From b4bf6cf4ac5aab4cc38c86302ef66626b7089086 Mon Sep 17 00:00:00 2001 From: Mzack9999 Date: Fri, 10 Jul 2020 09:04:38 +0200 Subject: [PATCH] improved workflow logic --- go.mod | 18 +-------- go.sum | 8 +++- v2/go.mod | 5 +-- v2/go.sum | 13 +++--- v2/internal/runner/runner.go | 15 +++---- v2/pkg/executor/executer_http.go | 33 +++++++++++---- v2/pkg/executor/executor_dns.go | 13 +++--- v2/pkg/extractors/extractors.go | 2 + v2/pkg/matchers/matchers.go | 2 +- v2/pkg/requests/http-request.go | 1 + v2/pkg/workflows/var.go | 69 +++++++++++++++++++++++++++----- 11 files changed, 122 insertions(+), 57 deletions(-) diff --git a/go.mod b/go.mod index 21b12431..7352132e 100644 --- a/go.mod +++ b/go.mod @@ -3,20 +3,6 @@ module github.com/projectdiscovery/nuclei go 1.14 require ( - github.com/Knetic/govaluate v3.0.0+incompatible - github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 - github.com/blang/semver v3.5.1+incompatible - github.com/d5/tengo v1.24.8 - github.com/d5/tengo/v2 v2.6.0 - github.com/google/go-github v17.0.0+incompatible - github.com/google/go-github/v32 v32.0.0 - github.com/json-iterator/go v1.1.10 - github.com/karrick/godirwalk v1.15.6 - github.com/miekg/dns v1.1.29 - github.com/pkg/errors v0.9.1 - github.com/projectdiscovery/gologger v1.0.0 - github.com/projectdiscovery/retryabledns v1.0.4 - github.com/projectdiscovery/retryablehttp-go v1.0.1 - golang.org/x/net v0.0.0-20200528225125-3c3fba18258b - gopkg.in/yaml.v2 v2.3.0 + github.com/projectdiscovery/gologger v1.0.0 // indirect + github.com/projectdiscovery/nuclei/v2 v2.0.2 // indirect ) diff --git a/go.sum b/go.sum index f1241330..8347c0f3 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,7 @@ -github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4= github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg= github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= -github.com/blang/semver v1.1.0 h1:ol1rO7QQB5uy7umSNV7VAmLugfLRD+17sYJujRNYPhg= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/d5/tengo v1.24.8 h1:PRJ+NWt7ae/9sSbIfThOBTkPSvNV+dwYoBAvwfNgNJY= @@ -11,6 +9,7 @@ github.com/d5/tengo v1.24.8/go.mod h1:VhLq8Q2QFhCIJO3NhvM934qOThykMqJi9y9Siqd1oc github.com/d5/tengo/v2 v2.6.0 h1:D0cJtpiBzaLJ/Smv6nnUc/LIfO46oKwDx85NZtIRNRI= github.com/d5/tengo/v2 v2.6.0/go.mod h1:XRGjEs5I9jYIKTxly6HCF8oiiilk5E/RYXOZ5b0DZC8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= @@ -34,15 +33,19 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLD github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/projectdiscovery/gologger v1.0.0 h1:XAQ8kHeVKXMjY4rLGh7eT5+oHU077BNEvs7X6n+vu1s= github.com/projectdiscovery/gologger v1.0.0/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE= +github.com/projectdiscovery/nuclei/v2 v2.0.2 h1:cB76N50hJv2G+EJpm3JFH5txHiyl7s9ZDYa2wuOoc5w= +github.com/projectdiscovery/nuclei/v2 v2.0.2/go.mod h1:mkj8PlAZ/c03i+ZTs+JD7X6iZeHwdbVuHpHFOkjjxMw= github.com/projectdiscovery/retryabledns v1.0.4 h1:0Va7qHlWQsIXjRLISTjzfN3tnJmHYDudY05Nu3IJd60= github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ= github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE= github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= @@ -65,6 +68,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= diff --git a/v2/go.mod b/v2/go.mod index bffaf20f..4ad44114 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -8,15 +8,14 @@ require ( github.com/blang/semver v3.5.1+incompatible github.com/d5/tengo v1.24.8 github.com/d5/tengo/v2 v2.6.0 - github.com/google/go-github v17.0.0+incompatible github.com/google/go-github/v32 v32.0.0 github.com/json-iterator/go v1.1.10 github.com/karrick/godirwalk v1.15.6 - github.com/miekg/dns v1.1.29 + github.com/miekg/dns v1.1.30 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/gologger v1.0.0 github.com/projectdiscovery/retryabledns v1.0.4 github.com/projectdiscovery/retryablehttp-go v1.0.1 - golang.org/x/net v0.0.0-20200528225125-3c3fba18258b + golang.org/x/net v0.0.0-20200707034311-ab3426394381 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/v2/go.sum b/v2/go.sum index 752972ef..da00a430 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -1,7 +1,9 @@ +github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4= github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg= github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/blang/semver v1.1.0 h1:ol1rO7QQB5uy7umSNV7VAmLugfLRD+17sYJujRNYPhg= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/d5/tengo v1.24.8 h1:PRJ+NWt7ae/9sSbIfThOBTkPSvNV+dwYoBAvwfNgNJY= @@ -12,7 +14,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v32 v32.0.0 h1:q74KVb22spUq0U5HqZ9VCYqQz8YRuOtL/39ZnfwO+NM= github.com/google/go-github/v32 v32.0.