fix: strip default http/https ports from Host header

2022-01-18 04:13:59 +05:30 · 2022-01-18 04:13:59 +05:30 · 693796789b
parent abba498192
commit 693796789b
4 changed files with 15 additions and 0 deletions
--- a/v2/cmd/nuclei/main.go
+++ b/v2/cmd/nuclei/main.go
@ -157,6 +157,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 	createGroup(flagSet, "optimization", "Optimizations",
 		flagSet.IntVar(&options.Timeout, "timeout", 5, "time to wait in seconds before timeout"),
 		flagSet.IntVar(&options.Retries, "retries", 1, "number of times to retry a failed request"),
+		flagSet.BoolVarP(&options.LeaveDefaultPorts, "leave-default-ports", "ldp", false, "Leave default HTTP/HTTPS ports (eg. http://host:80 - https//host:443"),
 		flagSet.IntVarP(&options.MaxHostError, "max-host-error", "mhe", 30, "max errors for a host before skipping from scan"),
 		flagSet.BoolVar(&options.Project, "project", false, "use a project folder to avoid sending same request multiple times"),
 		flagSet.StringVar(&options.ProjectPath, "project-path", os.TempDir(), "set a specific project path"),
--- a/v2/pkg/protocols/http/build_request.go
+++ b/v2/pkg/protocols/http/build_request.go
@ -336,6 +336,15 @@ func (r *requestGenerator) fillRequest(req *http.Request, values map[string]inte
 		setHeader(req, "Accept", "*/*")
 		setHeader(req, "Accept-Language", "en")
 	}
+
+	if !LeaveDefaultPorts {
+		switch {
+		case req.URL.Scheme == "http" && strings.HasSuffix(req.Host, ":80"):
+			req.Host = strings.TrimSuffix(req.Host, ":80")
+		case req.URL.Scheme == "https" && strings.HasSuffix(req.Host, ":443"):
+			req.Host = strings.TrimSuffix(req.Host, ":443")
+		}
+	}
 	return retryablehttp.FromRequest(req)
 }

--- a/v2/pkg/protocols/http/request_generator.go
+++ b/v2/pkg/protocols/http/request_generator.go
@ -19,6 +19,9 @@ type requestGenerator struct {
 	interactshURLs  []string
 }

+// LeaveDefaultPorts skips normalization of default standard ports
+var LeaveDefaultPorts = false
+
 // newGenerator creates a new request generator instance
 func (request *Request) newGenerator() *requestGenerator {
 	generator := &requestGenerator{request: request, options: request.options}
--- a/v2/pkg/types/types.go
+++ b/v2/pkg/types/types.go
@ -139,6 +139,8 @@ type Options struct {
 	DebugRequests bool
 	// DebugResponse mode allows debugging response for the engine
 	DebugResponse bool
+	// LeaveDefaultPorts skips normalization of default ports
+	LeaveDefaultPorts bool
 	// Silent suppresses any extra text and only writes found URLs on screen.
 	Silent bool
 	// Version specifies if we should just show version and exit