secator 0.15.0__py3-none-any.whl → 0.16.0__py3-none-any.whl

secator/tasks/bbot.py

@@ -1,3 +1,4 @@
+import re
 import shutil
 
 from secator.config import CONFIG
@@ -5,7 +6,7 @@ from secator.decorators import task
 from secator.definitions import FILENAME, HOST, IP, ORG_NAME, PORT, URL, USERNAME
 from secator.runners import Command
 from secator.serializers import RegexSerializer
-from secator.output_types import Vulnerability, Port, Url, Record, Ip, Tag, Info, Error
+from secator.output_types import Vulnerability, Port, Url, Record, Ip, Tag, Info, Error, UserAccount, Warning
 from secator.serializers import JSONSerializer
 
 
@@ -151,12 +152,16 @@ BBOT_MAP_TYPES = {
 	'PROTOCOL': Port,
 	'OPEN_TCP_PORT': Port,
 	'URL': Url,
-	'TECHNOLOGY': Tag,
+	'URL_HINT': Url,
 	'ASN': Record,
 	'DNS_NAME': Record,
 	'WEBSCREENSHOT': Url,
 	'VULNERABILITY': Vulnerability,
-	'FINDING': Tag
+	'EMAIL_ADDRESS': UserAccount,
+	'FINDING': Tag,
+	'AZURE_TENANT': Tag,
+	'STORAGE_BUCKET': Tag,
+	'TECHNOLOGY': Tag,
 }
 BBOT_DESCRIPTION_REGEX = RegexSerializer(
 	regex=r'(?P<name>[\w ]+): \[(?P<value>[^\[\]]+)\]',
@@ -178,10 +183,11 @@ def output_discriminator(self, item):
 class bbot(Command):
 	"""Multipurpose scanner."""
 	cmd = 'bbot -y --allow-deadly --force'
+	input_types = [HOST, IP, URL, PORT, ORG_NAME, USERNAME, FILENAME]
+	output_types = [Vulnerability, Port, Url, Record, Ip]
 	tags = ['vuln', 'scan']
 	json_flag = '--json'
 	input_flag = '-t'
-	input_types = [HOST, IP, URL, PORT, ORG_NAME, USERNAME, FILENAME]
 	file_flag = None
 	version_flag = '--help'
 	opts = {
@@ -198,7 +204,6 @@ class bbot(Command):
 		'presets': lambda x: ' '.join(x.split(','))
 	}
 	item_loaders = [JSONSerializer()]
-	output_types = [Vulnerability, Port, Url, Record, Ip]
 	output_discriminator = output_discriminator
 	output_map = {
 		Ip: {
@@ -209,7 +214,7 @@ class bbot(Command):
 		},
 		Tag: {
 			'name': 'name',
-			'match': lambda x: x['data'].get('url') or x['data'].get('host'),
+			'match': lambda x: x['data'].get('url') or x['data'].get('host') or '',
 			'extra_data': 'extra_data',
 			'_source': lambda x: 'bbot-' + x['module']
 		},
@@ -233,8 +238,9 @@ class bbot(Command):
 		},
 		Vulnerability: {
 			'name': 'name',
-			'match': lambda x: x['data'].get('url') or x['data']['host'],
+			'matched_at': lambda x: x['data'].get('url') or x['data'].get('host') or '',
 			'extra_data': 'extra_data',
+			'confidence': 'high',
 			'severity': lambda x: x['data']['severity'].lower()
 		},
 		Record: {
@@ -244,6 +250,12 @@ class bbot(Command):
 		},
 		Error: {
 			'message': 'message'
+		},
+		UserAccount: {
+			'username': lambda x: x['data'].split('@')[0],
+			'email': 'data',
+			'site_name': 'host',
+			'extra_data': 'extra_data',
 		}
 	}
 	install_pre = {
@@ -270,7 +282,8 @@ class bbot(Command):
 			return
 
