new feature of --content

lib/Engine/Fuzzer.pm

@@ -5,7 +5,7 @@ package Engine::Fuzzer {
     use Mojo::UserAgent;
 
     sub new {
-        my ($self, $timeout, $headers, $skipssl) = @_;
+        my ($self, $timeout, $headers, $skipssl, $content) = @_;
 
         my $userAgent = Mojo::UserAgent -> new() -> request_timeout($timeout) -> insecure($skipssl);
 
@@ -33,6 +33,7 @@ package Engine::Fuzzer {
                 "URL"      => $endpoint,
                 "Code"     => $response -> code(),
                 "Response" => $response -> message(),
+                "Content"  => $response -> body(),
                 "Length"   => $response -> headers() -> content_length() || "0"
             };
 

lib/Engine/FuzzerThread.pm

@@ -9,7 +9,7 @@ package Engine::FuzzerThread {
         my (
             $self, $queue, $target, $methods, $agent, $headers, $accept, 
             $timeout, $return, $payload, $json, $delay, $exclude, $skipssl,
-            $length, $dir_callback
+            $length, $content, $dir_callback
         ) = @_;
 
         my @verbs         = split (/,/, $methods);
@@ -46,16 +46,16 @@ package Engine::FuzzerThread {
 
                     next if grep(/^$status$/, @invalid_codes) || ($return && !grep(/^$status$/, @valid_codes));
                     next if $length && !($cmp -> ($result -> {Length}));
-                    
-                    my $printable = $json ? $format -> encode($result) : sprintf(
+
+                    my $message = $json ? $format -> encode($result) : sprintf(
                         "Code: %d | URL: %s | Method: %s | Response: %s | Length: %s",
                         $status, $result -> {URL}, $result -> {Method},
                         $result -> {Response} || "?", $result -> {Length}
                     );
 
-                    print $printable, "\n";
-                    sleep($delay);
+                    print $message, "\n" if !$content || $result -> {Content} =~ m/$content/;
 
+                    sleep($delay);
                     $found = 1;
                 }
             }

lib/Engine/Orchestrator.pm

@@ -20,10 +20,10 @@ package Engine::Orchestrator  {
 
                 next
             }
-            # 
-            my $fh = $list -> [0];
+
+            my $filehandle = $list -> [0];
 
-            chomp(my $line = <$fh>);
+            chomp(my $line = <$filehandle>);
 
             $wordlist_queue -> enqueue($line);
         }
@@ -59,9 +59,9 @@ package Engine::Orchestrator  {
         my ($self, $target, %options) = @_;
 
         my @current = map {
-            open(my $fh, "<$_") || die "$0: Can't open $_: $!";
+            open(my $filehandle, "<$_") || die "$0: Can't open $_: $!";
 
-            $fh
+            $filehandle
         } glob($options{wordlist});
 
         $wordlist_queue = Thread::Queue -> new();
@@ -84,6 +84,7 @@ package Engine::Orchestrator  {
                 $options{exclude},
                 $options{skipssl},
                 $options{length},
+                $options{content},
                 \&add_target
             );
         }

lib/Functions/Helper.pm

@@ -24,7 +24,8 @@ package Functions::Helper {
 			\r\t-j, --json        Display the results in JSON format
 			\r\t-W, --workflow    Pass a YML file with a fuzzing workflow
 			\r\t-S, --skip-ssl    Ignore SSL verification
-			\r\t-l, --length      Filter by content response length
+			\r\t-l, --length      Filter by the length of content response 
+			\r\t-c, --content     Filter by a string based on the content response
 			\r\t-h, --help        See this screen\n\n";
 
 		return 0;

nozaki.pl

@@ -13,6 +13,7 @@
 
 sub main {
     my ($workflow, $plugin, @targets);
+
     my %options = (
         accept   => "*/*", 
         wordlist => "wordlists/default.txt",
@@ -42,6 +43,7 @@ sub main {
         "S|skip-ssl"   => \$options{skipssl},
         "l|length=s"   => \$options{length},
         "p|plugin=s"   => \$options{plugin},
+        "c|content=s"  => \$options{content}
     );
 
     return Functions::Helper -> new() unless @targets;