From 5252587e6584681a23ab990df2bfa04ecf67884a Mon Sep 17 00:00:00 2001 From: Aan Date: Mon, 6 Mar 2023 21:56:44 +0700 Subject: [PATCH] Adding feroxbuster as chocolatey package --- .gitignore | 3 + choco_package/feroxbuster.nuspec | 84 +++++++++++++++++++++ choco_package/legal/LICENSE.txt | 26 +++++++ choco_package/legal/VERIFICATION.txt | 5 ++ choco_package/tools/chocolateyinstall.ps1 | 27 +++++++ choco_package/tools/chocolateyuninstall.ps1 | 47 ++++++++++++ 6 files changed, 192 insertions(+) create mode 100644 choco_package/feroxbuster.nuspec create mode 100644 choco_package/legal/LICENSE.txt create mode 100644 choco_package/legal/VERIFICATION.txt create mode 100644 choco_package/tools/chocolateyinstall.ps1 create mode 100644 choco_package/tools/chocolateyuninstall.ps1 diff --git a/.gitignore b/.gitignore index b550b63..56897a1 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,6 @@ ferox-*.state # python stuff cuz reasons Pipfile* + +# ignore choco_package generated nupkg +/choco_package/*.nupkg diff --git a/choco_package/feroxbuster.nuspec b/choco_package/feroxbuster.nuspec new file mode 100644 index 0000000..c14c406 --- /dev/null +++ b/choco_package/feroxbuster.nuspec @@ -0,0 +1,84 @@ + + + + feroxbuster + 2.8.0 + https://github.com/epi052/feroxbuster/releases/ + epi052 + feroxbuster (Install) + epi052 + https://github.com/epi052/feroxbuster + + + + 2023 + https://github.com/epi052/feroxbuster/blob/main/LICENSE + true + https://github.com/epi052/feroxbuster + https://epi052.github.io/feroxbuster-docs/docs/ + + https://github.com/epi052/feroxbuster/issues + content-discovery pentesting-tool url-bruteforcer + A simple, fast, recursive content discovery tool written in Rust + + A simple, fast, recursive content discovery tool written in Rust +[![Feroxbuster](https://github.com/epi052/feroxbuster/raw/main/img/logo/default-cropped.png)](https://github.com/epi052/feroxbuster) + +## What the heck is a ferox anyway? + +Ferox is short for Ferric Oxide. Ferric Oxide, simply put, is rust. The name rustbuster was taken, so I decided on a +variation. + +## What's it do tho? + +`feroxbuster` is a tool designed to perform [Forced Browsing](https://owasp.org/www-community/attacks/Forced_browsing). + +Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the web +application, but are still accessible by an attacker. + +`feroxbuster` uses brute force combined with a wordlist to search for unlinked content in target directories. These +resources may store sensitive information about web applications and operational systems, such as source code, +credentials, internal network addressing, etc... + +This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource +Enumeration. + +## Quick Start + +This section will cover the minimum amount of information to get up and running with feroxbuster. Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/), as it's much more comprehensive. + +### Installation + +There are quite a few other [installation methods](https://epi052.github.io/feroxbuster-docs/docs/installation/), but these snippets should cover the majority of users. + +#### All others Docs + +Please refer the the [documentation](https://epi052.github.io/feroxbuster-docs/docs/). + +## Example Usage + +Here are a few brief examples to get you started. Please note, feroxbuster can do a **lot more** than what's listed below. As a result, there are **many more** examples, with **demonstration gifs** that highlight specific features, in the [documentation](https://epi052.github.io/feroxbuster-docs/docs/). + +### Multiple Values + +Options that take multiple values are very flexible. Consider the following ways of specifying extensions: + +``` +./feroxbuster -u http://127.1 -x pdf -x js,html -x php txt json,docx +``` + +The command above adds .pdf, .js, .html, .php, .txt, .json, and .docx to each url + +All of the methods above (multiple flags, space separated, comma separated, etc...) are valid and interchangeable. The +same goes for urls, headers, status codes, queries, and size filters. + + + + + + + + diff --git a/choco_package/legal/LICENSE.txt b/choco_package/legal/LICENSE.txt new file mode 100644 index 0000000..e7d019a --- /dev/null +++ b/choco_package/legal/LICENSE.txt @@ -0,0 +1,26 @@ + +From: https://github.com/epi052/feroxbuster/blob/main/LICENSE + +LICENSE + +MIT License + +Copyright (c) 2020 epi + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/choco_package/legal/VERIFICATION.txt b/choco_package/legal/VERIFICATION.txt new file mode 100644 index 0000000..5e43c47 --- /dev/null +++ b/choco_package/legal/VERIFICATION.txt @@ -0,0 +1,5 @@ + +VERIFICATION + +checksum -t sha512 -f .