 		if _type not in BBOT_MAP_TYPES:
-			self._print(f'[bold orange3]Found unsupported bbot type: {_type}.[/] [bold green]Skipping.[/]', rich=True)
+			yield Warning(message=f'Found unsupported bbot type: {_type}. Skipping.')
+			self.debug(f'Found unsupported bbot type: {item}')
 			return
 
 		if isinstance(item['data'], str):
@@ -279,23 +292,37 @@ class bbot(Command):
 			return
 
 		item['extra_data'] = item['data']
+		if self.scan_config:
+			modules = self.scan_config.get('preset', {}).get('modules', [])
+			item['extra_data']['bbot_modules'] = modules
 
 		# Parse bbot description into extra_data
 		description = item['data'].get('description')
 		if description:
-			del item['data']['description']
-			match = BBOT_DESCRIPTION_REGEX.run(description)
-			for chunk in match:
-				key, val = tuple([c.strip() for c in chunk])
-				if ',' in val:
-					val = val.split(',')
-				key = '_'.join(key.split(' ')).lower()
-				item['extra_data'][key] = val
+			parts = description.split(':')
+			if len(parts) == 2:
+				description = parts[0].strip()
+			match = list(BBOT_DESCRIPTION_REGEX.run(description))
+			if match:
+				del item['data']['description']
+				for chunk in match:
+					key, val = tuple([c.strip() for c in chunk])
+					if ',' in val:
+						val = val.split(',')
+					key = '_'.join(key.split(' ')).lower()
+					item['extra_data'][key] = val
+			description = re.split(r'\s*(\(|\.|Detected.)', description.strip(), 1)[0].rstrip()
 
-		# Set technology as name for Tag
-		if item['type'] == 'TECHNOLOGY':
-			item['name'] = item['data']['technology']
-			del item['data']['technology']
+		# Set tag name for objects mapping Tag
+		if item['type'] in ['AZURE_TENANT', 'STORAGE_BUCKET', 'TECHNOLOGY']:
+			item['name'] = ' '.join(item['type'].split('_')).lower().title()
+			keys = ['technology', 'tenant-names', 'url']
+			info = next((item['data'].get(key) for key in keys if key in item['data']))
+			if info:
+				item['extra_data']['info'] = info
+				for key in keys:
+					if key in item['data']:
+						del item['data'][key]
 
 		# If 'name' key is present in 'data', set it as name
 		elif 'name' in item['data'].keys():
@@ -307,6 +334,11 @@ class bbot(Command):
 			item['name'] = item['extra_data']['name']
 			del item['extra_data']['name']
 
+		# If 'description' key is present in 'data', set it as name
+		elif description:
+			item['name'] = description
+			del item['data']['description']
+
 		# If 'discovery_context' and no name set yet, set it as name
 		else:
 			item['name'] = item['discovery_context']
@@ -318,7 +350,7 @@ class bbot(Command):
 			name = path.as_posix().split('/')[-1]
 			secator_path = f'{self.reports_folder}/.outputs/{name}'
 			yield Info(f'Copying screenshot {path} to {secator_path}')
-			shutil.copy(path, secator_path)
+			shutil.copyfile(path, secator_path)
 			item['data']['path'] = secator_path
 
