mirror of
https://github.com/epi052/feroxbuster
synced 2024-06-29 05:54:32 +00:00
Adding feroxbuster as chocolatey package
This commit is contained in:
parent
52d08e504d
commit
5252587e65
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -30,3 +30,6 @@ ferox-*.state
|
|||
|
||||
# python stuff cuz reasons
|
||||
Pipfile*
|
||||
|
||||
# ignore choco_package generated nupkg
|
||||
/choco_package/*.nupkg
|
||||
|
|
84
choco_package/feroxbuster.nuspec
Normal file
84
choco_package/feroxbuster.nuspec
Normal file
|
@ -0,0 +1,84 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
|
||||
<metadata>
|
||||
<id>feroxbuster</id>
|
||||
<version>2.8.0</version>
|
||||
<packageSourceUrl>https://github.com/epi052/feroxbuster/releases/</packageSourceUrl>
|
||||
<owners>epi052</owners>
|
||||
<title>feroxbuster (Install)</title>
|
||||
<authors>epi052</authors>
|
||||
<projectUrl>https://github.com/epi052/feroxbuster</projectUrl>
|
||||
<!-- There are a number of CDN Services that can be used for hosting the Icon for a package. More information can be found here: https://docs.chocolatey.org/en-us/create/create-packages#package-icon-guidelines -->
|
||||
<!-- Here is an example using Githack -->
|
||||
<!--
|
||||
//TODO: PLEASE CONVERT THE LOGO TO ICON
|
||||
<iconUrl>https://github.com/epi052/feroxbuster/raw/main/img/logo/default-cropped.png</iconUrl>
|
||||
-->
|
||||
<copyright>2023</copyright>
|
||||
<licenseUrl>https://github.com/epi052/feroxbuster/blob/main/LICENSE</licenseUrl>
|
||||
<requireLicenseAcceptance>true</requireLicenseAcceptance>
|
||||
<projectSourceUrl>https://github.com/epi052/feroxbuster</projectSourceUrl>
|
||||
<docsUrl>https://epi052.github.io/feroxbuster-docs/docs/</docsUrl>
|
||||
<!--<mailingListUrl></mailingListUrl>-->
|
||||
<bugTrackerUrl>https://github.com/epi052/feroxbuster/issues</bugTrackerUrl>
|
||||
<tags>content-discovery pentesting-tool url-bruteforcer</tags>
|
||||
<summary>A simple, fast, recursive content discovery tool written in Rust</summary>
|
||||
<description>
|
||||
A simple, fast, recursive content discovery tool written in Rust
|
||||
[![Feroxbuster](https://github.com/epi052/feroxbuster/raw/main/img/logo/default-cropped.png)](https://github.com/epi052/feroxbuster)
|
||||
|
||||
## What the heck is a ferox anyway?
|
||||
|
||||
Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a
|
||||
variation.
|
||||
|
||||
## What's it do tho?
|
||||
|
||||
`feroxbuster` is a tool designed to perform [Forced Browsing](https://owasp.org/www-community/attacks/Forced_browsing).
|
||||
|
||||
Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web
|
||||
application, but are still accessible by an attacker.
|
||||
|
||||
`feroxbuster` uses brute force combined with a wordlist to search for unlinked content in target directories. These
|
||||
resources may store sensitive information about web applications and operational systems, such as source code,
|
||||
credentials, internal network addressing, etc...
|
||||
|
||||
This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource
|
||||
Enumeration.
|
||||
|
||||
## Quick Start
|
||||
|
||||
This section will cover the minimum amount of information to get up and running with feroxbuster. Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/), as it's much more comprehensive.
|
||||
|
||||
### Installation
|
||||
|
||||
There are quite a few other [installation methods](https://epi052.github.io/feroxbuster-docs/docs/installation/), but these snippets should cover the majority of users.
|
||||
|
||||
#### All others Docs
|
||||
|
||||
Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/).
|
||||
|
||||
## Example Usage
|
||||
|
||||
Here are a few brief examples to get you started. Please note, feroxbuster can do a **lot more** than what's listed below. As a result, there are **many more** examples, with **demonstration gifs** that highlight specific features, in the [documentation](https://epi052.github.io/feroxbuster-docs/docs/).
|
||||
|
||||
### Multiple Values
|
||||
|
||||
Options that take multiple values are very flexible. Consider the following ways of specifying extensions:
|
||||
|
||||
```
|
||||
./feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx
|
||||
```
|
||||
|
||||
The command above adds .pdf, .js, .html, .php, .txt, .json, and .docx to each url
|
||||
|
||||
All of the methods above (multiple flags, space separated, comma separated, etc...) are valid and interchangeable. The
|
||||
same goes for urls, headers, status codes, queries, and size filters.
