Struct feroxbuster::config::Configuration

pub struct Configuration {
    pub kind: String,
    pub wordlist: String,
    pub config: String,
    pub proxy: String,
    pub replay_proxy: String,
    pub target_url: String,
    pub status_codes: Vec<u16>,
    pub replay_codes: Vec<u16>,
    pub filter_status: Vec<u16>,
    pub client: Client,
    pub replay_client: Option<Client>,
    pub threads: usize,
    pub timeout: u64,
    pub verbosity: u8,
    pub silent: bool,
    pub quiet: bool,
    pub output_level: OutputLevel,
    pub auto_bail: bool,
    pub auto_tune: bool,
    pub requester_policy: RequesterPolicy,
    pub json: bool,
    pub output: String,
    pub debug_log: String,
    pub user_agent: String,
    pub redirects: bool,
    pub insecure: bool,
    pub extensions: Vec<String>,
    pub headers: HashMap<String, String>,
    pub queries: Vec<(String, String)>,
    pub no_recursion: bool,
    pub extract_links: bool,
    pub add_slash: bool,
    pub stdin: bool,
    pub depth: usize,
    pub scan_limit: usize,
    pub rate_limit: usize,
    pub filter_size: Vec<u64>,
    pub filter_line_count: Vec<usize>,
    pub filter_word_count: Vec<usize>,
    pub filter_regex: Vec<String>,
    pub dont_filter: bool,
    pub resumed: bool,
    pub resume_from: String,
    pub save_state: bool,
    pub time_limit: String,
    pub filter_similar: Vec<String>,
}

Represents the final, global configuration of the program.

This struct is the combination of the following:

• default configuration values
• plus overrides read from a configuration file
• plus command-line options

In that order.

Inspired by and derived from https://github.com/PhilipDaniels/rust-config-example

Fields

kind: String

Name of this type of struct, used for serialization, i.e. {"type":"configuration"}

wordlist: String

Path to the wordlist

config: String

Path to the config file used

proxy: String

Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)

replay_proxy: String

Replay Proxy to use for requests (ex: http(s)://host:port, socks5(h)://host:port)

target_url: String

The target URL

status_codes: Vec<u16>

Status Codes to include (allow list) (default: 200 204 301 302 307 308 401 403 405)

replay_codes: Vec<u16>

Status Codes to replay to the Replay Proxy (default: whatever is passed to --status-code)

filter_status: Vec<u16>

Status Codes to filter out (deny list)

client: Client

Instance of reqwest::Client

replay_client: Option<Client>

Instance of reqwest::Client

threads: usize

Number of concurrent threads (default: 50)

timeout: u64

Number of seconds before a request times out (default: 7)

verbosity: u8

Level of verbosity, equates to log level

silent: bool

Only print URLs (was --quiet in versions < 2.0.0)

quiet: bool

No header, no status bars

output_level: OutputLevel

more easily differentiate between the three states of output levels

auto_bail: bool

automatically bail at certain error thresholds

auto_tune: bool

automatically try to lower request rate in order to reduce errors

requester_policy: RequesterPolicy

more easily differentiate between the three requester policies

json: bool

Store log output as NDJSON

output: String

Output file to write results to (default: stdout)

debug_log: String

File in which to store debug output, used in conjunction with verbosity to dictate which logs are written

user_agent: String

Sets the User-Agent (default: feroxbuster/VERSION)

redirects: bool

Follow redirects

insecure: bool

Disables TLS certificate validation

extensions: Vec<String>

File extension(s) to search for

headers: HashMap<String, String>

HTTP headers to be used in each request

queries: Vec<(String, String)>

URL query parameters

no_recursion: bool

Do not scan recursively

extract_links: bool

Extract links from html/javscript

add_slash: bool

Append / to each request

stdin: bool

Read url(s) from STDIN

depth: usize

Maximum recursion depth, a depth of 0 is infinite recursion

scan_limit: usize

Number of concurrent scans permitted; a limit of 0 means no limit is imposed

rate_limit: usize

Number of requests per second permitted (per directory); a limit of 0 means no limit is imposed

filter_size: Vec<u64>

Filter out messages of a particular size

filter_line_count: Vec<usize>

Filter out messages of a particular line count

filter_word_count: Vec<usize>

Filter out messages of a particular word count

filter_regex: Vec<String>

Filter out messages by regular expression

dont_filter: bool

Don't auto-filter wildcard responses

resumed: bool

Scan started from a state file, not from CLI args

resume_from: String

Resume scan from this file

save_state: bool

Whether or not a scan's current state should be saved when user presses Ctrl+C

Not configurable from CLI; can only be set from a config file

time_limit: String

The maximum runtime for a scan, expressed as N[smdh] where N can be parsed into a non-negative integer and the next character is either s, m, h, or d (case insensitive)

filter_similar: Vec<String>

Filter out response bodies that meet a certain threshold of similarity

Implementations

impl Configuration

pub fn new() -> Result<Self>

Creates a Configuration object with the following built-in default values

• timeout: 5 seconds
• redirects: false
• extract-links: false
• wordlist: DEFAULT_WORDLIST
• config: None
• threads: 50
• timeout: 7 seconds
• verbosity: 0 (no logging enabled)
• proxy: None
• status_codes: DEFAULT_RESPONSE_CODES
• filter_status: None
• output: None (print to stdout)
• debug_log: None
• quiet: false
• silent: false
• auto_tune: false
• auto_bail: false
• save_state: true
• user_agent: feroxbuster/VERSION
• insecure: false (don't be insecure, i.e. don't allow invalid certs)
• extensions: None
• filter_size: None
• filter_similar: None
• filter_regex: None
• filter_word_count: None
• filter_line_count: None
• headers: None
• queries: None
• no_recursion: false (recursively scan enumerated sub-directories)
• add_slash: false
• stdin: false
• json: false
• dont_filter: false (auto filter wildcard responses)
• depth: 4 (maximum recursion depth)
• scan_limit: 0 (no limit on concurrent scans imposed)
• rate_limit: 0 (no limit on concurrent scans imposed)
• time_limit: None (no limit on length of scan imposed)
• replay_proxy: None (no limit on concurrent scans imposed)
• replay_codes: DEFAULT_RESPONSE_CODES

After which, any values defined in a ferox-config.toml config file will override the built-in defaults.

ferox-config.toml can be placed in any of the following locations (in the order shown):

• /etc/feroxbuster/
• CONFIG_DIR/ferxobuster/
• The same directory as the feroxbuster executable
• The user's current working directory

If more than one valid configuration file is found, each one overwrites the values found previously.

Finally, any options/arguments given on the commandline will override both built-in and config-file specified values.

The resulting Configuration is a singleton with a static lifetime.

Trait Implementations

impl Clone for Configuration

fn clone(&self) -> Configuration

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Configuration

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Configuration

fn default() -> Self

Builds the default Configuration for feroxbuster

impl<'de> Deserialize<'de> for Configuration

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for Configuration

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.