 		yield item

secator/tasks/bup.py

@@ -16,15 +16,16 @@ from secator.tasks._categories import Http
 class bup(Http):
 	"""40X bypasser."""
 	cmd = 'bup'
+	input_types = [URL]
+	output_types = [Url, Progress]
 	tags = ['url', 'bypass']
 	input_flag = '-u'
-	input_types = [URL]
 	json_flag = '--jsonl'
 	opt_prefix = '--'
 	opts = {
 		'spoofport': {'type': int, 'short': 'sp', 'help': 'Port(s) to inject in port-specific headers'},
 		'spoofip': {'type': str, 'short': 'si', 'help': 'IP(s) to inject in ip-specific headers'},
-		'mode': {'type': str, 'help': 'Bypass modes.'},
+		'mode': {'type': str, 'help': 'Bypass modes (comma-delimited) amongst: all, mid_paths, end_paths, case_substitution, char_encode, http_methods, http_versions, http_headers_method, http_headers_scheme, http_headers_ip, http_headers_port, http_headers_url, user_agent'},  # noqa: E501
 	}
 	opt_key_map = {
 		HEADER: 'header',
@@ -48,12 +49,12 @@ class bup(Http):
 		PROXY: 'proxy',
 	}
 	item_loaders = [JSONSerializer()]
-	output_types = [Url, Progress]
 	output_map = {
 		Url: {
 			'url': 'request_url',
 			'method': lambda x: bup.method_extractor(x),
-			'headers': lambda x: bup.headers_extractor(x),
+			'request_headers': lambda x: bup.request_headers_extractor(x),
+			'response_headers': lambda x: bup.response_headers_extractor(x),
 			'status_code': 'response_status_code',
 			'content_type': 'response_content_type',
 			'content_length': 'response_content_length',
@@ -90,7 +91,20 @@ class bup(Http):
 		return 'GET'
 
 	@staticmethod
-	def headers_extractor(item):
+	def request_headers_extractor(item):
+		headers = {}
+		match1 = list(re.finditer(r'-H\s*\'?([^\']*)\'?', str(item['request_curl_payload'])))
+		match2 = list(re.finditer(r'-H\s*\'?([^\']*)\"?', str(item['request_curl_cmd'])))
+		matches = match1
+		matches.extend(match2)
+		for match in matches:
+			header = match.group(1).split(':', 1)
+			if len(header) == 2:
+				headers[header[0].strip()] = header[1].strip()
+		return headers
+
+	@staticmethod
+	def response_headers_extractor(item):
 		headers_list = item['response_headers'].split('\n')[1:]
 		headers = {}
 		for header in headers_list:

secator/tasks/cariddi.py

@@ -1,3 +1,4 @@
+import re
 from secator.decorators import task
 from secator.definitions import (DELAY, DEPTH, FILTER_CODES, FILTER_REGEX,
 							   FILTER_SIZE, FILTER_WORDS, FOLLOW_REDIRECT,
@@ -9,15 +10,28 @@ from secator.output_types import Tag, Url
 from secator.serializers import JSONSerializer
 from secator.tasks._categories import HttpCrawler
 
+CARIDDI_IGNORE_PATTERNS = re.compile(r"|".join([
+	r"<!--\s*Instance.*\s*-->",
+	r"<!--\s*(Styles|Scripts|Fonts|Images|Links|Forms|Inputs|Buttons|List|Next|Prev|Navigation dots)\s*-->",
+	r"<!--\s*end.*-->",
+	r"<!--\s*start.*-->",
+	r"<!--\s*begin.*-->",
+	r"<!--\s*here goes.*-->",
+	r"<!--\s*.*Yoast SEO.*\s*-->",
+	r"<!--\s*.*Google Analytics.*\s*-->",
+]), re.IGNORECASE)
+
+CARIDDI_IGNORE_LIST = ['BTC address']
+
 
