daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue 2840 aws signature (#2924) 

* docker go version update

* docker fix

* version update

* update chinese readme and typo fixes. (#2862)

* fix aws request signer

* fix reader by upgrading retryablehttp-go

* go mod tidy

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>
dev
Tarun Koyalwar 2022-12-03 07:10:57 +05:30 committed by GitHub
parent e7d1d93234
commit 3b31799847
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 245 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
README_CN.md
View File

@ -7,14 +7,12 @@
<p align="center"> <p align="center">
<img src="https://img.shields.io/github/go-mod/go-version/projectdiscovery/nuclei?filename=v2%2Fgo.mod"> <a href="https://goreportcard.com/report/github.com/projectdiscovery/nuclei"><img src="https://goreportcard.com/badge/github.com/projectdiscovery/nuclei"></a>
<a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/downloads/projectdiscovery/nuclei/total"> <a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
<a href="https://github.com/projectdiscovery/nuclei/graphs/contributors"><img src="https://img.shields.io/github/contributors-anon/projectdiscovery/nuclei"> <a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei"></a>
<a href="https://github.com/projectdiscovery/nuclei/releases/"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei">
<a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/github/issues-raw/projectdiscovery/nuclei">
<a href="https://github.com/projectdiscovery/nuclei/discussions"><img src="https://img.shields.io/github/discussions/projectdiscovery/nuclei">
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a> <a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
<a href="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml"><img src="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml/badge.svg?branch=master"></a>
</p> </p>
<p align="center"> <p align="center">
@ -30,15 +28,14 @@
<p align="center"> <p align="center">
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a> <a href="https://github.com/projectdiscovery/nuclei/blob/master/README.md">English</a>
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a> <a href="https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md">中文</a>
<a href="https://github.com/projectdiscovery/nuclei/blob/master/README_KR.md">Korean</a>
</p> </p>
--- ---
Nuclei使用零误报的定制模板向目标发送请求同时可以对主机进行批量快速扫描。Nuclei提供TCP、DNS、HTTP、FILE等各类协议的扫描通过强大且灵活的模板可以使用Nuclei模拟各种安全检查。 Nuclei使用零误报的定制模板向目标发送请求同时可以对大量主机进行快速扫描。Nuclei提供TCP、DNS、HTTP、FILE等各类协议的扫描通过强大且灵活的模板可以使用Nuclei模拟各种安全检查。
我们的[模板仓库](https://github.com/projectdiscovery/nuclei-templates)包含**超过300**安全研究员和工程师提供的模板。 我们的[模板仓库](https://github.com/projectdiscovery/nuclei-templates)包含**超过200**安全研究员和工程师提供的模板。
@ -68,7 +65,7 @@ go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
自从[v2.5.2]((https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2))起Nuclei就内置了自动下载和更新模板的功能。[**Nuclei模板**](https://github.com/projectdiscovery/nuclei-templates)仓库随时更新社区中可用的模板列表。 自从[v2.5.2]((https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2))起Nuclei就内置了自动下载和更新模板的功能。[**Nuclei模板**](https://github.com/projectdiscovery/nuclei-templates)仓库随时更新社区中可用的模板列表。
您仍然可以随时使用`update-templates`命令更新模板,您可以根据[模板指南](https://nuclei.projectdiscovery.io/templating-guide/)为您的个人工作流和需求编写模板。 您仍然可以随时使用`update-templates`命令更新模板,您可以根据[模板指南](https://nuclei.projectdiscovery.io/templating-guide/)编写您自己的模板。
YAML的语法规范在[这里](SYNTAX-REFERENCE.md)。 YAML的语法规范在[这里](SYNTAX-REFERENCE.md)。
@ -82,10 +79,10 @@ YAML的语法规范在[这里](SYNTAX-REFERENCE.md)。
nuclei -h nuclei -h
``` ```
这将显示Nuclei的帮助以下是所有支持的命令 这将显示Nuclei的帮助以下是所有支持的命令
```console ```yaml
Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板的快速漏洞扫描器。 Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板的快速漏洞扫描器。
用法: 用法:
@ -93,147 +90,104 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
命令: 命令:
目标: 目标:
-u, -target string[] 指定扫描的URL/主机 -u, -target string[] 指定扫描的URL/主机
-l, -list string 指定需要扫描的URL/主机文件(一行一个) -l, -list string 指定需要扫描的URL/主机文件(一行一个)
