Fixed a bug with the ETA, it would not produce the correct results.

Author: Blake Jacobs

.vscode/settings.json

@@ -2,6 +2,7 @@
     "editor.tabCompletion": "on",
     "diffEditor.codeLens": true,
     "rust-analyzer.linkedProjects": [
+        ".\\Cargo.toml",
         ".\\Cargo.toml",
         ".\\Cargo.toml"
     ]

Cargo.toml

@@ -2,7 +2,7 @@
 name = "pathbuster"
 authors = ["zoid", "<[email protected]>"]
 description = "A path-normalization pentesting tool."
-version = "0.5.0"
+version = "0.5.1"
 edition = "2021"
 license = "MIT"
 repository = "https://github.com/ethicalhackingplayground/pathbuster"

src/bruteforcer/mod.rs

@@ -15,6 +15,7 @@ use crate::utils;
 #[derive(Clone, Debug)]
 pub struct BruteResult {
     pub data: String,
+    pub rs: String,
 }
 
 // the Job struct which will be used as jobs for directory bruteforcing
@@ -208,9 +209,14 @@ pub async fn run_bruteforcer(
             }
         };
 
+        let content_length = match resp.content_length() {
+            Some(content_length) => content_length.to_string(),
+            None => "".to_string(),
+        };
+
         let (ok, distance_between_responses) =
             utils::get_response_change(&internal_resp_text, &public_resp_text);
-        if ok && (resp.status().as_str() == "200" || resp.status().as_str() == "401") {
+        if ok && resp.status().as_str() == "200" {
             let internal_resp_text_lines = internal_resp_text.lines().collect::<Vec<_>>();
             let public_resp_text_lines = public_resp_text.lines().collect::<Vec<_>>();
             let character_differences =
@@ -265,6 +271,7 @@ pub async fn run_bruteforcer(
             // send the result message through the channel to the workers.
             let result_msg = BruteResult {
                 data: internal_url.to_owned(),
+                rs: content_length,
             };
             let result = result_msg.clone();
             if let Err(_) = tx.send(result_msg).await {
@@ -276,6 +283,7 @@ pub async fn run_bruteforcer(
     }
     return BruteResult {
         data: "".to_string(),
+        rs: "".to_string(),
     };
 }
 

src/main.rs

@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::error::Error;
 use std::io::Write;
 use std::process::exit;
@@ -38,7 +39,7 @@ fn print_banner() {
   / /_/ / /_/ / /_/ / / / /_/ / /_/ (__  ) /_/  __/ /    
  / .___/\__,_/\__/_/ /_/_.___/\__,_/____/\__/\___/_/     
 /_/                                                          
-                     v0.5.0
+                     v0.5.1
                      ------
         path normalization pentesting tool                       
     "#;
@@ -80,7 +81,7 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync + 'static>> {
 
     // parse the cli arguments
     let matches = App::new("pathbuster")
-        .version("0.5.0")
+        .version("0.5.1")
         .author("Blake Jacobs <[email protected]>")
         .about("path-normalization pentesting tool")
         .arg(
@@ -402,7 +403,7 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync + 'static>> {
     let brute_wordlist = wordlist.clone();
     let worker_results: Vec<_> = workers.collect().await;
     let mut results: Vec<String> = vec![];
-    let mut brute_results: Vec<String> = vec![];
+    let mut brute_results: HashMap<String, String> = HashMap::new();
     for result in worker_results {
         let result = match result {
             Ok(result) => result,
@@ -477,9 +478,10 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync + 'static>> {
             Ok(result) => result,
             Err(_) => continue,
         };
+        let content_length = result.rs.clone();
         let result_data = result.data.clone();
         if result.data.is_empty() == false {
-            brute_results.push(result_data);
+            brute_results.insert(result_data, content_length);
         }
     }
 
@@ -490,7 +492,13 @@ async fn main() -> Result<(), Box<dyn Error + Send + Sync + 'static>> {
     println!("{}", "Discovered:".bold().green());
     println!("{}", "===========".bold().green());
     for result in brute_results {
-        println!("{} {}", "::".bold().green(), result.bold().white());
+        println!(
+            "{} {} {} {}",
+            "::".bold().green(),
+            result.0.bold().white(),
+            "::".bold().green(),
+            result.1.bold().white()
+        );
     }
 
     let elapsed_time = now.elapsed();