 @task()
 class cariddi(HttpCrawler):
 	"""Crawl endpoints, secrets, api keys, extensions, tokens..."""
 	cmd = 'cariddi'
-	tags = ['url', 'crawl']
 	input_types = [URL]
-	input_flag = OPT_PIPE_INPUT
 	output_types = [Url, Tag]
+	tags = ['url', 'crawl']
+	input_flag = OPT_PIPE_INPUT
 	file_flag = OPT_PIPE_INPUT
 	json_flag = '-json'
 	opts = {
@@ -27,6 +41,9 @@ class cariddi(HttpCrawler):
 		'juicy_extensions': {'type': int, 'short': 'jext', 'help': 'Hunt for juicy file extensions. Integer from 1(juicy) to 7(not juicy)'},  # noqa: E501
 		'juicy_endpoints': {'is_flag': True, 'short': 'jep', 'help': 'Hunt for juicy endpoints.'}
 	}
+	opt_value_map = {
+		HEADER: lambda headers: headers
+	}
 	opt_key_map = {
 		HEADER: 'headers',
 		DELAY: 'd',
@@ -65,7 +82,10 @@ class cariddi(HttpCrawler):
 	@staticmethod
 	def on_json_loaded(self, item):
 		url_item = {k: v for k, v in item.items() if k != 'matches'}
+		url_item['request_headers'] = self.get_opt_value(HEADER, preprocess=True)
 		yield Url(**url_item)
+
+		# Get matches, params, errors, secrets, infos
 		url = url_item[URL]
 		matches = item.get('matches', {})
 		params = matches.get('parameters', [])
@@ -96,10 +116,11 @@ class cariddi(HttpCrawler):
 			yield Tag(**secret)
 
 		for info in infos:
-			CARIDDI_IGNORE_LIST = ['BTC address']  # TODO: make this a config option
 			if info['name'] in CARIDDI_IGNORE_LIST:
 				continue
 			match = info['match']
+			if CARIDDI_IGNORE_PATTERNS.match(match):
+				continue
 			info['extra_data'] = {'info': match, 'source': 'body'}
 			info['match'] = url
 			yield Tag(**info)

secator/tasks/dalfox.py

@@ -4,9 +4,9 @@ from secator.decorators import task
 from secator.definitions import (CONFIDENCE, DELAY, EXTRA_DATA, FOLLOW_REDIRECT,
 							   HEADER, ID, MATCHED_AT, METHOD, NAME,
 							   OPT_NOT_SUPPORTED, PROVIDER, PROXY, RATE_LIMIT,
-							   SEVERITY, TAGS, THREADS, TIMEOUT, URL,
+							   RETRIES, SEVERITY, TAGS, THREADS, TIMEOUT, URL,
 							   USER_AGENT)
-from secator.output_types import Vulnerability
+from secator.output_types import Vulnerability, Url
 from secator.serializers import JSONSerializer
 from secator.tasks._categories import VulnHttp
 
@@ -21,8 +21,9 @@ DALFOX_TYPE_MAP = {
 class dalfox(VulnHttp):
 	"""Powerful open source XSS scanning tool."""
 	cmd = 'dalfox'
-	tags = ['url', 'fuzz']
 	input_types = [URL]
+	output_types = [Vulnerability, Url]
+	tags = ['url', 'fuzz']
 	input_flag = 'url'
 	file_flag = 'file'
 	# input_chunk_size = 1
@@ -36,6 +37,7 @@ class dalfox(VulnHttp):
 		METHOD: 'method',
 		PROXY: 'proxy',
 		RATE_LIMIT: OPT_NOT_SUPPORTED,
+		RETRIES: OPT_NOT_SUPPORTED,
 		THREADS: 'worker',
 		TIMEOUT: 'timeout',
 		USER_AGENT: 'user-agent'
@@ -49,10 +51,7 @@ class dalfox(VulnHttp):
 			TAGS: lambda x: [x['cwe']] if x['cwe'] else [],
 			CONFIDENCE: lambda x: 'high',
 			MATCHED_AT: lambda x: urlparse(x['data'])._replace(query='').geturl(),
-			EXTRA_DATA: lambda x: {
-				k: v for k, v in x.items()
-				if k not in ['type', 'severity', 'cwe']
-			},
+			EXTRA_DATA: lambda x: dalfox.extra_data_extractor(x),
 			SEVERITY: lambda x: x['severity'].lower()
 		}
 	}
@@ -70,3 +69,23 @@ class dalfox(VulnHttp):
 	def on_line(self, line):
 		line = line.rstrip(',')
 		return line
+
+	@staticmethod
+	def on_json_loaded(self, item):
+		if item.get('type', '') == 'V':
+			item['request_headers'] = self.get_opt_value(HEADER, preprocess=True)
+			yield Url(
+				url=item['data'],
+				method=item['method'],
+				request_headers=item['request_headers'],
+				extra_data={k: v for k, v in item.items() if k not in ['type', 'severity', 'cwe', 'request_headers', 'method', 'data']}  # noqa: E501
+			)
+		yield item
+
+	@staticmethod
+	def extra_data_extractor(item):
+		extra_data = {}
+		for key, value in item.items():
+			if key not in ['type', 'severity', 'cwe']:
+				extra_data[key] = value
+		return extra_data

