From 8eaa0f5c392c41ea497eb4127b3f016949029c54 Mon Sep 17 00:00:00 2001 From: QSoloX Date: Thu, 29 Oct 2020 13:05:39 -0700 Subject: [PATCH 1/3] Added -e flag, and implemented it --- smuggler.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/smuggler.py b/smuggler.py index ddff87a..72ded64 100755 --- a/smuggler.py +++ b/smuggler.py @@ -385,6 +385,7 @@ def print_info(msg, file_handle=None): Parser.add_argument('-v', '--vhost', default="", help="Specify a virtual host") Parser.add_argument('-x', '--exit_early', action='store_true',help="Exit scan on first finding") Parser.add_argument('-m', '--method', default="POST", help="HTTP method to use (e.g GET, POST) Default: POST") + Parser.add_argument('-e', '--endpoint', help="Add a endpoint to the end of the input url") Parser.add_argument('-l', '--log', help="Specify a log file") Parser.add_argument('-q', '--quiet', action='store_true', help="Quiet mode will only log issues found") Parser.add_argument('-t', '--timeout', default=5.0, help="Socket timeout value Default: 5") @@ -438,10 +439,17 @@ def print_info(msg, file_handle=None): server[0] = "https://" + server[0] params = process_uri(server[0]) + if Args.endpoint != None: + if Args.endpoint[0] != "/": + endpoint = "/"+Args.endpoint + else: + endpoint = Args.endpoint + else: + endpoint = params[2] + method = server[1].upper() host = params[0] port = params[1] - endpoint = params[2] SSLFlagval = params[3] configfile = Args.configfile From 2d18e5187d319dca3439a2f9276e7dc7a986314c Mon Sep 17 00:00:00 2001 From: QSoloX Date: Thu, 29 Oct 2020 13:07:50 -0700 Subject: [PATCH 2/3] Added -e Flag --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0449770..e3c36c1 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,8 @@ optional arguments: -x, --exit_early Exit scan on first finding -m METHOD, --method METHOD HTTP method to use (e.g GET, POST) Default: POST + -e ENDPOINT, --endpoint ENDPOINT + Add a endpoint to the end of the input url -l LOG, --log LOG Specify a log file -q, --quiet Quiet mode will only log issues found -t TIMEOUT, --timeout TIMEOUT From e8b88da45fa7d673e0c15cc506fd18c5f1474d25 Mon Sep 17 00:00:00 2001 From: QSoloX <48586716+QSoloX@users.noreply.github.com> Date: Thu, 29 Oct 2020 13:51:53 -0700 Subject: [PATCH 3/3] Added Use -e message --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e3c36c1..92e6a06 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,8 @@ Use -x/--exit_early to exit the scan of a given server when a potential issue is Use -m/--method \ to specify a different HTTP verb from POST (i.e GET/PUT/PATCH/OPTIONS/CONNECT/TRACE/DELETE/HEAD/etc...) +Use -e/--endpoint \ to append a endpoint to the end of the input url + Use -l/--log \ to write output to file as well as stdout Use -q/--quiet reduce verbosity and only log issues found