[FEATURE REQUEST] Detect excessive 403s

[N0ur5]

Hello Friend,

I have been very happy with the 403 directory recursion feature you added after our discussion about it. Thank you again for that. Today for the first time however it backfired on me a little (not a huge deal but worth mentioning).

The IP I was scanning a web app from got blacklisted while I had ferox running in the background. As a result, every single request generated a 403 response. This quickly turned every word in my wordlist into a 403'd dir which was added to the array of dirs to be recursive with. My terminals were locked up for a good 15 minutes until my crtl+c caught up with things.

So my thought is, perhaps if some number of consecutive 403's are hit, the scan gets auto-paused and the user is prompted something to the effect of "Excessive 403 detected, you may be blacklisted, continue anyways? (Y/n)".

In this situation I can ask the devs to whitelist me for further scanning so all is well, but I might not be the last person to have this happen if I don't bring it up!

Thanks!

[epi052]

Hey there!

Thanks for the report. This is incredibly similar to #123. I've already got all the mechanics of tracking 403s (among other things) and plan to monitor for excessive errors (403s included) and either reduce request rate or bail completely.

I'm actively rewriting large chunks of the program right now for a 2.0.0 release. Some of the changes in 2.0.0 will help move this and #123 closer to completion. Pinning for now, but not likely to work on this and #123 until after 2.0.0 is released.

[epi052]

progress on this issue can be seen at #212