kursatkobya / libfrizz Goto Github PK

basic authentication https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication

(HTTP) Specifies a custom request method to use when communicat-
ing with the HTTP server. The specified request method will be
used instead of the method otherwise used (which defaults to
GET). Read the HTTP 1.1 specification for details and explana-
tions.

 4.3. Method Definitions ........................................24
           4.3.1. GET ................................................24
           4.3.2. HEAD ...............................................25
           4.3.3. POST ...............................................25
           4.3.4. PUT ................................................26
           4.3.5. DELETE .............................................29
           4.3.6. CONNECT ............................................30
           4.3.7. OPTIONS ............................................31
           4.3.8. TRACE ..............................................32

check https://datatracker.ietf.org/doc/html/rfc7231#page-24

(TLS) Tells frizz to use the specified certificate file to verify
the peer. The file may contain multiple CA certificates. The
certificate(s) must be in PEM format. Normally frizz is built to
use a default file for this, so this option is typically used to
alter that default file.

frizz recognizes the environment variable named 'FRIZZ_CA_BUNDLE'
if it is set, and uses the given path as a path to a CA cert
bundle. This option overrides that variable.

The windows version of frizz will automatically look for a CA
certs file named 'frizz-ca-bundle.crt', either in the same direc-
tory as frizz.exe, or in the Current Working Directory, or in any
folder along your PATH.

RUST_BACKTRACE=1 ./target/debug/frizz -D -t https://docs.rs --pretty

', /home/kursat/.cargo/registry/src/github.com-1ecc6299db9ec823/dprint-core-0.44.0/src/formatting/printer.rs:448:13
stack backtrace:
0: rust_begin_unwind
at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:515:5
1: std::panicking::begin_panic_fmt
at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:457:5
2: dprint_core::formatting::printer::Printer::validate_string
at /home/kursat/.cargo/registry/src/github.com-1ecc6299db9ec823/dprint-core-0.44.0/src/formatting/printer.rs:448:13
3: dprint_core::formatting::printer::Printer::handle_string
at /home/kursat/.cargo/registry/src/github.com-1ecc6299db9ec823/dprint-core-0.44.0/src/formatting/printer.rs:426:9
4: dprint_core::formatting::printer::Printer::handle_print_node
at /home/kursat/.cargo/registry/src/github

should support

• basic authentication
• SSL stuff
• text html json serving
• port should be defined from CLI

The port scanning feature for the time being spends time to scan ports for given target.
Currently the ports are written to stdout, the first task is to write those ports into the output file.
A progress bar showing the percentage of the operation will be written to stdout.

AC

• The scanned port numbers are written to output file.
• A unit test is added to exercise scan method.
• A progress bar exist that shows the % of the process.

write port scanner feature for frizz, get the parameters from CLI parameter

frizz -p from_port-to_port -t targethost_or_ip example

frizz -p 22-1024 -t google.com

make sure port scanner works multi threaded, open threads count of CPU e.g:8 this can be given from CLI example

frizz -tc 16 -p 22-1024 -t google.com £ which will open 16 threads

• can we add progress bar on this to show user where is frizz at.
• add a counter around progress bar to show where frizz at
• list ports with their common known usage example 80 HTTP here are the lists https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml and or https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
• make sure in case user wants UDP ports should be scanned too.

check nmap usage examples https://techtalk.gfi.com/scanning-open-ports-in-windows-part-3-nmap/ which has been around like 20 years, try to use same parameter names on CLI just for being user friendly.

at the end, test and compare nmap with frizz to see speed differences.

display transfer progress as a simple progress bar instead of the standard, more informational, meter.

should be used for POST,PUT big file or GET/download a file

Prep CI for Linux and Windows packages

• Debian https://github.com/marketplace/actions/build-deb-action
• windows https://volks73.github.io/cargo-wix/cargo_wix/index.html

long doc for linux win and mac https://www.zettlr.com/post/continuous-cross-platform-deployment-github-actions
another https://stackoverflow.com/a/57948488/175554

Describe the bug
When the given url is wrong parser throws an exception (main panicked)

» ./target/debug/frizz -D -t https/example.net
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: RelativeUrlWithoutBase', /home/kursat/devel/libfrizz/src/lib.rs:27:64
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Expected behavior
There should be a clear message given instead.

