From f9afd276057ad4ddd73f86445c20d0bcc690143a Mon Sep 17 00:00:00 2001 From: Wyatt Dahlenburg Date: Wed, 1 Sep 2021 11:42:15 -0500 Subject: [PATCH] Allow authorization header value to be specified for self-hosted interact.sh servers --- v2/cmd/nuclei/main.go | 2 +- v2/internal/runner/runner.go | 1 + v2/pkg/protocols/common/interactsh/interactsh.go | 3 +++ v2/pkg/types/types.go | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 7bd84689..0708b750 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -110,7 +110,7 @@ on extensive configurability, massive extensibility and ease of use.`) createGroup(flagSet, "interactsh", "interactsh", flagSet.BoolVar(&options.NoInteractsh, "no-interactsh", false, "do not use interactsh server for blind interaction polling"), flagSet.StringVar(&options.InteractshURL, "interactsh-url", "https://interact.sh", "self-hosted Interactsh Server URL"), - + flagSet.StringVar(&options.InteractshAuth, "interactsh-auth", "", "authorization header for self-hosted interactsh server"), flagSet.IntVar(&options.InteractionsCacheSize, "interactions-cache-size", 5000, "number of requests to keep in the interactions cache"), flagSet.IntVar(&options.InteractionsEviction, "interactions-eviction", 60, "number of seconds to wait before evicting requests from cache"), flagSet.IntVar(&options.InteractionsPollDuration, "interactions-poll-duration", 5, "number of seconds to wait before each interaction poll request"), diff --git a/v2/internal/runner/runner.go b/v2/internal/runner/runner.go index cef08de9..4eabd928 100644 --- a/v2/internal/runner/runner.go +++ b/v2/internal/runner/runner.go @@ -245,6 +245,7 @@ func New(options *types.Options) (*Runner, error) { if !options.NoInteractsh { interactshClient, err := interactsh.New(&interactsh.Options{ ServerURL: options.InteractshURL, + Authorization: options.InteractshAuth, CacheSize: int64(options.InteractionsCacheSize), Eviction: time.Duration(options.InteractionsEviction) * time.Second, ColldownPeriod: time.Duration(options.InteractionsColldownPeriod) * time.Second, diff --git a/v2/pkg/protocols/common/interactsh/interactsh.go b/v2/pkg/protocols/common/interactsh/interactsh.go index 773a88e0..da3ef497 100644 --- a/v2/pkg/protocols/common/interactsh/interactsh.go +++ b/v2/pkg/protocols/common/interactsh/interactsh.go @@ -48,6 +48,8 @@ var ( type Options struct { // ServerURL is the URL of the interactsh server. ServerURL string + // Authorization is the Authorization header value + Authorization string // CacheSize is the numbers of requests to keep track of at a time. // Older items are discarded in LRU manner in favor of new requests. CacheSize int64 @@ -80,6 +82,7 @@ func New(options *Options) (*Client, error) { interactsh, err := client.New(&client.Options{ ServerURL: options.ServerURL, + Token: options.Authorization, PersistentSession: false, }) if err != nil { diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go index d10199ff..b44663cc 100644 --- a/v2/pkg/types/types.go +++ b/v2/pkg/types/types.go @@ -37,6 +37,8 @@ type Options struct { ProjectPath string // InteractshURL is the URL for the interactsh server. InteractshURL string + // Interactsh Authorization header value for self-hosted servers + InteractshAuth string // Target URLs/Domains to scan using a template Targets goflags.StringSlice // TargetsFilePath specifies the targets from a file to scan using templates.