1.41b: if response varies, directory brute force is also skipped.

ChangeLog

@@ -1,3 +1,9 @@
+Version 1.41b:
+--------------
+
+  - Logic change: if response varies, directory brute force is
+    also skipped.
+
 Version 1.40b:
 --------------
 

assets/index.html

@@ -248,7 +248,7 @@ var issue_desc= {
   "20201": "Behavior checks failed",
   "20202": "IPS filtering enabled",
   "20203": "IPS filtering disabled again",
-  "20204": "Response varies randomly, skipping injection checks",
+  "20204": "Response varies randomly, skipping checks",
   "20301": "Node should be a directory, detection error?",
 
   "30101": "HTTP credentials seen in URLs",

config.h

@@ -23,7 +23,7 @@
 #ifndef _HAVE_CONFIG_H
 #define _HAVE_CONFIG_H
 
-#define VERSION "1.40b"
+#define VERSION "1.41b"
 
 #define USE_COLOR               1       /* Use terminal colors             */
 

crawler.c

@@ -34,7 +34,7 @@
 
 u32 crawl_prob = 100;    /* Crawl probability (1-100%)     */
 u8  no_fuzz_ext;         /* Don't fuzz extensions for dirs */
-u8  no_500_dir;		 /* Don't assume dirs on 500       */
+u8  no_500_dir;          /* Don't crawl 500 directories    */
 
 /*
 
@@ -1411,7 +1411,7 @@ static void end_injection_checks(struct pivot_desc* pv) {
        in scope (but got added as a parent of an in-scope
        node), or 404 checks went wrong. */
 
-    if (url_allowed(pv->req)) {
+    if (url_allowed(pv->req) && !pv->res_varies) {
 
       if (pv->r404_cnt) {
         pv->state   = PSTATE_CHILD_DICT;
@@ -1430,7 +1430,7 @@ static void end_injection_checks(struct pivot_desc* pv) {
 
   } else {
 
-    if (pv->bogus_par) {
+    if (pv->bogus_par || pv->res_varies) {
       pv->state = PSTATE_DONE;
     } else {
       crawl_par_numerical_init(pv);

skipfish.1

@@ -63,6 +63,9 @@ exclude pages containing 'string'
 .B \-K string
 do not fuzz query parameters or form fields named 'string'
 .TP
+.B \-Z
+do not descend into directories that return HTTP 500 code
+.TP
 .B \-D domain
 also crawl cross-site links to a specified domain
 .TP