Desktop (please complete the following information):

• OS: ubuntu
• Version : 0.0

new parameter for output management

example usage https://stackoverflow.com/a/37150202/175554

Add --udp, -- tcp, --sctp options instead

Currently only port numbers are listed on scan operation. It is requested to list the ports common usage as well. An idea to do this could creating a map to well known ports with their common usage. The information regarding these can be found in following addresses:

• https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
• https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

AC

• Common ports are listed together with their protocol (optionally with their description as well)

bring the feature and documentation for checking if the target port is open. example command

frizz targetserver targetport

for windows there was telnet

telnet targetip port

shows if connected.

Describe the bug
-p option takes normally 2 u16 value and works well but i have seen some fishy bug when the latter number is huge

To Reproduce
Steps to reproduce the behavior:
check the behavioral difference of these two
./target/debug/frizz -s -t sourtimes.org --timeout 3 -c 1024 -p 80 1024
./target/debug/frizz -s -t sourtimes.org --timeout 3 -c 1024 -p 80 10000

after 1097 it seems listing all ports

Expected behavior
Dunno if this is expected, check and fix if it is not

Screenshots

./target/debug/frizz -s -t sourtimes.org --timeout 3 -c 1024 -p 80 1100                                                                            kursat@kursat
ip addr 176.53.43.30
80
443
1097
1098
1099
1100

Desktop (please complete the following information):

• OS: Ubuntu 2004

Instead of scanning a range, hold a list of well-known ports and scan only those

AC

• if no port information is given scan only well known ports

passing url parameter ranges from CLI

details: https://stackoverflow.com/a/8333999/175554 and https://everything.curl.dev/cmdline/globbing

1. ask the user if it is okay to report crashes at first install or exception
2. prepare Heroku app or GitHub repo or research alternatives for crash reports, for example, android https://firebase.google.com/products/crashlytics can be used for rust apps too.
3. crash reports should have
   • location/region info for making sure if the exception is related to any regional settings, read further https://stackoverflow.com/a/797043/175554
   • date time
   • IP address
   • OS details
   • cpu/ram details
   • parameters provided from stdargs / CLI run command with path example "C:\Users\ozkan\projects\libfrizz> .\target\debug\frizz.exe -t http://httpbin.org/get?test=2 -X GET"
   • exception stacktrace

Currently port scan has availability to filter between port number range. It would be useful to scan depending on protocol type.
check nmap parameters before implementing this https://techtalk.gfi.com/scanning-open-ports-in-windows-part-3-nmap/

tip : https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

AC

• scan only UDP ports
• scan only TCP ports

All pull requests should be

• built with no errors/warnings
• runt tests with no failures

GET request for http

• -t will be given for target url from command line
• -D --dump-header
• if -D not given print everything
• code beautify, html or json
  output should be colored

Currently port details are listed with the help of hashmap that is built by following helper code : https://github.com/kursatkobya/bite-sized-qualms/tree/main/file-parser
This approach could be faster but obviously not neat enough.

Instead we can have the file contains port details stored in the directory. When ports are matched it could be searched over the file and related information can be parsed and written to output file.

Nice to have A little benchmarking to compare with hashmap solution.

--data @file.txt file.txt should read and post to target.

Currently the port scan works within given port numbers, but if a transport protocol layer has been chosen (--udp, --tcp or --sctp) the ports belong to these protocols are scanned but the not in the range of given port numbers. This behavior should be changed to include ports only in that range.

The port numbers for transport layer protocols are fetched from corresponding sorted arrays in port_details.rs. And depending on protocol these arrays are fed to stream (check fn get_ports)

These streams should be fed only with part of the array that matches port range. A slice can be thought for instance.

clean up out_writer from 2 places,

fix test-suite, add port scan commands.

Describe the bug
"--ports 1000 1199" is not making frizz to scan 1000 to 1199 but it is still scanning MOST_COMMON_TCP_PORTS

To Reproduce
Steps to reproduce the behavior:
PS D:\Projects\libfrizz> .\target\debug\frizz.exe -s -t 129.151.67.166 --ports 1000 1199

Expected behavior
should scan the given range

Check if the result is not okay