mirror of https://github.com/daffainfo/nuclei.git
added payload info to output
Mzack9999
parent
6cce1ea1bf
commit
375c3163f7
5
go.mod
5
go.mod
|
|
@ -5,13 +5,12 @@ go 1.14
|
|||
require (
|
||||
github.com/Knetic/govaluate v3.0.0+incompatible
|
||||
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
|
||||
github.com/elastic/go-lumber v0.1.0
|
||||
github.com/karrick/godirwalk v1.15.6
|
||||
github.com/miekg/dns v1.1.29
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/projectdiscovery/gologger v1.0.0
|
||||
github.com/projectdiscovery/retryabledns v1.0.4
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.1
|
||||
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5
|
||||
gopkg.in/yaml.v2 v2.2.8
|
||||
golang.org/x/net v0.0.0-20200513185701-a91f0712d120
|
||||
gopkg.in/yaml.v2 v2.3.0
|
||||
)
|
||||
|
|
|
|||
10
go.sum
10
go.sum
|
|
@ -4,8 +4,6 @@ github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8L
|
|||
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
|
||||
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/elastic/go-lumber v0.1.0 h1:HUjpyg36v2HoKtXlEC53EJ3zDFiDRn65d7B8dBHNius=
|
||||
github.com/elastic/go-lumber v0.1.0/go.mod h1:8YvjMIRYypWuPvpxx7WoijBYdbB7XIh/9FqSYQZTtxQ=
|
||||
github.com/karrick/godirwalk v1.15.6 h1:Yf2mmR8TJy+8Fa0SuQVto5SYap6IF7lNVX4Jdl8G1qA=
|
||||
github.com/karrick/godirwalk v1.15.6/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
|
||||
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
|
||||
|
|
@ -30,8 +28,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
|
|||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 h1:WQ8q63x+f/zpC8Ac1s9wLElVoHhm32p6tudrU72n1QA=
|
||||
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200513185701-a91f0712d120 h1:EZ3cVSzKOlJxAd8e8YAJ7no8nNypTxexh/YE/xW3ZEY=
|
||||
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
|
@ -43,5 +41,5 @@ golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapK
|
|||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
|
||||
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ const banner = `
|
|||
`
|
||||
|
||||
// Version is the current version of nuclei
|
||||
const Version = `1.1.3`
|
||||
const Version = `1.1.4`
|
||||
|
||||
// showBanner is used to show the banner to the user
|
||||
func showBanner() {
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ mainLoop:
|
|||
// If the matcher has matched, and its an OR
|
||||
// write the first output then move to next matcher.
|
||||
if matcherCondition == matchers.ORCondition && len(e.httpRequest.Extractors) == 0 {
|
||||
e.writeOutputHTTP(req, matcher, nil)
|
||||
e.writeOutputHTTP(compiledRequest, matcher, nil)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -142,7 +142,7 @@ mainLoop:
|
|||
// Write a final string of output if matcher type is
|
||||
// AND or if we have extractors for the mechanism too.
|
||||
if len(e.httpRequest.Extractors) > 0 || matcherCondition == matchers.ANDCondition {
|
||||
e.writeOutputHTTP(req, nil, extractorResults)
|
||||
e.writeOutputHTTP(compiledRequest, nil, extractorResults)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@ import (
|
|||
|
||||
"github.com/projectdiscovery/gologger"
|
||||
"github.com/projectdiscovery/nuclei/pkg/matchers"
|
||||
"github.com/projectdiscovery/retryablehttp-go"
|
||||
"github.com/projectdiscovery/nuclei/pkg/requests"
|
||||
)
|
||||
|
||||
// writeOutputHTTP writes http output to streams
|
||||
func (e *HTTPExecutor) writeOutputHTTP(req *retryablehttp.Request, matcher *matchers.Matcher, extractorResults []string) {
|
||||
func (e *HTTPExecutor) writeOutputHTTP(req *requests.CompiledHTTP, matcher *matchers.Matcher, extractorResults []string) {
|
||||
builder := &strings.Builder{}
|
||||
|
||||
builder.WriteRune('[')
|
||||
|
|
@ -21,7 +21,7 @@ func (e *HTTPExecutor) writeOutputHTTP(req *retryablehttp.Request, matcher *matc
|
|||
builder.WriteString("] [http] ")
|
||||
|
||||
// Escape the URL by replacing all % with %%
|
||||
URL := req.URL.String()
|
||||
URL := req.Request.URL.String()
|
||||
escapedURL := strings.Replace(URL, "%", "%%", -1)
|
||||
builder.WriteString(escapedURL)
|
||||
|
||||
|
|
@ -36,6 +36,18 @@ func (e *HTTPExecutor) writeOutputHTTP(req *retryablehttp.Request, matcher *matc
|
|||
}
|
||||
builder.WriteString("]")
|
||||
}
|
||||
|
||||
// write meta if any
|
||||
if len(req.Meta) > 0 {
|
||||
builder.WriteString(" [")
|
||||
var metas []string
|
||||
for name, value := range req.Meta {
|
||||
