feat: add feroxbuster (forced browsing security tool)

Don Johnson · coolaj86 · commit a487517322b8 · 2023-11-02T18:00:44.000-06:00
diff --git a/feroxbuster/README.md b/feroxbuster/README.md
@@ -0,0 +1,47 @@
+---
+title: feroxbuster
+homepage: https://github.com/epi052/feroxbuster
+tagline: |
+  feroxbuster: A tool designed to perform Forced Browsing.
+---
+
+To update or switch versions, run `webi feroxbuster@stable` (or `@v2`, `@beta`,
+etc).
+
+### Files
+
+These are the files / directories that are created and/or modified with this
+install:
+
+```text
+~/.config/feroxbuster/ferox-config.toml
+~/.local/bin/feroxbuster
+```
+
+## Cheat Sheet
+
+> `feroxbuster` is a tool designed for Forced Browsing. Forced browsing is an
+> attack where the aim is to enumerate and access resources that are not
+> referenced by the web application but are still accessible by an attacker.
+
+To run feroxbuster:
+
+```sh
+feroxbuster -u [target]
+```
+
+### Include Headers
+
+To run feroxbuster with custom headers:
+
+```sh
+feroxbuster -u [target] -H Accept:application/json "Authorization: Bearer {token}"
+```
+
+### Proxy Traffic Through Burp
+
+To proxy traffic through Burp:
+
+```sh
+feroxbuster -u [target] --insecure --proxy http://127.0.0.1:8080
+```
diff --git a/feroxbuster/install.ps1 b/feroxbuster/install.ps1
@@ -0,0 +1,61 @@
+#!/usr/bin/env pwsh
+
+##################
+# Install feroxbuster #
+##################
+
+# Every package should define these variables
+$pkg_cmd_name = "feroxbuster"
+
+$pkg_dst_cmd = "$Env:USERPROFILE\.local\bin\feroxbuster.exe"
+$pkg_dst = "$pkg_dst_cmd"
+
+$pkg_src_cmd = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION\bin\feroxbuster.exe"
+$pkg_src_bin = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION\bin"
+$pkg_src_dir = "$Env:USERPROFILE\.local\opt\feroxbuster-v$Env:WEBI_VERSION"
+$pkg_src = "$pkg_src_cmd"
+
+New-Item "$Env:USERPROFILE\Downloads\webi" -ItemType Directory -Force | out-null
+$pkg_download = "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE"
+
+# Fetch archive
+IF (!(Test-Path -Path "$Env:USERPROFILE\Downloads\webi\$Env:WEBI_PKG_FILE"))
+{
+    echo "Downloading feroxbuster from $Env:WEBI_PKG_URL to $pkg_download"
+    & curl.exe -A "$Env:WEBI_UA" -fsSL "$Env:WEBI_PKG_URL" -o "$pkg_download.part"
+    & move "$pkg_download.part" "$pkg_download"
+}
+
+IF (!(Test-Path -Path "$pkg_src_cmd"))
+{
+    echo "Installing feroxbuster"
+
+    # TODO: create package-specific temp directory
+    # Enter tmp
+    pushd .local\tmp
+
+        # Remove any leftover tmp cruft
+        Remove-Item -Path ".\feroxbuster-v*" -Recurse -ErrorAction Ignore
+        Remove-Item -Path ".\feroxbuster.exe" -Recurse -ErrorAction Ignore
+
+        # NOTE: DELETE THIS COMMENT IF NOT USED
+        # Move single binary into root of temporary folder
+        #& move "$pkg_download" "feroxbuster.exe"
+
+        # Unpack archive file into this temporary directory
+        # Windows BSD-tar handles zip. Imagine that.
+        echo "Unpacking $pkg_download"
+        & tar xf "$pkg_download"
+
+        # Settle unpacked archive into place
+        echo "Install Location: $pkg_src_cmd"
+        New-Item "$pkg_src_bin" -ItemType Directory -Force | out-null
+        Move-Item -Path ".\feroxbuster-*\feroxbuster.exe" -Destination "$pkg_src_bin"
+
+    # Exit tmp
+    popd
+}
+
+echo "Copying into '$pkg_dst_cmd' from '$pkg_src_cmd'"
+Remove-Item -Path "$pkg_dst_cmd" -Recurse -ErrorAction Ignore | out-null
+Copy-Item -Path "$pkg_src" -Destination "$pkg_dst" -Recurse
diff --git a/feroxbuster/install.sh b/feroxbuster/install.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# shellcheck disable=SC2034
+# "'pkg_cmd_name' appears unused. Verify it or export it."
+
+__init_feroxbuster() {
+    set -e
+    set -u
+
+    ##################
+    # Install feroxbuster #
+    ##################
+
+    # Every package should define these 6 variables
+    pkg_cmd_name="feroxbuster"
+
+    pkg_dst_cmd="$HOME/.local/bin/feroxbuster"
+    pkg_dst="$pkg_dst_cmd"
+
+    pkg_src_cmd="$HOME/.local/opt/feroxbuster-v$WEBI_VERSION/bin/feroxbuster"
+    pkg_src_dir="$HOME/.local/opt/feroxbuster-v$WEBI_VERSION"
+    pkg_src="$pkg_src_cmd"
+
+    # pkg_install must be defined by every package
+    pkg_install() {
+        # ~/.local/opt/feroxbuster-v0.99.9/bin
+        mkdir -p "$(dirname "${pkg_src_cmd}")"
+
+        # mv ./feroxbuster-*/feroxbuster ~/.local/opt/feroxbuster-v0.99.9/bin/feroxbuster
+        mv ./feroxbuster "${pkg_src_cmd}"
+    }
+
+    # pkg_get_current_version is recommended, but not required
+    pkg_get_current_version() {
+        # 'feroxbuster --version' has output in this format:
+        #       feroxbuster 0.99.9 (rev abcdef0123)
+        # This trims it down to just the version number:
+        #       0.99.9
+        feroxbuster --version 2> /dev/null |
+            head -n 1 |
+            cut -d ' ' -f 2
+    }
+
+}
+
+__init_feroxbuster
diff --git a/feroxbuster/releases.js b/feroxbuster/releases.js
@@ -0,0 +1,20 @@
+'use strict';
+
+var github = require('../_common/github.js');
+var owner = 'epi052';
+var repo = 'feroxbuster';
+
+module.exports = function (request) {
+  return github(request, owner, repo).then(function (all) {
+    return all;
+  });
+};
+
+if (module === require.main) {
+  module.exports(require('@root/request')).then(function (all) {
+    all = require('../_webi/normalize.js')(all);
+    // just select the first 5 for demonstration
+    all.releases = all.releases.slice(0, 5);
+    console.info(JSON.stringify(all, null, 2));
+  });
+}
