custom header via cli

internal/runner/options.go

@@ -5,6 +5,7 @@ import (
 	"os"
 
 	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/nuclei/pkg/requests"
 )
 
 // Options contains the configuration options for tuning
@@ -22,6 +23,7 @@ type Options struct {
 	Version       bool                   // Version specifies if we should just show version and exit
 	Verbose       bool                   // Verbose flag indicates whether to show verbose output or not
 	NoColor       bool                   // No-Color disables the colored output.
+	CustomHeaders requests.CustomHeaders // Custom global headers
 
 	Stdin bool // Stdin specifies whether stdin input was given to the process
 }
@@ -42,6 +44,7 @@ func ParseOptions() *Options {
 	flag.IntVar(&options.Threads, "c", 10, "Number of concurrent requests to make")
 	flag.IntVar(&options.Timeout, "timeout", 5, "Time to wait in seconds before timeout")
 	flag.IntVar(&options.Retries, "retries", 1, "Number of times to retry a failed request")
+	flag.Var(&options.CustomHeaders, "H", "Custom Header.")
 
 	flag.Parse()
 

internal/runner/runner.go

@@ -202,6 +202,7 @@ func (r *Runner) processTemplateWithList(template *templates.Template, request i
 			Retries:       r.options.Retries,
 			ProxyURL:      r.options.ProxyURL,
 			ProxySocksURL: r.options.ProxySocksURL,
+			CustomHeaders: r.options.CustomHeaders,
 		})
 	}
 	if err != nil {

pkg/executor/executer_http.go

@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 	"sync"
 	"time"
 
@@ -28,6 +29,7 @@ type HTTPExecutor struct {
 	httpRequest   *requests.HTTPRequest
 	writer        *bufio.Writer
 	outputMutex   *sync.Mutex
+	customHeaders requests.CustomHeaders
 }
 
 // HTTPOptions contains configuration options for the HTTP executor.
@@ -39,6 +41,7 @@ type HTTPOptions struct {
 	Retries       int
 	ProxyURL      string
 	ProxySocksURL string
+	CustomHeaders requests.CustomHeaders
 }
 
 // NewHTTPExecutor creates a new HTTP executor from a template
@@ -64,6 +67,7 @@ func NewHTTPExecutor(options *HTTPOptions) (*HTTPExecutor, error) {
 		httpRequest:   options.HTTPRequest,
 		outputMutex:   &sync.Mutex{},
 		writer:        options.Writer,
+		customHeaders: options.CustomHeaders,
 	}
 	return executer, nil
 }
@@ -82,6 +86,7 @@ mainLoop:
 		if compiledRequest.Error != nil {
 			return errors.Wrap(err, "could not make http request")
 		}
+		e.setCustomHeaders(compiledRequest)
 		req := compiledRequest.Request
 		resp, err := e.httpClient.Do(req)
 		if err != nil {
@@ -223,3 +228,19 @@ func makeCheckRedirectFunc(followRedirects bool, maxRedirects int) checkRedirect
 		return nil
 	}
 }
+
+func (e *HTTPExecutor) setCustomHeaders(r *requests.CompiledHTTP) {
+	for _, customHeader := range e.customHeaders {
+		// This should be pre-computed somewhere and done only once
+		tokens := strings.Split(customHeader, ":")
+		// if it's an invalid header skip it
+		if len(tokens) < 2 {
+			continue
+		}
+
+		headerName, headerValue := tokens[0], strings.Join(tokens[1:], "")
+		headerName = strings.TrimSpace(headerName)
+		headerValue = strings.TrimSpace(headerValue)
+		r.Request.Header.Set(headerName, headerValue)
+	}
+}

pkg/requests/http-request.go

@@ -303,3 +303,17 @@ type CompiledHTTP struct {
 	Error   error
 	Meta    map[string]interface{}
 }
+
+// CustomHeaders valid for all requests
+type CustomHeaders []string
+
+// String returns just a label
+func (c *CustomHeaders) String() string {
+	return "Custom Global Headers"
+}
+
+// Set a new global header
+func (c *CustomHeaders) Set(value string) error {
+	*c = append(*c, value)
+	return nil
+}