metas = append(metas, name+"="+value.(string))
|
||||
}
|
||||
builder.WriteString(strings.Join(metas, ","))
|
||||
builder.WriteString("]")
|
||||
}
|
||||
|
||||
builder.WriteRune('\n')
|
||||
|
||||
// Write output to screen as well as any output file
|
||||
|
|
|
|||
|
|
@ -109,17 +109,17 @@ func (r *HTTPRequest) makeHTTPRequestFromModel(baseURL string, values map[string
|
|||
// Build a request on the specified URL
|
||||
req, err := http.NewRequest(r.Method, URL, nil)
|
||||
if err != nil {
|
||||
requests <- &CompiledHTTP{Request: nil, Error: err}
|
||||
requests <- &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
return
|
||||
}
|
||||
|
||||
request, err := r.fillRequest(req, values)
|
||||
if err != nil {
|
||||
requests <- &CompiledHTTP{Request: nil, Error: err}
|
||||
requests <- &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
return
|
||||
}
|
||||
|
||||
requests <- &CompiledHTTP{Request: request, Error: nil}
|
||||
requests <- &CompiledHTTP{Request: request, Error: nil, Meta: nil}
|
||||
}
|
||||
}()
|
||||
|
||||
|
|
@ -148,7 +148,6 @@ func (r *HTTPRequest) makeHTTPRequestFromRaw(baseURL string, values map[string]i
|
|||
}
|
||||
|
||||
for genValues := range generatorFunc(basePayloads) {
|
||||
// otherwise continue with normal flow
|
||||
compiledHTTP := r.handleRawWithPaylods(raw, baseURL, values, genValues)
|
||||
requests <- compiledHTTP
|
||||
if compiledHTTP.Error != nil {
|
||||
|
|
@ -178,7 +177,7 @@ func (r *HTTPRequest) handleSimpleRaw(raw string, baseURL string, values map[str
|
|||
// Build a parsed request from raw
|
||||
parsedReq, err := http.ReadRequest(bufio.NewReader(strings.NewReader(raw)))
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
// requests generated from http.ReadRequest have incorrect RequestURI, so they
|
||||
|
|
@ -187,7 +186,7 @@ func (r *HTTPRequest) handleSimpleRaw(raw string, baseURL string, values map[str
|
|||
finalURL := fmt.Sprintf("%s%s", baseURL, parsedReq.URL)
|
||||
req, err := http.NewRequest(parsedReq.Method, finalURL, parsedReq.Body)
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
// copy headers
|
||||
|
|
@ -195,10 +194,10 @@ func (r *HTTPRequest) handleSimpleRaw(raw string, baseURL string, values map[str
|
|||
|
||||
request, err := r.fillRequest(req, values)
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
return &CompiledHTTP{Request: request, Error: nil}
|
||||
return &CompiledHTTP{Request: request, Error: nil, Meta: nil}
|
||||
}
|
||||
|
||||
func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, genValues map[string]interface{}) *CompiledHTTP {
|
||||
|
|
@ -219,11 +218,11 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
|
|||
expr := generators.TrimDelimiters(match)
|
||||
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expr, generators.HelperFunctions())
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
result, err := compiled.Evaluate(finValues)
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
dynamicValues[expr] = result
|
||||
}
|
||||
|
|
@ -236,7 +235,7 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
|
|||
// Build a parsed request from raw
|
||||
parsedReq, err := http.ReadRequest(bufio.NewReader(strings.NewReader(raw)))
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
// Bug: http.ReadRequest does not process request body, so building it manually
|
||||
|
|
@ -249,7 +248,7 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
|
|||
finalURL := fmt.Sprintf("%s%s", baseURL, parsedReq.URL)
|
||||
req, err := http.NewRequest(parsedReq.Method, finalURL, strings.NewReader(body))
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
// copy headers
|
||||
|
|
@ -257,10 +256,10 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
|
|||
|
||||
request, err := r.fillRequest(req, values)
|
||||
if err != nil {
|
||||
return &CompiledHTTP{Request: nil, Error: err}
|
||||
return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
|
||||
}
|
||||
|
||||
return &CompiledHTTP{Request: request, Error: nil}
|
||||
return &CompiledHTTP{Request: request, Error: nil, Meta: genValues}
|
||||
}
|
||||
|
||||
func (r *HTTPRequest) fillRequest(req *http.Request, values map[string]interface{}) (*retryablehttp.Request, error) {
|
||||
|
|
@ -302,4 +301,5 @@ func (r *HTTPRequest) fillRequest(req *http.Request, values map[string]interface
|
|||
type CompiledHTTP struct {
|
||||
Request *retryablehttp.Request
|
||||
Error error
|
||||
Meta map[string]interface{}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue