From 696ab918f1c7a75422847e11b6ddc014f94792c2 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 23 Aug 2024 20:38:10 -0400 Subject: [PATCH 1/2] optimize generate_templist --- bbot/modules/deadly/ffuf.py | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/bbot/modules/deadly/ffuf.py b/bbot/modules/deadly/ffuf.py index e0e88fbe8f..e5ac0a0db4 100644 --- a/bbot/modules/deadly/ffuf.py +++ b/bbot/modules/deadly/ffuf.py @@ -312,18 +312,29 @@ async def execute_ffuf( def generate_templist(self, prefix=None): line_count = 0 - virtual_file = [] + + if prefix: + prefix = prefix.strip().lower() + + max_lines = self.config.get("lines") + banned_set = set(self.banned_characters) + for idx, val in enumerate(self.wordlist_lines): - if idx > self.config.get("lines"): + if idx > max_lines: break - if len(val) > 0: - if val.strip().lower() in self.blacklist: - self.debug(f"Skipping adding [{val.strip()}] to wordlist because it was in the blacklist") + stripped_val = val.strip().lower() + if stripped_val: + # Check if the word is in the blacklist + if stripped_val in self.blacklist: + self.debug(f"Skipping adding [{stripped_val}] to wordlist because it was in the blacklist") else: - if not prefix or val.strip().lower().startswith(prefix.strip().lower()): - if not any(char in val.strip().lower() for char in self.banned_characters): + # Check if it starts with the given prefix (if any) + if not prefix or stripped_val.startswith(prefix): + # Check if it contains any banned characters + if not any(char in banned_set for char in stripped_val): line_count += 1 - virtual_file.append(f"{val.strip().lower()}") + virtual_file.append(stripped_val) + virtual_file.append(self.canary) return self.helpers.tempfile(virtual_file, pipe=False), line_count From 0e33cd9587995123de930684b0764f4c52b7942b Mon Sep 17 00:00:00 2001 From: liquidsec Date: Sat, 24 Aug 2024 08:59:09 -0400 Subject: [PATCH 2/2] variable cleanup --- bbot/modules/deadly/ffuf.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bbot/modules/deadly/ffuf.py b/bbot/modules/deadly/ffuf.py index e5ac0a0db4..8995dd3dca 100644 --- a/bbot/modules/deadly/ffuf.py +++ b/bbot/modules/deadly/ffuf.py @@ -28,13 +28,13 @@ class ffuf(BaseModule): deps_common = ["ffuf"] - banned_characters = [" "] - + banned_characters = set([" "]) blacklist = ["images", "css", "image"] in_scope_only = True async def setup(self): + self.canary = "".join(random.choice(string.ascii_lowercase) for i in range(10)) wordlist_url = self.config.get("wordlist", "") self.debug(f"Using wordlist [{wordlist_url}]") @@ -318,7 +318,6 @@ def generate_templist(self, prefix=None): prefix = prefix.strip().lower() max_lines = self.config.get("lines") - banned_set = set(self.banned_characters) for idx, val in enumerate(self.wordlist_lines): if idx > max_lines: @@ -332,7 +331,7 @@ def generate_templist(self, prefix=None): # Check if it starts with the given prefix (if any) if not prefix or stripped_val.startswith(prefix): # Check if it contains any banned characters - if not any(char in banned_set for char in stripped_val): + if not any(char in self.banned_characters for char in stripped_val): line_count += 1 virtual_file.append(stripped_val)