gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/ffufpostprocessing
Thank you for your contribution!
[homepage]https://github.com/Damian89/ffufPostprocessing[/homepage] [tags]utils,endpoints[/tags] [short_descr]Golang tool which helps dropping the irrelevant entries from your ffuf result file.[/short_descr] [long_descr]Unfortunately - despite its "-ac" flag, ffuf tends to produce a lot of irrelevant entries. This is why this tool has been created a post-processing tool to filter out those entries. Additionally, a lot of relevant entries removed when "-ac" was used - especially when ffuf encounters json or xml files - "-ac" might drop them entirely. This tool has to be run after ffuf has finished.
This tool will initially analyse all bodies and enrich the initial results json file with the following data points:
Afterwards it will scan the entire new results file and keep only those entries which are unique based on known metadata types. If it turns out that one of those values is always different (e.g. the title of pages can vary very much) - this metadata type will be skipped for the uniqueness check.
In general this tool will always keep a small amount of entries which are not unique. For example, if the results json file contains 300x http status 403 (with words, length, ... identical) and 2 unique http status 200 responses, it won't drop all 300 http status 403 entries. It will keep X of them in the data set.[/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/79de658edddbabf04a58e35c609a43e7.png[/image]