mirror of https://github.com/daffainfo/nuclei.git
Issue 2840 aws signature (#2924)
* docker go version update * docker fix * version update * update chinese readme and typo fixes. (#2862) * fix aws request signer * fix reader by upgrading retryablehttp-go * go mod tidy Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>dev
parent
e7d1d93234
commit
3b31799847
227
README_CN.md
227
README_CN.md
|
@ -7,14 +7,12 @@
|
|||
|
||||
|
||||
<p align="center">
|
||||
<img src="https://img.shields.io/github/go-mod/go-version/projectdiscovery/nuclei?filename=v2%2Fgo.mod">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/downloads/projectdiscovery/nuclei/total">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/graphs/contributors"><img src="https://img.shields.io/github/contributors-anon/projectdiscovery/nuclei">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/releases/"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/github/issues-raw/projectdiscovery/nuclei">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/discussions"><img src="https://img.shields.io/github/discussions/projectdiscovery/nuclei">
|
||||
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
|
||||
<a href="https://goreportcard.com/report/github.com/projectdiscovery/nuclei"><img src="https://goreportcard.com/badge/github.com/projectdiscovery/nuclei"></a>
|
||||
<a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
|
||||
<a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei"></a>
|
||||
<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
|
||||
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
|
||||
<a href="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml"><img src="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml/badge.svg?branch=master"></a>
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
|
@ -30,15 +28,14 @@
|
|||
|
||||
<p align="center">
|
||||
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> •
|
||||
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> •
|
||||
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">Korean</a>
|
||||
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a>
|
||||
</p>
|
||||
|
||||
---
|
||||
|
||||
Nuclei使用零误报的定制模板向目标发送请求,同时可以对主机进行批量快速扫描。Nuclei提供TCP、DNS、HTTP、FILE等各类协议的扫描,通过强大且灵活的模板,可以使用Nuclei模拟各种安全检查。
|
||||
Nuclei使用零误报的定制模板向目标发送请求,同时可以对大量主机进行快速扫描。Nuclei提供TCP、DNS、HTTP、FILE等各类协议的扫描,通过强大且灵活的模板,可以使用Nuclei模拟各种安全检查。
|
||||
|
||||
我们的[模板仓库](https://github.com/projectdiscovery/nuclei-templates)包含**超过300**安全研究员和工程师提供的模板。
|
||||
我们的[模板仓库](https://github.com/projectdiscovery/nuclei-templates)包含**超过200**安全研究员和工程师提供的模板。
|
||||
|
||||
|
||||
|
||||
|
@ -68,7 +65,7 @@ go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
|
|||
|
||||
自从[v2.5.2]((https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2))起,Nuclei就内置了自动下载和更新模板的功能。[**Nuclei模板**](https://github.com/projectdiscovery/nuclei-templates)仓库随时更新社区中可用的模板列表。
|
||||
|
||||
您仍然可以随时使用`update-templates`命令更新模板,您可以根据[模板指南](https://nuclei.projectdiscovery.io/templating-guide/)为您的个人工作流和需求编写模板。
|
||||
您仍然可以随时使用`update-templates`命令更新模板,您可以根据[模板指南](https://nuclei.projectdiscovery.io/templating-guide/)编写您自己的模板。
|
||||
|
||||
YAML的语法规范在[这里](SYNTAX-REFERENCE.md)。
|
||||
|
||||
|
@ -82,10 +79,10 @@ YAML的语法规范在[这里](SYNTAX-REFERENCE.md)。
|
|||
nuclei -h
|
||||
```
|
||||
|
||||
这将显示Nuclei的帮助,以下是所有支持的命令。
|
||||
这将显示Nuclei的帮助,以下是所有支持的命令
|
||||
|
||||
|
||||
```console
|
||||
```yaml
|
||||
Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板的快速漏洞扫描器。
|
||||
|
||||
用法:
|
||||
|
@ -93,147 +90,104 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
|
|||
|
||||
命令:
|
||||
目标:
|
||||
-u, -target string[] 指定扫描的URL/主机
|
||||
-l, -list string 指定需要扫描的URL/主机文件(一行一个)
|
||||
-resume string 断点续扫(将禁用集群)
|
||||
-u, -target string[] 指定扫描的URL/主机
|
||||
-l, -list string 指定需要扫描的URL/主机文件(一行一个)
|
||||
|
||||
模板:
|
||||
-nt, -new-templates 只扫描最新版本中添加的模板
|
||||
-ntv, -new-templates-version string[] 运行在特定版本中添加的新模板
|
||||
-as, -automatic-scan 在自动web扫描中使用wappalyzer技术检测的指纹
|
||||
-t, -templates string[] 指定需要扫描的模板或者模板的路径(逗号分隔,文件)
|
||||
-tu, -template-url string[] 从URL加载模板(逗号分隔,文件)
|
||||
