search

bitquark / shortscan

An IIS short filename enumeration tool
MIT License
814 stars 79 forks source link

Results output - Feature request #10

Closed nigawtester closed 9 months ago

nigawtester commented 10 months ago

Hi, I am working on a site and using shortscan. I get a list of 40-50 possible files and folders with different extensions. Could you add a flag to output the results in an organised matter so that they can be used in Burp Intruder or FFUF. Example output:

ACTIVi~2.ASP         ACTIVI?.ASP? 
DATAPR~2.ASP         DATAPR?.ASP? 
RISKRE~2.ASP         RISKRE?.ASP? 
RISKGR~2.ASM         RISKGR?.ASM? 
RISKIN~2.ASP         RISKIN?.ASP? 
ZENDES~1.ASH         ZENDES?.ASH?

I would like an output similar to this (sorted and unique), if possible (printed to terminal or stored in txt files):

ASP? files (might require some fuzzing as these are not complete names):
ACTIVI
DATAPR
RISKRE
RISKIN

ASH? files  (might require some fuzzing as these are not complete names):
ZENDES

Folders  (might require some fuzzing as these are not complete names):
TMP
usersd

Known files:
test.aspx
test123.aspx

Known folders:
javascript
js

This way, it is much easier to go to the next step and ffuz.

Thanks <3

bitquark commented 9 months ago

I've just added support for JSON output via --output json (or -o json) so it should be much easier now to parse and customise the output as desired :page_facing_up: