Added curl command to http request report (#1107)

* Added curl command to http request report
2021-10-15 13:55:50 +05:30 · 2021-10-15 13:55:50 +05:30 · 0e3c656103
parent 9b7a105766
commit 0e3c656103
7 changed files with 33 additions and 1 deletions
--- a/v2/go.mod
+++ b/v2/go.mod
@ -117,4 +117,5 @@ require (
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/corvus-ch/zbase32.v1 v1.0.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	moul.io/http2curl v1.0.0 // indirect
 )
--- a/v2/go.sum
+++ b/v2/go.sum
@ -1199,6 +1199,8 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
+moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
+moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/v2/pkg/output/output.go
+++ b/v2/pkg/output/output.go
@ -90,7 +90,9 @@ type ResultEvent struct {
 	Timestamp time.Time `json:"timestamp"`
 	// Interaction is the full details of interactsh interaction.
 	Interaction *server.Interaction `json:"interaction,omitempty"`
-
+	// CURLCommand is an optional curl command to reproduce the request
+	// Only applicable if the report is for HTTP.
+	CURLCommand         string         `json:"curl_command,omitempty"`
 	FileToIndexPosition map[string]int `json:"-"`
 }

--- a/v2/pkg/protocols/http/operators.go
+++ b/v2/pkg/protocols/http/operators.go
@ -147,6 +147,7 @@ func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent
 		IP:               types.ToString(wrapped.InternalEvent["ip"]),
 		Request:          types.ToString(wrapped.InternalEvent["request"]),
 		Response:         types.ToString(wrapped.InternalEvent["response"]),
+		CURLCommand:      types.ToString(wrapped.InternalEvent["curl-command"]),
 	}
 	return data
 }
--- a/v2/pkg/protocols/http/request.go
+++ b/v2/pkg/protocols/http/request.go
@ -15,6 +15,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/remeh/sizedwaitgroup"
 	"go.uber.org/multierr"
+	"moul.io/http2curl"

 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/nuclei/v2/pkg/output"
@ -373,6 +374,16 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 		resp.Body.Close()
 	}()

+	var curlCommand string
+	if !request.Unsafe && resp != nil && generatedRequest.request != nil {
+		bodyBytes, _ := generatedRequest.request.BodyBytes()
+		resp.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
+		command, _ := http2curl.GetCurlCommand(resp.Request)
+		if err == nil && command != nil {
+			curlCommand = command.String()
+		}
+	}
+
 	gologger.Verbose().Msgf("[%s] Sent HTTP request to %s", request.options.TemplateID, formedURL)
 	request.options.Output.Request(request.options.TemplateID, formedURL, "http", err)

@ -460,6 +471,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 	if i := strings.LastIndex(hostname, ":"); i != -1 {
 		hostname = hostname[:i]
 	}
+	outputEvent["curl-command"] = curlCommand
 	outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname)
 	outputEvent["redirect-chain"] = tostring.UnsafeToString(redirectedResponse)
 	for k, v := range previousEvent {
--- a/v2/pkg/reporting/format/format.go
+++ b/v2/pkg/reporting/format/format.go
@ -131,6 +131,13 @@ func MarkdownDescription(event *output.ResultEvent) string { // TODO remove the
 			}
 		}
 	}
+	builder.WriteString("\n")
+
+	if event.CURLCommand != "" {
+		builder.WriteString("\n**CURL Command**\n```\n")
+		builder.WriteString(event.CURLCommand)
+		builder.WriteString("\n```")
+	}

 	builder.WriteString(fmt.Sprintf("\n---\nGenerated by [Nuclei %s](https://github.com/projectdiscovery/nuclei)", config.Version))
 	data := builder.String()
--- a/v2/pkg/reporting/trackers/jira/jira.go
+++ b/v2/pkg/reporting/trackers/jira/jira.go
@ -244,6 +244,13 @@ func jiraFormatDescription(event *output.ResultEvent) string { // TODO remove th
 			}
 		}
 	}
+	builder.WriteString("\n")
+
+	if event.CURLCommand != "" {
+		builder.WriteString("\n*CURL Command*\n{code}\n")
+		builder.WriteString(event.CURLCommand)
+		builder.WriteString("\n{code}")
+	}
 	builder.WriteString(fmt.Sprintf("\n---\nGenerated by [Nuclei v%s](https://github.com/projectdiscovery/nuclei)", config.Version))
 	data := builder.String()
 	return data