Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Links are not recursed #1076

Closed
wilco375 opened this issue Feb 12, 2024 · 1 comment
Closed

[BUG] Links are not recursed #1076

wilco375 opened this issue Feb 12, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@wilco375
Copy link

wilco375 commented Feb 12, 2024
edited
Loading

Describe the bug
When Feroxbuster discovers a directory from a HTML link, that directory is not brute-forced using the provided wordlists.

To Reproduce

  1. Save this simple example server as index.py:
from flask import Flask, render_template, request

app = Flask(__name__)

@app.route('/', methods=['GET'])
def index():
    return '<html><body><a href="/test">Test</a></body></html>', 200

@app.route('/a', methods=['GET'])
def a():
    return 'Hello world', 200

@app.route('/test', methods=['GET'])
def test():
    return 'Hello world', 200

@app.route('/test/a', methods=['GET'])
def testA():
    return 'Hello world', 200
  1. Run python3 index.py
  2. Run echo -e "a\nb\n" | feroxbuster -u http://localhost:5000 -w /dev/stdin --force-recursion

Expected behavior
The following directories are discovered:
/a - Using wordlist
/test - Using HTML link parsing
/test/a - Using HTML link parsing and then wordlist

Traceback / Error Output
Only /a and /test are discovered

 ___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \ \_/ | |  \ |__
|    |___ |  \ |  \ | \__,    \__/ / \ | |__/ |___
by Ben "epi" Risher 🤓                 ver: 2.10.1
───────────────────────────┬──────────────────────
 🎯  Target Url            │ http://localhost:5000
 🚀  Threads               │ 50
 📖  Wordlist              │ /dev/stdin
 👌  Status Codes          │ All Status Codes!
 💥  Timeout (secs)        │ 7
 🦡  User-Agent            │ feroxbuster/2.10.1
 🔎  Extract Links         │ true
 🏁  HTTP methods          │ [GET]
 🔃  Recursion Depth       │ 4
 🤘  Force Recursion       │ true
───────────────────────────┴──────────────────────
 🏁  Press [ENTER] to use the Scan Management Menu™
──────────────────────────────────────────────────
404      GET        4l       34w      232c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
200      GET        1l        2w       11c http://localhost:5000/a
200      GET        1l        2w       11c http://localhost:5000/test
200      GET        1l        2w       50c http://localhost:5000/
[####################] - 1s         7/7       0s      found:3       errors:0

Environment (please complete the following information):

  • feroxbuster version: 2.10.1
  • OS: Ubuntu 22.04.1
@wilco375 wilco375 added the bug Something isn't working label Feb 12, 2024
@wilco375
Copy link
Author

Closed, does work if test route is defined as /test, see #1077

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wilco375