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= @@ -24,8 +25,9 @@ github.com/karrick/godirwalk v1.15.6 h1:Yf2mmR8TJy+8Fa0SuQVto5SYap6IF7lNVX4Jdl8G github.com/karrick/godirwalk v1.15.6/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg= github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= +github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg= @@ -43,15 +45,16 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200528225125-3c3fba18258b h1:IYiJPiJfzktmDAO1HQiwjMjwjlYKHAL7KzeD544RJPs= -golang.org/x/net v0.0.0-20200528225125-3c3fba18258b/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/v2/internal/runner/runner.go b/v2/internal/runner/runner.go index 84f0d041..e7873421 100644 --- a/v2/internal/runner/runner.go +++ b/v2/internal/runner/runner.go @@ -11,7 +11,8 @@ import ( "strings" "sync" - "github.com/d5/tengo/v2" + tengo "github.com/d5/tengo/v2" + "github.com/d5/tengo/v2/stdlib" "github.com/karrick/godirwalk" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v2/pkg/executor" @@ -278,16 +279,16 @@ func (r *Runner) processTemplateWithList(template *templates.Template, request i wg.Add(1) go func(URL string) { - var err error + var result executor.Result if httpExecutor != nil { - err = httpExecutor.ExecuteHTTP(URL) + result = httpExecutor.ExecuteHTTP(URL) } if dnsExecutor != nil { - err = dnsExecutor.ExecuteDNS(URL) + result = dnsExecutor.ExecuteDNS(URL) } - if err != nil { - gologger.Warningf("Could not execute step: %s\n", err) + if result.Error != nil { + gologger.Warningf("Could not execute step: %s\n", result.Error) } <-limiter wg.Done() @@ -339,7 +340,7 @@ func (r *Runner) ProcessWorkflowWithList(workflow *workflows.Workflow) { // ProcessWorkflow towards an URL func (r *Runner) ProcessWorkflow(workflow *workflows.Workflow, URL string) error { script := tengo.NewScript([]byte(workflow.Logic)) - + script.SetImports(stdlib.GetModuleMap(stdlib.AllModuleNames()...)) for name, value := range workflow.Variables { var writer *bufio.Writer if r.output != nil { diff --git a/v2/pkg/executor/executer_http.go b/v2/pkg/executor/executer_http.go index 5a9f001e..974b73f5 100644 --- a/v2/pkg/executor/executer_http.go +++ b/v2/pkg/executor/executer_http.go @@ -92,18 +92,22 @@ func (e *HTTPExecutor) GotResults() bool { } // ExecuteHTTP executes the HTTP request on a URL -func (e *HTTPExecutor) ExecuteHTTP(URL string) error { +func (e *HTTPExecutor) ExecuteHTTP(URL string) (result Result) { + result.Matches = make(map[string]interface{}) + result.Extractions = make(map[string]interface{}) // Compile each request for the template based on the URL compiledRequest, err := e.httpRequest.MakeHTTPRequest(URL) if err != nil { - return errors.Wrap(err, "could not make http request") + result.Error = errors.Wrap(err, "could not make http request") + return } // Send the request to the target servers mainLoop: for compiledRequest := range compiledRequest { if compiledRequest.Error != nil { - return errors.Wrap(err, "could not make http request") + result.Error = errors.Wrap(err, "could not make http request") + return } e.setCustomHeaders(compiledRequest) req := compiledRequest.Request @@ -112,7 +116,8 @@ mainLoop: gologger.Infof("Dumped HTTP request for %s (%s)\n\n", URL, e.template.ID) dumpedRequest, err := httputil.DumpRequest(req.Request, true) if err != nil { - return errors.Wrap(err, "could not dump http request") + result.Error = errors.Wrap(err, "could not make http request") + return } fmt.Fprintf(os.Stderr, "%s", string(dumpedRequest)) } @@ -130,7 +135,8 @@ mainLoop: