2020-12-20 18:34:11 +00:00
|
|
|
package output
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
2020-12-23 15:16:42 +00:00
|
|
|
"regexp"
|
2020-12-20 18:34:11 +00:00
|
|
|
"sync"
|
2021-01-14 07:51:21 +00:00
|
|
|
"time"
|
2020-12-20 18:34:11 +00:00
|
|
|
|
2021-07-19 18:04:08 +00:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
2020-12-21 06:28:33 +00:00
|
|
|
jsoniter "github.com/json-iterator/go"
|
2020-12-20 18:34:11 +00:00
|
|
|
"github.com/logrusorgru/aurora"
|
2021-07-19 18:04:08 +00:00
|
|
|
|
2021-04-16 11:26:41 +00:00
|
|
|
"github.com/projectdiscovery/interactsh/pkg/server"
|
2020-12-29 10:08:14 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/internal/colorizer"
|
2021-07-19 18:04:08 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/model"
|
2021-09-03 13:48:39 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
|
2020-12-25 07:25:46 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/operators"
|
2020-12-20 18:34:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Writer is an interface which writes output to somewhere for nuclei events.
|
|
|
|
type Writer interface {
|
|
|
|
// Close closes the output writer interface
|
|
|
|
Close()
|
2020-12-21 06:34:33 +00:00
|
|
|
// Colorizer returns the colorizer instance for writer
|
|
|
|
Colorizer() aurora.Aurora
|
2020-12-20 18:34:11 +00:00
|
|
|
// Write writes the event to file and/or screen.
|
2020-12-25 15:03:52 +00:00
|
|
|
Write(*ResultEvent) error
|
2021-02-02 20:39:45 +00:00
|
|
|
// Request logs a request in the trace log
|
2020-12-21 06:28:33 +00:00
|
|
|
Request(templateID, url, requestType string, err error)
|
2020-12-20 18:34:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// StandardWriter is a writer writing output to file and screen for results.
|
|
|
|
type StandardWriter struct {
|
2020-12-29 10:08:14 +00:00
|
|
|
json bool
|
2021-09-09 13:23:55 +00:00
|
|
|
jsonReqResp bool
|
2021-08-27 13:42:06 +00:00
|
|
|
noTimestamp bool
|
2020-12-29 10:08:14 +00:00
|
|
|
noMetadata bool
|
|
|
|
aurora aurora.Aurora
|
|
|
|
outputFile *fileWriter
|
|
|
|
outputMutex *sync.Mutex
|
|
|
|
traceFile *fileWriter
|
|
|
|
traceMutex *sync.Mutex
|
2021-07-16 14:28:13 +00:00
|
|
|
severityColors func(severity.Severity) string
|
2020-12-20 18:34:11 +00:00
|
|
|
}
|
|
|
|
|
2020-12-23 15:16:42 +00:00
|
|
|
var decolorizerRegex = regexp.MustCompile(`\x1B\[[0-9;]*[a-zA-Z]`)
|
|
|
|
|
2020-12-25 07:25:46 +00:00
|
|
|
// InternalEvent is an internal output generation structure for nuclei.
|
|
|
|
type InternalEvent map[string]interface{}
|
|
|
|
|
|
|
|
// InternalWrappedEvent is a wrapped event with operators result added to it.
|
|
|
|
type InternalWrappedEvent struct {
|
|
|
|
InternalEvent InternalEvent
|
2020-12-25 20:39:16 +00:00
|
|
|
Results []*ResultEvent
|
2020-12-25 07:25:46 +00:00
|
|
|
OperatorsResult *operators.Result
|
|
|
|
}
|
|
|
|
|
2020-12-25 15:03:52 +00:00
|
|
|
// ResultEvent is a wrapped result event for a single nuclei output.
|
|
|
|
type ResultEvent struct {
|
2020-12-25 07:25:46 +00:00
|
|
|
// TemplateID is the ID of the template for the result.
|
2021-10-18 19:56:21 +00:00
|
|
|
TemplateID string `json:"template-id"`
|
2021-06-05 12:31:08 +00:00
|
|
|
// TemplatePath is the path of template
|
|
|
|
TemplatePath string `json:"-"`
|
2020-12-25 07:25:46 +00:00
|
|
|
// Info contains information block of the template for the result.
