| skipped 12 lines |
13 | 13 | | urlutil "github.com/projectdiscovery/utils/url" |
14 | 14 | | "io" |
15 | 15 | | "log" |
| 16 | + | "net/http" |
16 | 17 | | "os" |
17 | 18 | | "strings" |
18 | 19 | | "time" |
| skipped 9 lines |
28 | 29 | | all bool |
29 | 30 | | urls bool |
30 | 31 | | header string |
| 32 | + | filterExt goflags.StringSlice |
31 | 33 | | verbose bool |
32 | 34 | | } |
33 | 35 | | |
| skipped 18 lines |
52 | 54 | | ) |
53 | 55 | | |
54 | 56 | | flagSet.CreateGroup("Others", "Others", |
| 57 | + | flagSet.StringSliceVarP(&opt.filterExt, "filter-extension", "fe", []string{"svg", "png", "jpg", "jpeg"}, "list of extensions svg,png (comma-separated)", goflags.FileCommaSeparatedStringSliceOptions), |
55 | 58 | | flagSet.StringVarP(&opt.header, "header", "H", "", "Set custom header"), |
56 | 59 | | flagSet.BoolVarP(&opt.verbose, "verbose", "v", false, "Verbose mode"), |
57 | 60 | | ) |
| skipped 14 lines |
72 | 75 | | } |
73 | 76 | | |
74 | 77 | | gologger.Info().Msgf("Processing %s", opt.file) |
75 | | - | secrets, urls, endpoints, parameters := Run(bin, opt.file) |
| 78 | + | secrets, urls, endpoints, parameters := Run(bin, opt.file, opt.filterExt) |
76 | 79 | | |
77 | 80 | | HandleResults(opt.endpoint, opt.parameter, opt.urls, opt.secret, opt.all, secrets, urls, endpoints, parameters, opt.file) |
78 | 81 | | return |
| skipped 28 lines |
107 | 110 | | continue |
108 | 111 | | } |
109 | 112 | | |
110 | | - | secrets, urls, endpoints, parameters := Run(Data, url) |
| 113 | + | secrets, urls, endpoints, parameters := Run(Data, url, opt.filterExt) |
111 | 114 | | |
112 | 115 | | HandleResults(opt.endpoint, opt.parameter, opt.urls, opt.secret, opt.all, secrets, urls, endpoints, parameters, url) |
113 | 116 | | } |
114 | 117 | | } |
115 | 118 | | |
116 | | - | func Run(Data []byte, Source string) ([]scanner.SecretMatched, []string, []string, []string) { |
| 119 | + | func Run(Data []byte, Source string, FilterExtension []string) ([]scanner.SecretMatched, []string, []string, []string) { |
117 | 120 | | var sortedUrls []string |
118 | 121 | | var sortedEndpoints []string |
119 | 122 | | |
120 | 123 | | SecretMatchResult := scanner.SecretsMatch(Source, Data) |
121 | 124 | | |
122 | | - | EndpointMatchResult := scanner.EndpointsMatch(Data) |
| 125 | + | EndpointMatchResult := scanner.EndpointsMatch(Data, FilterExtension) |
123 | 126 | | |
124 | 127 | | for _, v := range EndpointMatchResult { |
125 | 128 | | if len(v) >= 4 && v[:4] == "http" || len(v) >= 5 && v[:5] == "https" { |
| skipped 112 lines |
238 | 241 | | SetHeader("Accept", "*/*"). |
239 | 242 | | SetHeader("Origin", u.Scheme+"://"+u.Host). |
240 | 243 | | SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}). |
241 | | - | SetRedirectPolicy(resty.FlexibleRedirectPolicy(3)) |
| 244 | + | SetRedirectPolicy(resty.RedirectPolicyFunc(func(req *http.Request, via []*http.Request) error { |
| 245 | + | return http.ErrUseLastResponse |
| 246 | + | })) |
242 | 247 | | |
243 | 248 | | if Header != "" { |
244 | 249 | | headers := strings.Split(Header, ":") |
| skipped 13 lines |
258 | 263 | | |
259 | 264 | | if err != nil { |
260 | 265 | | return nil, err |
| 266 | + | } |
| 267 | + | |
| 268 | + | if resp.StatusCode() != 200 { |
| 269 | + | return nil, fmt.Errorf("status code is not 200: %d", resp.StatusCode()) |
261 | 270 | | } |
262 | 271 | | |
263 | 272 | | return resp.Body(), nil |
| skipped 10 lines |