Add run all shortcut

hupe1980 · Dec 26, 2021 · d53c22a · d53c22a
1 parent dbbdda9
commit d53c22a
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -182,16 +182,18 @@ Examples:
 - Scan a complete cidr: scan4log4shell remote cidr 172.20.0.0/24
 - TCP catcher: scan4log4shell remote cidr 172.20.0.0/24 --catcher-type tcp --caddr 172.20.0.30:4444
 - Custom headers file: scan4log4shell remote cidr 172.20.0.0/24 --headers-file ./headers.txt
-- Run all tests: scan4log4shell rremote cidr 172.20.0.0/24 -t get,post,json --waf-bypass
+- Run all tests: scan4log4shell rremote cidr 172.20.0.0/24 -a
 
 Flags:
+  -a, --all                         shortcut to run all checks
       --auth-fuzzing                add auth fuzzing
       --basic-auth string           basic auth credentials (eg. user:pass)
       --caddr string                address to catch the callbacks (eg. ip:port)
       --catcher-type string         type of callback catcher (dns | ldap | tcp | none) (default "dns")
       --check-cve-2021-45046        check for CVE-2021-45046
       --field strings               field to use
       --fields-file string          use custom field from file
+      --form-fuzzing                add form submits to fuzzing
       --header strings              header to use
       --headers-file string         use custom headers from file
   -h, --help                        help for cidr
@@ -210,7 +212,6 @@ Flags:
       --set-field stringToString    set fix field value (key=value) (default [])
       --set-header stringToString   set fix header value (key=value) (default [])
       --set-param stringToString    set fix query param value (key=value) (default [])
-      --form-fuzzing                add form submits to fuzzing
       --timeout duration            time limit for requests (default 3s)
   -t, --type strings                get, post or json (default [get])
       --waf-bypass                  extend scans with WAF bypass payload
@@ -234,16 +235,18 @@ Examples:
 - TCP catcher: scan4log4shell remote url https://target.org --catcher-type tcp --caddr 172.20.0.30:4444
 - Custom headers file: scan4log4shell remote url https://target.org --headers-file ./headers.txt
 - Scan url behind basic auth: scan4log4shell remote url https://target.org --basic-auth user:pass
-- Run all tests: scan4log4shell remote url https://target.org -t get,post,json --waf-bypass
+- Run all tests: scan4log4shell remote url https://target.org -a
 
 Flags:
+  -a, --all                         shortcut to run all checks
       --auth-fuzzing                add auth fuzzing
       --basic-auth string           basic auth credentials (eg. user:pass)
       --caddr string                address to catch the callbacks (eg. ip:port)
       --catcher-type string         type of callback catcher (dns | ldap | tcp | none) (default "dns")
       --check-cve-2021-45046        check for CVE-2021-45046
       --field strings               field to use
       --fields-file string          use custom field from file
+      --form-fuzzing                add form submits to fuzzing
       --header strings              header to use
       --headers-file string         use custom headers from file
   -h, --help                        help for url
@@ -260,7 +263,6 @@ Flags:
       --set-field stringToString    set fix field value (key=value) (default [])
       --set-header stringToString   set fix header value (key=value) (default [])
       --set-param stringToString    set fix query param value (key=value) (default [])
-      --form-fuzzing                add form submits to fuzzing
       --timeout duration            time limit for requests (default 3s)
   -t, --type strings                get, post or json (default [get])
       --waf-bypass                  extend scans with WAF bypass payload

diff --git a/cmd/remote.go b/cmd/remote.go
@@ -19,6 +19,7 @@ const (
 )
 
 type remoteOptions struct {
+	allChecks          bool
 	basicAuth          string
 	caddr              string
 	requestTypes       []string
@@ -65,6 +66,7 @@ func newRemoteCmd(noColor *bool, output *string, verbose *bool) *cobra.Command {
 }
 
 func addRemoteFlags(cmd *cobra.Command, opts *remoteOptions) {
+	cmd.Flags().BoolVarP(&opts.allChecks, "all", "a", false, "shortcut to run all checks")
 	cmd.Flags().StringVarP(&opts.headersFile, "headers-file", "", "", "use custom headers from file")
 	cmd.Flags().StringVarP(&opts.fieldsFile, "fields-file", "", "", "use custom field from file")
 	cmd.Flags().StringVarP(&opts.paramsFile, "params-file", "", "", "use custom query params from file")
@@ -94,6 +96,16 @@ func addRemoteFlags(cmd *cobra.Command, opts *remoteOptions) {
 	cmd.Flags().StringToStringVarP(&opts.paramValues, "set-param", "", nil, "set fix query param value (key=value)")
 }
 
+func allChecksShortcut(opts *remoteOptions) {
+	if opts.allChecks {
+		opts.authFuzzing = true
+		opts.formFuzzing = true
+		opts.wafBypass = true
+		opts.checkCVE2021_45046 = true
+		opts.requestTypes = []string{"get", "post", "json"}
+	}
+}
+
 var unauthorizedHandler = func(verbose bool) internal.StatusCodeHandlerFunc {
 	return func(ctx context.Context, client *http.Client, resp *http.Response, req *http.Request, payload string, opts *internal.RemoteOptions) {
 		auth := resp.Header.Get("WWW-Authenticate")

diff --git a/cmd/remote_cidr.go b/cmd/remote_cidr.go
@@ -32,7 +32,7 @@ func newRemoteCIDRCmd(noColor *bool, output *string, verbose *bool) *cobra.Comma
 		Example: `- Scan a complete cidr: scan4log4shell remote cidr 172.20.0.0/24
 - TCP catcher: scan4log4shell remote cidr 172.20.0.0/24 --catcher-type tcp --caddr 172.20.0.30:4444
 - Custom headers file: scan4log4shell remote cidr 172.20.0.0/24 --headers-file ./headers.txt
-- Run all tests: scan4log4shell rremote cidr 172.20.0.0/24 -t get,post,json --waf-bypass`,
+- Run all tests: scan4log4shell rremote cidr 172.20.0.0/24 -a`,
 		SilenceUsage:  true,
 		SilenceErrors: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -62,6 +62,8 @@ func newRemoteCIDRCmd(noColor *bool, output *string, verbose *bool) *cobra.Comma
 			var wg sync.WaitGroup
 			sem := semaphore.NewWeighted(int64(opts.maxThreads))
 
+			allChecksShortcut(&opts.remoteOptions)
+
 			remoteOpts := &internal.RemoteOptions{
 				BasicAuth:          opts.basicAuth,
 				CADDR:              opts.caddr,

diff --git a/cmd/remote_url.go b/cmd/remote_url.go
@@ -32,7 +32,7 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 - TCP catcher: scan4log4shell remote url https://target.org --catcher-type tcp --caddr 172.20.0.30:4444
 - Custom headers file: scan4log4shell remote url https://target.org --headers-file ./headers.txt
 - Scan url behind basic auth: scan4log4shell remote url https://target.org --basic-auth user:pass
-- Run all tests: scan4log4shell remote url https://target.org -t get,post,json --waf-bypass`,
+- Run all tests: scan4log4shell remote url https://target.org -a`,
 		SilenceUsage:  true,
 		SilenceErrors: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -60,6 +60,8 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 			var wg sync.WaitGroup
 			sem := semaphore.NewWeighted(int64(opts.maxThreads))
 
+			allChecksShortcut(&opts.remoteOptions)
+
 			remoteOpts := &internal.RemoteOptions{
 				BasicAuth:          opts.basicAuth,
 				CADDR:              opts.caddr,