add interact-url variable support for multiple placeholders #1698 (#1760)

* add interact-url variable support for multiple placeholders #1698

* add cache clearing for interactshURLs

* change interactsh-url regex

* fix interactshURLMarker regex

* use underscore(_) instead of dash(-) in interactshURLMarker

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
dev
Sajad 2022-04-07 12:53:38 +05:30 committed by GitHub
parent 41f9582a1d
commit 7c84590de7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 10 deletions

View File

@ -6,6 +6,7 @@ import (
"encoding/hex"
"fmt"
"os"
"regexp"
"strings"
"sync"
"sync/atomic"
@ -36,6 +37,8 @@ type Client struct {
interactions *ccache.Cache
// matchedTemplates is a stored cache to track matched templates
matchedTemplates *ccache.Cache
// interactshURLs is a stored cache to track track multiple interactsh markers
interactshURLs *ccache.Cache
options *Options
eviction time.Duration
@ -50,7 +53,7 @@ type Client struct {
var (
defaultInteractionDuration = 60 * time.Second
interactshURLMarker = "{{interactsh-url}}"
interactshURLMarkerRegex = regexp.MustCompile(`{{interactsh-url(?:_[0-9]+){0,3}}}`)
)
// Options contains configuration options for interactsh nuclei integration.
@ -104,11 +107,13 @@ func New(options *Options) (*Client, error) {
interactionsCache := ccache.New(interactionsCfg)
matchedTemplateCache := ccache.New(ccache.Configure().MaxSize(defaultMaxInteractionsCount))
interactshURLCache := ccache.New(ccache.Configure().MaxSize(defaultMaxInteractionsCount))
interactClient := &Client{
eviction: options.Eviction,
interactions: interactionsCache,
matchedTemplates: matchedTemplateCache,
interactshURLs: interactshURLCache,
options: options,
requests: cache,
pollDuration: options.PollDuration,
@ -254,10 +259,18 @@ func (c *Client) Close() bool {
// It accepts data to replace as well as the URL to replace placeholders
// with generated uniquely for each request.
func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, []string) {
for strings.Contains(data, interactshURLMarker) {
for interactshURLMarkerRegex.Match([]byte(data)) {
url := c.URL()
interactshURLs = append(interactshURLs, url)
interactshURLMarker := interactshURLMarkerRegex.FindString(data)
if interactshURLMarker != "" {
data = strings.Replace(data, interactshURLMarker, url, 1)
urlIndex := strings.Index(url, ".")
if urlIndex == -1 {
continue
}
c.interactshURLs.Set(url, interactshURLMarker, defaultInteractionDuration)
}
}
return data, interactshURLs
}
@ -265,14 +278,21 @@ func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, [
// MakePlaceholders does placeholders for interact URLs and other data to a map
func (c *Client) MakePlaceholders(urls []string, data map[string]interface{}) {
data["interactsh-server"] = c.hostname
for _, url := range urls {
if interactshURLMarker := c.interactshURLs.Get(url); interactshURLMarker != nil {
if interactshURLMarker, ok := interactshURLMarker.Value().(string); ok {
interactshMarker := strings.TrimSuffix(strings.TrimPrefix(interactshURLMarker, "{{"), "}}")
if len(urls) == 1 {
urlIndex := strings.Index(urls[0], ".")
c.interactshURLs.Delete(url)
data[interactshMarker] = url
urlIndex := strings.Index(url, ".")
if urlIndex == -1 {
return
continue
}
data[strings.Replace(interactshMarker, "url", "id", 1)] = url[:urlIndex]
}
}
data["interactsh-url"] = urls[0]
data["interactsh-id"] = urls[0][:urlIndex]
}
}
@ -355,7 +375,7 @@ func HasMatchers(op *operators.Operators) bool {
// HasMarkers checks if the text contains interactsh markers
func HasMarkers(data string) bool {
return strings.Contains(data, interactshURLMarker)
return interactshURLMarkerRegex.Match([]byte(data))
}
func (c *Client) debugPrintInteraction(interaction *server.Interaction, event *operators.Result) {