-w, -workflows string[] 指定扫描中的工作流或者工作流目录(逗号分隔,文件)
|
||||
-wu, -workflow-url string[] 从URL加载工作流(逗号分隔,文件)
|
||||
-validate 验证通过的模板
|
||||
-nss, -no-strict-syntax 禁用模板的严格检查
|
||||
-tl 列出所有可用的模板
|
||||
-td 显示模板内容
|
||||
-t, -templates string[] 指定需要扫描的模板或者模板的路径
|
||||
-nt, -new-templates 只扫描最新版本中添加的模板
|
||||
-ntv, -new-templates-version 运行在特定版本中添加的新模板
|
||||
-w, -workflows string[] 指定扫描中的工作流或者工作流目录
|
||||
-validate 验证通过的模板
|
||||
-tl 列出所有可用的模板
|
||||
|
||||
过滤:
|
||||
-a, -author string[] 执行指定作者的模板(逗号分隔,文件)
|
||||
-tags string[] 执行有标记的模板子集(逗号分隔,文件)
|
||||
-etags, -exclude-tags string[] 执行标记为排除的模板(逗号分隔,文件)
|
||||
-itags, -include-tags string[] 执行默认或者配置排除的标记模板
|
||||
-id, -template-id string[] 执行指定ID的模板(逗号分隔,文件)
|
||||
-eid, -exclude-id string[] 执行排除指定ID的模板(逗号分隔,文件)
|
||||
-it, -include-templates string[] 执行默认或配置中排除的模板
|
||||
-et, -exclude-templates string[] 要排除的模板或者模板目录(逗号分隔,文件)
|
||||
-em, -exclude-matchers string[] 在结果中排除指定模板
|
||||
-s, -severity value[] 根据严重程度运行模板,可候选的值有:info,low,medium,high,critical
|
||||
-es, -exclude-severity value[] 根据严重程度排除模板,可候选的值有:info,low,medium,high,critical
|
||||
-pt, -type value[] 根据协议运行模板,可候选的值有:dns, file, http, headless, network, workflow, ssl, websocket, whois
|
||||
-ept, -exclude-type value[] 根据协议排除模板,可候选的值有:dns, file, http, headless, network, workflow, ssl, websocket, whois
|
||||
-tc, -template-condition string[] 根据表达式运行模板
|
||||
|
||||
-tags string[] 执行有标记的模板子集
|
||||
-etags, -exclude-tags string[] 执行标记为排除的模板
|
||||
-itags, -include-tags string[] 不执行具有攻击性的模板
|
||||
-et, -exclude-templates string[] 要排除的模板或者模板目录
|
||||
-it, -include-templates string[] 执行默认或配置中排除的模板
|
||||
-s, -severity value[] 根据严重程度运行模板,可候选的值有:info,low,medium,high,critical
|
||||
-es, -exclude-severity value[] 根据严重程度排除模板,可候选的值有:info,low,medium,high,critical
|
||||
-a, -author string[] 执行指定作者的模板
|
||||
|
||||
输出:
|
||||
-o, -output string 输出发现的问题到文件
|
||||
-sresp, -store-resp 将nuclei的所有请求和响应输出到目录
|
||||
-srd, -store-resp-dir string 将nuclei的所有请求和响应输出到指定目录(默认:output)
|
||||
-silent 只显示结果
|
||||
-nc, -no-color 禁用输出内容着色(ANSI转义码)
|
||||
-json 输出为jsonL(ines)
|
||||
-irr, -include-rr 在JSONL中输出对应的请求和相应(仅结果)
|
||||
-nm, -no-meta 不显示匹配的元数据
|
||||
-nts, -no-timestamp 不在输出中显示时间戳
|
||||
-rdb, -report-db string 本地的Nuclei结果数据库(始终使用该数据库保存结果)
|
||||
-ms, -matcher-status 显示匹配失败状态
|
||||
-me, -markdown-export string 以markdown导出结果
|
||||
-se, -sarif-export string 以SARIF导出结果
|
||||
-o, -output string 输出发现的问题到文件
|
||||
-silent 只显示结果
|
||||
-nc, -no-color 禁用输出内容着色(ANSI转义码)
|
||||
-json 输出为jsonL(ines)
|
||||
-irr, -include-rr 在JSONL中输出对应的请求和相应(仅结果)
|
||||
-nm, -no-meta 不显示匹配的元数据
|
||||
-nts, -no-timestamp 不在输出中显示时间戳
|
||||
-rdb, -report-db string 本地的Nuclei结果数据库(始终使用该数据库保存结果)
|
||||
-me, -markdown-export string 以markdown导出结果
|
||||
-se, -sarif-export string 以SARIF导出结果
|
||||
|
||||
配置:
|
||||
-config string 指定Nuclei的配置文件
|
||||
-fr, -follow-redirects 为HTTP模板启用重定向
|
||||
-fhr, -follow-host-redirects 在同一主机上重定向
|
||||
-mr, -max-redirects int HTTP模板最大重定向次数(默认:10)
|
||||
-dr, -disable-redirects 为HTTP模板禁用重定向
|
||||
-rc, -report-config string 指定Nuclei报告模板文件
|
||||
-H, -header string[] 指定header、cookie,以header:value的方式(cli,文件)
|
||||
-V, -var value 通过key=value指定var值
|
||||
-r, -resolvers string 指定Nuclei的解析文件
|
||||
-sr, -system-resolvers 当DNS错误时使用系统DNS
|
||||
-passive 启用被动扫描处理HTTP响应
|
||||
-ev, env-vars 在模板中使用环境变量
|
||||
-cc, -client-cert string 用于对扫描的主机进行身份验证的客户端证书文件(PEM 编码)
|
||||
-ck, -client-key string 用于对扫描的主机进行身份验证的客户端密钥文件(PEM 编码)
|
||||
-ca, -client-ca string 用于对扫描的主机进行身份验证的客户端证书颁发机构文件(PEM 编码)
|
||||
-sml, -show-match-line 显示文件模板的匹配值,只适用于提取器
|
||||
-ztls 对ztls自动退回到tls13
|
||||
-sni string 指定tls sni的主机名(默认为输入的域名)
|
||||
-i, -interface string 指定网卡
|
||||
-sip, -source-ip string 指定源IP
|
||||
-config-directory string 重写默认配置路径($home/.config)
|
||||
-rsr, -response-size-read int 最大读取响应大小(默认:10485760字节)
|
||||
-rss, -response-size-save int 最大储存响应大小(默认:10485760字节)
|
||||
-config string 指定Nuclei的配置文件
|
||||
-rc, -report-config string 指定Nuclei报告模板文件
|
||||
-H, -header string[] 指定报告中的标题:value格式
|
||||
-V, -var value 通过var=value指定var值
|
||||
-r, -resolvers string 指定Nuclei的解析文件
|
||||
