Update for version 0.0.3

README.md

@@ -15,9 +15,9 @@ go install github.com/rix4uni/msarjun@latest
 
 ## Download prebuilt binaries
 ```
-wget https://github.com/rix4uni/msarjun/releases/download/v0.0.2/msarjun-linux-amd64-0.0.2.tgz
-tar -xvzf msarjun-linux-amd64-0.0.2.tgz
-rm -rf msarjun-linux-amd64-0.0.2.tgz
+wget https://github.com/rix4uni/msarjun/releases/download/v0.0.3/msarjun-linux-amd64-0.0.3.tgz
+tar -xvzf msarjun-linux-amd64-0.0.3.tgz
+rm -rf msarjun-linux-amd64-0.0.3.tgz
 mv msarjun ~/go/bin/msarjun
 ```
 Or download [binary release](https://github.com/rix4uni/msarjun/releases) for your platform.
@@ -35,6 +35,8 @@ Usage of msarjun:
         File to append the output instead of overwriting.
   -arjunCmd string
         Command template to execute Arjun with URL substitution as {urlStr}
+  -concurrency int
+        Number of concurrent URL scans (default 10)
   -json
         Output results in JSON format
   -o string
@@ -51,10 +53,30 @@ Usage of msarjun:
 
 Single URL:
 ```
-echo "http://testphp.vulnweb.com/AJAX/infocateg.php" | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON"
+echo "http://testphp.vulnweb.com/AJAX/infocateg.php" | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON" -concurrency 1
 ```
 
 Multiple URLs:
+- If you run `-concurrency` flag on the same domain/subdomain urls might not give you accurate results, This flag very useful for running in different subdomains/wildcards urls.
+- You can also use linux `shuf` command.
 ```
-cat urls.txt | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON"
+cat urls.txt | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON" -concurrency 10
 ```
+
+## Speed Comparision
+```
+# wc -l urls.txt
+5 urls.txt
+
+# Before
+time cat urls.txt | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON"
+real    2m47.868s
+user    0m28.268s
+sys     0m2.222s
+
+# Now
+time cat urls.txt | msarjun -arjunCmd "arjun -u {urlStr} -m GET,POST,XML,JSON" -concurrency 10
+real    0m25.897s
+user    0m30.904s
+sys     0m2.450s
+```

banner/banner.go

@@ -5,21 +5,19 @@ import (
 )
 
 // prints the version message
-const version = "v0.0.2"
+const version = "v0.0.3"
 
 func PrintVersion() {
 	fmt.Printf("Current msarjun version %s\n", version)
 }
 
 // Prints the Colorful banner
 func PrintBanner() {
-	banner := `
-                                  _             
+	banner := `                                  _             
    ____ ___   _____ ____ _ _____ (_)__  __ ____ 
   / __  __ \ / ___// __  // ___// // / / // __ \
  / / / / / /(__  )/ /_/ // /   / // /_/ // / / /
 /_/ /_/ /_//____/ \__,_//_/ __/ / \__,_//_/ /_/ 
-                           /___/
-`
-	fmt.Printf("%s\n%60s\n\n", banner, "Current msarjun version "+version)
+                           /___/`
+	fmt.Printf("%s\n%55s\n\n", banner, "Current msarjun version "+version)
 }

go.mod

@@ -1,11 +1,3 @@
 module github.com/rix4uni/msarjun
 
-go 1.23.0
-
-require github.com/fatih/color v1.17.0
-
-require (
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-)
+go 1.23.4

msarjun.go

@@ -11,6 +11,7 @@ import (
 	"os/exec"
 	"regexp"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/rix4uni/msarjun/banner"
@@ -36,7 +37,11 @@ type Result struct {
 	Parameters     []string `json:"parameters"`
 }
 
-func processURL(url string, method string, commandParts []string, jsonFlag bool, verbose bool, outputFile *os.File) {
+func processURL(url string, method string, commandParts []string, jsonFlag bool, verbose bool, outputFile *os.File, wg *sync.WaitGroup, semaphore chan struct{}) {
+	defer wg.Done()
+	semaphore <- struct{}{} // Acquire a slot
+	defer func() { <-semaphore }() // Release the slot
+
 	// Trim spaces from the method and build the command
 	method = strings.TrimSpace(method)
 	command := strings.Replace(commandParts[0], "{urlStr}", url, -1) + "-m " + method
@@ -104,8 +109,7 @@ func processURL(url string, method string, commandParts []string, jsonFlag bool,
 			// Print the modified arjun output
 			writeOutput(outputFile, arjunOutput)
 			if result.TransformedURL != "" {
-				transformedOutput := fmt.Sprintf("Transformed URL [%s]: %s\n", method, result.TransformedURL)
-				writeOutput(outputFile, transformedOutput)
+				writeOutput(outputFile, fmt.Sprintf("Transformed URL [%s]: %s\n", method, result.TransformedURL))
 			}
 		}
 	}
@@ -124,6 +128,7 @@ func writeOutput(outputFile *os.File, output string) {
 func main() {
 	// Define the flags
 	arjunCmd := flag.String("arjunCmd", "", "Command template to execute Arjun with URL substitution as {urlStr}")
+	concurrency := flag.Int("concurrency", 10, "Number of concurrent URL scans")
 	jsonFlag := flag.Bool("json", false, "Output results in JSON format")
 	outputFileFlag := flag.String("o", "", "File to save the output.")
 	appendOutputFlag := flag.String("ao", "", "File to append the output instead of overwriting.")
@@ -133,14 +138,14 @@ func main() {
 	flag.Parse()
 
 	if *version {
-        banner.PrintBanner()
-        banner.PrintVersion()
-        return
-    }
+		banner.PrintBanner()
+		banner.PrintVersion()
+		return
+	}
 
-    if !*silent {
-        banner.PrintBanner()
-    }
+	if !*silent {
+		banner.PrintBanner()
+	}
 
 	// Check if the command template is provided
 	if *arjunCmd == "" {
@@ -191,13 +196,19 @@ func main() {
 		urls = append(urls, scanner.Text())
 	}
 
+	var wg sync.WaitGroup
+	semaphore := make(chan struct{}, *concurrency)
+
 	// Process each URL sequentially
 	for _, url := range urls {
 		for _, method := range methods {
-			processURL(url, method, commandParts, *jsonFlag, *verbose, outputFile)
+			wg.Add(1)
+			go processURL(url, method, commandParts, *jsonFlag, *verbose, outputFile, &wg, semaphore)
 		}
 	}
 
+	wg.Wait()
+
 	// Check for errors during scanning
 	if err := scanner.Err(); err != nil {
 		fmt.Printf("Error reading input: %v\n", err)