|
||||
</description>
|
||||
<!-- <releaseNotes>__REPLACE_OR_REMOVE__MarkDown_Okay</releaseNotes> -->
|
||||
</metadata>
|
||||
<files>
|
||||
<!-- this section controls what actually gets packaged into the Chocolatey package -->
|
||||
<file src="tools\**" target="tools" />
|
||||
</files>
|
||||
</package>
|
26
choco_package/legal/LICENSE.txt
Normal file
26
choco_package/legal/LICENSE.txt
Normal file
|
@ -0,0 +1,26 @@
|
|||
|
||||
From: https://github.com/epi052/feroxbuster/blob/main/LICENSE
|
||||
|
||||
LICENSE
|
||||
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2020 epi
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
5
choco_package/legal/VERIFICATION.txt
Normal file
5
choco_package/legal/VERIFICATION.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
|
||||
VERIFICATION
|
||||
|
||||
checksum -t sha512 -f .\x86-windows-feroxbuster.exe.zip
|
||||
checksum -t sha512 -f .\x86_64-windows-feroxbuster.exe.zip
|
27
choco_package/tools/chocolateyinstall.ps1
Normal file
27
choco_package/tools/chocolateyinstall.ps1
Normal file
|
@ -0,0 +1,27 @@
|
|||
$ErrorActionPreference = 'Stop'
|
||||
|
||||
$toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
|
||||
$version = '2.8.0'
|
||||
$url = "https://github.com/epi052/feroxbuster/releases/download/v$version/x86-windows-feroxbuster.exe.zip"
|
||||
$url64 = "https://github.com/epi052/feroxbuster/releases/download/v$version/x86_64-windows-feroxbuster.exe.zip"
|
||||
|
||||
$packageArgs = @{
|
||||
packageName = $env:ChocolateyPackageName
|
||||
unzipLocation = $toolsDir
|
||||
fileType = 'exe' #only one of these: exe, msi, msu
|
||||
url = $url
|
||||
url64bit = $url64
|
||||
#file = $fileLocation
|
||||
|
||||
softwareName = 'feroxbuster*'
|
||||
|
||||
# Checksums are now required as of 0.10.0.
|
||||
# To determine checksums, you can get that from the original site if provided.
|
||||
# You can also use checksum.exe (choco install checksum) and use it
|
||||
# e.g. checksum -t sha256 -f path\to\file
|
||||
checksum = 'e5cac59c737260233903a17706a68bac11fe0d7a15169e1c5a9637cc221e7230fd6ddbfc1a7243833dde6472ad053c033449ca8338164654f7354363da54ba88'
|
||||
checksumType = 'sha512'
|
||||
checksum64 = 'cce58d6eacef7e12c31076f5a00fee9742a4e3fdfc69d807d98736200e50469f77359978e137ecafd87b14460845c65c6808d1f8b23ae561f7e7c637e355dee3'
|
||||
checksumType64= 'sha512'
|
||||
}
|
||||
Install-ChocolateyZipPackage @packageArgs # https://docs.chocolatey.org/en-us/create/functions/install-chocolateyzippackage
|
47
choco_package/tools/chocolateyuninstall.ps1
Normal file
47
choco_package/tools/chocolateyuninstall.ps1
Normal file
|
@ -0,0 +1,47 @@
|
|||
$ErrorActionPreference = 'Stop' # stop on all errors
|
||||
$packageArgs = @{
|
||||
packageName = $env:ChocolateyPackageName
|
||||
softwareName = 'feroxbuster*' #part or all of the Display Name as you see it in Programs and Features. It should be enough to be unique
|
||||
fileType = 'exe' #only one of these: MSI or EXE (ignore MSU for now)
|
||||
}
|
||||
|
||||
# Get-UninstallRegistryKey is new to 0.9.10, if supporting 0.9.9.x and below,
|
||||
# take a dependency on "chocolatey-core.extension" in your nuspec file.
|
||||
# This is only a fuzzy search if $softwareName includes '*'. Otherwise it is
|
||||
# exact. In the case of versions in key names, we recommend removing the version
|
||||
# and using '*'.
|
||||
[array]$key = Get-UninstallRegistryKey -SoftwareName $packageArgs['softwareName']
|
||||
|
||||
if ($key.Count -eq 1) {
|
||||
$key | % {
|
||||
$packageArgs['file'] = "$($_.UninstallString)" #NOTE: You may need to split this if it contains spaces, see below
|
||||
|
||||
if ($packageArgs['fileType'] -eq 'MSI') {
|
||||
# The Product Code GUID is all that should be passed for MSI, and very
|
||||
# FIRST, because it comes directly after /x, which is already set in the
|
||||
# Uninstall-ChocolateyPackage msiargs (facepalm).
|
||||
$packageArgs['silentArgs'] = "$($_.PSChildName) $($packageArgs['silentArgs'])"
|
||||
|
||||
# Don't pass anything for file, it is ignored for msi (facepalm number 2)
|
||||
# Alternatively if you need to pass a path to an msi, determine that and
|
||||
# use it instead of the above in silentArgs, still very first
|
||||
$packageArgs['file'] = ''
|
||||
} else {
|
||||
# NOTES:
|
||||
# - You probably will need to sanitize $packageArgs['file'] as it comes from the registry and could be in a variety of fun but unusable formats
|
||||
# - Split args from exe in $packageArgs['file'] and pass those args through $packageArgs['silentArgs'] or ignore them
|
||||
# - Ensure you don't pass double quotes in $file (aka $packageArgs['file']) - otherwise you will get "Illegal characters in path when you attempt to run this"
|
||||
# - Review the code for auto-uninstaller for all of the fun things it does in sanitizing - https://github.com/chocolatey/choco/blob/bfe351b7d10c798014efe4bfbb100b171db25099/src/chocolatey/infrastructure.app/services/AutomaticUninstallerService.cs#L142-L192
|
||||
}
|
||||
|
||||
Uninstall-ChocolateyPackage @packageArgs
|
||||
}
|
||||
} elseif ($key.Count -eq 0) {
|
||||
Write-Warning "$packageName has already been uninstalled by other means."
|
||||
} elseif ($key.Count -gt 1) {
|
||||
Write-Warning "$($key.Count) matches found!"
|
||||
Write-Warning "To prevent accidental data loss, no programs will be uninstalled."
|
||||
Write-Warning "Please alert package maintainer the following keys were matched:"
|
||||
$key | % {Write-Warning "- $($_.DisplayName)"}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user