-sr, -system-resolvers 当DNS错误时使用系统DNS
|
||||
-passive 启用被动扫描处理HTTP响应
|
||||
-ev, env-vars 在模板中使用环境变量
|
||||
|
||||
交互:
|
||||
-inserver, -ineractsh-server string 使用interactsh反连检测平台(默认为oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
|
||||
-itoken, -interactsh-token string 指定反连检测平台的身份凭证
|
||||
-interactions-cache-size int 指定保存在交互缓存中的请求数(默认:5000)
|
||||
-interactions-eviction int 从缓存中删除请求前等待的时间(默认为60秒)
|
||||
-interactions-poll-duration int 每个轮询前等待时间(默认为5秒)
|
||||
-interactions-cooldown-period int 退出轮询前的等待时间(默认为5秒)
|
||||
-ni, -no-interactsh 禁用反连检测平台,同时排除基于反连检测的模板
|
||||
-inserver, -ineractsh-server string 使用interactsh反连检测平台(默认为"https://interact.sh")
|
||||
-itoken, -interactsh-token string 指定反连检测平台的身份凭证
|
||||
-interactions-cache-size int 指定保存在交互缓存中的请求数(默认:5000)
|
||||
-interactions-eviction int 从缓存中删除请求前等待的时间(默认为60秒)
|
||||
-interactions-poll-duration int 每个轮询前等待时间(默认为5秒)
|
||||
-interactions-cooldown-period int 退出轮询前的等待时间(默认为5秒)
|
||||
-ni, -no-interactsh 禁用反连检测平台,同时排除基于反连检测的模板
|
||||
|
||||
限速:
|
||||
-rl, -rate-limit int 每秒最大请求量(默认:150)
|
||||
-rlm, -rate-limit-minute int 每分钟最大请求量
|
||||
-bs, -bulk-size int 每个模板最大并行检测数(默认:25)
|
||||
-c, -concurrency int 并行执行的最大模板数量(默认:25)
|
||||
-hbs, -headless-bulk-size int 每个模板并行运行的无头主机最大数量(默认:10)
|
||||
-headc, -headless-concurrency int 并行指定无头主机最大数量(默认:10)
|
||||
-rl, -rate-limit int 每秒最大请求量(默认:150)
|
||||
-rlm, -rate-limit-minute int 每分钟最大请求量
|
||||
-bs, -bulk-size int 每个模板最大并行检测数(默认:25)
|
||||
-c, -concurrency int 并行执行的最大模板数量(默认:25)
|
||||
|
||||
|
||||
优化:
|
||||
-timeout int 超时时间(默认为10秒)
|
||||
-retries int 重试次数(默认:1)
|
||||
-ldp, -leave-default-ports 指定HTTP/HTTPS默认端口(例如:host:80,host:443)
|
||||
-mhe, -max-host-error int 某主机扫描失败次数,跳过该主机(默认:30)
|
||||
-project 使用项目文件夹避免多次发送同一请求
|
||||
-project-path string 设置特定的项目文件夹
|
||||
-spm, -stop-at-first-path 得到一个结果后停止(或许会中断模板和工作流的逻辑)
|
||||
-stream 流模式 - 在不整理输入的情况下详细描述
|
||||
-irt, -input-read-timeout duration 输入读取超时时间(默认:3分钟)
|
||||
-no-stdin 禁用标准输入
|
||||
-timeout int 超时时间(默认为5秒)
|
||||
-retries int 重试次数(默认:1)
|
||||
-mhe, -max-host-error int 某主机扫描失败次数,跳过该主机(默认:30)
|
||||
-project 使用项目文件夹避免多次发送同一请求
|
||||
-project-path string 设置特定的项目文件夹
|
||||
-spm, -stop-at-first-path 得到一个结果后停止(或许会中断模板和工作流的逻辑)
|
||||
-stream 流模式 - 在不整理输入的情况下详细描述
|
||||
|
||||
无界面浏览器:
|
||||
-headless 启用需要无界面浏览器的模板
|
||||
-page-timeout int 在无界面下超时秒数(默认:20)
|
||||
-sb, -show-brower 在无界面浏览器运行模板时,显示浏览器
|
||||
-sc, -system-chrome 不使用Nuclei自带的浏览器,使用本地浏览器
|
||||
-lha, -list-headless-action 列出可用的无界面操作
|
||||
-headless 启用需要无界面浏览器的模板
|
||||
-page-timeout int 在无界面下超时秒数(默认:20)
|
||||
-sb, -show-brower 在无界面浏览器运行模板时,显示浏览器
|
||||
-sc, -system-chrome 不使用Nuclei自带的浏览器,使用本地浏览器
|
||||
|
||||
调试:
|
||||
-debug 显示所有请求和响应
|
||||
-dreq, -debug-req 显示所有请求
|
||||
-dresp, -debug-resp 显示所有响应
|
||||
-p, -proxy string[] 使用http/socks5代理(逗号分隔,文件)
|
||||
-pi, -proxy-internal 代理所有请求
|
||||
-ldf, -list-dsl-function 列出所有支持的DSL函数签名
|
||||
-tlog, -trace-log string 写入跟踪日志到文件
|
||||
-elog, -error-log string 写入错误日志到文件
|
||||
-version 显示版本信息
|
||||
-hm, -hang-monitor 启用Nuclei的监控
|
||||
-v, -verbose 显示详细信息
|
||||
-profile-mem string 将Nuclei的内存转储成文件
|
||||
-vv 显示额外的详细信息
|
||||
-ep, -enable-pprof 启用pprof调试服务器
|
||||
-tv, -templates-version 显示已安装的模板版本
|
||||
-hc, -health-check 运行诊断检查
|
||||
-debug 显示所有请求和响应
|
||||
-debug-req 显示所有请求
|
||||
-debug-resp 显示所有响应
|
||||
-proxy, -proxy-url string 使用HTTP代理
|
||||
-proxy-socks-url string 使用SOCK5代理
|
||||
-tlog, -trace-log string 写入请求日志到文件
|
||||
-version 显示版本信息
|
||||
-v, -verbose 显示详细信息
|
||||
-vv 显示额外的详细信息
|
||||
-tv, -templates-version 显示已安装的模板版本
|
||||
|
||||
升级:
|
||||
-update 更新Nuclei到最新版本
|
||||
-ut, -update-templates 更新Nuclei模板到最新版
|
||||
-ud, -update-directory string 覆盖安装模板
|
||||
-duc, -disable-update-check 禁用更新
|
||||
-update 更新Nuclei到最新版本
|
||||
-ut, -update-templates 更新Nuclei模板到最新版
|
||||
-ud, -update-directory string 覆盖安装模板
|
||||
-duc, -disable-update-check 禁用更新
|
||||
|
||||
统计:
|
||||
-stats 显示正在扫描的统计信息
|
||||
-sj, -stats-json 将统计信息以JSONL格式输出到文件
|
||||
-si, -stats-inerval int 显示统计信息更新的间隔秒数(默认:5)
|
||||
-m, -metrics 显示Nuclei端口信息
|
||||
-mp, -metrics-port int 更改Nuclei默认端口(默认:9092)
|