gologger.Infof("Dumped HTTP response for %s (%s)\n\n", URL, e.template.ID) dumpedResponse, err := httputil.DumpResponse(resp, true) if err != nil { - return errors.Wrap(err, "could not dump http response") + result.Error = errors.Wrap(err, "could not dump http response") + return } fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse)) } @@ -139,7 +145,8 @@ mainLoop: if err != nil { io.Copy(ioutil.Discard, resp.Body) resp.Body.Close() - return errors.Wrap(err, "could not read http body") + result.Error = errors.Wrap(err, "could not read http body") + return } resp.Body.Close() @@ -147,7 +154,8 @@ mainLoop: // so in case we have to manually do it data, err = requests.HandleDecompression(compiledRequest.Request, data) if err != nil { - return errors.Wrap(err, "could not decompress http body") + result.Error = errors.Wrap(err, "could not decompress http body") + return } // Convert response body from []byte to string with zero copy @@ -167,6 +175,7 @@ mainLoop: // If the matcher has matched, and its an OR // write the first output then move to next matcher. if matcherCondition == matchers.ORCondition && len(e.httpRequest.Extractors) == 0 { + result.Matches[matcher.Name] = nil e.writeOutputHTTP(compiledRequest, matcher, nil) atomic.CompareAndSwapUint32(&e.results, 0, 1) } @@ -181,6 +190,7 @@ mainLoop: for match := range extractor.Extract(body, headers) { extractorResults = append(extractorResults, match) } + result.Extractions[extractor.Name] = extractorResults } // Write a final string of output if matcher type is @@ -193,7 +203,7 @@ mainLoop: gologger.Verbosef("Sent HTTP request to %s\n", "http-request", URL) - return nil + return } // Close closes the http executor for a template. @@ -280,3 +290,10 @@ func (e *HTTPExecutor) setCustomHeaders(r *requests.CompiledHTTP) { r.Request.Header.Set(headerName, headerValue) } } + +type Result struct { + Matches map[string]interface{} + Extractions map[string]interface{} + GotResults bool + Error error +} diff --git a/v2/pkg/executor/executor_dns.go b/v2/pkg/executor/executor_dns.go index a50d7dad..2561ab02 100644 --- a/v2/pkg/executor/executor_dns.go +++ b/v2/pkg/executor/executor_dns.go @@ -72,7 +72,7 @@ func (e *DNSExecutor) GotResults() bool { } // ExecuteDNS executes the DNS request on a URL -func (e *DNSExecutor) ExecuteDNS(URL string) error { +func (e *DNSExecutor) ExecuteDNS(URL string) (result Result) { // Parse the URL and return domain if URL. var domain string if isURL(URL) { @@ -84,7 +84,8 @@ func (e *DNSExecutor) ExecuteDNS(URL string) error { // Compile each request for the template based on the URL compiledRequest, err := e.dnsRequest.MakeDNSRequest(domain) if err != nil { - return errors.Wrap(err, "could not make dns request") + result.Error = errors.Wrap(err, "could not make dns request") + return } if e.debug { @@ -95,7 +96,8 @@ func (e *DNSExecutor) ExecuteDNS(URL string) error { // Send the request to the target servers resp, err := e.dnsClient.Do(compiledRequest) if err != nil { - return errors.Wrap(err, "could not send dns request") + result.Error = errors.Wrap(err, "could not send dns request") + return } gologger.Verbosef("Sent DNS request to %s\n", "dns-request", URL) @@ -111,7 +113,7 @@ func (e *DNSExecutor) ExecuteDNS(URL string) error { if !matcher.MatchDNS(resp) { // If the condition is AND we haven't matched, return. if matcherCondition == matchers.ANDCondition { - return nil + return } } else { // If the matcher has matched, and its an OR @@ -138,7 +140,8 @@ func (e *DNSExecutor) ExecuteDNS(URL string) error { e.writeOutputDNS(domain, nil, extractorResults) atomic.CompareAndSwapUint32(&e.results, 0, 1) } - return nil + + return } // Close closes the dns executor for a template. diff --git a/v2/pkg/extractors/extractors.go b/v2/pkg/extractors/extractors.go index 85ecde82..9be20930 100644 --- a/v2/pkg/extractors/extractors.go +++ b/v2/pkg/extractors/extractors.go @@ -4,6 +4,8 @@ import "regexp" // Extractor is used to extract part of response using a regex. type Extractor struct { + // Name is the extractor's name + Name string `yaml:"name,omitempty"` // Type is the type of