\x86-windows-feroxbuster.exe.zip +checksum -t sha512 -f .\x86_64-windows-feroxbuster.exe.zip \ No newline at end of file diff --git a/choco_package/tools/chocolateyinstall.ps1 b/choco_package/tools/chocolateyinstall.ps1 new file mode 100644 index 0000000..4c0bf0a --- /dev/null +++ b/choco_package/tools/chocolateyinstall.ps1 @@ -0,0 +1,27 @@ +$ErrorActionPreference = 'Stop' + +$toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)" +$version = '2.8.0' +$url = "https://github.com/epi052/feroxbuster/releases/download/v$version/x86-windows-feroxbuster.exe.zip" +$url64 = "https://github.com/epi052/feroxbuster/releases/download/v$version/x86_64-windows-feroxbuster.exe.zip" + +$packageArgs = @{ + packageName = $env:ChocolateyPackageName + unzipLocation = $toolsDir + fileType = 'exe' #only one of these: exe, msi, msu + url = $url + url64bit = $url64 + #file = $fileLocation + + softwareName = 'feroxbuster*' + + # Checksums are now required as of 0.10.0. + # To determine checksums, you can get that from the original site if provided. + # You can also use checksum.exe (choco install checksum) and use it + # e.g. checksum -t sha256 -f path\to\file + checksum = 'e5cac59c737260233903a17706a68bac11fe0d7a15169e1c5a9637cc221e7230fd6ddbfc1a7243833dde6472ad053c033449ca8338164654f7354363da54ba88' + checksumType = 'sha512' + checksum64 = 'cce58d6eacef7e12c31076f5a00fee9742a4e3fdfc69d807d98736200e50469f77359978e137ecafd87b14460845c65c6808d1f8b23ae561f7e7c637e355dee3' + checksumType64= 'sha512' +} +Install-ChocolateyZipPackage @packageArgs # https://docs.chocolatey.org/en-us/create/functions/install-chocolateyzippackage \ No newline at end of file diff --git a/choco_package/tools/chocolateyuninstall.ps1 b/choco_package/tools/chocolateyuninstall.ps1 new file mode 100644 index 0000000..f65c5b0 --- /dev/null +++ b/choco_package/tools/chocolateyuninstall.ps1 @@ -0,0 +1,47 @@ +$ErrorActionPreference = 'Stop' # stop on all errors +$packageArgs = @{ + packageName = $env:ChocolateyPackageName + softwareName = 'feroxbuster*' #part or all of the Display Name as you see it in Programs and Features. It should be enough to be unique + fileType = 'exe' #only one of these: MSI or EXE (ignore MSU for now) +} + +# Get-UninstallRegistryKey is new to 0.9.10, if supporting 0.9.9.x and below, +# take a dependency on "chocolatey-core.extension" in your nuspec file. +# This is only a fuzzy search if $softwareName includes '*'. Otherwise it is +# exact. In the case of versions in key names, we recommend removing the version +# and using '*'. +[array]$key = Get-UninstallRegistryKey -SoftwareName $packageArgs['softwareName'] + +if ($key.Count -eq 1) { + $key | % { + $packageArgs['file'] = "$($_.UninstallString)" #NOTE: You may need to split this if it contains spaces, see below + + if ($packageArgs['fileType'] -eq 'MSI') { + # The Product Code GUID is all that should be passed for MSI, and very + # FIRST, because it comes directly after /x, which is already set in the + # Uninstall-ChocolateyPackage msiargs (facepalm). + $packageArgs['silentArgs'] = "$($_.PSChildName) $($packageArgs['silentArgs'])" + + # Don't pass anything for file, it is ignored for msi (facepalm number 2) + # Alternatively if you need to pass a path to an msi, determine that and + # use it instead of the above in silentArgs, still very first + $packageArgs['file'] = '' + } else { + # NOTES: + # - You probably will need to sanitize $packageArgs['file'] as it comes from the registry and could be in a variety of fun but unusable formats + # - Split args from exe in $packageArgs['file'] and pass those args through $packageArgs['silentArgs'] or ignore them + # - Ensure you don't pass double quotes in $file (aka $packageArgs['file']) - otherwise you will get "Illegal characters in path when you attempt to run this" + # - Review the code for auto-uninstaller for all of the fun things it does in sanitizing - https://github.com/chocolatey/choco/blob/bfe351b7d10c798014efe4bfbb100b171db25099/src/chocolatey/infrastructure.app/services/AutomaticUninstallerService.cs#L142-L192 + } + + Uninstall-ChocolateyPackage @packageArgs + } +} elseif ($key.Count -eq 0) { + Write-Warning "$packageName has already been uninstalled by other means." +} elseif ($key.Count -gt 1) { + Write-Warning "$($key.Count) matches found!" + Write-Warning "To prevent accidental data loss, no programs will be uninstalled." + Write-Warning "Please alert package maintainer the following keys were matched:" + $key | % {Write-Warning "- $($_.DisplayName)"} +} +