||||
-stats 显示正在扫描的统计信息
|
||||
-sj, -stats-json 将统计信息以JSONL格式输出到文件
|
||||
-si, -stats-inerval int 显示统计信息更新的间隔秒数(默认:5)
|
||||
-m, -metrics 显示Nuclei端口信息
|
||||
-mp, -metrics-port int 更改Nuclei默认端口(默认:9092)
|
||||
```
|
||||
|
||||
### 运行Nuclei
|
||||
|
@ -279,7 +233,7 @@ Nuclei提供了大量有助于安全工程师在工作流定制相关的功能
|
|||
|
||||
**对于赏金猎人:**
|
||||
|
||||
Nuclei允许您定制自己的测试方法,可以轻松的运行您的程序。此外Nuclei可以更容易的集成到您的漏洞扫描工作流中。
|
||||
Nuclei允许您定制自己的测试方法,可以轻松的运行您的程序。此外Nuclei可以更容易的集成到您的漏扫设备中。
|
||||
|
||||
- 可以集成到其他工作流中
|
||||
- 可以在几分钟处理上千台主机
|
||||
|
@ -313,7 +267,7 @@ Nuclei通过增加手动、自动的过程,极大地改变了安全评估的
|
|||
|
||||
Nuclei构建很简单,通过数百名安全研究员的社区模板,Nuclei可以随时扫描来了解安全威胁。Nuclei通常用来用于复测,以确定漏洞是否被修复。
|
||||
|
||||
- **CI/CD:**工程师已经支持了CI/CD,可以通过Nuclei使用定制模板来监控模拟环境和生产环境
|
||||
- **CI/CD:**工程师已经支持了CI/CD,可以使用Nuclei来监控生产环境
|
||||
- **周期性扫描:**使用Nuclei创建新发现的漏洞模板,通过Nuclei可以周期性扫描消除漏洞
|
||||
|
||||
我们有个[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693),黑客提交自己的模板后可以获得赏金,这可以减少资产的漏洞,并且减少重复。如果你想实行该计划,可以[联系我](mailto:contact@projectdiscovery.io)。我们非常乐意提供帮助,或者在[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693)中发布相关信息。
|
||||
|
@ -327,11 +281,6 @@ Nuclei构建很简单,通过数百名安全研究员的社区模板,Nuclei
|
|||
</h1>
|
||||
|
||||
### 资源
|
||||
|
||||
- [使用PinkDraconian发现Nuclei的BUG (Robbe Van Roey)](https://www.youtube.com/watch?v=ewP0xVPW-Pk) 作者:[@PinkDraconian](https://twitter.com/PinkDraconian)
|
||||
- [Nuclei: 强而有力的扫描器](https://bishopfox.com/blog/nuclei-vulnerability-scan) 作者:Bishopfox
|
||||
- [WAF有效性检查](https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf) 作者:Fastly
|
||||
- [在CI/CD中使用Nuclei实时扫描网页应用](https://blog.escape.tech/devsecops-part-iii-scanning-live-web-applications/) 作者:[@TristanKalos](https://twitter.com/TristanKalos)
|
||||
- [使用Nuclei扫描](https://blog.projectdiscovery.io/community-powered-scanning-with-nuclei/)
|
||||
- [Nuclei Unleashed - 快速编写复杂漏洞](https://blog.projectdiscovery.io/nuclei-unleashed-quickly-write-complex-exploits/)
|
||||
- [Nuclei - FUZZ一切](https://blog.projectdiscovery.io/nuclei-fuzz-all-the-things/)
|
||||
|
|
14
v2/go.mod
14
v2/go.mod
|
@ -31,7 +31,7 @@ require (
|
|||
github.com/projectdiscovery/interactsh v1.0.6-0.20220827132222-460cc6270053
|
||||
github.com/projectdiscovery/rawhttp v0.1.3
|
||||
github.com/projectdiscovery/retryabledns v1.0.17
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.4
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751
|
||||
github.com/projectdiscovery/stringsutil v0.0.2
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6
|
||||
github.com/remeh/sizedwaitgroup v1.0.0
|
||||
|
@ -54,8 +54,6 @@ require (
|
|||
moul.io/http2curl v1.0.0
|
||||
)
|
||||
|
||||
require github.com/aws/aws-sdk-go v1.44.151
|
||||
|
||||
require (
|
||||
github.com/DataDog/gostackparse v0.6.0
|
||||
github.com/antchfx/xmlquery v1.3.13
|
||||
|
@ -81,8 +79,8 @@ require (
|
|||
github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917
|
||||
github.com/projectdiscovery/sarif v0.0.1
|
||||
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944
|
||||
github.com/projectdiscovery/uncover v1.0.0
|
||||
github.com/projectdiscovery/utils v0.0.3
|
||||
github.com/projectdiscovery/uncover v1.0.1
|
||||
github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.71
|
||||
github.com/stretchr/testify v1.8.1
|
||||
gopkg.in/src-d/go-git.v4 v4.13.1
|
||||
|
@ -91,6 +89,7 @@ require (
|
|||
|
||||
require (
|
||||
github.com/dlclark/regexp2 v1.4.0 // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/karlseguin/expect v1.0.8 // indirect
|
||||
github.com/projectdiscovery/sliceutil v0.0.1 // indirect
|
||||
gopkg.in/djherbis/times.v1 v1.3.0 // indirect
|
||||
|
@ -148,10 +147,9 @@ require (
|
|||
github.com/hdm/jarm-go v0.0.7 // indirect
|
||||
github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect
|
||||
github.com/itchyny/timefmt-go v0.1.5 // indirect
|
||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.1.0 // indirect
|
||||
github.com/klauspost/pgzip v1.2.5 // indirect
|
||||
github.com/kr/pretty v0.3.0 // indirect
|
||||
github.com/kr/pretty v0.3.1 // indirect
|
||||
github.com/kr/text v0.2.0 // indirect
|
||||
github.com/leodido/go-urn v1.2.1 // indirect
