(vers string)
| 38 | } |
| 39 | |
| 40 | func ParseFlags(vers string) { |
| 41 | /* Getting Command-line flags */ |
| 42 | version = vers |
| 43 | useragent = "WebCacheVulnerabilityScanner v" + version |
| 44 | pathPrefix := "" |
| 45 | if runtime.GOOS == "windows" { |
| 46 | pathPrefix = "C:" |
| 47 | } |
| 48 | |
| 49 | // General Options |
| 50 | techniqueNames := "deception,cookies,css,forwarding,smuggling,dos,headers,parameters,fatget,cloaking,splitting,pollution,encoding" |
| 51 | |
| 52 | var ignoreStatus string |
| 53 | |
| 54 | appendInt(&generalOptions, &Config.Verbosity, |
| 55 | "verbosity", "v", 1, "Set verbosity. 0 = quiet, 1 = normal, 2 = verbose") |
| 56 | appendFloat(&generalOptions, &Config.ReqRate, |
| 57 | "reqrate", "rr", float64(rate.Inf), "Requests per second. Float value. Has to be greater than 0. Default value is infinite") |
| 58 | appendInt(&generalOptions, &Config.Threads, |
| 59 | "threads", "t", 20, "Threads to use. Default value is 20") |
| 60 | appendInt(&generalOptions, &Config.TimeOut, |
| 61 | "timeout", "to", 15, "Seconds until timeout. Default value is 15") |
| 62 | appendString(&generalOptions, &Config.OnlyTest, |
| 63 | "onlytest", "ot", "", "Choose which tests to run. Use the , separator to specify multiple ones. Example: -onlytest '"+techniqueNames+"'") |
| 64 | appendString(&generalOptions, &Config.SkipTest, |
| 65 | "skiptest", "st", "", "Choose which tests to not run. Use the , separator to specify multiple ones. Example: -skiptest '"+techniqueNames+"'") |
| 66 | appendBoolean(&generalOptions, &Config.UseProxy, |
| 67 | "useproxy", "up", false, "Do you want to use a proxy?") |
| 68 | appendString(&generalOptions, &Config.ProxyURL, |
| 69 | "proxyurl", "purl", "http://127.0.0.1:8080", "Url for the proxy. Default value is http://127.0.0.1:8080") |
| 70 | appendBoolean(&generalOptions, &Config.Force, |
| 71 | "force", "f", false, "Perform the tests no matter if there is a cache or even the cachebuster works or not") |
| 72 | appendString(&generalOptions, &ignoreStatus, |
| 73 | "ignorestatus", "is", "", "Ignore a specific status code for cache poisoning") |
| 74 | appendString(&generalOptions, &Config.ReasonTypes, |
| 75 | "reasontypes", "rt", "body,header,status,length", "Choose which reason types to use for cache poisoning. Choose from: body (reflection in body),header (reflection in header), status (change of status code), length (change of body length). Default is 'body,header,status,length'") |
| 76 | appendInt(&generalOptions, &Config.CLDiff, |
| 77 | "contentlengthdifference", "cldiff", 5000, "Threshold for reporting possible Finding, when 'poisoned' response differs more from the original length. Default is 5000. 0 = don't check. May be prone to false positives!") |
| 78 | appendInt(&generalOptions, &Config.HMDiff, |
| 79 | "hitmissdifference", "hmdiff", 30, "Threshold for time difference (milliseconds) between cache hit and cache miss responses. Default is 30") |
| 80 | appendBoolean(&generalOptions, &Config.SkipTimebased, |
| 81 | "skiptimebased", "stime", false, "Skip checking if a repsonse gets cached by measuring time differences (may be prone to false positives, or increase hitmissdifference)") |
| 82 | appendBoolean(&generalOptions, &Config.SkipWordlistCachebuster, |
| 83 | "skipwordlistcachbuster", "swordlistcb", false, "Skip using wordlists to check for cachebusters (may be time intensive)") |
| 84 | appendString(&generalOptions, &Config.CacheHeader, |
| 85 | "cacheheader", "ch", "", "Specify a custom cache header") |
| 86 | appendBoolean(&generalOptions, &Config.DisableColor, |
| 87 | "nocolor", "nc", false, "Disable colored output") |
| 88 | appendBoolean(&generalOptions, &Config.DisableStatusLine, |
| 89 | "nostatusline", "ns", false, "Disable status line output") |
| 90 | |
| 91 | // Generate Options |
| 92 | appendString(&generateOptions, &Config.GeneratePath, |
| 93 | "generatepath", "gp", "./", "Path all files (log, report, completed) will be written to. Example: -gp '"+pathPrefix+"/p/a/t/h/'. Default is './'") |
| 94 | appendBoolean(&generateOptions, &Config.GenerateReport, |
| 95 | "generatereport", "gr", false, "Do you want a report to be generated?") |
| 96 | appendBoolean(&generateOptions, &Config.EscapeJSON, |
| 97 | "escapejson", "ej", false, "Do you want HTML special chars to be encoded in the report?") |
no test coverage detected