search

tomnomnom / meg

Fetch many paths for many hosts - without killing the hosts
MIT License
1.59k stars 266 forks source link

Meg are mixing url parameters (temp fix) #73

Open intrd opened 4 years ago

intrd commented 4 years ago 
$ cat test2 
https://target.com/xxx.php?u=aaa
$ cat emptypath.txt 

$ meg -d 0 -v -L -c 50 -H 'User-Agent: Mozilla/5.0 XXXX' emptypath.txt test2 ./meg3
meg3/target.com/903b3f4440f21d48329f135f0182f1da76886bfa https://target.com?u=aaa/xxx.php (200 OK)

https://target.com/xxx.php?u=aaa become https://target.com?u=aaa/xxx.php

Thank you!

intrd commented 3 years ago

Temp fix..

@ main.go

    // send requests for each path for every host
    for _, path := range paths {
        for _, host := range hosts {

            // the host portion may contain a path prefix,
            // so we should strip that off and add it to
            // the beginning of the path.
            u, err := url.Parse(host)
            if err != nil {
                fmt.Fprintf(os.Stderr, "failed to parse host: %s\n", err)
                continue
            }

            //prefixedPath := u.Path

            u.Path = ""

            // stripping off a path means we need to
            // rebuild the host portion too
            //host = u.String()

            requests <- request{
                method:         c.method,
                host:           host,
                path:           u.Path+path,
                headers:        c.headers,
                followLocation: c.followLocation,
                body:           c.body,
                timeout:        time.Duration(c.timeout * 1000000),
            }
        }
    }