Add Gobuster plan

[AnubisSec]

I love this project and would love to contribute to it, as small as this is, to add gobuster to the plan list. I find myself using this a lot and would love to have this included in this tool.

I've implemented it similarly to your other plans, so you should be able to just run dwn run gobuster <command line args>

Let me know if you don't think this is a good add, or if you have any questions!

Thanks a ton for this awesome project!

[leonjza]

Thank you! 🙌

One small change, please. Could you remove the first two lines, and rather add a new THANKS.md in the project root with a line that says:

- Anubis (@AnubisOnSec)

The git commit history will record you as the original author for the plan.

[leonjza]

Also, while I am thinking about this, the container you are referencing (https://hub.docker.com/r/anubissec/gobuster) is rather new, and I can't seem to find the Dockerfile easily for it. Since there is no official Docker image for gobuster I wonder if this isn't a good time to support inline Dockerfiles in the plan?

[AnubisSec]

I definitely see what you're saying. I noticed the same thing, that Gobuster doesn't have an official Dockerfile which was my main reason for making my own. I can see the issue of supporting inline Dockerfiles like that though.

Being relatively new to Docker dev stuff, I'm not totally sure the right answer. Would you rather just not support gobuster officially until there is an official Dockerfile or do you have any other suggestions?

Thanks for your help and insight!

[leonjza]

I can see the issue of supporting inline Dockerfiles like that though.

Could you elaborate on the issue you see maybe? I'm planning on adding this relatively soon actually.

Would you rather just not support gobuster officially until there is an official Dockerfile or do you have any other suggestions?

I'd love to support it! I think it's an issue one would have with many tools though (not just this one), so would like to make sure we have a big enough hammer here :D

Thanks for the discussion.

[AnubisSec]

Could you elaborate on the issue you see maybe? I'm planning on adding this relatively soon actually.

I imagine allowing users to just reference any Dockerfile could lead to issues, as opposed to using "officially" supported Dockerfile's from the tool dev's. As I type it out, I understand that the supportability of this would be pretty difficult, but I guess it's just something to consider on compatibility.

And thank you so much! I can make the Dockerfile public so it can be reviewed, and then make the THANKS.md if you'd like. If not, I can close this out while you determine next steps of supportability and just continue editing my own repo until then.

Totally up to you!

[leonjza]

I took a quick stab at adding inline Dockerfile support in this commit: https://github.com/sensepost/dwn/commit/0a9b2d1421bc9558c2710968c5e18185317a8ec1

The ffuf plan should show what I have in mind. Running it should look something like this (the file wordlist.txt is in the current working directory on my host):

❯ dwn run ffuf -u http://localhost/FUZZ -w wordlist.txt
(i) found plan for ffuf
(i) volume: /Users/leonjza/scratch/ffuf -> /data
(w) image for plan ffuf does not exist, quickly building it
(i) container for ffuf:dwnlocal built
(i) streaming container logs

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0-git
________________________________________________

 :: Method           : GET
 :: URL              : http://localhost/FUZZ
 :: Wordlist         : FUZZ: wordlist.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
________________________________________________

:: Progress: [6/6] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :: Errors: 6 ::

The ffuf plan:

name: ffuf
image: ffuf
dockerfile: |
  FROM golang:1-alpine

  RUN apk --no-cache add git && \
      go get github.com/ffuf/ffuf && \
      mkdir -p /data

  ENV PATH="/go/bin:${PATH}"

  WORKDIR /data
  VOLUME /data

  ENTRYPOINT [ "ffuf" ]
detach: false
volumes:
  .:
    bind: /data

[AnubisSec]

Ahh okay, yeah that looks really cool. I guess I was a bit confused by what you meant by inline support. I like that a lot actually!

[leonjza]

Awesome! Could you update this PR so that plan has the Dockerfile inline then we can close this off?

[AnubisSec]

Added inline for Gobuster and added the THANKS.md file you mentioned as well.

Thanks a ton for your help (and patience, a bit new to the whole Github contribution thing haha).

[leonjza]

Thank you!