PoCInnovation · pierrelissope · Aug 13, 2024 · Aug 8, 2024 · Aug 8, 2024 · Aug 12, 2024
diff --git a/src/cli/cli.go b/src/cli/cli.go
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"bruteforce/src/matching"
 	"bruteforce/src/models"
 	"errors"
 	"flag"
@@ -17,7 +18,7 @@ func Parse_cli_args() (models.Forcing_params, error) {
 
 	// forkptr := flag.Bool("v", false, "Verbose program")
 	statusPtr := flag.String("status-codes", "200,401,403,404,429,500", "Comma-separated list of status codes to match")
-	headerPtr := flag.String("header", "", "Header to match")
+	headerPtr := flag.String("header", "", "Header to match, formatted as \"key: value\"")
 	bodyPtr := flag.String("body", "", "String to match in response body")
 	wordlistPtr := flag.String("wordlist", "", "Wordlist to bruteforce url with")
 	flag.IntVar(&params.Workers, "threads", 1, "Number of threads to be used")
@@ -37,14 +38,14 @@ func Parse_cli_args() (models.Forcing_params, error) {
 	if len(flag.Args()) < 1 {
 		return params, UrlError
 	}
+
 	params.Url = flag.Args()[0]
 	// params.BoolFlags.Verbose = *forkptr
-	params.Status = *statusPtr
-	params.Header = *headerPtr
-	params.Body = *bodyPtr
+	params.Criteria = matcher.MatchParser(*statusPtr, *headerPtr, *bodyPtr)
 	params.Wordlist = *wordlistPtr
 	if params.Wordlist == "" {
 		return params, WordListError
 	}
+
 	return params, nil
 }
diff --git a/src/main.go b/src/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"bruteforce/src/cli"
-	"bruteforce/src/matching"
 	"bruteforce/src/query"
 	"fmt"
 )
@@ -16,7 +15,5 @@ func main() {
 	}
 	fmt.Println(forcing_params)
 
-	criteria := matcher.MatchParser(&forcing_params)
-
-	query.MainRequest(&forcing_params, criteria) // maybe like this?
+	query.MainRequest(&forcing_params)
 }
diff --git a/src/matching/body.go b/src/matching/body.go
@@ -1,13 +1,14 @@
 package matcher
 
 import (
+	"bruteforce/src/models"
 	"errors"
 	"strings"
 )
 
-func matchContents(body []byte, criteria MatchCriteria) (bool, error) {
+func matchContents(body []byte, criteria models.MatchCriteria) error {
 	if criteria.BodyContains != "" && !strings.Contains(string(body), criteria.BodyContains) {
-		return false, errors.New("body content mismatch")
+		return errors.New("body content mismatch")
 	}
-	return true, nil
+	return nil
 }
diff --git a/src/matching/headers.go b/src/matching/headers.go
@@ -1,19 +1,20 @@
 package matcher
 
 import (
+	"bruteforce/src/models"
 	"fmt"
 	"log"
 	"net/http"
 	"strings"
 )
 
-func matchHeaders(resp *http.Response, criteria MatchCriteria) (bool, error) {
+func matchHeaders(resp *http.Response, criteria models.MatchCriteria) error {
 	for key, value := range criteria.Headers {
 		if resp.Header.Get(key) != value {
-			return false, fmt.Errorf("header mismatch: %s=%s\nheaders: %s", key, value, resp.Header)
+			return fmt.Errorf("header mismatch: %s=%s\nheaders: %s", key, value, resp.Header)
 		}
 	}
-	return true, nil
+	return nil
 }
 
 func parseHeaders(headersList string) map[string]string {

diff --git a/src/matching/matcher.go b/src/matching/matcher.go
@@ -2,47 +2,35 @@ package matcher
 
 import (
 	"bruteforce/src/models"
-	"io"
 	"log"
 	"net/http"
 )
 
