fixed deadlock, fixed JSON bug, improved prints

Author: Maximilian Hildebrand

pkg/flags.go

@@ -133,9 +133,9 @@ func ParseFlags(vers string) {
 
 	// Wordlist Options
 	appendString(&wordlistOptions, &Config.HeaderWordlist,
-		"headerwordlist", "hw", "wordlists/top-headers", "Wordlist for headers to test. Default path is 'wordlists/top-headers'")
+		"headerwordlist", "hw", "wordlists/headers", "Wordlist for headers to test. Default path is 'wordlists/top-headers'")
 	appendString(&wordlistOptions, &Config.QueryWordlist,
-		"parameterwordlist", "pw", "wordlists/top-parameters", "Wordlist for query parameters to test. Default path is 'wordlists/top-parameters'")
+		"parameterwordlist", "pw", "wordlists/parameters", "Wordlist for query parameters to test. Default path is 'wordlists/top-parameters'")
 
 	flag.CommandLine.Usage = help
 

pkg/recon.go

@@ -71,15 +71,15 @@ func cbFoundDifference(times []int64, identifier string) {
 		for i := 0; i < len(times); i += 2 {
 			dif := times[i] - times[i+1]
 			if dif < int64(Config.HMDiff) {
-				msg := fmt.Sprintf("The time difference (%d) was smaller than the threshold (%d)", dif, Config.HMDiff)
-				Print(msg, Yellow)
+				msg := fmt.Sprintf("The time difference (%d) was smaller than the threshold (%d)\n", dif, Config.HMDiff)
+				PrintVerbose(msg, White, 2)
 				timeFalseNeg = append(timeFalseNeg, dif)
 				addFalseNeg()
 				return
 			}
 		}
 	} else {
-		msg := fmt.Sprintf("%s: len(times) mod 2 != 0", identifier)
+		msg := fmt.Sprintf("%s: len(times) mod 2 != 0\n", identifier)
 		Print(msg, Yellow)
 	}
 }

pkg/report.go

@@ -64,7 +64,7 @@ func GenerateReport(report Report, currentDate string) {
 	var file *os.File
 	defer file.Close()
 
-	file, err := os.OpenFile(reportPath, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(reportPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
 		msg := "Report: " + err.Error() + "\n"
 		PrintFatal(msg)

pkg/request_smuggling.go

@@ -296,7 +296,7 @@ func httpRequestSmuggling(req string, result *reportResult, proxyUrl *url.URL) {
 				Print(msg, Green)
 			} else {
 				msg = "Response:" + resp + "Request didn't time out and therefore *likely* isn't vulnerable to this Request Smuggling technique.\n"
-				Print(msg, Yellow)
+				PrintVerbose(msg, White, 2)
 			}
 			return
 		}

pkg/requests.go

@@ -72,8 +72,10 @@ func checkPoisoningIndicators(repResult *reportResult, request reportRequest, su
 
 	if request.Reason == "" {
 		// To prevent false positives and too many requests
-		m2.Lock()
-		defer m2.Unlock()
+		if !recursive {
+			m2.Lock()
+			defer m2.Unlock()
+		}
 
 		if poison != "" && strings.Contains(body, poison) {
 			request.Reason = "Response Body contained " + poison

wordlists/headers

@@ -1115,4 +1115,4 @@ xxx-real-ip
 xxxxxxxxxxxxxxx
 y
 zotero-api-version
-zotero-write-token
+zotero-write-token