Documentation
¶
Overview ¶
Package config loads and applies PSFuzz configuration from CLI flags, optional JSON file (-cf), and presets.
Index ¶
- Constants
- func Banner() string
- func EffectiveMaxResponseSize(cfg *Config) int
- func Help() string
- func MatchAnyRange(ranges []Range, v int) bool
- func ParseCSV(raw string) []string
- func ParseEncoders(raw string) map[string][]string
- func ParseExploreAIWordlistMap(raw string) map[string]string
- func ParseKV(raw string, sep string) map[string]string
- func Save(cfg *Config, path string) error
- type Config
- type Range
- type ResolvedWordlist
- type StatusRange
- type WordlistSpec
Constants ¶
const ( DefaultPayloadURL = "https://raw.githubusercontent.com/Proviesec/directory-payload-list/main/directory-full-list.txt" FavPayloadURL = "https://raw.githubusercontent.com/Proviesec/directory-files-payload-lists/main/directory-proviesec-favorite-list.txt" SubdomainPayloadURL = "https://raw.githubusercontent.com/Proviesec/subdomain_wordlist/main/subdomain_good-large_wordlist.txt" )
const DefaultMaxResponseSizeCap = 10 * 1024 * 1024
DefaultMaxResponseSizeCap is the response body size cap (10 MiB) used when MaxResponseSize is 0. When -max-size 0 (default), responses are limited to this size to avoid memory exhaustion from large or streaming bodies.
const Version = "1.0.0"
Version is the current PSFuzz version (semver).
Variables ¶
This section is empty.
Functions ¶
func EffectiveMaxResponseSize ¶
EffectiveMaxResponseSize returns the limit to use for reading response bodies. If MaxResponseSize is 0, returns DefaultMaxResponseSizeCap; otherwise returns MaxResponseSize.
func MatchAnyRange ¶
func ParseEncoders ¶
ParseEncoders parses encoder spec string into keyword -> encoder chain. Format: "KEYWORD:enc1,enc2;OTHER:enc3" (semicolon separates keywords, comma separates encoder chain).
func ParseExploreAIWordlistMap ¶
ParseExploreAIWordlistMap parses "name:path_or_url,name2:path2" into a map. Keys are lowercased for lookup.
Types ¶
type Config ¶
type Config struct {
URL string
URLs []string
Wordlist string
Wordlists []WordlistSpec
Extensions []string
UseDefaultExtensions bool
InputMode string
IgnoreWordlistComments bool
AutoWildcard bool
MaxResponseSize int
MinResponseSize int
SaveConfigPath string
Concurrency int
Depth int
RecursionSmart bool
RecursionStatus []StatusRange
FollowRedirects bool
OutputBase string
OutputFormat string
ThrottleRPS int
Timeout time.Duration
DelayMin time.Duration
DelayMax time.Duration
ConfigFilePath string
FilterStatus []StatusRange
FilterStatusNot []StatusRange
FilterLength []Range
FilterLengthNot []Range
FilterWords []Range
FilterWordsNot []Range
FilterLines []Range
FilterLinesNot []Range
FilterTime []Range
FilterTimeNot []Range
FilterMatchWord string
FilterMatchRegex *regexp.Regexp
FilterMatchRegexNot *regexp.Regexp
FilterRegexTextOnly bool
FilterContentTypes []string
FilterDuplicates bool
DuplicateThreshold int
NearDuplicates bool
NearDuplicateLenBucket int
NearDuplicateWordBucket int
NearDuplicateLineBucket int
BlockWords []string
InterestingStrings []string
ShowStatus bool
OnlyDomains bool
CheckBackslash bool
Bypass bool
BypassTooManyRequests bool
FilterTestLength bool
FilterWrongStatus200 bool
FilterWrongSubdomain bool
FilterPossible404 bool
AutoCalibrate bool
AutoCalibrateN int
RequestHeaders map[string]string
RequestCookies map[string]string
RequestUserAgent string
RandomUserAgent bool
RandomizeWordlistCase string
RequestMethod string
RequestData string // inline body template, or content loaded from RequestDataPath
RequestDataPath string // when set, body was loaded from this file (-d @path); saved as "@path" in config
Proxy string
RequestFile string
ReplayProxy string
ReplayOnMatch bool
RequestProto string
ProxyUser string
ProxyPass string
ResumeFile string
ResumeEvery int
Verbs []string
AutoVerbs bool