|
||||
github.com/libdns/libdns v0.2.1 // indirect
|
||||
|
@ -171,7 +169,7 @@ require (
|
|||
github.com/projectdiscovery/mapcidr v1.0.3
|
||||
github.com/projectdiscovery/networkpolicy v0.0.2-0.20220525172507-b844eafc878d
|
||||
github.com/rivo/uniseg v0.2.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.8.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.9.0 // indirect
|
||||
github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
|
||||
github.com/spacemonkeygo/openssl v0.0.0-20181017203307-c2dcc5cca94a // indirect
|
||||
github.com/spacemonkeygo/spacelog v0.0.0-20180420211403-2296661a0572 // indirect
|
||||
|
|
21
v2/go.sum
21
v2/go.sum
|
@ -72,8 +72,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
|
|||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.44.151 h1:2FrJZm3kTcyTtfpE7LEQT9XW+jkoi4KEvBhFWqHEZmo=
|
||||
github.com/aws/aws-sdk-go v1.44.151/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw=
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.2 h1:r0yRZInwiPBNpQ4aDy/Ssh3ROWsGtKDwar2JS8Lm+N8=
|
||||
github.com/aws/aws-sdk-go-v2 v1.17.2/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
|
||||
|
@ -426,8 +424,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
|
|||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
|
||||
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
|
||||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
|
@ -584,8 +583,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB
|
|||
github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg=
|
||||
github.com/projectdiscovery/retryabledns v1.0.17 h1:XKzI26UKYt2g7YLJ/EcyYmM04sfD1vurETecPEpeA1w=
|
||||
github.com/projectdiscovery/retryabledns v1.0.17/go.mod h1:Dyhq/f0sGmXueso0+Ah3LbJfsX4PXpBrpfiyjZZ8SDk=
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.4 h1:FtRhBhyOnbCL1aDCTml+DzktAolHIbkozUkrbvzWPpY=
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.4/go.mod h1:t4buiLTB0HtI+62iHfGDqQVTv/i+8OhAKwaX93TGsFE=
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751 h1:QEmZ0E6GDzlTbVE6ty7fCuKR7muWrLqMfQ07VTu6Bd0=
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751/go.mod h1:B/xfvUmiJBeq+1kT7AMYL6B/IuPgbyKB7QCKPSfMByc=
|
||||
github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us=
|
||||
github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ=
|
||||
github.com/projectdiscovery/sliceutil v0.0.1 h1:YoCqCMcdwz+gqNfW5hFY8UvNHoA6SfyBSNkVahatleg=
|
||||
|
@ -595,10 +594,10 @@ github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZA
|
|||
github.com/projectdiscovery/stringsutil v0.0.2/go.mod h1:EJ3w6bC5fBYjVou6ryzodQq37D5c6qbAYQpGmAy+DC0=
|
||||
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944 h1:KRl+zFCMXoNQd0v0oiPNFezWixlMvKPrrvDIZpEaNYM=
|
||||
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944/go.mod h1:q/OaJAJLpaby7UH8HilqPDi2pgYCIQ/y+nJ0+PeXTAY=
|
||||
github.com/projectdiscovery/uncover v1.0.0 h1:/ehEnuiwT1t/TYJvZu73Jpoekn42CMo9nLnj+pCojRo=
|
||||
github.com/projectdiscovery/uncover v1.0.0/go.mod h1:YU++t0LhoDs7HiY6lYlFHN23XOnEkC30YNeZrIAVnZI=
|
||||
github.com/projectdiscovery/utils v0.0.3 h1:pAjZTGYpnATRc6uaNACdiHv4joZ0Ml7Wpu0dudpcGfM=
|
||||
github.com/projectdiscovery/utils v0.0.3/go.mod h1:ne3eSlZlUKuhjHr8FfsfGcGteCzxcbJvFBx4VDBCxK0=
|
||||
github.com/projectdiscovery/uncover v1.0.1 h1:bhP+EW4d+e4cAizOWAEz7jeyKZGkDYYTsZlXsd11t+w=
|
||||
github.com/projectdiscovery/uncover v1.0.1/go.mod h1:/D9qxgN2iZ/C2M8eo+pNQMnTaMhTZUu40Vat/LgSIxU=
|
||||
github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3 h1:sOvfN3xHLiBMb6GJ3yDxBmPnN0dh3xllaQXQYo7CFUo=
|
||||
github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3/go.mod h1:PCwA5YuCYWPgHaGiZmr53/SA9iGQmAnw7DSHuhr8VPQ=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.71 h1:NEtPLEUx21rhE2H89Pc9RxImrDIG90CNXLRoSDwtiSA=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.71/go.mod h1:HvYuW0Be4JCjVds/+XAEaMSqRG9yrI97UmZq0TPk6A0=
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
|
||||
|
@ -611,8 +610,9 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
|
|||
github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
|
||||
