From eba10b52e6772c50bee93cad7385d7b34ba4d04e Mon Sep 17 00:00:00 2001 From: Don Johnson Date: Thu, 12 Oct 2023 12:04:08 -0700 Subject: [PATCH] feat: add feroxbuster (forced browsing security tool) --- feroxbuster/README.md | 47 +++++++++++++++++++++++++++++++ feroxbuster/install.ps1 | 61 +++++++++++++++++++++++++++++++++++++++++ feroxbuster/install.sh | 46 +++++++++++++++++++++++++++++++ feroxbuster/releases.js | 20 ++++++++++++++ 4 files changed, 174 insertions(+) create mode 100644 feroxbuster/README.md create mode 100644 feroxbuster/install.ps1 create mode 100644 feroxbuster/install.sh create mode 100644 feroxbuster/releases.js diff --git a/feroxbuster/README.md b/feroxbuster/README.md new file mode 100644 index 0000000..691e326 --- /dev/null +++ b/feroxbuster/README.md @@ -0,0 +1,47 @@ +--- +title: feroxbuster +homepage: https://github.com/epi052/feroxbuster +tagline: | + feroxbuster: A tool designed to perform Forced Browsing. +--- + +To update or switch versions, run `webi feroxbuster@stable` (or `@v2`, `@beta`, +etc). + +### Files + +These are the files / directories that are created and/or modified with this +install: + +```text +~/.config/feroxbuster/ferox-config.toml +~/.local/bin/feroxbuster +``` + +## Cheat Sheet + +> `feroxbuster` is a tool designed for Forced Browsing. Forced browsing is an +> attack where the aim is to enumerate and access resources that are not +> referenced by the web application but are still accessible by an attacker. + +To run feroxbuster: + +```sh +feroxbuster -u [target] +``` + +### Include Headers + +To run feroxbuster with custom headers: + +```sh +feroxbuster -u [target] -H Accept:application/json "Authorization: Bearer {token}" +``` + +### Proxy Traffic Through Burp + +To proxy traffic through Burp: + +```sh +feroxbuster -u [target] --insecure --proxy http://127.0.0.1:8080 +``` diff --git a/feroxbuster/install.ps1 b/feroxbuster/install.ps1 new file mode 100644 index 0000000..6d4254a --- /dev/null +++ b/feroxbuster/install.ps1 @@ -0,0 +1,61 @@ +#!/usr/bin/env pwsh + +################## +# Install feroxbuster # +################## + +# Every package should define these variables +$pkg_cmd_name = "feroxbuster" + +$pkg_dst_cmd = "$Env:USERPROFILE\.local\bin\feroxbuster.exe" +$pkg_dst = "$pkg_dst_cmd" + +$pkg_src_cmd = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION\bin\feroxbuster.exe" +$pkg_src_bin = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION\bin" +$pkg_src_dir = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION" +$pkg_src = "$pkg_src_cmd" + +New-Item "$Env:USERPROFILE\Downloads\webi" -ItemType Directory -Force | out-null +$pkg_download = "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE" + +# Fetch archive +IF (!(Test-Path -Path "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE")) +{ + echo "Downloading feroxbuster from $Env:WEBI_PKG_URL to $pkg_download" + & curl.exe -A "$Env:WEBI_UA" -fsSL "$Env:WEBI_PKG_URL" -o "$pkg_download.part" + & move "$pkg_download.part" "$pkg_download" +} + +IF (!(Test-Path -Path "$pkg_src_cmd")) +{ + echo "Installing feroxbuster" + + # TODO: create package-specific temp directory + # Enter tmp + pushd .local\tmp + + # Remove any leftover tmp cruft + Remove-Item -Path ".\feroxbuster-v*" -Recurse -ErrorAction Ignore + Remove-Item -Path ".\feroxbuster.exe" -Recurse -ErrorAction Ignore + + # NOTE: DELETE THIS COMMENT IF NOT USED + # Move single binary into root of temporary folder + #& move "$pkg_download" "feroxbuster.exe" + + # Unpack archive file into this temporary directory + # Windows BSD-tar handles zip. Imagine that. + echo "Unpacking $pkg_download" + & tar xf "$pkg_download" + + # Settle unpacked archive into place + echo "Install Location: $pkg_src_cmd" + New-Item "$pkg_src_bin" -ItemType Directory -Force | out-null + Move-Item -Path ".\feroxbuster-*\feroxbuster.exe" -Destination "$pkg_src_bin" + + # Exit tmp + popd +} + +echo "Copying into '$pkg_dst_cmd' from '$pkg_src_cmd'" +Remove-Item -Path "$pkg_dst_cmd" -Recurse -ErrorAction Ignore | out-null +Copy-Item -Path "$pkg_src" -Destination "$pkg_dst" -Recurse diff --git a/feroxbuster/install.sh b/feroxbuster/install.sh new file mode 100644 index 0000000..0517d05 --- /dev/null +++ b/feroxbuster/install.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# shellcheck disable=SC2034 +# "'pkg_cmd_name' appears unused. Verify it or export it." + +__init_feroxbuster() { + set -e + set -u + + ################## + # Install feroxbuster # + ################## + + # Every package should define these 6 variables + pkg_cmd_name="feroxbuster" + + pkg_dst_cmd="$HOME/.local/bin/feroxbuster" + pkg_dst="$pkg_dst_cmd" + + pkg_src_cmd="$HOME/.local/opt/feroxbuster-v$WEBI_VERSION/bin/feroxbuster" + pkg_src_dir="$HOME/.local/opt/feroxbuster-v$WEBI_VERSION" + pkg_src="$pkg_src_cmd" + + # pkg_install must be defined by every package + pkg_install() { + # ~/.local/opt/feroxbuster-v0.99.9/bin + mkdir -p "$(dirname "${pkg_src_cmd}")" + + # mv ./feroxbuster-*/feroxbuster ~/.local/opt/feroxbuster-v0.99.9/bin/feroxbuster + mv ./feroxbuster "${pkg_src_cmd}" + } + + # pkg_get_current_version is recommended, but not required + pkg_get_current_version() { + # 'feroxbuster --version' has output in this format: + # feroxbuster 0.99.9 (rev abcdef0123) + # This trims it down to just the version number: + # 0.99.9 + feroxbuster --version 2> /dev/null | + head -n 1 | + cut -d ' ' -f 2 + } + +} + +__init_feroxbuster diff --git a/feroxbuster/releases.js b/feroxbuster/releases.js new file mode 100644 index 0000000..8bc6ed8 --- /dev/null +++ b/feroxbuster/releases.js @@ -0,0 +1,20 @@ +'use strict'; + +var github = require('../_common/github.js'); +var owner = 'epi052'; +var repo = 'feroxbuster'; + +module.exports = function (request) { + return github(request, owner, repo).then(function (all) { + return all; + }); +}; + +if (module === require.main) { + module.exports(require('@root/request')).then(function (all) { + all = require('../_webi/normalize.js')(all); + // just select the first 5 for demonstration + all.releases = all.releases.slice(0, 5); + console.info(JSON.stringify(all, null, 2)); + }); +}