V1.0.9

Author: ImAyrix

README.md

@@ -49,6 +49,8 @@ CONFIGURATIONS:
    -ct, -crawl-duration value  maximum duration to crawl the target
    -hl, -headless              Discover parameters with headless browser
    -H, -header "Name: Value"   Header "Name: Value", separated by colon. Multiple -H flags are accepted.
+   -X, -method string          HTTP method to use (default "GET")
+   -b, -body string            POST data
 
 OUTPUT:
    -o, -output string    File to write output to (default "parameters.txt")
@@ -81,6 +83,12 @@ The URLs you provide might require a specific header to open or may return a dif
 fallparams -u "https://target.tld/profile/edit" -H "Cookie: auth=token" -H "Role: Admin"
 ```
 
+### POST data
+If your target responds differently when a POST request with a specific value is sent, you can execute the fallparams command using the following method:
+```bash
+fallparams -u "https://target.tld/path" -X POST -b "param=value" -H "Content-Type: application/x-www-form-urlencoded"
+```
+
 ### Headless
 Many modern websites utilize JavaScript to dynamically generate their DOM, leading to variations between HTTP responses and browser DOM. To bridge this disparity, employing the headless switch can be advantageous.
 ```bash

funcs/active/request.go

@@ -1,6 +1,7 @@
 package active
 
 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"github.com/ImAyrix/fallparams/funcs/opt"
@@ -18,7 +19,7 @@ func SendRequest(link string, myOptions *opt.Options) (*http.Response, string) {
 		Timeout: 60 * time.Second,
 	}
 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-	req, err := http.NewRequest("GET", link, nil)
+	req, err := http.NewRequest(strings.ToUpper(myOptions.RequestHttpMethod), link, bytes.NewBuffer([]byte(myOptions.RequestBody)))
 	if err != nil {
 		return nil, "temp"
 	}
@@ -28,6 +29,7 @@ func SendRequest(link string, myOptions *opt.Options) (*http.Response, string) {
 	req.Header.Set("Sec-Fetch-Mode", "navigate")
 	req.Header.Set("Sec-Fetch-Site", "none")
 	req.Header.Set("Sec-Fetch-User", "?1")
+	req.Header.Set("User-Agent", "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0")
 	req.Header.Set("Referer", link)
 
 	if len(myOptions.CustomHeaders) != 0 {

funcs/opt/options.go

@@ -20,4 +20,6 @@ type Options struct {
 	MaxLength          int
 	MinLength          int
 	DisableUpdateCheck bool
+	RequestHttpMethod  string
+	RequestBody        string
 }

funcs/validate/options.go

@@ -21,6 +21,18 @@ func Options(options *opt.Options) error {
 	if options.InputDIR != "" && options.CrawlMode {
 		return errorutil.New("crawl mode (-crawl) and offline mode (-directory) cannot be used together")
 	}
+	if options.RequestHttpMethod != "" && options.CrawlMode {
+		return errorutil.New("crawl mode (-crawl) and custom request method (-method) cannot be used together")
+	}
+	if options.RequestHttpMethod != "" && options.Headless {
+		return errorutil.New("headless mode (-headless) and custom request method (-method) cannot be used together")
+	}
+	if options.RequestBody != "" && options.CrawlMode {
+		return errorutil.New("crawl mode (-crawl) and custom request body (-body) cannot be used together")
+	}
+	if options.RequestHttpMethod != "" && options.Headless {
+		return errorutil.New("headless mode (-headless) and custom request body (-body) cannot be used together")
+	}
 	if options.MaxLength <= 0 {
 		return errorutil.New("the maximum length (-max-length) must be greater than 0.")
 	}

funcs/validate/urls.go

@@ -22,6 +22,10 @@ func Clear(links []string) []string {
 			}
 		}
 
+		if !IsUrl(link) {
+			isGoodUrl = false
+		}
+
 		if isGoodUrl {
 			result = append(result, link)
 		}

main.go

@@ -16,7 +16,7 @@ var (
 )
 
 const (
-	VERSION = "1.0.8"
+	VERSION = "1.0.9"
 )
 
 func ReadFlags() *goflags.FlagSet {
@@ -39,6 +39,8 @@ func ReadFlags() *goflags.FlagSet {
 		flagSet.DurationVarP(&myOptions.CrawlDuration, "crawl-duration", "ct", 0, "maximum duration to crawl the target"),
 		flagSet.BoolVarP(&myOptions.Headless, "headless", "hl", false, "Discover parameters with headless browser"),
 		flagSet.VarP(&myOptions.CustomHeaders, "header", "H", "Header `\"Name: Value\"`, separated by colon. Multiple -H flags are accepted."),
+		flagSet.StringVarP(&myOptions.RequestHttpMethod, "method", "X", "GET", "HTTP method to use"),
+		flagSet.StringVarP(&myOptions.RequestBody, "body", "b", "", "POST data"),
 	)
 
 	createGroup(flagSet, "output", "Output",