|
2021-07-12 14:20:01 +00:00
|
|
|
Info model.Info `json:"info,inline"`
|
2020-12-25 07:25:46 +00:00
|
|
|
// MatcherName is the name of the matcher matched if any.
|
2021-10-18 19:56:21 +00:00
|
|
|
MatcherName string `json:"matcher-name,omitempty"`
|
2021-01-11 15:41:35 +00:00
|
|
|
// ExtractorName is the name of the extractor matched if any.
|
2021-10-18 19:56:21 +00:00
|
|
|
ExtractorName string `json:"extractor-name,omitempty"`
|
2020-12-25 07:25:46 +00:00
|
|
|
// Type is the type of the result event.
|
|
|
|
Type string `json:"type"`
|
|
|
|
// Host is the host input on which match was found.
|
|
|
|
Host string `json:"host,omitempty"`
|
2021-03-05 13:55:09 +00:00
|
|
|
// Path is the path input on which match was found.
|
|
|
|
Path string `json:"path,omitempty"`
|
2020-12-25 07:25:46 +00:00
|
|
|
// Matched contains the matched input in its transformed form.
|
2021-10-18 19:56:21 +00:00
|
|
|
Matched string `json:"matched-at,omitempty"`
|
2020-12-25 07:25:46 +00:00
|
|
|
// ExtractedResults contains the extraction result from the inputs.
|
2021-10-18 19:56:21 +00:00
|
|
|
ExtractedResults []string `json:"extracted-results,omitempty"`
|
2021-09-07 14:31:46 +00:00
|
|
|
// Request is the optional, dumped request for the match.
|
2020-12-25 07:25:46 +00:00
|
|
|
Request string `json:"request,omitempty"`
|
2021-09-07 14:31:46 +00:00
|
|
|
// Response is the optional, dumped response for the match.
|
2020-12-25 07:25:46 +00:00
|
|
|
Response string `json:"response,omitempty"`
|
|
|
|
// Metadata contains any optional metadata for the event
|
|
|
|
Metadata map[string]interface{} `json:"meta,omitempty"`
|
2021-01-16 06:36:27 +00:00
|
|
|
// IP is the IP address for the found result event.
|
|
|
|
IP string `json:"ip,omitempty"`
|
2021-01-14 07:51:21 +00:00
|
|
|
// Timestamp is the time the result was found at.
|
|
|
|
Timestamp time.Time `json:"timestamp"`
|
2021-04-16 11:26:41 +00:00
|
|
|
// Interaction is the full details of interactsh interaction.
|
|
|
|
Interaction *server.Interaction `json:"interaction,omitempty"`
|
2021-10-15 08:25:50 +00:00
|
|
|
// CURLCommand is an optional curl command to reproduce the request
|
|
|
|
// Only applicable if the report is for HTTP.
|
2021-10-18 19:56:21 +00:00
|
|
|
CURLCommand string `json:"curl-command,omitempty"`
|
2021-06-06 10:22:13 +00:00
|
|
|
FileToIndexPosition map[string]int `json:"-"`
|
2020-12-25 07:25:46 +00:00
|
|
|
}
|
2020-12-20 18:34:11 +00:00
|
|
|
|
|
|
|
// NewStandardWriter creates a new output writer based on user configurations
|
2021-09-09 13:23:55 +00:00
|
|
|
func NewStandardWriter(colors, noMetadata, noTimestamp, json, jsonReqResp bool, file, traceFile string) (*StandardWriter, error) {
|
2020-12-29 10:08:14 +00:00
|
|
|
auroraColorizer := aurora.NewAurora(colors)
|
2020-12-20 18:34:11 +00:00
|
|
|
|
|
|
|
var outputFile *fileWriter
|
|
|
|
if file != "" {
|
|
|
|
output, err := newFileOutputWriter(file)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "could not create output file")
|
|
|
|
}
|
|
|
|
outputFile = output
|
|
|
|
}
|
2020-12-21 06:28:33 +00:00
|
|
|
var traceOutput *fileWriter
|
|
|
|
if traceFile != "" {
|
|
|
|
output, err := newFileOutputWriter(traceFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "could not create output file")
|
|
|
|
}
|
|
|
|
traceOutput = output
|
|
|
|
}
|
2020-12-20 18:34:11 +00:00
|
|
|
writer := &StandardWriter{
|
2020-12-29 10:08:14 +00:00
|
|
|
json: json,
|
2021-09-09 13:23:55 +00:00
|
|
|
jsonReqResp: jsonReqResp,
|
2020-12-29 10:08:14 +00:00
|
|
|
noMetadata: noMetadata,
|
2021-08-27 13:42:06 +00:00
|
|
|
noTimestamp: noTimestamp,
|
2020-12-29 10:08:14 +00:00
|
|
|
aurora: auroraColorizer,
|
|
|
|
outputFile: outputFile,
|
|
|
|
outputMutex: &sync.Mutex{},
|
|
|
|
traceFile: traceOutput,
|
|
|
|
traceMutex: &sync.Mutex{},
|
|
|
|
severityColors: colorizer.New(auroraColorizer),
|
2020-12-20 18:34:11 +00:00
|
|
|
}
|
|
|
|
return writer, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Write writes the event to file and/or screen.