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
|
||||
github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
|
||||
github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
|
||||
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
|
||||
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
|
||||
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
|
||||
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
|
||||
github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY=
|
||||
github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
|
||||
|
@ -838,7 +838,6 @@ golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5o
|
|||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
|
||||
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
|
||||
golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
|
|
|
@ -23,6 +23,7 @@ import (
|
|||
"github.com/projectdiscovery/nuclei/v2/pkg/types"
|
||||
fileutil "github.com/projectdiscovery/utils/file"
|
||||
iputil "github.com/projectdiscovery/utils/ip"
|
||||
readerutil "github.com/projectdiscovery/utils/reader"
|
||||
sliceutil "github.com/projectdiscovery/utils/slice"
|
||||
)
|
||||
|
||||
|
@ -97,7 +98,7 @@ func (i *Input) initializeInputSources(options *types.Options) error {
|
|||
|
||||
// Handle stdin
|
||||
if options.Stdin {
|
||||
i.scanInputFromReader(fileutil.TimeoutReader{Reader: os.Stdin, Timeout: time.Duration(options.InputReadTimeout)})
|
||||
i.scanInputFromReader(readerutil.TimeoutReader{Reader: os.Stdin, Timeout: time.Duration(options.InputReadTimeout)})
|
||||
}
|
||||
|
||||
// Handle target file
|
||||
|
|
|
@ -755,26 +755,19 @@ func (request *Request) handleSignature(generatedRequest *generatedRequest) erro
|
|||
case AWSSignature:
|
||||
var awsSigner signer.Signer
|
||||
vars := request.options.Options.Vars.AsMap()
|
||||
awsAccessKeyId := types.ToString(vars["aws-id"])
|
||||
awsSecretAccessKey := types.ToString(vars["aws-secret"])
|
||||
awsSignerArgs := signer.AwsSignerArgs{AwsId: awsAccessKeyId, AwsSecretToken: awsSecretAccessKey}
|
||||
service := types.ToString(generatedRequest.dynamicValues["service"])
|
||||
region := types.ToString(generatedRequest.dynamicValues["region"])
|
||||
// if region is empty use default value
|
||||
if region == "" {
|
||||
region = types.ToString(signer.AwsDefaultVars["region"])
|
||||
}
|
||||
awsSignatureArguments := signer.AwsSignatureArguments{
|
||||
Service: types.ToString(service),
|
||||
Region: types.ToString(region),
|
||||
Time: time.Now(),
|
||||
awsopts := signer.AWSOptions{
|
||||
AwsID: types.ToString(vars["aws-id"]),
|
||||
AwsSecretToken: types.ToString(vars["aws-secret"]),
|
||||
}
|
||||
// type ctxkey string
|
||||
ctx := context.WithValue(context.Background(), signer.SignerArg("service"), generatedRequest.dynamicValues["service"])
|
||||
ctx = context.WithValue(ctx, signer.SignerArg("region"), generatedRequest.dynamicValues["region"])
|
||||
|
||||
awsSigner, err := signerpool.Get(request.options.Options, &signerpool.Configuration{SignerArgs: awsSignerArgs})
|
||||
awsSigner, err := signerpool.Get(request.options.Options, &signerpool.Configuration{SignerArgs: &awsopts})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = awsSigner.SignHTTP(generatedRequest.request.Request, awsSignatureArguments)
|
||||
err = awsSigner.SignHTTP(ctx, generatedRequest.request.Request)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -0,0 +1,123 @@
|
|||
package signer
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go-v2/aws"
|
||||
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
||||
awsconfig "github.com/aws/aws-sdk-go-v2/config"
|
||||
"github.com/aws/aws-sdk-go-v2/credentials"
|
||||
)
|
||||
|
||||
// AWSOptions
|
||||
type AWSOptions struct {
|
||||
AwsID string
|
||||
AwsSecretToken string
|
||||
Service string
|
||||
Region string
|
||||
}
|
||||
|
||||
// Validate Signature Arguments
|
||||
func (a *AWSOptions) Validate() error {
|
||||
if a.Service == "" {
|
||||
return errors.New("aws service cannot be empty")
|
||||
}
|
||||
if a.Region == "" {
|
||||
