diff --git a/bbot/modules/deadly/ffuf.py b/bbot/modules/deadly/ffuf.py index f5f09fd46..cadaf4990 100644 --- a/bbot/modules/deadly/ffuf.py +++ b/bbot/modules/deadly/ffuf.py @@ -265,6 +265,9 @@ async def execute_ffuf( command.append("-mc") command.append("all") + for hk, hv in self.scan.config.get("http_headers", {}).items(): + command += ["-H", f"{hk}: {hv}"] + async for found in self.helpers.run_live(command): try: found_json = json.loads(found) diff --git a/bbot/test/test_step_2/module_tests/test_module_ffuf.py b/bbot/test/test_step_2/module_tests/test_module_ffuf.py index 96756e7b2..8c48f353b 100644 --- a/bbot/test/test_step_2/module_tests/test_module_ffuf.py +++ b/bbot/test/test_step_2/module_tests/test_module_ffuf.py @@ -43,3 +43,24 @@ async def setup_before_prep(self, module_test): def check(self, module_test, events): assert any(e.type == "URL_UNVERIFIED" and "console" in e.data for e in events) assert not any(e.type == "URL_UNVERIFIED" and "11111111" in e.data for e in events) + + +class TestFFUFHeaders(TestFFUF): + test_wordlist = ["11111111", "console", "junkword1", "zzzjunkword2"] + config_overrides = { + "modules": {"ffuf": {"wordlist": tempwordlist(test_wordlist), "extensions": "php"}}, + "http_headers": {"test": "test2"}, + } + + async def setup_before_prep(self, module_test): + expect_args = {"method": "GET", "headers": {"test": "test2"}, "uri": "/console.php"} + respond_args = {"response_data": "alive admin page"} + module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args) + + expect_args = {"method": "GET", "uri": "/"} + respond_args = {"response_data": "alive"} + module_test.set_expect_requests(expect_args=expect_args, respond_args=respond_args) + + def check(self, module_test, events): + assert any(e.type == "URL_UNVERIFIED" and "console" in e.data for e in events) + assert not any(e.type == "URL_UNVERIFIED" and "11111111" in e.data for e in events)