From 160887b351a8d5026dcf600cd1c6afe814531584 Mon Sep 17 00:00:00 2001
From: Liam Galvin <liam@liam-galvin.co.uk>
Date: Thu, 16 Jul 2020 20:42:34 +0100
Subject: [PATCH] Allow specifying -H multiple times

---
 cmd/scout/url.go        | 6 +++---
 pkg/scan/url_options.go | 4 ++--
 pkg/scan/url_scanner.go | 6 +++---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/cmd/scout/url.go b/cmd/scout/url.go
index dfffcd1..9b3c511 100644
--- a/cmd/scout/url.go
+++ b/cmd/scout/url.go
@@ -18,7 +18,7 @@ import (
 
 var statusCodes []string
 var filename string
-var header string
+var headers []string
 var extensions = []string{"php", "htm", "html", "txt"}
 var enableSpidering bool
 
@@ -72,7 +72,7 @@ var urlCmd = &cobra.Command{
 			scan.WithExtensions(extensions),
 			scan.WithFilename(filename),
 			scan.WithSkipSSLVerification(skipSSLVerification),
-			scan.WithExtraHeader(header),
+			scan.WithExtraHeaders(headers),
 			scan.WithSpidering(enableSpidering),
 		}
 
@@ -179,7 +179,7 @@ func init() {
 	urlCmd.Flags().StringVarP(&filename, "filename", "f", filename, "Filename to seek in the directory being searched. Useful when all directories report 404 status.")
 	urlCmd.Flags().StringSliceVarP(&statusCodes, "status-codes", "c", statusCodes, "HTTP status codes which indicate a positive find.")
 	urlCmd.Flags().StringSliceVarP(&extensions, "extensions", "x", extensions, "File extensions to detect.")
-	urlCmd.Flags().StringVarP(&header, "header", "H", header, "Extra header to send with requests.")
+	urlCmd.Flags().StringSliceVarP(&headers, "header", "H", headers, "Extra header to send with requests (can be specified multiple times).")
 	urlCmd.Flags().BoolVarP(&enableSpidering, "spider", "s", enableSpidering, "Spider links within page content")
 
 	rootCmd.AddCommand(urlCmd)
diff --git a/pkg/scan/url_options.go b/pkg/scan/url_options.go
index 2f7284e..52ef54c 100644
--- a/pkg/scan/url_options.go
+++ b/pkg/scan/url_options.go
@@ -81,9 +81,9 @@ func WithBackupExtensions(backupExtensions []string) URLOption {
 	}
 }
 
-func WithExtraHeader(header string) URLOption {
+func WithExtraHeaders(headers []string) URLOption {
 	return func(s *URLScanner) {
-		s.extraHeader = header
+		s.extraHeaders = append(s.extraHeaders, headers...)
 	}
 }
 
diff --git a/pkg/scan/url_scanner.go b/pkg/scan/url_scanner.go
index be12ac0..9f8ea2b 100644
--- a/pkg/scan/url_scanner.go
+++ b/pkg/scan/url_scanner.go
@@ -35,7 +35,7 @@ type URLScanner struct {
 	filename            string
 	skipSSLVerification bool
 	backupExtensions    []string
-	extraHeader         string
+	extraHeaders        []string
 	enableSpidering     bool
 	checked             map[string]struct{}
 	checkMutex          sync.Mutex
@@ -269,8 +269,8 @@ func (scanner *URLScanner) checkURL(job URLJob) *URLResult {
 			return err
 		}
 
-		if scanner.extraHeader != "" {
-			parts := strings.SplitN(scanner.extraHeader, ":", 2)
+		for _, header := range scanner.extraHeaders {
+			parts := strings.SplitN(header, ":", 2)
 			if len(parts) == 2 {
 				req.Header.Set(parts[0], strings.TrimPrefix(parts[1], " "))
 			}