(feat) add http response code filtering.

implementation of #137 by @nickspring, closing #133
sensepost · May 7, 2023 · 1503c5b · 1503c5b
1 parent f939dec
commit 1503c5b
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/chrome/chrome.go b/chrome/chrome.go
@@ -35,6 +35,9 @@ type Chrome struct {
 	Headers     []string
 	HeadersMap  map[string]interface{}
 
+	// http codes to screenshot (used as a filter)
+	ScreenshotCodes []int
+
 	// save screenies as PDF's instead
 	AsPDF bool
 	// save screenies in db

diff --git a/cmd/root.go b/cmd/root.go
@@ -67,6 +67,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&chrm.UserAgent, "user-agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36", "user agent string to use")
 	rootCmd.PersistentFlags().StringVar(&chrm.JsCode, "js", "", "javascript code to execute when loading a target site (eg: console.log('gowitness'))")
 	rootCmd.PersistentFlags().StringSliceVar(&chrm.Headers, "header", []string{}, "additional HTTP header to set. Supports multiple --header flags")
+	rootCmd.PersistentFlags().IntSliceVar(&chrm.ScreenshotCodes, "screenshot-filter", []int{}, "http response codes to screenshot. this is a filter. by default all codes are screenshotted")
 	rootCmd.PersistentFlags().StringVarP(&options.ScreenshotPath, "screenshot-path", "P", "screenshots", "store path for screenshots (use . for pwd)")
 	rootCmd.PersistentFlags().BoolVarP(&chrm.FullPage, "fullpage", "F", false, "take fullpage screenshots")
 	rootCmd.PersistentFlags().BoolVarP(&chrm.AsPDF, "pdf", "", false, "save screenshots as pdf")

diff --git a/lib/processor.go b/lib/processor.go
@@ -52,6 +52,17 @@ func (p *Processor) Gowitness() (err error) {
 		return
 	}
 
+	// check if the preflight returned a code to process.
+	// an empty slice implies no filtering
+	if (len(p.Chrome.ScreenshotCodes) > 0) &&
+		!SliceContainsInt(p.Chrome.ScreenshotCodes, p.preflightResult.HTTPResponse.StatusCode) {
+
+		log.Warn().Int("response-code", p.preflightResult.HTTPResponse.StatusCode).
+			Msg("response code not in allowed screenshot http response codes. skipping.")
+
+		return
+	}
+
 	if err = p.takeScreenshot(); err != nil {
 		log.Error().Err(err).Msg("failed to take screenshot")
 		return