-resume string 断点续扫(将禁用集群)
模板: 模板:
-nt, -new-templates 只扫描最新版本中添加的模板 -t, -templates string[] 指定需要扫描的模板或者模板的路径
-ntv, -new-templates-version string[] 运行在特定版本中添加的新模板 -nt, -new-templates 只扫描最新版本中添加的模板
-as, -automatic-scan 在自动web扫描中使用wappalyzer技术检测的指纹 -ntv -new-templates-version 运行在特定版本中添加的新模板
-t, -templates string[] 指定需要扫描的模板或者模板的路径(逗号分隔,文件) -w, -workflows string[] 指定扫描中的工作流或者工作流目录
-tu, -template-url string[] 从URL加载模板逗号分隔文件 -validate 验证通过的模板
-w, -workflows string[] 指定扫描中的工作流或者工作流目录(逗号分隔,文件) -tl 列出所有可用的模板
-wu, -workflow-url string[] 从URL加载工作流逗号分隔文件
-validate 验证通过的模板
-nss, -no-strict-syntax 禁用模板的严格检查
-tl 列出所有可用的模板
-td 显示模板内容
过滤: 过滤:
-a, -author string[] 执行指定作者的模板(逗号分隔,文件) -tags string[] 执行有标记的模板子集
-tags string[] 执行有标记的模板子集(逗号分隔,文件) -etags, -exclude-tags string[] 执行标记为排除的模板
-etags, -exclude-tags string[] 执行标记为排除的模板(逗号分隔,文件) -itags, -include-tags string[] 不执行具有攻击性的模板
-itags, -include-tags string[] 执行默认或者配置排除的标记模板 -et, -exclude-templates string[] 要排除的模板或者模板目录
-id, -template-id string[] 执行指定ID的模板逗号分隔文件 -it, -include-templates string[] 执行默认或配置中排除的模板
-eid, -exclude-id string[] 执行排除指定ID的模板逗号分隔文件 -s, -severity value[] 根据严重程度运行模板可候选的值有info,low,medium,high,critical
-it, -include-templates string[] 执行默认或配置中排除的模板 -es, -exclude-severity value[] 根据严重程度排除模板可候选的值有info,low,medium,high,critical
-et, -exclude-templates string[] 要排除的模板或者模板目录(逗号分隔,文件) -a, -author string[] 执行指定作者的模板
-em, -exclude-matchers string[] 在结果中排除指定模板
-s, -severity value[] 根据严重程度运行模板可候选的值有info,low,medium,high,critical
-es, -exclude-severity value[] 根据严重程度排除模板可候选的值有info,low,medium,high,critical
-pt, -type value[] 根据协议运行模板可候选的值有dns, file, http, headless, network, workflow, ssl, websocket, whois
-ept, -exclude-type value[] 根据协议排除模板可候选的值有dns, file, http, headless, network, workflow, ssl, websocket, whois
-tc, -template-condition string[] 根据表达式运行模板
输出: 输出:
-o, -output string 输出发现的问题到文件 -o, -output string 输出发现的问题到文件
-sresp, -store-resp 将nuclei的所有请求和响应输出到目录 -silent 只显示结果
-srd, -store-resp-dir string 将nuclei的所有请求和响应输出到指定目录默认output -nc, -no-color 禁用输出内容着色ANSI转义码
-silent 只显示结果 -json 输出为jsonLines
-nc, -no-color 禁用输出内容着色ANSI转义码 -irr, -include-rr 在JSONL中输出对应的请求和相应仅结果
-json 输出为jsonLines -nm, -no-meta 不显示匹配的元数据
-irr, -include-rr 在JSONL中输出对应的请求和相应仅结果 -nts, -no-timestamp 不在输出中显示时间戳
-nm, -no-meta 不显示匹配的元数据 -rdb, -report-db string 本地的Nuclei结果数据库始终使用该数据库保存结果
-nts, -no-timestamp 不在输出中显示时间戳 -me, -markdown-export string 以markdown导出结果
-rdb, -report-db string 本地的Nuclei结果数据库始终使用该数据库保存结果 -se, -sarif-export string 以SARIF导出结果
-ms, -matcher-status 显示匹配失败状态
-me, -markdown-export string 以markdown导出结果
-se, -sarif-export string 以SARIF导出结果
配置: 配置:
-config string 指定Nuclei的配置文件 -config string 指定Nuclei的配置文件
-fr, -follow-redirects 为HTTP模板启用重定向 -rc, -report-config string 指定Nuclei报告模板文件
-fhr, -follow-host-redirects 在同一主机上重定向 -H, -header string[] 指定报告中的标题value格式
-mr, -max-redirects int HTTP模板最大重定向次数默认10 -V, -var value 通过var=value指定var值
-dr, -disable-redirects 为HTTP模板禁用重定向 -r, -resolvers string 指定Nuclei的解析文件
-rc, -report-config string 指定Nuclei报告模板文件 -sr, -system-resolvers 当DNS错误时使用系统DNS
-H, -header string[] 指定header、cookie以header:value的方式cli文件 -passive 启用被动扫描处理HTTP响应
-V, -var value 通过key=value指定var值 -ev, env-vars 在模板中使用环境变量
-r, -resolvers string 指定Nuclei的解析文件
-sr, -system-resolvers 当DNS错误时使用系统DNS
-passive 启用被动扫描处理HTTP响应
-ev, env-vars 在模板中使用环境变量
-cc, -client-cert string 用于对扫描的主机进行身份验证的客户端证书文件PEM 编码)
-ck, -client-key string 用于对扫描的主机进行身份验证的客户端密钥文件PEM 编码)
-ca, -client-ca string 用于对扫描的主机进行身份验证的客户端证书颁发机构文件PEM 编码)
-sml, -show-match-line 显示文件模板的匹配值,只适用于提取器
-ztls 对ztls自动退回到tls13
-sni string 指定tls sni的主机名默认为输入的域名
-i, -interface string 指定网卡
-sip, -source-ip string 指定源IP
-config-directory string 重写默认配置路径($home/.config
-rsr, -response-size-read int 最大读取响应大小默认10485760字节
-rss, -response-size-save int 最大储存响应大小默认10485760字节
交互: 交互:
-inserver, -ineractsh-server string 使用interactsh反连检测平台默认为oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me -inserver, -ineractsh-server string 使用interactsh反连检测平台默认为"https://interact.sh"
