New flag to choose reason types

m10x · m10x · commit b9b9bb43d808 · 2025-08-13T13:03:34.000+02:00
diff --git a/pkg/config.go b/pkg/config.go
@@ -21,6 +21,7 @@ type (
 		DeclineCookies          bool
 		Force                   bool
 		UseHTTP                 bool
+		ReasonTypes             string
 		CLDiff                  int
 		HMDiff                  int
 		SkipTimebased           bool
diff --git a/pkg/flags.go b/pkg/flags.go
@@ -71,6 +71,8 @@ func ParseFlags(vers string) {
 		"force", "f", false, "Perform the tests no matter if there is a cache or even the cachebuster works or not")
 	appendString(&generalOptions, &ignoreStatus,
 		"ignorestatus", "is", "", "Ignore a specific status code for cache poisoning")
+	appendString(&generalOptions, &Config.ReasonTypes,
+		"reasontypes", "rt", "body,header,status,length", "Choose which reason types to use for cache poisoning. Choose from: body (reflection in body),header (reflection in header), status (change of status code), length (change of body length). Default is 'body,header,status,length'")
 	appendInt(&generalOptions, &Config.CLDiff,
 		"contentlengthdifference", "cldiff", 5000, "Threshold for reporting possible Finding, when 'poisoned' response differs more from the original length. Default is 5000. 0 = don't check. May be prone to false positives!")
 	appendInt(&generalOptions, &Config.HMDiff,
diff --git a/pkg/requests.go b/pkg/requests.go
@@ -49,7 +49,7 @@ func getRespSplit() string {
 
 func checkPoisoningIndicators(repResult *reportResult, repCheck reportCheck, success string, body string, poison string, statusCode1 int, statusCode2 int, sameBodyLength bool, header http.Header, recursive bool) []string {
 	headersWithPoison := []string{}
-	if header != nil && poison != "" && poison != "http" && poison != "https" && poison != "nothttps" && poison != "1" { // dont check for reflection of http/https/nothttps (used by forwarded headers), 1 (used by DOS) or empty poison
+	if strings.Contains(Config.ReasonTypes, "header") && header != nil && poison != "" && poison != "http" && poison != "https" && poison != "nothttps" && poison != "1" { // dont check for reflection of http/https/nothttps (used by forwarded headers), 1 (used by DOS) or empty poison
 		for x := range header {
 			if x == RESP_SPLIT_HEADER && header.Get(x) == RESP_SPLIT_VALUE {
 				repCheck.Reason = "HTTP Response Splitting"
@@ -62,14 +62,14 @@ func checkPoisoningIndicators(repResult *reportResult, repCheck reportCheck, suc
 
 	if repCheck.Reason == "" {
 		// check for reflrection in body
-		if poison != "" && poison != "http" && poison != "https" && poison != "nothttps" && poison != "1" && strings.Contains(body, poison) { // dont check for reflection of http/https/nothttps (used by forwarded headers), 1 (used by DOS) or empty poison
+		if strings.Contains(Config.ReasonTypes, "body") && poison != "" && poison != "http" && poison != "https" && poison != "nothttps" && poison != "1" && strings.Contains(body, poison) { // dont check for reflection of http/https/nothttps (used by forwarded headers), 1 (used by DOS) or empty poison
 			repCheck.Reason = fmt.Sprintf("Reflection Body: Response Body contained poison value %s %d times", poison, strings.Count(body, poison))
 			repCheck.Occurrences = findOccurrencesWithContext(body, poison, 25)
 			// check for reflection in headers
 		} else if len(headersWithPoison) > 0 {
 			repCheck.Reason = fmt.Sprintf("Reflection Header: Response Header(s) %s contained poison value %s", strings.Join(headersWithPoison, ", "), poison)
 			// check for different status code
-		} else if statusCode1 >= 0 && statusCode1 != Config.Website.StatusCode && statusCode1 == statusCode2 {
+		} else if strings.Contains(Config.ReasonTypes, "status") && statusCode1 >= 0 && statusCode1 != Config.Website.StatusCode && statusCode1 == statusCode2 {
 			// check if status code should be ignored
 			for _, status := range Config.IgnoreStatus {
 				if statusCode1 == status || Config.Website.StatusCode == status {
@@ -104,7 +104,7 @@ func checkPoisoningIndicators(repResult *reportResult, repCheck reportCheck, suc
 				repCheck.Reason = fmt.Sprintf("Changed Status Code: Status Code %d differed from %d", statusCode1, Config.Website.StatusCode)
 			}
 			// check for different body length
-		} else if Config.CLDiff != 0 && success != "" && sameBodyLength && len(body) > 0 && compareLengths(len(body), len(Config.Website.Body), Config.CLDiff) {
+		} else if strings.Contains(Config.ReasonTypes, "length") && Config.CLDiff != 0 && success != "" && sameBodyLength && len(body) > 0 && compareLengths(len(body), len(Config.Website.Body), Config.CLDiff) {
 			if !recursive {
 				var tmpWebsite WebsiteStruct
 				var err error
