diff --git a/v2/pkg/protocols/dns/matchers.go b/v2/pkg/protocols/dns/matchers.go index 371f3576..1e32bfff 100644 --- a/v2/pkg/protocols/dns/matchers.go +++ b/v2/pkg/protocols/dns/matchers.go @@ -10,8 +10,6 @@ import ( func responseToDSLMap(msg *dns.Msg) map[string]interface{} { data := make(map[string]interface{}, 6) - data["rcode"] = msg.Rcode - buffer := &bytes.Buffer{} for _, question := range msg.Question { buffer.WriteString(question.String()) @@ -38,5 +36,6 @@ func responseToDSLMap(msg *dns.Msg) map[string]interface{} { buffer.Reset() data["raw"] = msg.String() + data["status_code"] = msg.Rcode return data } diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 53138a21..3ab61eaf 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -1,64 +1,52 @@ package http -import ( - "github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors" - "github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers" - "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators" -) +import "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators" // Request contains a http request to be made from a template type Request struct { - // Number of same request to send in race condition attack - RaceNumberRequests int `yaml:"race_count,omitempty"` - // MaxRedirects is the maximum number of redirects that should be followed. - MaxRedirects int `yaml:"max-redirects,omitempty"` - PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections,omitempty"` - PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection,omitempty"` - Threads int `yaml:"threads,omitempty"` - // attackType is internal attack type - attackType generators.Type - // matchersCondition is internal condition for the matchers. - matchersCondition matchers.ConditionType - // CookieReuse is an optional setting that makes cookies shared within requests - CookieReuse bool `yaml:"cookie-reuse,omitempty"` - // Redirects specifies whether redirects should be followed. - Redirects bool `yaml:"redirects,omitempty"` - // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining (race conditions/billions requests) - // All requests must be indempotent (GET/POST) - Pipeline bool `yaml:"pipeline,omitempty"` - // Specify in order to skip request RFC normalization - Unsafe bool `yaml:"unsafe,omitempty"` - // DisableAutoHostname Enable/Disable Host header for unsafe raw requests - DisableAutoHostname bool `yaml:"disable-automatic-host-header,omitempty"` - // DisableAutoContentLength Enable/Disable Content-Length header for unsafe raw requests - DisableAutoContentLength bool `yaml:"disable-automatic-content-length-header,omitempty"` - // Race determines if all the request have to be attempted at the same time - // The minimum number fof requests is determined by threads - Race bool `yaml:"race,omitempty"` // Name is the name of the request - Name string `yaml:"Name,omitempty"` + Name string `yaml:"Name"` // AttackType is the attack type // Sniper, PitchFork and ClusterBomb. Default is Sniper - AttackType string `yaml:"attack,omitempty"` + AttackType string `yaml:"attack"` // Method is the request method, whether GET, POST, PUT, etc Method string `yaml:"method"` // Body is an optional parameter which contains the request body for POST methods, etc - Body string `yaml:"body,omitempty"` - // MatchersCondition is the condition of the matchers - // whether to use AND or OR. Default is OR. - MatchersCondition string `yaml:"matchers-condition,omitempty"` + Body string `yaml:"body"` // Path contains the path/s for the request Path []string `yaml:"path"` // Raw contains raw requests - Raw []string `yaml:"raw,omitempty"` - // Matchers contains the detection mechanism for the request to identify - // whether the request was successful - Matchers []*matchers.Matcher `yaml:"matchers,omitempty"` - // Extractors contains the extraction mechanism for the request to identify - // and extract parts of the response. - Extractors []*extractors.Extractor `yaml:"extractors,omitempty"` + Raw []string `yaml:"raw"` // Path contains the path/s for the request variables - Payloads map[string]interface{} `yaml:"payloads,omitempty"` + Payloads map[string]interface{} `yaml:"payloads"` // Headers contains headers to send with the request - Headers map[string]string `yaml:"headers,omitempty"` + Headers map[string]string `yaml:"headers"` + // RaceNumberRequests is the number of same request to send in race condition attack + RaceNumberRequests int `yaml:"race_count"` + // MaxRedirects is the maximum number of redirects that should be followed. + MaxRedirects int `yaml:"max-redirects"` + // PipelineConcurrentConnections is number of connections in pipelining + PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections"` + // PipelineRequestsPerConnection is number of requests in pipelining + PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection"` + // Threads specifies number of threads for sending requests + Threads int `yaml:"threads"` + // CookieReuse is an optional setting that makes cookies shared within requests + CookieReuse bool `yaml:"cookie-reuse"` + // Redirects specifies whether redirects should be followed. + Redirects bool `yaml:"redirects"` + // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining (race conditions/billions requests) + // All requests must be indempotent (GET/POST) + Pipeline bool `yaml:"pipeline"` + // Specify in order to skip request RFC normalization + Unsafe bool `yaml:"unsafe"` + // DisableAutoHostname Enable/Disable Host header for unsafe raw requests + DisableAutoHostname bool `yaml:"disable-automatic-host-header"` + // DisableAutoContentLength Enable/Disable Content-Length header for unsafe raw requests + DisableAutoContentLength bool `yaml:"disable-automatic-content-length-header"` + // Race determines if all the request have to be attempted at the same time + // The minimum number fof requests is determined by threads + Race bool `yaml:"race"` + + attackType generators.Type } diff --git a/v2/pkg/protocols/http/matchers.go b/v2/pkg/protocols/http/matchers.go index 8b2a0a35..6dcfb62a 100644 --- a/v2/pkg/protocols/http/matchers.go +++ b/v2/pkg/protocols/http/matchers.go @@ -17,12 +17,12 @@ func responseToDSLMap(resp *http.Response, body, headers string, duration time.D data["content_length"] = resp.ContentLength data["status_code"] = resp.StatusCode + data["body"] = body for k, v := range resp.Header { k = strings.ToLower(strings.TrimSpace(strings.ReplaceAll(k, "-", "_"))) data[k] = strings.Join(v, " ") } - data["all_headers"] = headers - data["body"] = body + data["headers"] = headers if r, err := httputil.DumpResponse(resp, true); err == nil { data["raw"] = string(r) diff --git a/v2/pkg/protocols/protocols.go b/v2/pkg/protocols/protocols.go index 7e58eb64..09542784 100644 --- a/v2/pkg/protocols/protocols.go +++ b/v2/pkg/protocols/protocols.go @@ -3,6 +3,7 @@ package protocols import ( "github.com/projectdiscovery/nuclei/v2/pkg/output" "github.com/projectdiscovery/nuclei/v2/pkg/types" + "go.uber.org/ratelimit" ) // Executer is an interface implemented any protocol based request generator. @@ -21,6 +22,8 @@ type Executer interface { type ExecuterOptions struct { // Output is a writer interface for writing output events from executer. Output output.Writer - // Options contains configuration options for the executer + // Options contains configuration options for the executer. Options *types.Options + // RateLimiter is a rate-limiter for limiting sent number of requests. + RateLimiter ratelimit.Limiter }