FileFuzz default false 2023-11-22

GhostTroops · Nov 22, 2023 · b71167d · b71167d
1 parent 4a569aa
commit b71167d
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/brute/filefuzz.go b/brute/filefuzz.go
@@ -52,7 +52,7 @@ func InitGeneral() int {
 			ret = append(ret, "/"+prefix[i]+suffix[j])
 		}
 	}
-	eableFileFuzz = !util.GetValAsBool("enableFileFuzz")
+	disabledFileFuzz = !util.GetValAsBool("enableFileFuzz")
 	return len(ret)
 }
 
@@ -121,10 +121,10 @@ func CheckBakPage(req *util.Response) bool {
 var regs []string
 
 var (
-	regsMap       = make(map[string]*regexp.Regexp) // fuzz 正则库
-	eableFileFuzz = false                           // 是否开启fuzz
-	NoDoPath      = sync.Map{}
-	NoDoPathInit  = false
+	regsMap          = make(map[string]*regexp.Regexp) // fuzz 正则库
+	disabledFileFuzz = false                           // 是否开启fuzz
+	NoDoPath         = sync.Map{}
+	NoDoPathInit     = false
 )
 
 func DoInitMap() {
@@ -188,13 +188,16 @@ var r001 = regexp.MustCompile(`\.(aac)|(abw)|(arc)|(avif)|(avi)|(azw)|(bin)|(bmp
 //	两次  ioutil.ReadAll(resp.Body)，第二次就会 Read返回EOF error
 //	去除指纹请求的路径，避免重复
 func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody string) ([]string, []string) {
+	if disabledFileFuzz {
+		return []string{}, []string{}
+	}
 	DoInitMap()
 	u01, err := url.Parse(strings.TrimSpace(u))
 	if nil == err {
 		u = u01.Scheme + "://" + u01.Host + "/"
 	}
 	// 用host，确保https、http只走一种协议即可
-	if eableFileFuzz || util.TestRepeat(u01.Host, "FileFuzz") {
+	if disabledFileFuzz || util.TestRepeat(u01.Host, "FileFuzz") {
 		return []string{}, []string{}
 	}
 	//log.Println("start file fuzz", u)

diff --git a/config/config.json b/config/config.json
@@ -80,7 +80,7 @@
   "enableByWaf": true,
   "enableDevDebug": false,
   "enableEmbedYaml": true,
-  "enableFileFuzz": true,
+  "enableFileFuzz": false,
   "httpx": {
     "Pipeline": false,
     "HTTP2Probe": false,

diff --git a/lib/api/main.go b/lib/api/main.go
@@ -2,7 +2,6 @@ package api
 
 import (
 	"encoding/json"
-	util1 "github.com/hktalent/go-utils"
 	_ "github.com/hktalent/scan4all/engine"
 	"github.com/hktalent/scan4all/lib/util"
 	"github.com/hktalent/scan4all/pkg/hydra"
@@ -23,7 +22,7 @@ func StartScan(oOpts *map[string]interface{}) {
 
 		options := naaburunner.ParseOptions()
 		if options.Update {
-			util1.UpdateScan4allVersionToLatest(true, "hktalent", "scan4all", "")
+			//util1.UpdateScan4allVersionToLatest(true, "hktalent", "scan4all", "")
 			return
 		}
 		//if options.Ports != "" {