the matcher Type string `yaml:"type"` diff --git a/v2/pkg/matchers/matchers.go b/v2/pkg/matchers/matchers.go index a313ba2b..e8524ffb 100644 --- a/v2/pkg/matchers/matchers.go +++ b/v2/pkg/matchers/matchers.go @@ -13,7 +13,7 @@ type Matcher struct { // matcherType is the internal type of the matcher matcherType MatcherType - // Name is matcher Name to be displayed in result output. + // Name is matcher Name Name string `yaml:"name,omitempty"` // Status are the acceptable status codes for the response Status []int `yaml:"status,omitempty"` diff --git a/v2/pkg/requests/http-request.go b/v2/pkg/requests/http-request.go index b6f28342..d73c5ba3 100644 --- a/v2/pkg/requests/http-request.go +++ b/v2/pkg/requests/http-request.go @@ -18,6 +18,7 @@ import ( // HTTPRequest contains a request to be made from a template type HTTPRequest struct { + Name string `yaml:"Name,omitempty"` // AttackType is the attack type // Sniper, PitchFork and ClusterBomb. Default is Sniper AttackType string `yaml:"attack,omitempty"` diff --git a/v2/pkg/workflows/var.go b/v2/pkg/workflows/var.go index 5d8897e4..a525e4a4 100644 --- a/v2/pkg/workflows/var.go +++ b/v2/pkg/workflows/var.go @@ -1,7 +1,10 @@ package workflows import ( - "github.com/d5/tengo/v2" + "strings" + "sync" + + tengo "github.com/d5/tengo/v2" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v2/pkg/executor" ) @@ -9,8 +12,10 @@ import ( // NucleiVar within the scripting engine type NucleiVar struct { tengo.ObjectImpl - Templates []*Template - URL string + Templates []*Template + URL string + InternalVars map[string]interface{} + sync.RWMutex } // Template contains HTTPOptions and DNSOptions for a single template @@ -31,8 +36,8 @@ func (n *NucleiVar) CanCall() bool { // Call logic - actually it doesn't require arguments func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) { + n.InternalVars = make(map[string]interface{}) var gotResult bool - for _, template := range n.Templates { if template.HTTPOptions != nil { for _, request := range template.HTTPOptions.Template.RequestsHTTP { @@ -42,13 +47,15 @@ func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) { gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, err) continue } - err = httpExecutor.ExecuteHTTP(n.URL) - if err != nil { - gologger.Warningf("Could not send request for template '%s': %s\n", template.HTTPOptions.Template.ID, err) + result := httpExecutor.ExecuteHTTP(n.URL) + if result.Error != nil { + gologger.Warningf("Could not send request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error) continue } + if httpExecutor.GotResults() { gotResult = true + n.addResults(&result) } } } @@ -57,19 +64,61 @@ func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) { for _, request := range template.DNSOptions.Template.RequestsDNS { template.DNSOptions.DNSRequest = request dnsExecutor := executor.NewDNSExecutor(template.DNSOptions) - err = dnsExecutor.ExecuteDNS(n.URL) - if err != nil { - gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, err) + result := dnsExecutor.ExecuteDNS(n.URL) + if result.Error != nil { + gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error) continue } + if dnsExecutor.GotResults() { gotResult = true + n.addResults(&result) } } } } + if gotResult { return tengo.TrueValue, nil } return tengo.FalseValue, nil } + +func (n *NucleiVar) IsFalsy() bool { + n.RLock() + defer n.RUnlock() + + return len(n.InternalVars) == 0 +} + +func (n *NucleiVar) addResults(r *executor.Result) { + n.RLock() + defer n.RUnlock() + + for k, v := range r.Matches { + n.InternalVars[k] = v + } + + for k, v := range r.Extractions { + n.InternalVars[k] = v + } +} + +// IndexGet returns the value for the given key. +func (n *NucleiVar) IndexGet(index tengo.Object) (res tengo.Object, err error) { + strIdx, ok := tengo.ToString(index) + if !ok { + err = tengo.ErrInvalidIndexType + return + } + + r, ok := n.InternalVars[strIdx] + if !ok { + return tengo.UndefinedValue, nil + } + + // Probably can be improved but as of now just joining all extractors with new line + res = &tengo.String{Value: strings.Join(r.([]string), "\n")} + + return +}