return errors.New("aws region cannot be empty")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// AWS v4 signer
|
||||
type AWSSigner struct {
|
||||
creds *aws.Credentials
|
||||
signer *v4.Signer
|
||||
options *AWSOptions
|
||||
}
|
||||
|
||||
// SignHTTP
|
||||
func (a *AWSSigner) SignHTTP(ctx context.Context, request *http.Request) error {
|
||||
if region, ok := ctx.Value(SignerArg("region")).(string); ok && region != "" {
|
||||
a.options.Region = region
|
||||
}
|
||||
if service, ok := ctx.Value(SignerArg("service")).(string); ok && service != "" {
|
||||
a.options.Service = service
|
||||
}
|
||||
if err := a.options.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return a.signer.SignHTTP(ctx, *a.creds, request, a.getPayloadHash(request), a.options.Service, a.options.Region, time.Now())
|
||||
}
|
||||
|
||||
// getPayloadHash returns hex encoded SHA-256 of request body
|
||||
func (a *AWSSigner) getPayloadHash(request *http.Request) string {
|
||||
if request.Body == nil {
|
||||
// Default Hash of Empty Payload
|
||||
return "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||
}
|
||||
|
||||
// no need to close request body since it is a reusablereadercloser
|
||||
bin, _ := io.ReadAll(request.Body)
|
||||
sha256Hash := sha256.Sum256(bin)
|
||||
return hex.EncodeToString(sha256Hash[:])
|
||||
}
|
||||
|
||||
// NewAwsSigner
|
||||
func NewAwsSigner(opts *AWSOptions) (*AWSSigner, error) {
|
||||
credcache := aws.NewCredentialsCache(credentials.NewStaticCredentialsProvider(opts.AwsID, opts.AwsSecretToken, ""))
|
||||
awscred, err := credcache.Retrieve(context.TODO())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &AWSSigner{
|
||||
creds: &awscred,
|
||||
options: opts,
|
||||
signer: v4.NewSigner(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// NewAwsSignerFromConfig
|
||||
func NewAwsSignerFromConfig(opts *AWSOptions) (*AWSSigner, error) {
|
||||
/*
|
||||
NewAwsSignerFromConfig fetches credentials from both
|
||||
1. Environment Variables (old & new)
|
||||
2. Shared Credentials ($HOME/.aws)
|
||||
*/
|
||||
cfg, err := awsconfig.LoadDefaultConfig(context.TODO())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
credcache := aws.NewCredentialsCache(cfg.Credentials)
|
||||
awscred, err := credcache.Retrieve(context.TODO())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &AWSSigner{
|
||||
creds: &awscred,
|
||||
options: opts,
|
||||
signer: v4.NewSigner(func(signer *v4.SignerOptions) {
|
||||
// signer.DisableURIPathEscaping = true
|
||||
}),
|
||||
}, nil
|
||||
}
|
||||
|
||||
var AwsSkipList = map[string]interface{}{
|
||||
"region": struct{}{},
|
||||
}
|
||||
|
||||
var AwsDefaultVars = map[string]interface{}{
|
||||
"region": "us-east-2",
|
||||
}
|
||||
|
||||
var AwsInternalOnlyVars = map[string]interface{}{
|
||||
"aws-id": struct{}{},
|
||||
"aws-secret": struct{}{},
|
||||
}
|
|
@ -1,147 +0,0 @@
|
|||
package signer
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
|
||||
)
|
||||
|
||||
type AwsSigner struct {
|
||||
creds *credentials.Credentials
|
||||
signer *v4.Signer
|
||||
}
|
||||
|
||||
type AwsSignerArgs struct {
|
||||
AwsId string
|
||||
AwsSecretToken string
|
||||
}
|
||||
|
||||
var credentialCreationError = errors.New("couldn't create the credentials structure")
|
||||
|
||||
func (awsSignerArgs AwsSignerArgs) Validate() error {
|
||||
if awsSignerArgs.AwsId == "" {
|
||||
return errors.New("empty id")
|
||||
}
|
||||
if awsSignerArgs.AwsSecretToken == "" {
|
||||
return errors.New("empty token")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type AwsSignatureArguments struct {
|
||||
Service string
|
||||
Region string
|
||||
Time time.Time
|
||||
}
|
||||
|
||||
func (awsSignatureArguments AwsSignatureArguments) Validate() error {
|
||||
if awsSignatureArguments.Region == "" {
|
||||
return errors.New("empty region")
|
||||
}
|
||||
if awsSignatureArguments.Service == "" {
|
||||
return errors.New("empty service")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewAwsSigner(args AwsSignerArgs) (*AwsSigner, error) {
|
||||
if err := args.Validate(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
