[BUG] Wildcard filter not working properly?

[Tib3rius]

Describe the bug
I was running feroxbuster against port 8000 on this box: https://www.vulnhub.com/entry/photographer-1,519/
The command used was:

feroxbuster -u http://192.168.1.139:8000 -t 50 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n

This detected the wildcard:

WLD        0l        0w        0c Got 301 for http://192.168.1.139:8000/5a75b843b04242e69e532c69066b7f6a (url length: 32)
WLD         -         -         - http://192.168.1.139:8000/5a75b843b04242e69e532c69066b7f6a redirects to => /5a75b843b04242e69e532c69066b7f6a/

However it continued to report 301's for every word in the wordlist. Shouldn't the default behavior be to exclude all 301s from results?

To Reproduce
Steps to reproduce the behavior:

1. Download the box from the URL above and run it.
2. Run feroxbuster against port 8000.

Expected behavior
I would expect feroxbuster to find the wildcard and then exclude all 301's from the results.

Environment (please complete the following information):

• feroxbuster version: v2.3.1 (latest version in Kali repo)
• OS: Kali Linux 2020.4

[epi052]

Hey there, and thanks for the report!

I'm downloading the image now and will let you know what I find. Thanks again!

[epi052]

Ok, got it sorted out. The zero-sized response threw off the wildcard logic. An updated release binary should be ready to download from here soon (maybe this evening). It'll take a little while for the fix to hit kali though.

[epi052]

Requested update to kali repos; in the meantime, https://github.com/epi052/feroxbuster/releases/tag/v2.3.3 contains the fix. Thanks again !