-type MatchCriteria struct {
-	StatusCodes  []int
-	Headers      map[string]string
-	BodyContains string
-}
-
-func MatchResponse(response *http.Response, criteria MatchCriteria) (bool, string) {
-	body, err := io.ReadAll(response.Body)
-	if err != nil {
-		return false, err.Error()
-	}
-
-	if matched, err := matchStatusCode(response, criteria.StatusCodes); !matched {
-		return false, err.Error()
+func MatchResponse(response *http.Response, body []byte, criteria models.MatchCriteria) error {
+	if err := matchStatusCode(response, criteria); err != nil {
+		return err
 	}
-	if matched, err := matchHeaders(response, criteria); !matched {
-		return false, err.Error()
+	if err := matchHeaders(response, criteria); err != nil {
+		return err
 	}
-	if matched, err := matchContents(body, criteria); !matched {
-		return false, err.Error()
+	if err := matchContents(body, criteria); err != nil {
+		return err
 	}
 
-	return true, "matched successfully"
+	return nil
 }
 
-func MatchParser(params *models.Forcing_params) MatchCriteria {
-	matchCodes, err := parseStatusCodes(params.Status)
+func MatchParser(statusPtr string, headerPtr string, bodyPtr string) models.MatchCriteria {
+	matchCodes, err := parseStatusCodes(statusPtr)
 	if err != nil {
 		log.Fatal("Error parsing status codes:", err)
 	}
 
-	matchHeaders := parseHeaders(params.Header)
-	criteria := MatchCriteria{
+	matchHeaders := parseHeaders(headerPtr)
+	criteria := models.MatchCriteria{
 		StatusCodes:  matchCodes,
 		Headers:      matchHeaders,
-		BodyContains: params.Body,
+		BodyContains: bodyPtr,
 	}
 
 	return criteria

diff --git a/src/matching/status.go b/src/matching/status.go
@@ -1,26 +1,27 @@
 package matcher
 
 import (
+	"bruteforce/src/models"
 	"fmt"
 	"log"
 	"net/http"
 	"strings"
 )
 
-func matchStatusCode(resp *http.Response, matchCodes []int) (bool, error) {
+func matchStatusCode(resp *http.Response, criteria models.MatchCriteria) error {
 	isAll := false
 
-	if matchCodes[0] == 0 {
+	if criteria.StatusCodes[0] == 0 {
 		isAll = !isAll
 	} else {
-		log.Printf("Matching status codes %d...", matchCodes)
+		log.Printf("Matching status codes %d...", criteria.StatusCodes)
 	}
-	for _, code := range matchCodes {
+	for _, code := range criteria.StatusCodes {
 		if resp.StatusCode == code || isAll {
-			return true, nil
+			return nil
 		}
 	}
-	return false, fmt.Errorf("status code is %d", resp.StatusCode)
+	return fmt.Errorf("status code is %d", resp.StatusCode)
 }
 
 func parseStatusCodes(statusCodeList string) ([]int, error) {

diff --git a/src/models/models.go b/src/models/models.go
@@ -4,12 +4,16 @@ type boolflags struct {
 	Verbose bool
 }
 
+type MatchCriteria struct {
+	StatusCodes  []int
+	Headers      map[string]string
+	BodyContains string
+}
+
 type Forcing_params struct {
 	Workers   int
 	Url       string
 	Wordlist  string
 	BoolFlags boolflags
-	Status    string
-	Header    string
-	Body      string
+	Criteria  MatchCriteria
 }
diff --git a/src/query/callWorker.go b/src/query/callWorker.go
@@ -1,7 +1,6 @@
 package query
 
 import (
-	"bruteforce/src/matching"
 	"bruteforce/src/models"
 	"bruteforce/src/utils"
 	"sync"
@@ -14,7 +13,7 @@ func executeQueryFromFile(wg *sync.WaitGroup, params *models.Forcing_params, cur
 	}
 }
 
-func MainRequest(params *models.Forcing_params, criteria matcher.MatchCriteria) {
+func MainRequest(params *models.Forcing_params) {
 	wg := &sync.WaitGroup{}
 	wg.Add(params.Workers)
 	channel := make(chan string)

diff --git a/src/query/queryExecute.go b/src/query/queryExecute.go
@@ -1,6 +1,7 @@
 package query
 
 import (
+	"bruteforce/src/matching"
 	"bruteforce/src/models"
 	"fmt"
 	"io"
@@ -29,5 +30,10 @@ func QueryExecute(params *models.Forcing_params, path string, method string) {
 		log.Fatal(err)
 	}
 
-	fmt.Println(string(body))
+	if err := matcher.MatchResponse(resp, body, params.Criteria); err == nil {
+		fmt.Println(string(body))
+	} else {
+		log.Println(err)
+	}
+
 }