secator/tasks/dirsearch.py

@@ -3,7 +3,7 @@ import os
 import yaml
 
 from secator.decorators import task
-from secator.definitions import (CONTENT_LENGTH, CONTENT_TYPE, DELAY, DEPTH,
+from secator.definitions import (CONTENT_LENGTH, CONTENT_TYPE, DATA, DELAY, DEPTH,
 							   FILTER_CODES, FILTER_REGEX, FILTER_SIZE,
 							   FILTER_WORDS, FOLLOW_REDIRECT, HEADER,
 							   MATCH_CODES, MATCH_REGEX, MATCH_SIZE,
@@ -18,8 +18,9 @@ from secator.tasks._categories import HttpFuzzer
 class dirsearch(HttpFuzzer):
 	"""Advanced web path brute-forcer."""
 	cmd = 'dirsearch'
-	tags = ['url', 'fuzz']
 	input_types = [URL]
+	output_types = [Url]
+	tags = ['url', 'fuzz']
 	input_flag = '-u'
 	file_flag = '-l'
 	json_flag = '-O json'
@@ -27,6 +28,7 @@ class dirsearch(HttpFuzzer):
 	encoding = 'ansi'
 	opt_key_map = {
 		HEADER: 'header',
+		DATA: 'data',
 		DELAY: 'delay',
 		DEPTH: 'max-recursion-depth',
 		FILTER_CODES: 'exclude-status',
@@ -51,10 +53,12 @@ class dirsearch(HttpFuzzer):
 		Url: {
 			CONTENT_LENGTH: 'content-length',
 			CONTENT_TYPE: 'content-type',
-			STATUS_CODE: 'status'
+			STATUS_CODE: 'status',
+			'request_headers': 'request_headers'
 		}
 	}
 	install_cmd = 'pipx install git+https://github.com/maurosoria/dirsearch.git --force'
+	install_version = '0.4.3'
 	proxychains = True
 	proxy_socks5 = True
 	proxy_http = True
@@ -76,4 +80,6 @@ class dirsearch(HttpFuzzer):
 		yield Info(message=f'JSON results saved to {self.output_path}')
 		with open(self.output_path, 'r') as f:
 			results = yaml.safe_load(f.read()).get('results', [])
-		yield from results
+			for result in results:
+				result['request_headers'] = self.get_opt_value(HEADER, preprocess=True)
+				yield result

secator/tasks/dnsx.py

@@ -1,10 +1,13 @@
+import validators
+
 from secator.decorators import task
-from secator.definitions import (HOST, OPT_PIPE_INPUT, RATE_LIMIT, RETRIES, THREADS)
-from secator.output_types import Record, Ip, Subdomain
+from secator.definitions import (HOST, CIDR_RANGE, DELAY, IP, OPT_PIPE_INPUT, PROXY,
+								 RATE_LIMIT, RETRIES, THREADS, TIMEOUT, WORDLIST, OPT_NOT_SUPPORTED)
+from secator.output_types import Record, Ip, Subdomain, Error, Warning
 from secator.output_types.ip import IpProtocol
 from secator.tasks._categories import ReconDns
 from secator.serializers import JSONSerializer
-from secator.utils import extract_domain_info
+from secator.utils import extract_domain_info, process_wordlist
 