-itoken, -interactsh-token string 指定反连检测平台的身份凭证 -itoken, -interactsh-token string 指定反连检测平台的身份凭证
-interactions-cache-size int 指定保存在交互缓存中的请求数默认5000 -interactions-cache-size int 指定保存在交互缓存中的请求数默认5000
-interactions-eviction int 从缓存中删除请求前等待的时间默认为60秒 -interactions-eviction int 从缓存中删除请求前等待的时间默认为60秒
-interactions-poll-duration int 每个轮询前等待时间默认为5秒 -interactions-poll-duration int 每个轮询前等待时间默认为5秒
-interactions-cooldown-period int 退出轮询前的等待时间默认为5秒 -interactions-cooldown-period int 退出轮询前的等待时间默认为5秒
-ni, -no-interactsh 禁用反连检测平台,同时排除基于反连检测的模板 -ni, -no-interactsh 禁用反连检测平台,同时排除基于反连检测的模板
限速: 限速:
-rl, -rate-limit int 每秒最大请求量默认150 -rl, -rate-limit int 每秒最大请求量默认150
-rlm, -rate-limit-minute int 每分钟最大请求量 -rlm, -rate-limit-minute int 每分钟最大请求量
-bs, -bulk-size int 每个模板最大并行检测数默认25 -bs, -bulk-size int 每个模板最大并行检测数默认25
-c, -concurrency int 并行执行的最大模板数量默认25 -c, -concurrency int 并行执行的最大模板数量默认25
-hbs, -headless-bulk-size int 每个模板并行运行的无头主机最大数量默认10
-headc, -headless-concurrency int 并行指定无头主机最大数量默认10
优化: 优化:
-timeout int 超时时间默认为10秒 -timeout int 超时时间默认为5秒
-retries int 重试次数默认1 -retries int 重试次数默认1
-ldp, -leave-default-ports 指定HTTP/HTTPS默认端口例如host:80host:443 -mhe, -max-host-error int 某主机扫描失败次数跳过该主机默认30
-mhe, -max-host-error int 某主机扫描失败次数跳过该主机默认30 -project 使用项目文件夹避免多次发送同一请求
-project 使用项目文件夹避免多次发送同一请求 -project-path string 设置特定的项目文件夹
-project-path string 设置特定的项目文件夹 -spm, -stop-at-first-path 得到一个结果后停止(或许会中断模板和工作流的逻辑)
-spm, -stop-at-first-path 得到一个结果后停止(或许会中断模板和工作流的逻辑) -stream 流模式 - 在不整理输入的情况下详细描述
-stream 流模式 - 在不整理输入的情况下详细描述
-irt, -input-read-timeout duration 输入读取超时时间默认3分钟
-no-stdin 禁用标准输入
无界面浏览器: 无界面浏览器:
-headless 启用需要无界面浏览器的模板 -headless 启用需要无界面浏览器的模板
-page-timeout int 在无界面下超时秒数默认20 -page-timeout int 在无界面下超时秒数默认20
-sb, -show-brower 在无界面浏览器运行模板时,显示浏览器 -sb, -show-brower 在无界面浏览器运行模板时,显示浏览器
-sc, -system-chrome 不使用Nuclei自带的浏览器使用本地浏览器 -sc, -system-chrome 不使用Nuclei自带的浏览器使用本地浏览器
-lha, -list-headless-action 列出可用的无界面操作
调试: 调试:
-debug 显示所有请求和响应 -debug 显示所有请求和响应
-dreq, -debug-req 显示所有请求 -debug-req 显示所有请求
-dresp, -debug-resp 显示所有响应 -debug-resp 显示所有响应
-p, -proxy string[] 使用http/socks5代理逗号分隔文件 -proxy, -proxy-url string 使用HTTP代理
-pi, -proxy-internal 代理所有请求 -proxy-socks-url string 使用SOCK5代理
-ldf, -list-dsl-function 列出所有支持的DSL函数签名 -tlog, -trace-log string 写入请求日志到文件
-tlog, -trace-log string 写入跟踪日志到文件 -version 显示版本信息
-elog, -error-log string 写入错误日志到文件 -v, -verbose 显示详细信息
-version 显示版本信息 -vv 显示额外的详细信息
-hm, -hang-monitor 启用Nuclei的监控 -tv, -templates-version 显示已安装的模板版本
-v, -verbose 显示详细信息
-profile-mem string 将Nuclei的内存转储成文件
-vv 显示额外的详细信息
-ep, -enable-pprof 启用pprof调试服务器
-tv, -templates-version 显示已安装的模板版本
-hc, -health-check 运行诊断检查
升级: 升级:
-update 更新Nuclei到最新版本 -update 更新Nuclei到最新版本
-ut, -update-templates 更新Nuclei模板到最新版 -ut, -update-templates 更新Nuclei模板到最新版
-ud, -update-directory string 覆盖安装模板 -ud, -update-directory string 覆盖安装模板
-duc, -disable-update-check 禁用更新 -duc, -disable-update-check 禁用更新
统计: 统计:
-stats 显示正在扫描的统计信息 -stats 显示正在扫描的统计信息
-sj, -stats-json 将统计信息以JSONL格式输出到文件 -sj, -stats-json 将统计信息以JSONL格式输出到文件
-si, -stats-inerval int 显示统计信息更新的间隔秒数默认5 -si, -stats-inerval int 显示统计信息更新的间隔秒数默认5
-m, -metrics 显示Nuclei端口信息 -m, -metrics 显示Nuclei端口信息
-mp, -metrics-port int 更改Nuclei默认端口默认9092 -mp, -metrics-port int 更改Nuclei默认端口默认9092
``` ```
### 运行Nuclei ### 运行Nuclei
@ -279,7 +233,7 @@ Nuclei提供了大量有助于安全工程师在工作流定制相关的功能
**对于赏金猎人:** **对于赏金猎人:**
Nuclei允许您定制自己的测试方法可以轻松的运行您的程序。此外Nuclei可以更容易的集成到您的漏洞扫描工作流中。 Nuclei允许您定制自己的测试方法可以轻松的运行您的程序。此外Nuclei可以更容易的集成到您的漏扫设备中。
- 可以集成到其他工作流中 - 可以集成到其他工作流中
- 可以在几分钟处理上千台主机 - 可以在几分钟处理上千台主机
@ -313,7 +267,7 @@ Nuclei通过增加手动、自动的过程极大地改变了安全评估的
Nuclei构建很简单通过数百名安全研究员的社区模板Nuclei可以随时扫描来了解安全威胁。Nuclei通常用来用于复测以确定漏洞是否被修复。 Nuclei构建很简单通过数百名安全研究员的社区模板Nuclei可以随时扫描来了解安全威胁。Nuclei通常用来用于复测以确定漏洞是否被修复。
- **CI/CD**工程师已经支持了CI/CD可以通过Nuclei使用定制模板来监控模拟环境和生产环境 - **CI/CD**工程师已经支持了CI/CD可以使用Nuclei来监控生产环境
- **周期性扫描:**使用Nuclei创建新发现的漏洞模板通过Nuclei可以周期性扫描消除漏洞 - **周期性扫描:**使用Nuclei创建新发现的漏洞模板通过Nuclei可以周期性扫描消除漏洞
