Add rate limiting

Author: grimd34th

VHostScan.py

@@ -28,6 +28,7 @@ def main():
     parser.add_argument('--unique-depth', dest='unique_depth', type=int, help='Show likely matches of page content that is found x times (default 1).', default=1)
     parser.add_argument("--ssl", dest="ssl",   action="store_true", help="If set then connections will be made over HTTPS instead of HTTP (default http).", default=False)
     parser.add_argument("--fuzzy-logic", dest="fuzzy_logic", action="store_true", help="If set then fuzzy match will be performed against unique hosts (default off).", default=False)
+	parser.add_argument("--rate-limit", dest="rate_limit", type=int, help='Amount of time in seconds between each scan (default 0).', default=0)
     parser.add_argument("--waf", dest="add_waf_bypass_headers",   action="store_true", help="If set then simple WAF bypass headers will be sent.", default=False)
     parser.add_argument("-oN",   dest="output_normal", help="Normal output printed to a file when the -oN option is specified with a filename argument." )
     parser.add_argument("-", dest="stdin", action="store_true", help="By passing a blank '-' you tell VHostScan to expect input from stdin (pipe).", default=False)
@@ -78,7 +79,7 @@ def main():
         print("[>] Ignoring Content length: %s" % (arguments.ignore_content_length))
 
     scanner = virtual_host_scanner( arguments.target_hosts, arguments.base_host, wordlist, arguments.port, arguments.real_port, arguments.ssl, 
-                                    arguments.unique_depth, arguments.ignore_http_codes, arguments.ignore_content_length, arguments.fuzzy_logic, arguments.add_waf_bypass_headers)
+                                    arguments.unique_depth, arguments.ignore_http_codes, arguments.ignore_content_length, arguments.fuzzy_logic, arguments.rate_limit, arguments.add_waf_bypass_headers)
 
     scanner.scan()
     output = output_helper(scanner, arguments)

lib/core/virtual_host_scanner.py

@@ -2,6 +2,7 @@
 import requests
 import hashlib
 import pandas as pd
+import time
 from lib.core.discovered_host import *
 
 
@@ -20,7 +21,7 @@ class virtual_host_scanner(object):
         output: folder to write output file to
     """
 
-    def __init__(self, target, base_host, wordlist, port=80, real_port=80, ssl=False, unique_depth=1, ignore_http_codes='404', ignore_content_length=0, fuzzy_logic=False, add_waf_bypass_headers=False):
+    def __init__(self, target, base_host, wordlist, port=80, real_port=80, ssl=False, unique_depth=1, ignore_http_codes='404', ignore_content_length=0, fuzzy_logic=False, rate_limit=0, add_waf_bypass_headers=False):
         self.target = target
         self.base_host = base_host
         self.port = int(port)
@@ -31,6 +32,7 @@ def __init__(self, target, base_host, wordlist, port=80, real_port=80, ssl=False
         self.unique_depth = unique_depth
         self.ssl = ssl
         self.fuzzy_logic = fuzzy_logic
+		self.rate_limit = rate_limit
         self.add_waf_bypass_headers = add_waf_bypass_headers
 
         # this can be made redundant in future with better exceptions
@@ -104,6 +106,9 @@ def scan(self):
 
             # add url and hash into array for likely matches
             self.results.append(hostname + ',' + page_hash)
+			
+			#rate limit the connection, if the int is 0 it is ignored
+			time.sleep(self.rate_limit)
 
         self.completed_scan=True