 
 @task()
@@ -12,20 +15,26 @@ class dnsx(ReconDns):
 	"""dnsx is a fast and multi-purpose DNS toolkit designed for running various retryabledns library."""
 	cmd = 'dnsx -resp -recon'
 	tags = ['dns', 'fuzz']
+	input_types = [HOST, CIDR_RANGE, IP]
+	output_types = [Record, Ip, Subdomain]
 	json_flag = '-json'
 	input_flag = OPT_PIPE_INPUT
-	input_types = [HOST]
 	file_flag = OPT_PIPE_INPUT
-	output_types = [Record, Ip, Subdomain]
 	opt_key_map = {
 		RATE_LIMIT: 'rate-limit',
 		RETRIES: 'retry',
 		THREADS: 'threads',
+		PROXY: 'proxy',
+		DELAY: OPT_NOT_SUPPORTED,
+		TIMEOUT: OPT_NOT_SUPPORTED,
 	}
 	opts = {
 		'trace': {'is_flag': True, 'default': False, 'help': 'Perform dns tracing'},
 		'resolver': {'type': str, 'short': 'r', 'help': 'List of resolvers to use (file or comma separated)'},
 		'wildcard_domain': {'type': str, 'short': 'wd', 'help': 'Domain name for wildcard filtering'},
+		'rc': {'type': str, 'short': 'rc', 'help': 'DNS return code to filter (noerror, formerr, servfail, nxdomain, notimp, refused, yxdomain, xrrset, notauth, notzone)'},  # noqa: E501
+		'subdomains_only': {'is_flag': True, 'short': 'so', 'default': False, 'internal': True, 'help': 'Only return subdomains'},  # noqa: E501
+		WORDLIST: {'type': str, 'short': 'w', 'default': None, 'process': process_wordlist, 'help': 'Wordlist to use'},  # noqa: E501
 	}
 	item_loaders = [JSONSerializer()]
 	install_version = 'v1.2.2'
@@ -34,46 +43,82 @@ class dnsx(ReconDns):
 	profile = 'io'
 
 	@staticmethod
-	def on_json_loaded(self, item):
-		# Show full DNS response
-		quiet = self.get_opt_value('quiet')
-		if not quiet:
-			all = item['all']
-			for line in all:
-				yield line
-			yield '\n'
+	def before_init(self):
+		if self.get_opt_value('wordlist'):
+			self.file_flag = '-d'
+			self.input_flag = '-d'
+			rc = self.get_opt_value('rc')
+			if not rc:
+				self.cmd += ' -rc noerror'
+			if len(self.inputs) > 1 and self.get_opt_value('wildcard_domain'):
+				fqdn = extract_domain_info(self.inputs[0], domain_only=True)
+				for input in self.inputs[1:]:
+					fqdn_item = extract_domain_info(input, domain_only=True)
+					if fqdn_item != fqdn:
+						return Error('Wildcard domain is not supported when using multiple hosts with different FQDNs !')
 
