From 9fcf0d34b57468fe593e8e00a3a8fbeeec7c44b0 Mon Sep 17 00:00:00 2001 From: bjhulst Date: Mon, 13 Jul 2020 08:27:34 +0300 Subject: [PATCH 1/4] Update util.go --- pkg/ffuf/util.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/ffuf/util.go b/pkg/ffuf/util.go index ef12ffc0..958a4e2a 100644 --- a/pkg/ffuf/util.go +++ b/pkg/ffuf/util.go @@ -2,6 +2,7 @@ package ffuf import ( "math/rand" + "time" ) //used for random string generation in calibration function @@ -9,6 +10,7 @@ var chars = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") //RandomString returns a random string of length of parameter n func RandomString(n int) string { + rand.Seed(time.Now().UnixNano()) s := make([]rune, n) for i := range s { s[i] = chars[rand.Intn(len(chars))] From bffba0fc3ac07cb340e9aa2aa49434c087c5bee2 Mon Sep 17 00:00:00 2001 From: bjhulst Date: Mon, 13 Jul 2020 13:36:52 +0300 Subject: [PATCH 2/4] Update job.go rand.Seed updated just before usage --- pkg/ffuf/job.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/ffuf/job.go b/pkg/ffuf/job.go index 0fb65fbd..a72e569b 100644 --- a/pkg/ffuf/job.go +++ b/pkg/ffuf/job.go @@ -331,6 +331,7 @@ func (j *Job) handleRecursionJob(resp Response) { //CalibrateResponses returns slice of Responses for randomly generated filter autocalibration requests func (j *Job) CalibrateResponses() ([]Response, error) { cInputs := make([]string, 0) + rand.Seed(time.Now().UnixNano()) if len(j.Config.AutoCalibrationStrings) < 1 { cInputs = append(cInputs, "admin"+RandomString(16)+"/") cInputs = append(cInputs, ".htaccess"+RandomString(16)) From 5006e999bbc9b7dc9d6c1dab611dec53c0215937 Mon Sep 17 00:00:00 2001 From: bjhulst Date: Mon, 13 Jul 2020 13:37:27 +0300 Subject: [PATCH 3/4] Update util.go revert --- pkg/ffuf/util.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/ffuf/util.go b/pkg/ffuf/util.go index 958a4e2a..ef12ffc0 100644 --- a/pkg/ffuf/util.go +++ b/pkg/ffuf/util.go @@ -2,7 +2,6 @@ package ffuf import ( "math/rand" - "time" ) //used for random string generation in calibration function @@ -10,7 +9,6 @@ var chars = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") //RandomString returns a random string of length of parameter n func RandomString(n int) string { - rand.Seed(time.Now().UnixNano()) s := make([]rune, n) for i := range s { s[i] = chars[rand.Intn(len(chars))] From 9fed343fcc1b4b157123d65c3e995bb5227c1555 Mon Sep 17 00:00:00 2001 From: bjhulst <30053806+bjhulst@users.noreply.github.com> Date: Thu, 23 Jul 2020 12:23:39 +0300 Subject: [PATCH 4/4] Updated CHANGELOG.MD with a description of the bug fix. --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc2d0227..a0e67a3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,8 @@ - New CLI flag `-maxtime-job` to set max. execution time per job. - Changed behaviour of `-maxtime`, can now be used for entire process. - Changed - + - Fixed a bug related to the autocalibration feature making the random seed initialization also to take place before autocalibration needs it. + - v1.0.2 - Changed - Write POST request data properly to file when ran with `-od`.