|
2020-12-25 15:03:52 +00:00
|
|
|
func (w *StandardWriter) Write(event *ResultEvent) error {
|
2021-03-08 06:13:23 +00:00
|
|
|
event.Timestamp = time.Now()
|
|
|
|
|
2020-12-20 18:34:11 +00:00
|
|
|
var data []byte
|
|
|
|
var err error
|
|
|
|
|
|
|
|
if w.json {
|
|
|
|
data, err = w.formatJSON(event)
|
|
|
|
} else {
|
2021-02-26 07:43:11 +00:00
|
|
|
data = w.formatScreen(event)
|
2020-12-20 18:34:11 +00:00
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrap(err, "could not format output")
|
|
|
|
}
|
2021-02-05 09:13:11 +00:00
|
|
|
if len(data) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
2020-12-20 18:34:11 +00:00
|
|
|
_, _ = os.Stdout.Write(data)
|
2020-12-29 06:12:46 +00:00
|
|
|
_, _ = os.Stdout.Write([]byte("\n"))
|
2020-12-20 18:34:11 +00:00
|
|
|
if w.outputFile != nil {
|
2020-12-23 15:16:42 +00:00
|
|
|
if !w.json {
|
|
|
|
data = decolorizerRegex.ReplaceAll(data, []byte(""))
|
|
|
|
}
|
2020-12-20 18:34:11 +00:00
|
|
|
if writeErr := w.outputFile.Write(data); writeErr != nil {
|
|
|
|
return errors.Wrap(err, "could not write to output")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-12-21 06:28:33 +00:00
|
|
|
// JSONTraceRequest is a trace log request written to file
|
|
|
|
type JSONTraceRequest struct {
|
|
|
|
ID string `json:"id"`
|
|
|
|
URL string `json:"url"`
|
|
|
|
Error string `json:"error"`
|
|
|
|
Type string `json:"type"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// Request writes a log the requests trace log
|
|
|
|
func (w *StandardWriter) Request(templateID, url, requestType string, err error) {
|
|
|
|
if w.traceFile == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
request := &JSONTraceRequest{
|
|
|
|
ID: templateID,
|
|
|
|
URL: url,
|
|
|
|
Type: requestType,
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
request.Error = err.Error()
|
|
|
|
} else {
|
|
|
|
request.Error = "none"
|
|
|
|
}
|
|
|
|
|
|
|
|
data, err := jsoniter.Marshal(request)
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
w.traceMutex.Lock()
|
|
|
|
_ = w.traceFile.Write(data)
|
|
|
|
w.traceMutex.Unlock()
|
|
|
|
}
|
|
|
|
|
2020-12-21 06:34:33 +00:00
|
|
|
// Colorizer returns the colorizer instance for writer
|
|
|
|
func (w *StandardWriter) Colorizer() aurora.Aurora {
|
|
|
|
return w.aurora
|
|
|
|
}
|
|
|
|
|
2020-12-20 18:34:11 +00:00
|
|
|
// Close closes the output writing interface
|
|
|
|
func (w *StandardWriter) Close() {
|
2020-12-21 06:28:33 +00:00
|
|
|
if w.outputFile != nil {
|
|
|
|
w.outputFile.Close()
|
|
|
|
}
|
|
|
|
if w.traceFile != nil {
|
|
|
|
w.traceFile.Close()
|
|
|
|
}
|
2020-12-20 18:34:11 +00:00
|
|
|
}
|