-		# Loop through record types and yield records
+	@staticmethod
+	def on_json_loaded(self, item):
 		record_types = ['a', 'aaaa', 'cname', 'mx', 'ns', 'txt', 'srv', 'ptr', 'soa', 'axfr', 'caa']
 		host = item['host']
+		status_code = item.get('status_code')
+		if host.startswith('*'):
+			yield Warning(f'Wildcard domain detected: {host}. Ignore previous results.')
+			self.stop_process(exit_ok=True)
+			return
+		is_ip = validators.ipv4(host) or validators.ipv6(host)
+		if status_code and status_code == 'NOERROR' and not is_ip:
+			yield Subdomain(
+				host=host,
+				domain=extract_domain_info(host, domain_only=True),
+				sources=['dns']
+			)
+		if self.get_opt_value('subdomains_only'):
+			return
 		for _type in record_types:
 			values = item.get(_type, [])
+			if isinstance(values, dict):
+				values = [values]
 			for value in values:
 				name = value
 				extra_data = {}
 				if isinstance(value, dict):
-					name = value['name']
-					extra_data = {k: v for k, v in value.items() if k != 'name'}
+					name = value.get('name', host)
+					extra_data = {k: v for k, v in value.items() if k != 'name' and k != 'host'}
 				if _type == 'a':
-					yield Ip(
+					ip = Ip(
 						host=host,
 						ip=name,
-						protocol=IpProtocol.IPv4
+						protocol=IpProtocol.IPv4,
+						alive=False
 					)
+					if ip not in self.results:
+						yield ip
 				elif _type == 'aaaa':
-					yield Ip(
+					ip = Ip(
 						host=host,
 						ip=name,
-						protocol=IpProtocol.IPv6
+						protocol=IpProtocol.IPv6,
+						alive=False
 					)
+					if ip not in self.results:
+						yield ip
 				elif _type == 'ptr':
-					yield Subdomain(
-						host=name,
-						domain=extract_domain_info(name, domain_only=True)
+					ip = Ip(
+						host=host,
+						ip=name,
+						protocol=IpProtocol.IPv4,
+						alive=False
 					)
-				yield Record(
+					if ip not in self.results:
+						yield ip
+				record = Record(
 					host=host,
 					name=name,
 					type=_type.upper(),
-					extra_data=extra_data
+					extra_data=extra_data,
+					_source=self.unique_name
 				)
+
+				if record not in self.results:
+					yield record

secator/tasks/feroxbuster.py

@@ -1,6 +1,6 @@
 from secator.config import CONFIG
 from secator.decorators import task
-from secator.definitions import (CONTENT_TYPE, DELAY, DEPTH, FILTER_CODES,
+from secator.definitions import (CONTENT_TYPE, DATA, DELAY, DEPTH, FILTER_CODES,
 							   FILTER_REGEX, FILTER_SIZE, FILTER_WORDS,
 							   FOLLOW_REDIRECT, HEADER, LINES, MATCH_CODES,
 							   MATCH_REGEX, MATCH_SIZE, MATCH_WORDS, METHOD,
@@ -16,8 +16,9 @@ from secator.tasks._categories import HttpFuzzer
 class feroxbuster(HttpFuzzer):
 	"""Simple, fast, recursive content discovery tool written in Rust"""
 	cmd = 'feroxbuster --auto-bail --no-state'
-	tags = ['url', 'fuzz']
 	input_types = [URL]
+	output_types = [Url]
+	tags = ['url', 'fuzz']
 	input_flag = '--url'
 	input_chunk_size = 1
 	file_flag = OPT_PIPE_INPUT
@@ -32,6 +33,7 @@ class feroxbuster(HttpFuzzer):
 	}
 	opt_key_map = {
 		HEADER: 'headers',
+		DATA: 'data',
 		DELAY: OPT_NOT_SUPPORTED,
 		DEPTH: 'depth',
 		FILTER_CODES: 'filter-status',
@@ -50,7 +52,8 @@ class feroxbuster(HttpFuzzer):
 		THREADS: 'threads',
 		TIMEOUT: 'timeout',
 		USER_AGENT: 'user-agent',
-		WORDLIST: 'wordlist'
+		WORDLIST: 'wordlist',
+		'request_headers': 'headers'
 	}
 	item_loaders = [JSONSerializer()]
 	output_map = {
@@ -84,3 +87,8 @@ class feroxbuster(HttpFuzzer):
 		if isinstance(item, dict):
 			return item['type'] == 'response'
 		return True
+
+	@staticmethod
+	def on_item(self, item):
+		item.request_headers = self.get_opt_value('header', preprocess=True)
+		return item