我们有个[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693),黑客提交自己的模板后可以获得赏金,这可以减少资产的漏洞,并且减少重复。如果你想实行该计划,可以[联系我](mailto:contact@projectdiscovery.io)。我们非常乐意提供帮助,或者在[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693)中发布相关信息。 我们有个[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693),黑客提交自己的模板后可以获得赏金,这可以减少资产的漏洞,并且减少重复。如果你想实行该计划,可以[联系我](mailto:contact@projectdiscovery.io)。我们非常乐意提供帮助,或者在[讨论组](https://github.com/projectdiscovery/nuclei-templates/discussions/693)中发布相关信息。
@ -327,11 +281,6 @@ Nuclei构建很简单通过数百名安全研究员的社区模板Nuclei
</h1> </h1>
### 资源 ### 资源
- [使用PinkDraconian发现Nuclei的BUG (Robbe Van Roey)](https://www.youtube.com/watch?v=ewP0xVPW-Pk) 作者:[@PinkDraconian](https://twitter.com/PinkDraconian)
- [Nuclei: 强而有力的扫描器](https://bishopfox.com/blog/nuclei-vulnerability-scan) 作者Bishopfox
- [WAF有效性检查](https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf) 作者Fastly
- [在CI/CD中使用Nuclei实时扫描网页应用](https://blog.escape.tech/devsecops-part-iii-scanning-live-web-applications/) 作者:[@TristanKalos](https://twitter.com/TristanKalos)
- [使用Nuclei扫描](https://blog.projectdiscovery.io/community-powered-scanning-with-nuclei/) - [使用Nuclei扫描](https://blog.projectdiscovery.io/community-powered-scanning-with-nuclei/)
- [Nuclei Unleashed - 快速编写复杂漏洞](https://blog.projectdiscovery.io/nuclei-unleashed-quickly-write-complex-exploits/) - [Nuclei Unleashed - 快速编写复杂漏洞](https://blog.projectdiscovery.io/nuclei-unleashed-quickly-write-complex-exploits/)
- [Nuclei - FUZZ一切](https://blog.projectdiscovery.io/nuclei-fuzz-all-the-things/) - [Nuclei - FUZZ一切](https://blog.projectdiscovery.io/nuclei-fuzz-all-the-things/)

14
v2/go.mod
View File

@ -31,7 +31,7 @@ require (
github.com/projectdiscovery/interactsh v1.0.6-0.20220827132222-460cc6270053 github.com/projectdiscovery/interactsh v1.0.6-0.20220827132222-460cc6270053
github.com/projectdiscovery/rawhttp v0.1.3 github.com/projectdiscovery/rawhttp v0.1.3
github.com/projectdiscovery/retryabledns v1.0.17 github.com/projectdiscovery/retryabledns v1.0.17
github.com/projectdiscovery/retryablehttp-go v1.0.4 github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751
github.com/projectdiscovery/stringsutil v0.0.2 github.com/projectdiscovery/stringsutil v0.0.2
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6
github.com/remeh/sizedwaitgroup v1.0.0 github.com/remeh/sizedwaitgroup v1.0.0
@ -54,8 +54,6 @@ require (
moul.io/http2curl v1.0.0 moul.io/http2curl v1.0.0
) )
require github.com/aws/aws-sdk-go v1.44.151
require ( require (
github.com/DataDog/gostackparse v0.6.0 github.com/DataDog/gostackparse v0.6.0
github.com/antchfx/xmlquery v1.3.13 github.com/antchfx/xmlquery v1.3.13
@ -81,8 +79,8 @@ require (
github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917
github.com/projectdiscovery/sarif v0.0.1 github.com/projectdiscovery/sarif v0.0.1
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944 github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944
github.com/projectdiscovery/uncover v1.0.0 github.com/projectdiscovery/uncover v1.0.1
github.com/projectdiscovery/utils v0.0.3 github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3
github.com/projectdiscovery/wappalyzergo v0.0.71 github.com/projectdiscovery/wappalyzergo v0.0.71
github.com/stretchr/testify v1.8.1 github.com/stretchr/testify v1.8.1
gopkg.in/src-d/go-git.v4 v4.13.1 gopkg.in/src-d/go-git.v4 v4.13.1
@ -91,6 +89,7 @@ require (
require ( require (
github.com/dlclark/regexp2 v1.4.0 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/karlseguin/expect v1.0.8 // indirect github.com/karlseguin/expect v1.0.8 // indirect
github.com/projectdiscovery/sliceutil v0.0.1 // indirect github.com/projectdiscovery/sliceutil v0.0.1 // indirect
gopkg.in/djherbis/times.v1 v1.3.0 // indirect gopkg.in/djherbis/times.v1 v1.3.0 // indirect
@ -148,10 +147,9 @@ require (
github.com/hdm/jarm-go v0.0.7 // indirect github.com/hdm/jarm-go v0.0.7 // indirect
github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect
github.com/itchyny/timefmt-go v0.1.5 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/klauspost/cpuid/v2 v2.1.0 // indirect github.com/klauspost/cpuid/v2 v2.1.0 // indirect
