ struct pivot_desc root_pivot; u8 **deny_urls, /* List of banned URL substrings */ - **deny_strings, /* List of banned page substrings */ **allow_urls, /* List of required URL substrings */ **allow_domains, /* List of allowed vhosts */ **trust_domains, /* List of trusted vhosts */ **skip_params; /* List of parameters to ignore */ u32 num_deny_urls, - num_deny_strings, num_allow_urls, num_allow_domains, num_trust_domains, @@ -1398,7 +1396,6 @@ void destroy_database() { dealloc_pivots(0); ck_free(deny_urls); - ck_free(deny_strings); ck_free(allow_urls); ck_free(allow_domains); ck_free(trust_domains); diff --git a/database.h b/database.h index c8bc209..506f514 100644 --- a/database.h +++ b/database.h @@ -334,11 +334,10 @@ u8 same_page(struct http_sig* sig1, struct http_sig* sig2); (_cnt)++; \ } while (0) -extern u8 **deny_urls, **deny_strings, **allow_urls, **allow_domains, +extern u8 **deny_urls, **allow_urls, **allow_domains, **trust_domains, **skip_params; extern u32 num_deny_urls, - num_deny_strings, num_allow_urls, num_allow_domains, num_trust_domains, diff --git a/skipfish.1 b/skipfish.1 index 67fc06b..9cf2e31 100644 --- a/skipfish.1 +++ b/skipfish.1 @@ -60,9 +60,6 @@ only follow URLs matching 'string' .B \-X string exclude URLs matching 'string' .TP -.B \-S string -exclude pages containing 'string' -.TP .B \-K string do not fuzz query parameters or form fields named 'string' .TP diff --git a/skipfish.c b/skipfish.c index f79b586..8c27207 100644 --- a/skipfish.c +++ b/skipfish.c @@ -89,7 +89,6 @@ static void usage(char* argv0) { " -q hex - repeat probabilistic scan with given seed\n" " -I string - only follow URLs matching 'string'\n" " -X string - exclude URLs matching 'string'\n" - " -S string - exclude pages containing 'string'\n" " -K string - do not fuzz parameters named 'string'\n" " -D domain - crawl cross-site links to another domain\n" " -B domain - trust, but do not crawl, another domain\n" @@ -207,7 +206,7 @@ int main(int argc, char** argv) { SAY("skipfish version " VERSION " by \n"); while ((opt = getopt(argc, argv, - "+A:F:C:H:b:Nd:c:x:r:p:I:X:S:D:POYQMZUEK:W:LVT:G:R:B:q:g:m:f:t:w:i:s:o:hue")) > 0) + "+A:F:C:H:b:Nd:c:x:r:p:I:X:D:POYQMZUEK:W:LVT:G:R:B:q:g:m:f:t:w:i:s:o:hue")) > 0) switch (opt) { @@ -277,11 +276,6 @@ int main(int argc, char** argv) { APPEND_FILTER(deny_urls, num_deny_urls, optarg); break; - case 'S': - if (*optarg == '*') optarg++; - APPEND_FILTER(deny_strings, num_deny_strings, optarg); - break; - case 'T': { u8* x = (u8*)strchr(optarg, '='); if (!x) FATAL("Rules must be in 'name=value' form.");