StopOnStatus []Range
StopOnErrors bool
StopOnMatches int
BypassBudget int
BypassRatioLimit float64
WAFAdaptive bool
WAFSlowdownThreshold int
WAFSlowdownFactor float64
JitterProfile bool
JitterThresholdMS int
JitterFactor float64
BasicAuthUser string
BasicAuthPass string
SafeMode bool
AllowedHosts []string
ExcludePaths []string
Quiet bool
DumpResponses bool
DumpDir string
RetryCount int
RetryBackoff time.Duration
GeneratePayload bool
GeneratePayloadLength int
ModuleConfig modules.Config // module-related settings; defined in internal/modules to keep modules separate
MaxTime int // max scan duration in seconds (0 = disabled)
MaxTimeJob int // max duration per task in seconds (0 = disabled)
RecursionStrategy string // "default" or "greedy"
UseHTTP2 bool
VHostFuzz bool
AuditLogPath string // if set, log every request+response to this file (NDJSON)
AuditMaxBodySize int // max request/response body size to store in audit log (0 = no limit)
InsecureSkipVerify bool // skip TLS certificate verification (-insecure)
LoginURL string // if set, perform login once and use session cookies for all requests
LoginMethod string // HTTP method for login (default POST)
LoginUser string // form field username (or use login-body for custom)
LoginPass string // form field password
LoginBody string // raw body for login (overrides user/pass form); may contain placeholders
LoginContentType string // Content-Type for login (default application/x-www-form-urlencoded)
Encoders map[string][]string // keyword -> encoder chain (e.g. FUZZ -> [urlencode, base64encode])
ExploreAI bool // if true, probe base URL, fingerprint+headers, call AI backend (openai/ollama/gemini) for wordlist recommendation, then run scan
ExploreAIWordlistsDir string // if set with ExploreAI, wordlist is resolved from this dir (suggested_wordlist or wordlist_type.txt) and scan runs with it
ExploreAIWordlistMap map[string]string // optional: name (e.g. wordpress, typo3) -> path or URL; checked before ExploreAIWordlistsDir
ExploreAIProfile string // quick | balanced | thorough; influences AI suggestion (wordlist size, extensions)
ExploreAINoCache bool // if true, do not read or write Explore AI cache (fresh API call every time)
ExploreAIProvider string // openai | ollama | gemini; which AI backend to use
ExploreAIEndpoint string // optional: override API base URL (e.g. Ollama http://localhost:11434, or proxy for OpenAI)
ExploreAIModel string // optional: model name (e.g. gpt-4o-mini, llama3.1, gemini-1.5-flash)
ExploreAIMaxTokens int // max tokens for Explore AI response (0 = use default 500)
}
Config holds all PSFuzz options: target URLs, wordlist, filters, request settings, modules, and explore-AI options.
type Range ¶
Range represents a min-max integer range (e.g. for status codes or response length).
func ParseRanges ¶
type ResolvedWordlist ¶
func ResolveWordlists ¶
func ResolveWordlists(ctx context.Context, cfg *Config) ([]ResolvedWordlist, error)
ResolveWordlists resolves wordlist specs (paths, URLs, or built-in names) using cfg. ctx is used for HTTP requests when fetching remote wordlists; cancellation or timeout applies.
type StatusRange ¶
type StatusRange = Range
StatusRange is an alias for Range used for HTTP status code ranges.
func ParseStatusRanges ¶
func ParseStatusRanges(raw string) ([]StatusRange, error)
type WordlistSpec ¶
WordlistSpec describes a single wordlist source and its placeholder keyword.
func ParseWordlistSpecs ¶
func ParseWordlistSpecs(raw string) []WordlistSpec
ParseWordlistSpecs parses a comma-separated list of wordlist specs. Each spec may be "path" or "path:keyword". Uses the last colon to split path and keyword so Windows paths like C:\wordlists\file.txt:FUZZ work (path=C:\wordlists\file.txt, keyword=FUZZ). If the part after the last colon contains \ or /, it is treated as part of the path (e.g. C:\file.txt).
Source Files