Added prioritized list of endpoints for the brute command and fixed base path handling for v2

Author: twest-bf

cmd/brute.go

@@ -26,6 +26,7 @@ var endpointWordlist string
 var prefixDirs []string = []string{"", "/swagger", "/swagger/docs", "/swagger/latest", "/swagger/v1", "/swagger/v2", "/swagger/v3", "/swagger/static", "/swagger/ui", "/swagger-ui", "/api-docs", "/api-docs/v1", "/api-docs/v2", "/apidocs", "/api", "/api/v1", "/api/v2", "/api/v3", "/v1", "/v2", "/v3", "/doc", "/docs", "/docs/swagger", "/docs/swagger/v1", "/docs/swagger/v2", "/docs/swagger-ui", "/docs/swagger-ui/v1", "/docs/swagger-ui/v2", "/docs/v1", "/docs/v2", "/docs/v3", "/public", "/redoc"}
 var jsonEndpoints []string = []string{"", "/index", "/swagger", "/swagger-ui", "/swagger-resources", "/swagger-config", "/openapi", "/api", "/api-docs", "/apidocs", "/v1", "/v2", "/v3", "/doc", "/docs", "/apispec", "/apispec_1", "/api-merged"}
 var javascriptEndpoints []string = []string{"/swagger-ui-init", "/swagger-ui-bundle", "/swagger-ui-standalone-preset", "/swagger-ui", "/swagger-ui.min", "/swagger-ui-es-bundle-core", "/swagger-ui-es-bundle", "/swagger-ui-standalone-preset", "/swagger-ui-layout", "/swagger-ui-plugins"}
+var priorityURLs []string = []string{"/swagger.json", "/openapi.json", "/api-docs", "/swagger", "/docs", "/api/swagger.json", "/api/openapi.json", "/api-docs/swagger.json", "/api/schema/", "/webjars/swagger-ui/index.html", "/API/swagger/ui/index", "/swagger/ui/index", "/v2/swagger.json", "/v2/openapi.json", "/v2/api-docs", "/v3/api-docs", "/v3/openapi.json", "/public/api-merged.json", "/analytics/v1/swagger", "/api.json", "/api/4.0/swagger.json", "/api/api-doc/openapi.json", "/api/api-doc/openapi.yaml", "/api/doc.json", "/api/docs.json", "/api/swagger", "/api/swagger/ui/index", "/api/v1/swagger", "/api/v2/api-docs", "/api/v2/openapi.json", "/api/v2/swagger.json", "/api/v3/api-docs", "/api/v3/apispec", "/api/workorder/openapi.json", "/apidocs", "/audiences/v1/swagger", "/audittrail/v1/swagger", "/certification/v1/swagger", "/citrixapi/store/swagger.json", "/conferencetool/v1/swagger", "/course/v1/swagger", "/dcl_swagger.yaml", "/doc/doc.json", "/doc/swagger.json", "/docs/swagger.json", "/docs/v1/swagger.json", "/ecommerce/v1/swagger", "/enrollment/v1/swagger", "/externalids/v1/swagger", "/impact/v1/swagger", "/learn/v1/swagger", "/learningplan/v1/swagger", "/manage/v1/swagger", "/management/info", "/marketplace/v1/swagger", "/messenger/v1/swagger", "/notifications/v1/swagger", "/openapi", "/openapi/spec.json", "/otj/v1/swagger", "/pages/v1/swagger", "/poweruser/v1/swagger", "/proctoring/v1/swagger", "/report/v1/swagger", "/swagger-ui/index.html", "/swagger-ui/openapi.json", "/swagger.yaml", "/swagger/0.1.0/swagger.json", "/swagger/doc.json", "/swagger/latest/swagger.json", "/swagger/swagger.json", "/swagger/test/swagger.json", "/swagger/ui/index.html", "/swagger/v1/openapiv2.json", "/swagger/v1/swagger.json", "/swagger/v2/swagger.json", "/swagger/v4/swagger.json", "/v1/openapi.json", "/v1/swagger", "/v1/swagger.json", "/swagger/docs/v1", "/swagger/docs/v1.json", "/Api/swagger/docs/v1", "/swagger/v1/swagger.json", "/api/api-docs/swagger.json", "/api/docs/", "/api/docs", "/swagger-ui"}
 
 var bruteCmd = &cobra.Command{
 	Use:   "brute",
@@ -54,10 +55,11 @@ var bruteCmd = &cobra.Command{
 		}
 		target := u.Scheme + "://" + u.Host
 		if endpointWordlist == "" {
-			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, "")...)
-			allURLs = append(allURLs, makeURLs(target, javascriptEndpoints, ".js")...)
-			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, ".json")...)
-			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, "/")...)
+			allURLs = append(allURLs, makeURLs(target, priorityURLs, "", true)...)
+			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, "", false)...)
+			allURLs = append(allURLs, makeURLs(target, javascriptEndpoints, ".js", false)...)
+			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, ".json", false)...)
+			allURLs = append(allURLs, makeURLs(target, jsonEndpoints, "/", false)...)
 		} else {
 			endpointList, err := os.Open(endpointWordlist)
 			if err != nil {
@@ -114,21 +116,31 @@ var bruteCmd = &cobra.Command{
 			}
 			// TODO: Check if (future implementation) automate flag is true and if so than call the 'sj automate' command with the discovered definition file.
 		} else {
-			log.Errorf("No definition file found for:\t%s\n", swaggerURL)
+			log.Errorf("\nNo definition file found for:\t%s\n", swaggerURL)
 		}
 	},
 }
 
-func makeURLs(target string, endpoints []string, fileExtension string) []string {
+func makeURLs(target string, endpoints []string, fileExtension string, skipPrefix bool) []string {
 	urls := []string{}
-	for _, dir := range prefixDirs {
+	if !skipPrefix {
+		for _, dir := range prefixDirs {
+			for _, endpoint := range endpoints {
+				if dir == "" && endpoint == "" {
+					continue
+				}
+				targetURL := target + dir + endpoint + fileExtension
+				urls = append(urls, targetURL)
+
+			}
+		}
+	} else {
 		for _, endpoint := range endpoints {
-			if dir == "" && endpoint == "" {
+			if endpoint == "" {
 				continue
 			}
-			targetURL := target + dir + endpoint + fileExtension
+			targetURL := target + endpoint + fileExtension
 			urls = append(urls, targetURL)
-
 		}
 	}
 	return urls

cmd/root.go

@@ -49,7 +49,7 @@ $ sj convert -u https://petstore.swagger.io/v2/swagger.json -o openapi.json`,
 			log.Error("Command not specified. See the --help flag for usage.")
 		}
 	},
-	Version: "2.0.4",
+	Version: "2.1.0",
 }
 
 func Execute() {

cmd/utils.go

@@ -62,7 +62,9 @@ func GenerateRequests(bodyBytes []byte, client http.Client) {
 			// Swagger (v2)
 			host, _ := spec["host"].(string)
 			bp, _ := spec["basePath"].(string)
-			if bp != "" {
+			if bp == "/" {
+				basePath = ""
+			} else if bp != "" {
 				basePath = bp
 			}