v2.1.0
- added
--auto-tune
- added
--auto-bail
- bumped env_logger to version 0.8.3
Thanks to @mzpqnxow and @N0ur5 for their requests/suggestions! 🥳
Version 2.1.0 introduces the --auto-tune
and --auto-bail
flags. You can think of these flags as Policies. Both actions (tuning and bailing) are triggered by the same criteria (below). Policies are only enforced after at least 50 requests have been made (or # of threads, if that's > 50).
Policy Enforcement Criteria:
number of general errors (timeouts, etc) is higher than half the number of threads (or at least 25 if threads are lower) (per directory scanned)
90% of responses are 403|Forbidden (per directory scanned)
30% of requests are 429|Too Many Requests (per directory scanned)
both demo gifs below use --timeout to overload a single-threaded python web server and elicit timeouts
--auto-tune
:
The AutoTune policy enforces a rate limit on individual directory scans when one of the criteria above is met. The rate limit self-adjusts every (timeout / 2) seconds. If the number of errors have increased during that time, the allowed rate of requests is lowered. On the other hand, if the number of errors hasn't moved, the allowed rate of requests is increased. If no additional errors are found after a certain number of checks, the rate limit will be removed completely.
--auto-bail
:
The AutoBail policy aborts individual directory scans when one of the criteria above is met. They just stop getting scanned, no muss, no fuss.