creds := credentials.NewStaticCredentials(args.AwsId, args.AwsSecretToken, "")
|
||||
if creds == nil {
|
||||
return nil, credentialCreationError
|
||||
}
|
||||
signer := v4.NewSigner(creds)
|
||||
return &AwsSigner{creds: creds, signer: signer}, nil
|
||||
}
|
||||
|
||||
func NewAwsSignerFromEnv() (*AwsSigner, error) {
|
||||
creds := credentials.NewEnvCredentials()
|
||||
if creds == nil {
|
||||
return nil, credentialCreationError
|
||||
}
|
||||
signer := v4.NewSigner(creds)
|
||||
return &AwsSigner{creds: creds, signer: signer}, nil
|
||||
}
|
||||
|
||||
func NewAwsSignerFromFile() (*AwsSigner, error) {
|
||||
creds := credentials.NewSharedCredentials("", "")
|
||||
if creds == nil {
|
||||
return nil, credentialCreationError
|
||||
}
|
||||
signer := v4.NewSigner(creds)
|
||||
return &AwsSigner{creds: creds, signer: signer}, nil
|
||||
}
|
||||
|
||||
func (awsSigner *AwsSigner) SignHTTP(request *http.Request, args interface{}) error {
|
||||
signatureArgs, err := awsSigner.checkSignatureArgs(args)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
awsSigner.prepareRequest(request)
|
||||
var body *bytes.Reader
|
||||
if request.Body != nil {
|
||||
bodyBytes, err := io.ReadAll(request.Body)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
request.Body.Close()
|
||||
body = bytes.NewReader(bodyBytes)
|
||||
}
|
||||
if _, err := awsSigner.signer.Sign(request, body, signatureArgs.Service, signatureArgs.Region, signatureArgs.Time); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (awsSigner *AwsSigner) CalculateHTTPHeaders(request *http.Request, args interface{}) (map[string]string, error) {
|
||||
signatureArgs, err := awsSigner.checkSignatureArgs(args)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
reqClone := request.Clone(context.Background())
|
||||
awsSigner.prepareRequest(reqClone)
|
||||
err = awsSigner.SignHTTP(reqClone, signatureArgs)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
headers := make(map[string]string)
|
||||
headers["X-Amz-Date"] = reqClone.Header.Get("X-Amz-Date")
|
||||
headers["Authorization"] = reqClone.Header.Get("Authorization")
|
||||
return headers, nil
|
||||
}
|
||||
|
||||
func (awsSigner *AwsSigner) checkSignatureArgs(args interface{}) (AwsSignatureArguments, error) {
|
||||
if signatureArgs, ok := args.(AwsSignatureArguments); ok {
|
||||
return signatureArgs, signatureArgs.Validate()
|
||||
}
|
||||
return AwsSignatureArguments{}, errors.New("wrong signature type")
|
||||
}
|
||||
|
||||
func (awsSigner *AwsSigner) prepareRequest(request *http.Request) {
|
||||
request.Header.Del("Host")
|
||||
}
|
||||
|
||||
var AwsSkipList = map[string]interface{}{
|
||||
"region": struct{}{},
|
||||
}
|
||||
|
||||
var AwsDefaultVars = map[string]interface{}{
|
||||
"region": "us-east-2",
|
||||
}
|
||||
|
||||
var AwsInternalOnlyVars = map[string]interface{}{
|
||||
"aws-id": struct{}{},
|
||||
"aws-secret": struct{}{},
|
||||
}
|
|
@ -1,36 +1,30 @@
|
|||
package signer
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// An Argument that can be passed to Signer
|
||||
type SignerArg string
|
||||
|
||||
type Signer interface {
|
||||
SignHTTP(request *http.Request, args interface{}) error
|
||||
CalculateHTTPHeaders(request *http.Request, args interface{}) (map[string]string, error)
|
||||
SignHTTP(ctx context.Context, request *http.Request) error
|
||||
}
|
||||
|
||||
type SignerArgs interface {
|
||||
Validate() error
|
||||
}
|
||||
|
||||
type SignatureArguments interface {
|
||||
Validate() error
|
||||
}
|
||||
|
||||
func NewSigner(args SignerArgs) (signer Signer, err error) {
|
||||
switch signerArgs := args.(type) {
|
||||
case AwsSignerArgs:
|
||||
case *AWSOptions:
|
||||
awsSigner, err := NewAwsSigner(signerArgs)
|
||||
if err != nil {
|
||||
// $HOME/.aws/credentials
|
||||
awsSigner, err = NewAwsSignerFromFile()
|
||||
awsSigner, err = NewAwsSignerFromConfig(signerArgs)
|
||||
if err != nil {
|
||||
// env variables
|
||||
awsSigner, err = NewAwsSignerFromEnv()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return awsSigner, err
|
||||
|
|
Loading…
Reference in New Issue