diff --git a/README.md b/README.md index 45972a5..e0826f2 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,10 @@ Extra header to send with requests e.g. `-H "Cookie: PHPSESSID=blah"` HTTP status codes which indicate a positive find. (default `200,400,403,500,405,204,401,301,302`) +##### `-m, --method` + +HTTP method to use. + ##### `-s, --spider` Scan page content for links and confirm their existence. diff --git a/cmd/scout/url.go b/cmd/scout/url.go index 4521725..59bf2f3 100644 --- a/cmd/scout/url.go +++ b/cmd/scout/url.go @@ -22,6 +22,7 @@ var headers []string var extensions = []string{"php", "htm", "html", "txt"} var enableSpidering bool var proxy string +var method = "GET" var urlCmd = &cobra.Command{ Use: "url [url]", @@ -65,6 +66,7 @@ var urlCmd = &cobra.Command{ } options := []scan.URLOption{ + scan.WithMethod(method), scan.WithPositiveStatusCodes(intStatusCodes), scan.WithTargetURL(*parsedURL), scan.WithResultChan(resultChan), @@ -192,6 +194,7 @@ func init() { urlCmd.Flags().StringSliceVarP(&headers, "header", "H", headers, "Extra header to send with requests (can be specified multiple times).") urlCmd.Flags().BoolVarP(&enableSpidering, "spider", "s", enableSpidering, "Spider links within page content") urlCmd.Flags().StringVarP(&proxy, "proxy", "p", proxy, "HTTP Proxy to use") + urlCmd.Flags().StringVarP(&method, "method", "m", method, "HTTP method (default: GET)") rootCmd.AddCommand(urlCmd) } diff --git a/pkg/scan/url_options.go b/pkg/scan/url_options.go index 1a57b12..7aaa829 100644 --- a/pkg/scan/url_options.go +++ b/pkg/scan/url_options.go @@ -2,6 +2,7 @@ package scan import ( "net/url" + "strings" "time" "github.com/liamg/scout/pkg/wordlist" @@ -94,6 +95,12 @@ func WithExtraHeaders(headers []string) URLOption { } } +func WithMethod(method string) URLOption { + return func(s *URLScanner) { + s.method = strings.ToUpper(method) + } +} + type URLResult struct { URL url.URL StatusCode int diff --git a/pkg/scan/url_scanner.go b/pkg/scan/url_scanner.go index 09ae648..54d5cad 100644 --- a/pkg/scan/url_scanner.go +++ b/pkg/scan/url_scanner.go @@ -42,6 +42,7 @@ type URLScanner struct { queueChan chan URLJob jobsLoaded int32 proxy *url.URL + method string } type URLJob struct { @@ -71,6 +72,7 @@ func NewURLScanner(options ...URLOption) *URLScanner { extensions: []string{"php", "htm", "html", "txt"}, backupExtensions: []string{"~", ".bak", ".BAK", ".old", ".backup", ".txt", ".OLD", ".BACKUP", "1", "2", "_", ".1", ".2"}, enableSpidering: false, + method: "GET", } for _, option := range options { @@ -269,7 +271,7 @@ func (scanner *URLScanner) checkURL(job URLJob) *URLResult { if err := retry.Do(func() error { - req, err := http.NewRequest(http.MethodGet, job.URL, nil) + req, err := http.NewRequest(scanner.method, job.URL, nil) if err != nil { return err }