github.com/klauspost/pgzip v1.2.5 // indirect github.com/klauspost/pgzip v1.2.5 // indirect
github.com/kr/pretty v0.3.0 // indirect github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect github.com/kr/text v0.2.0 // indirect
github.com/leodido/go-urn v1.2.1 // indirect github.com/leodido/go-urn v1.2.1 // indirect
github.com/libdns/libdns v0.2.1 // indirect github.com/libdns/libdns v0.2.1 // indirect
@ -171,7 +169,7 @@ require (
github.com/projectdiscovery/mapcidr v1.0.3 github.com/projectdiscovery/mapcidr v1.0.3
github.com/projectdiscovery/networkpolicy v0.0.2-0.20220525172507-b844eafc878d github.com/projectdiscovery/networkpolicy v0.0.2-0.20220525172507-b844eafc878d
github.com/rivo/uniseg v0.2.0 // indirect github.com/rivo/uniseg v0.2.0 // indirect
github.com/rogpeppe/go-internal v1.8.0 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
github.com/spacemonkeygo/openssl v0.0.0-20181017203307-c2dcc5cca94a // indirect github.com/spacemonkeygo/openssl v0.0.0-20181017203307-c2dcc5cca94a // indirect
github.com/spacemonkeygo/spacelog v0.0.0-20180420211403-2296661a0572 // indirect github.com/spacemonkeygo/spacelog v0.0.0-20180420211403-2296661a0572 // indirect

21
v2/go.sum
View File

@ -72,8 +72,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.44.151 h1:2FrJZm3kTcyTtfpE7LEQT9XW+jkoi4KEvBhFWqHEZmo=
github.com/aws/aws-sdk-go v1.44.151/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw= github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw=
github.com/aws/aws-sdk-go-v2 v1.17.2 h1:r0yRZInwiPBNpQ4aDy/Ssh3ROWsGtKDwar2JS8Lm+N8= github.com/aws/aws-sdk-go-v2 v1.17.2 h1:r0yRZInwiPBNpQ4aDy/Ssh3ROWsGtKDwar2JS8Lm+N8=
github.com/aws/aws-sdk-go-v2 v1.17.2/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.17.2/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
@ -426,8 +424,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@ -584,8 +583,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB
github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg=
github.com/projectdiscovery/retryabledns v1.0.17 h1:XKzI26UKYt2g7YLJ/EcyYmM04sfD1vurETecPEpeA1w= github.com/projectdiscovery/retryabledns v1.0.17 h1:XKzI26UKYt2g7YLJ/EcyYmM04sfD1vurETecPEpeA1w=
github.com/projectdiscovery/retryabledns v1.0.17/go.mod h1:Dyhq/f0sGmXueso0+Ah3LbJfsX4PXpBrpfiyjZZ8SDk= github.com/projectdiscovery/retryabledns v1.0.17/go.mod h1:Dyhq/f0sGmXueso0+Ah3LbJfsX4PXpBrpfiyjZZ8SDk=
github.com/projectdiscovery/retryablehttp-go v1.0.4 h1:FtRhBhyOnbCL1aDCTml+DzktAolHIbkozUkrbvzWPpY= github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751 h1:QEmZ0E6GDzlTbVE6ty7fCuKR7muWrLqMfQ07VTu6Bd0=
github.com/projectdiscovery/retryablehttp-go v1.0.4/go.mod h1:t4buiLTB0HtI+62iHfGDqQVTv/i+8OhAKwaX93TGsFE= github.com/projectdiscovery/retryablehttp-go v1.0.5-0.20221202084821-c1a692a64751/go.mod h1:B/xfvUmiJBeq+1kT7AMYL6B/IuPgbyKB7QCKPSfMByc=
github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us=
github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ= github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ=
github.com/projectdiscovery/sliceutil v0.0.1 h1:YoCqCMcdwz+gqNfW5hFY8UvNHoA6SfyBSNkVahatleg= github.com/projectdiscovery/sliceutil v0.0.1 h1:YoCqCMcdwz+gqNfW5hFY8UvNHoA6SfyBSNkVahatleg=
@ -595,10 +594,10 @@ github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZA
github.com/projectdiscovery/stringsutil v0.0.2/go.mod h1:EJ3w6bC5fBYjVou6ryzodQq37D5c6qbAYQpGmAy+DC0= github.com/projectdiscovery/stringsutil v0.0.2/go.mod h1:EJ3w6bC5fBYjVou6ryzodQq37D5c6qbAYQpGmAy+DC0=
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944 h1:KRl+zFCMXoNQd0v0oiPNFezWixlMvKPrrvDIZpEaNYM= github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944 h1:KRl+zFCMXoNQd0v0oiPNFezWixlMvKPrrvDIZpEaNYM=
github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944/go.mod h1:q/OaJAJLpaby7UH8HilqPDi2pgYCIQ/y+nJ0+PeXTAY= github.com/projectdiscovery/tlsx v0.0.9-0.20221202111311-c789c957d944/go.mod h1:q/OaJAJLpaby7UH8HilqPDi2pgYCIQ/y+nJ0+PeXTAY=
