mirror of https://github.com/daffainfo/nuclei.git
using standard library for tls13
parent
a57d25fab8
commit
449e4fa431
|
@ -2,6 +2,7 @@ package ssl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -35,8 +36,26 @@ type Request struct {
|
||||||
// description: |
|
// description: |
|
||||||
// Address contains address for the request
|
// Address contains address for the request
|
||||||
Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"`
|
Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"`
|
||||||
MinVersion string `yaml:"min_version,omitempty"`
|
// description: |
|
||||||
MaxVersion string `yaml:"max_version,omitempty"`
|
// Minimum tls version - auto if not specified.
|
||||||
|
// values:
|
||||||
|
// - "sslv3"
|
||||||
|
// - "tls10"
|
||||||
|
// - "tls11"
|
||||||
|
// - "tls12"
|
||||||
|
// - "tls13"
|
||||||
|
MinVersion string `yaml:"min_version,omitempty" jsonschema:"title=TLS version,description=Minimum tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
|
||||||
|
// description: |
|
||||||
|
// Max tls version - auto if not specified.
|
||||||
|
// values:
|
||||||
|
// - "sslv3"
|
||||||
|
// - "tls10"
|
||||||
|
// - "tls11"
|
||||||
|
// - "tls12"
|
||||||
|
// - "tls13"
|
||||||
|
MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
|
||||||
|
// description: |
|
||||||
|
// Client Cipher Suites - auto if not specified.
|
||||||
CiperSuites []string `yaml:"cipher_suites,omitempty"`
|
CiperSuites []string `yaml:"cipher_suites,omitempty"`
|
||||||
|
|
||||||
// cache any variables that may be needed for operation.
|
// cache any variables that may be needed for operation.
|
||||||
|
@ -99,31 +118,55 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous
|
||||||
}
|
}
|
||||||
|
|
||||||
addressToDial := string(finalAddress)
|
addressToDial := string(finalAddress)
|
||||||
config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname}
|
shouldUseZTLS := true
|
||||||
|
|
||||||
|
var minVersion, maxVersion uint16
|
||||||
if request.MinVersion != "" {
|
if request.MinVersion != "" {
|
||||||
version, err := toVersion(request.MinVersion)
|
version, err := toVersion(request.MinVersion)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
config.MinVersion = version
|
minVersion = version
|
||||||
|
shouldUseZTLS = minVersion != tls.VersionTLS13
|
||||||
}
|
}
|
||||||
if request.MaxVersion != "" {
|
if request.MaxVersion != "" {
|
||||||
version, err := toVersion(request.MaxVersion)
|
version, err := toVersion(request.MaxVersion)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
config.MaxVersion = version
|
maxVersion = version
|
||||||
}
|
}
|
||||||
if len(config.CipherSuites) > 0 {
|
|
||||||
cipherSuites, err := toCiphers(request.CiperSuites)
|
cipherSuites, err := toCiphers(request.CiperSuites)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
var conn net.Conn
|
||||||
|
if shouldUseZTLS {
|
||||||
|
config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname}
|
||||||
|
if minVersion > 0 {
|
||||||
|
config.MinVersion = minVersion
|
||||||
|
}
|
||||||
|
if maxVersion > 0 {
|
||||||
|
config.MaxVersion = maxVersion
|
||||||
|
}
|
||||||
|
if len(config.CipherSuites) > 0 {
|
||||||
config.CipherSuites = cipherSuites
|
config.CipherSuites = cipherSuites
|
||||||
}
|
}
|
||||||
|
conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config)
|
||||||
|
} else {
|
||||||
|
config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname}
|
||||||
|
if minVersion > 0 {
|
||||||
|
config.MinVersion = minVersion
|
||||||
|
}
|
||||||
|
if maxVersion > 0 {
|
||||||
|
config.MaxVersion = maxVersion
|
||||||
|
}
|
||||||
|
if len(config.CipherSuites) > 0 {
|
||||||
|
config.CipherSuites = cipherSuites
|
||||||
|
}
|
||||||
|
conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)
|
||||||
|
}
|
||||||
|
|
||||||
conn, err := request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err)
|
requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err)
|
||||||
requestOptions.Progress.IncrementFailedRequestsBy(1)
|
requestOptions.Progress.IncrementFailedRequestsBy(1)
|
||||||
|
|
Loading…
Reference in New Issue