v0.3d-1

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog #
 
+## 0.3d-1 ##
+* Improved error handling for reset connections, HTTP/1-only targets, targets that do not exist and TLS errors.
+
 ## 0.3d ##
 * A list of extensions can be given to be scanned, separated by a semicolon, with `-x`. For example, `-x '.php;.js;blank;/'` will check for .php, .js, blank and / file endings. Note that the `blank` keyword is used to signify no file ending.
 * Improved target parsing (`-u`).

README.md

@@ -1,4 +1,4 @@
-# h2buster (v0.3d) #
+# h2buster (v0.3d-1) #
 A threaded, recursive, web directory brute-force scanner over HTTP/2 using [hyper](https://github.com/Lukasa/hyper), inspired by [Gobuster](https://github.com/OJ/gobuster).
 
 ## Features ##
@@ -40,5 +40,4 @@ arguments:
 ```
 
 ## Contributing ##
-
 Check the [TODO](TODO.md) file for a list of features that need work.

TODO.md

@@ -1,5 +1,4 @@
 ## Planned features/future updates ##
-* Improve error handling (right now it is sort of ugly when something breaks).
 * Indicate response codes for redirection targets. Maybe add this as an option as it could slow things down. The same connection could be reused to do this if certain rules are met for the redirection location ([HTTP/2 coalescing](https://daniel.haxx.se/blog/2016/08/18/http2-connection-coalescing/))
 * Check if a found directory is listable before scanning it. [dirb](https://gitlab.com/kalilinux/packages/dirb/) does this accurately, perhaps ideas can be taken from there.
 * Add command line options for more functionality. Some ideas:

h2buster.py

@@ -2,10 +2,12 @@
 import threading, queue, multiprocessing
 import ssl, sys, time, argparse
 import platform
+from socket import gaierror
+from ssl import SSLError
 
 # Metadata variables
 __author__ = "https://github.com/00xc/"
-__version__ = "0.3d"
+__version__ = "0.3d-1"
 
 PROGRAM_INFO = "h2buster: an HTTP/2 web directory brute-force scanner."
 DASHLINE = "------------------------------------------------"
@@ -160,10 +162,7 @@ def h2_connect(s, ip, port):
 		conn = hyper.HTTP20Connection(ip, port=port, ssl_context=ctx, enable_push=False)
 	elif s == TLS_OFF:
 		conn = hyper.HTTP20Connection(ip, port=port, enable_push=False)
-	try: conn.connect()
-	except AssertionError:
-		conn.close()
-		sys.exit(colorstring("[-] H2 not supported for that target.", status="ERROR"))
+	conn.connect()
 	return conn
 
 # Function: main scan function. Starts up a number of processes which handle their own h2 connection and sends them entries to scan
@@ -267,8 +266,8 @@ def thread_worker(conn, inwork, output):
 	args = read_inputs(PROGRAM_INFO, opts, h, defaults, mvar)
 
 	# Set NOCOLOR as global constant so colorstring() knows what to do
-	if platform.system() != "Windows": NOCOLOR = args.nc
-	else: NOCOLOR = True
+	if platform.system() == "Linux" or platform.system() == "Darwin":
+		NOCOLOR = args.nc
 
 	# Input checking
 	try:
@@ -289,15 +288,22 @@ def thread_worker(conn, inwork, output):
 	# Parse target URL
 	s, ip, port, start_dir = parse_target(args.u)
 
-	# Check if target accepts requests and supports H2.
-	conn = h2_connect(s, ip, port)
+	# Check if target is valid
 	try:
-		sid = conn.request("HEAD", "/")
+		conn = h2_connect(s, ip, port)
+		sid = conn.request("HEAD", start_dir)
 		resp = conn.get_response(sid)
 	except ConnectionResetError:
-		sys.exit(colorstring("[-] Connection reset. Are you sure target supports HTTP/2?", status="ERROR"))
-	finally:
 		conn.close()
+		sys.exit(colorstring("[-] Connection reset. Are you sure the target supports HTTP/2?", status="ERROR"))
+	except AssertionError:
+		sys.exit(colorstring("[-] HTTP/2 not supported for that target.", status="ERROR"))
+	except gaierror:
+		sys.exit(colorstring("[-] Could not get address information. Are you sure the target exists?", status="ERROR"))
+	except SSLError:
+		sys.exit(colorstring("[-] Unkown TLS error.", status="ERROR"))
+
+	conn.close()
 	print(colorstring("[+] Target supports HTTP/2", status=200))
 
 	# Print info
@@ -314,4 +320,4 @@ def thread_worker(conn, inwork, output):
 	# Start main scan which will call itself for each found directory
 	main_scan(s, ip, port, start_dir, args, 0)
 
-	print(colorstring("\n[*] Program ran in " + timestamp(t0) + " seconds", status="INFO"))
+	print(colorstring("\n[*] Program ran in " + timestamp(t0) + " seconds", status="INFO"))