github.com/projectdiscovery/uncover v1.0.0 h1:/ehEnuiwT1t/TYJvZu73Jpoekn42CMo9nLnj+pCojRo= github.com/projectdiscovery/uncover v1.0.1 h1:bhP+EW4d+e4cAizOWAEz7jeyKZGkDYYTsZlXsd11t+w=
github.com/projectdiscovery/uncover v1.0.0/go.mod h1:YU++t0LhoDs7HiY6lYlFHN23XOnEkC30YNeZrIAVnZI= github.com/projectdiscovery/uncover v1.0.1/go.mod h1:/D9qxgN2iZ/C2M8eo+pNQMnTaMhTZUu40Vat/LgSIxU=
github.com/projectdiscovery/utils v0.0.3 h1:pAjZTGYpnATRc6uaNACdiHv4joZ0Ml7Wpu0dudpcGfM= github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3 h1:sOvfN3xHLiBMb6GJ3yDxBmPnN0dh3xllaQXQYo7CFUo=
github.com/projectdiscovery/utils v0.0.3/go.mod h1:ne3eSlZlUKuhjHr8FfsfGcGteCzxcbJvFBx4VDBCxK0= github.com/projectdiscovery/utils v0.0.4-0.20221201124851-f8524345b6d3/go.mod h1:PCwA5YuCYWPgHaGiZmr53/SA9iGQmAnw7DSHuhr8VPQ=
github.com/projectdiscovery/wappalyzergo v0.0.71 h1:NEtPLEUx21rhE2H89Pc9RxImrDIG90CNXLRoSDwtiSA= github.com/projectdiscovery/wappalyzergo v0.0.71 h1:NEtPLEUx21rhE2H89Pc9RxImrDIG90CNXLRoSDwtiSA=
github.com/projectdiscovery/wappalyzergo v0.0.71/go.mod h1:HvYuW0Be4JCjVds/+XAEaMSqRG9yrI97UmZq0TPk6A0= github.com/projectdiscovery/wappalyzergo v0.0.71/go.mod h1:HvYuW0Be4JCjVds/+XAEaMSqRG9yrI97UmZq0TPk6A0=
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8= github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
@ -611,8 +610,9 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY=
github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
@ -838,7 +838,6 @@ golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5o
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=

3
v2/pkg/core/inputs/hybrid/hmap.go
View File

@ -23,6 +23,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/types" "github.com/projectdiscovery/nuclei/v2/pkg/types"
fileutil "github.com/projectdiscovery/utils/file" fileutil "github.com/projectdiscovery/utils/file"
iputil "github.com/projectdiscovery/utils/ip" iputil "github.com/projectdiscovery/utils/ip"
readerutil "github.com/projectdiscovery/utils/reader"
sliceutil "github.com/projectdiscovery/utils/slice" sliceutil "github.com/projectdiscovery/utils/slice"
) )
@ -97,7 +98,7 @@ func (i *Input) initializeInputSources(options *types.Options) error {
// Handle stdin // Handle stdin
if options.Stdin { if options.Stdin {
i.scanInputFromReader(fileutil.TimeoutReader{Reader: os.Stdin, Timeout: time.Duration(options.InputReadTimeout)}) i.scanInputFromReader(readerutil.TimeoutReader{Reader: os.Stdin, Timeout: time.Duration(options.InputReadTimeout)})
} }
// Handle target file // Handle target file

23
v2/pkg/protocols/http/request.go
View File

@ -755,26 +755,19 @@ func (request *Request) handleSignature(generatedRequest *generatedRequest) erro
case AWSSignature: case AWSSignature:
var awsSigner signer.Signer var awsSigner signer.Signer
vars := request.options.Options.Vars.AsMap() vars := request.options.Options.Vars.AsMap()
awsAccessKeyId := types.ToString(vars["aws-id"]) awsopts := signer.AWSOptions{
awsSecretAccessKey := types.ToString(vars["aws-secret"]) AwsID: types.ToString(vars["aws-id"]),
awsSignerArgs := signer.AwsSignerArgs{AwsId: awsAccessKeyId, AwsSecretToken: awsSecretAccessKey} AwsSecretToken: types.ToString(vars["aws-secret"]),
service := types.ToString(generatedRequest.dynamicValues["service"])
region := types.ToString(generatedRequest.dynamicValues["region"])
// if region is empty use default value
if region == "" {
region = types.ToString(signer.AwsDefaultVars["region"])
}
awsSignatureArguments := signer.AwsSignatureArguments{
Service: types.ToString(service),
Region: types.ToString(region),
Time: time.Now(),
} }
// type ctxkey string
ctx := context.WithValue(context.Background(), signer.SignerArg("service"), generatedRequest.dynamicValues["service"])
ctx = context.WithValue(ctx, signer.SignerArg("region"), generatedRequest.dynamicValues["region"])
awsSigner, err := signerpool.Get(request.options.Options, &signerpool.Configuration{SignerArgs: awsSignerArgs}) awsSigner, err := signerpool.Get(request.options.Options, &signerpool.Configuration{SignerArgs: &awsopts})
