--screenshot-filter option

sensepost · Jan 1, 2025 · eb79273 · eb79273
1 parent db5d3fc
commit eb79273
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/cmd/scan.go b/cmd/scan.go
@@ -149,6 +149,7 @@ func init() {
 	scanCmd.PersistentFlags().BoolVar(&opts.Scan.SaveContent, "save-content", false, "Save content from network requests to the configured writers. WARNING: This flag has the potential to make your storage explode in size")
 	scanCmd.PersistentFlags().BoolVar(&opts.Scan.SkipHTML, "skip-html", false, "Don't include the first request's HTML response when writing results")
 	scanCmd.PersistentFlags().BoolVar(&opts.Scan.ScreenshotToWriter, "write-screenshots", false, "Store screenshots with writers in addition to filesystem storage")
+	scanCmd.PersistentFlags().IntSliceVar(&opts.Scan.ScreenshotCodes, "screenshot-filter", []int{}, "Http response codes to screenshot. this is a filter (by default all codes are screenshotted)")
 
 	// Chrome options
 	scanCmd.PersistentFlags().StringVar(&opts.Chrome.Path, "chrome-path", "", "The path to a Google Chrome binary to use (downloads a platform-appropriate binary by default)")

diff --git a/pkg/runner/options.go b/pkg/runner/options.go
@@ -89,6 +89,9 @@ type Scan struct {
 	// Save content stores content from network requests (warning) this
 	// could make written artefacts huge
 	SaveContent bool
+	// ScreenshotCodes are http response codes to screenshot. this is a filter. 
+	// by default all codes are screenshotted
+	ScreenshotCodes []int
 }
 
 // NewDefaultOptions returns Options with some default values
@@ -105,6 +108,7 @@ func NewDefaultOptions() *Options {
 			Timeout:          60,
 			UriFilter:        []string{"http", "https"},
 			ScreenshotFormat: "jpeg",
+			ScreenshotCodes:  []int{},
 		},
 		Logging: Logging{
 			Debug:         true,

diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
@@ -35,6 +35,16 @@ type Runner struct {
 	cancel context.CancelFunc
 }
 
+// SliceContainsInt ... returns true/false
+func SliceContainsInt(slice []int, num int) bool {
+    for _, v := range slice {
+        if v == num {
+            return true
+        }
+    }
+    return false
+}
+
 // New gets a new Runner ready for probing.
 // It's up to the caller to call Close() on the runner
 func NewRunner(logger *slog.Logger, driver Driver, opts Options, writers []writers.Writer) (*Runner, error) {
@@ -164,6 +174,16 @@ func (run *Runner) Run() {
 						continue
 					}
 
+					// check if the preflight returned a code to process.
+					// an empty slice implies no filtering
+					if (len(run.options.Scan.ScreenshotCodes) > 0) &&
+						!SliceContainsInt(run.options.Scan.ScreenshotCodes, result.ResponseCode) {
+							if run.options.Logging.LogScanErrors {
+								run.log.Error("response code not in allowed screenshot http response codes.", "target", target)
+							}
+						continue
+					}
+
 					if err := run.runWriters(result); err != nil {
 						run.log.Error("failed to write result for target", "target", target, "err", err)
 					}