daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

adding helper functions to payloads

dev
Mzack9999 2020-11-25 22:17:57 +01:00
parent 3831bfffa5
commit cc31d6a660
2 changed files with 52 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
v2/pkg/executer/executer_http.go
View File

@ -218,11 +218,13 @@ func (e *HTTPExecuter) ExecuteParallelHTTP(p *progress.Progress, reqURL string)
// Workers that keeps enqueuing new requests
maxWorkers := e.bulkHTTPRequest.Threads
swg := sizedwaitgroup.New(maxWorkers)
for e.bulkHTTPRequest.Next(reqURL) && !result.Done {
for e.bulkHTTPRequest.Next(reqURL) {
request, err := e.bulkHTTPRequest.MakeHTTPRequest(reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL))
if err != nil {
if err != requests.ErrNoPayload {
result.Error = err
p.Drop(remaining)
}
} else {
swg.Add()
go func(httpRequest *requests.HTTPRequest) {
@ -288,10 +290,13 @@ func (e *HTTPExecuter) ExecuteTurboHTTP(reqURL string) *Result {
maxWorkers = pipeOptions.MaxPendingRequests
}
swg := sizedwaitgroup.New(maxWorkers)
for e.bulkHTTPRequest.Next(reqURL) && !result.Done {
for e.bulkHTTPRequest.Next(reqURL) {
request, err := e.bulkHTTPRequest.MakeHTTPRequest(reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL))
if err != nil {
// ignore the error due to the base request having null paylods
if err != requests.ErrNoPayload {
result.Error = err
}
} else {
swg.Add()
go func(httpRequest *requests.HTTPRequest) {
@ -353,12 +358,15 @@ func (e *HTTPExecuter) ExecuteHTTP(p *progress.Progress, reqURL string) *Result
remaining := e.bulkHTTPRequest.GetRequestCount()
e.bulkHTTPRequest.CreateGenerator(reqURL)
for e.bulkHTTPRequest.Next(reqURL) && !result.Done {
for e.bulkHTTPRequest.Next(reqURL) {
requestNumber++
httpRequest, err := e.bulkHTTPRequest.MakeHTTPRequest(reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL))
if err != nil {
// ignore the error due to the base request having null paylods
if err != requests.ErrNoPayload {
result.Error = err
p.Drop(remaining)
}
} else {
e.ratelimiter.Take()
// If the request was built correctly then execute it
@ -532,8 +540,8 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
result.Lock()
result.historyData = generators.MergeMaps(result.historyData, matchers.HTTPToMap(resp, body, headers, duration, format))
// retrieve current payloads
currentPayloads := e.bulkHTTPRequest.GetPayloadsValues(reqURL)
if currentPayloads != nil {
currentPayloads, err := e.bulkHTTPRequest.GetPayloadsValues(reqURL)
if err == nil {
// merge them to history data
result.historyData = generators.MergeMaps(result.historyData, currentPayloads)
}
@ -718,7 +726,6 @@ func (e *HTTPExecuter) setCustomHeaders(r *requests.HTTPRequest) {
type Result struct {
sync.Mutex
GotResults bool
Done bool
Meta map[string]interface{}
Matches map[string]interface{}
Extractions map[string]interface{}

37
v2/pkg/requests/bulk-http-request.go
View File

@ -184,7 +184,12 @@ func (r *BulkHTTPRequest) makeHTTPRequestFromRaw(ctx context.Context, baseURL, d
r.gsfm.InitOrSkip(baseURL)
r.ReadOne(baseURL)
return r.handleRawWithPaylods(ctx, data, baseURL, values, r.gsfm.Value(baseURL))
payloads, err := r.GetPayloadsValues(baseURL)
if err != nil {
return nil, err
}
return r.handleRawWithPaylods(ctx, data, baseURL, values, payloads)
}
// otherwise continue with normal flow
@ -484,6 +489,32 @@ func (r *BulkHTTPRequest) Increment(reqURL string) {
}
// GetPayloadsValues for the specified URL
func (r *BulkHTTPRequest) GetPayloadsValues(reqURL string) map[string]interface{} {
return r.gsfm.Value(reqURL)
func (r *BulkHTTPRequest) GetPayloadsValues(reqURL string) (map[string]interface{}, error) {
payloadProcessedValues := make(map[string]interface{})
payloadsFromTemplate := r.gsfm.Value(reqURL)
for k, v := range payloadsFromTemplate {
// attempts to expand expressions
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(v.(string), generators.HelperFunctions())
if err != nil {
// it is a simple literal payload => proceed with literal value
payloadProcessedValues[k] = v
continue
}
// it is an expression - try to solve it
expValue, err := compiled.Evaluate(payloadsFromTemplate)
if err != nil {
// an error occurred => proceed with literal value
payloadProcessedValues[k] = v
continue
}
payloadProcessedValues[k] = expValue
}
var err error
if len(payloadProcessedValues) == 0 {
err = ErrNoPayload
}
return payloadProcessedValues, err
}
// ErrNoPayload error to avoid the additional base null request
var ErrNoPayload = fmt.Errorf("No payload found")