if err != nil { if err != nil {
return err return err
} }
err = awsSigner.SignHTTP(generatedRequest.request.Request, awsSignatureArguments) err = awsSigner.SignHTTP(ctx, generatedRequest.request.Request)
if err != nil { if err != nil {
return err return err
} }

123
v2/pkg/protocols/http/signer/aws-sign.go Normal file
View File

@ -0,0 +1,123 @@
package signer
import (
"context"
"crypto/sha256"
"encoding/hex"
"errors"
"io"
"net/http"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
awsconfig "github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/credentials"
)
// AWSOptions
type AWSOptions struct {
AwsID string
AwsSecretToken string
Service string
Region string
}
// Validate Signature Arguments
func (a *AWSOptions) Validate() error {
if a.Service == "" {
return errors.New("aws service cannot be empty")
}
if a.Region == "" {
return errors.New("aws region cannot be empty")
}
return nil
}
// AWS v4 signer
type AWSSigner struct {
creds *aws.Credentials
signer *v4.Signer
options *AWSOptions
}
// SignHTTP
func (a *AWSSigner) SignHTTP(ctx context.Context, request *http.Request) error {
if region, ok := ctx.Value(SignerArg("region")).(string); ok && region != "" {
a.options.Region = region
}
if service, ok := ctx.Value(SignerArg("service")).(string); ok && service != "" {
a.options.Service = service
}
if err := a.options.Validate(); err != nil {
return err
}
return a.signer.SignHTTP(ctx, *a.creds, request, a.getPayloadHash(request), a.options.Service, a.options.Region, time.Now())
}
// getPayloadHash returns hex encoded SHA-256 of request body
func (a *AWSSigner) getPayloadHash(request *http.Request) string {
if request.Body == nil {
// Default Hash of Empty Payload
return "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}
// no need to close request body since it is a reusablereadercloser
bin, _ := io.ReadAll(request.Body)
sha256Hash := sha256.Sum256(bin)
return hex.EncodeToString(sha256Hash[:])
}
// NewAwsSigner
func NewAwsSigner(opts *AWSOptions) (*AWSSigner, error) {
credcache := aws.NewCredentialsCache(credentials.NewStaticCredentialsProvider(opts.AwsID, opts.AwsSecretToken, ""))
awscred, err := credcache.Retrieve(context.TODO())
if err != nil {
return nil, err
}
return &AWSSigner{
creds: &awscred,
options: opts,
signer: v4.NewSigner(),
}, nil
}
// NewAwsSignerFromConfig
func NewAwsSignerFromConfig(opts *AWSOptions) (*AWSSigner, error) {
/*
NewAwsSignerFromConfig fetches credentials from both
1. Environment Variables (old & new)
2. Shared Credentials ($HOME/.aws)
*/
cfg, err := awsconfig.LoadDefaultConfig(context.TODO())
if err != nil {
return nil, err
}
credcache := aws.NewCredentialsCache(cfg.Credentials)
awscred, err := credcache.Retrieve(context.TODO())
if err != nil {
return nil, err
}
return &AWSSigner{
creds: &awscred,
options: opts,
signer: v4.NewSigner(func(signer *v4.SignerOptions) {
// signer.DisableURIPathEscaping = true
}),
}, nil
}
var AwsSkipList = map[string]interface{}{
"region": struct{}{},
}
var AwsDefaultVars = map[string]interface{}{
"region": "us-east-2",
}
var AwsInternalOnlyVars = map[string]interface{}{
"aws-id": struct{}{},
"aws-secret": struct{}{},
}

147
v2/pkg/protocols/http/signer/aws.go
View File

@ -1,147 +0,0 @@
package signer
import (
"bytes"
"context"
"errors"
"io"
"net/http"
"time"
"github.com/aws/aws-sdk-go/aws/credentials"
v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
)
type AwsSigner struct {
creds *credentials.Credentials
signer *v4.Signer
}
type AwsSignerArgs struct {
AwsId string
AwsSecretToken string
}
var credentialCreationError = errors.New("couldn't create the credentials structure")
func (awsSignerArgs AwsSignerArgs) Validate() error {
if awsSignerArgs.AwsId == "" {
return errors.New("empty id")
}
if awsSignerArgs.AwsSecretToken == "" {
return errors.New("empty token")
}
return nil
}
type AwsSignatureArguments struct {
Service string
Region string
Time time.Time
}
func (awsSignatureArguments AwsSignatureArguments) Validate() error {
