Feature Request: Progress

[riramar]

Thanks a lot for such amazing tool and I'd like to know if you have in your roadmap any "progress" feature. Something like we have on gobuster example below.

Progress: 26 / 93381 (0.03%)

[deibit]

Hi Ricardo. There is one already implemented (the ETA is not very accurate yet). Did you pull the last version?

Thanks for using it. BTW, I'm planning to heavy rewrite some parts this summer.

[riramar]

I've installed following the README instructions (git clone --depth=1 https://github.com/deibit/cansina) but I cannot see the progress like you. From the difference between your output and mine it seems if you ban another code (e.g. 403) it'll disappear with the progress.

[riramar]

Actually I did a test point to my own domain and I was able to see the progress. Not sure why just for this host. If I find the issue I'll let you know.

[riramar]

Noticed that for that host when I banned 403 the progress apear only on 404 responses. Since most of the responses were 403 I couldn't see the progress all the time. It seems the solution would be add the progress for all responses banned. I'll if I can take a look on the source code later.

404 | 762 | 53356 | 410 | text/html | [57%]

[riramar]

Can I combined -b with -s? It doesn't seems be work to me. Passing "-b 403 -s 762" I'm still seeing responses with size 762.

404 | 762 | 1 | 355 | text/html | [ 0%] - 00h00m00s - https://...

I usually filter that with egrep -v but a native feature is much better. :)

[deibit]

Yes, you can mix them. I already filter by size and is working for me. But I just banned 403 only and can confirm is not filtering by size, so I'll fill a issue. Thanks.

[deibit]

Noticed that for that host when I banned 403 the progress apear only on 404 responses. Since most of the responses were 403 I couldn't see the progress all the time. It seems the solution would be add the progress for all responses banned. I'll if I can take a look on the source code later.

404 | 762 | 53356 | 410 | text/html | [57%]

I've been taking a look on this issue and it appears to be an overwhelmed flood on console output (due to not filtering 404's codes) that it is unmanageable.

Having a test condition like this: "and task.response_size % 10 == 0:", makes the progress appears again.

It is rare someone is interested in not filtering 404 codes (well, in pentest we know corner cases are not so rare :)

Nevertheless, this is not the way a program should behave and I'll put in on the backburner for a later consideration.