if awsSignatureArguments.Region == "" {
return errors.New("empty region")
}
if awsSignatureArguments.Service == "" {
return errors.New("empty service")
}
return nil
}
func NewAwsSigner(args AwsSignerArgs) (*AwsSigner, error) {
if err := args.Validate(); err != nil {
return nil, err
}
creds := credentials.NewStaticCredentials(args.AwsId, args.AwsSecretToken, "")
if creds == nil {
return nil, credentialCreationError
}
signer := v4.NewSigner(creds)
return &AwsSigner{creds: creds, signer: signer}, nil
}
func NewAwsSignerFromEnv() (*AwsSigner, error) {
creds := credentials.NewEnvCredentials()
if creds == nil {
return nil, credentialCreationError
}
signer := v4.NewSigner(creds)
return &AwsSigner{creds: creds, signer: signer}, nil
}
func NewAwsSignerFromFile() (*AwsSigner, error) {
creds := credentials.NewSharedCredentials("", "")
if creds == nil {
return nil, credentialCreationError
}
signer := v4.NewSigner(creds)
return &AwsSigner{creds: creds, signer: signer}, nil
}
func (awsSigner *AwsSigner) SignHTTP(request *http.Request, args interface{}) error {
signatureArgs, err := awsSigner.checkSignatureArgs(args)
if err != nil {
return err
}
awsSigner.prepareRequest(request)
var body *bytes.Reader
if request.Body != nil {
bodyBytes, err := io.ReadAll(request.Body)
if err != nil {
return err
}
request.Body.Close()
body = bytes.NewReader(bodyBytes)
}
if _, err := awsSigner.signer.Sign(request, body, signatureArgs.Service, signatureArgs.Region, signatureArgs.Time); err != nil {
return err
}
return nil
}
func (awsSigner *AwsSigner) CalculateHTTPHeaders(request *http.Request, args interface{}) (map[string]string, error) {
signatureArgs, err := awsSigner.checkSignatureArgs(args)
if err != nil {
return nil, err
}
reqClone := request.Clone(context.Background())
awsSigner.prepareRequest(reqClone)
err = awsSigner.SignHTTP(reqClone, signatureArgs)
if err != nil {
return nil, err
}
headers := make(map[string]string)
headers["X-Amz-Date"] = reqClone.Header.Get("X-Amz-Date")
headers["Authorization"] = reqClone.Header.Get("Authorization")
return headers, nil
}
func (awsSigner *AwsSigner) checkSignatureArgs(args interface{}) (AwsSignatureArguments, error) {
if signatureArgs, ok := args.(AwsSignatureArguments); ok {
return signatureArgs, signatureArgs.Validate()
}
return AwsSignatureArguments{}, errors.New("wrong signature type")
}
func (awsSigner *AwsSigner) prepareRequest(request *http.Request) {
request.Header.Del("Host")
}
var AwsSkipList = map[string]interface{}{
"region": struct{}{},
}
var AwsDefaultVars = map[string]interface{}{
"region": "us-east-2",
}
var AwsInternalOnlyVars = map[string]interface{}{
"aws-id": struct{}{},
"aws-secret": struct{}{},
}

22
v2/pkg/protocols/http/signer/signer.go
View File

@ -1,36 +1,30 @@
package signer package signer
import ( import (
"context"
"errors" "errors"
"net/http" "net/http"
) )
// An Argument that can be passed to Signer
type SignerArg string
type Signer interface { type Signer interface {
SignHTTP(request *http.Request, args interface{}) error SignHTTP(ctx context.Context, request *http.Request) error
CalculateHTTPHeaders(request *http.Request, args interface{}) (map[string]string, error)
} }
type SignerArgs interface { type SignerArgs interface {
Validate() error Validate() error
} }
type SignatureArguments interface {
Validate() error
}
func NewSigner(args SignerArgs) (signer Signer, err error) { func NewSigner(args SignerArgs) (signer Signer, err error) {
switch signerArgs := args.(type) { switch signerArgs := args.(type) {
case AwsSignerArgs: case *AWSOptions:
awsSigner, err := NewAwsSigner(signerArgs) awsSigner, err := NewAwsSigner(signerArgs)
if err != nil { if err != nil {
// $HOME/.aws/credentials awsSigner, err = NewAwsSignerFromConfig(signerArgs)
awsSigner, err = NewAwsSignerFromFile()
if err != nil { if err != nil {
// env variables return nil, err
awsSigner, err = NewAwsSignerFromEnv()
if err != nil {
return nil, err
}
} }
} }
return awsSigner, err return awsSigner, err