nuclei/pkg/executer/output_http.go

package executer

import (
	"net/http"
	"net/http/httputil"
	"strings"

	jsoniter "github.com/json-iterator/go"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/pkg/matchers"
	"github.com/projectdiscovery/nuclei/v2/pkg/requests"
)

// writeOutputHTTP writes http output to streams
func (e *HTTPExecuter) writeOutputHTTP(req *requests.HTTPRequest, resp *http.Response, body string, matcher *matchers.Matcher, extractorResults []string) {
	URL := req.Request.URL.String()

	if e.jsonOutput {
		output := jsonOutput{
			Template:    e.template.ID,
			Type:        "http",
			Matched:     URL,
			Name:        e.template.Info.Name,
			Severity:    e.template.Info.Severity,
			Author:      e.template.Info.Author,
			Description: e.template.Info.Description,
		}

		if matcher != nil && len(matcher.Name) > 0 {
			output.MatcherName = matcher.Name
		}

		if len(extractorResults) > 0 {
			output.ExtractedResults = extractorResults
		}

		if e.jsonRequest {
			dumpedRequest, err := httputil.DumpRequest(req.Request.Request, true)
			if err != nil {
				gologger.Warningf("could not dump request: %s\n", err)
			} else {
				output.Request = string(dumpedRequest)
			}

			dumpedResponse, err := httputil.DumpResponse(resp, false)

			if err != nil {
				gologger.Warningf("could not dump response: %s\n", err)
			} else {
				output.Response = string(dumpedResponse) + body
			}
		}

		data, err := jsoniter.Marshal(output)

		if err != nil {
			gologger.Warningf("Could not marshal json output: %s\n", err)
		}

		gologger.Silentf("%s", string(data))

		if e.writer != nil {
			if err := e.writer.Write(data); err != nil {
				gologger.Errorf("Could not write output data: %s\n", err)
				return
			}
		}

		return
	}

	builder := &strings.Builder{}
	colorizer := e.colorizer

	builder.WriteRune('[')
	builder.WriteString(colorizer.BrightGreen(e.template.ID).String())

	if matcher != nil && len(matcher.Name) > 0 {
		builder.WriteString(":")
		builder.WriteString(colorizer.BrightGreen(matcher.Name).Bold().String())
	}

	builder.WriteString("] [")
	builder.WriteString(colorizer.BrightBlue("http").String())
	builder.WriteString("] ")

	// Escape the URL by replacing all % with %%
	escapedURL := strings.ReplaceAll(URL, "%", "%%")
	builder.WriteString(escapedURL)

	// If any extractors, write the results
	if len(extractorResults) > 0 {
		builder.WriteString(" [")

		for i, result := range extractorResults {
			builder.WriteString(colorizer.BrightCyan(result).String())

			if i != len(extractorResults)-1 {
				builder.WriteRune(',')
			}
		}

		builder.WriteString("]")
	}

	// write meta if any
	if len(req.Meta) > 0 {
		builder.WriteString(" [")

		var metas []string

		for name, value := range req.Meta {
			metas = append(metas, colorizer.BrightYellow(name).Bold().String()+"="+colorizer.BrightYellow(value.(string)).String())
		}

		builder.WriteString(strings.Join(metas, ","))
		builder.WriteString("]")
	}

	builder.WriteRune('\n')

	// Write output to screen as well as any output file
	message := builder.String()
	gologger.Silentf("%s", message)

	if e.writer != nil {
		if e.coloredOutput {
			message = e.decolorizer.ReplaceAllString(message, "")
		}

		if err := e.writer.WriteString(message); err != nil {
			gologger.Errorf("Could not write output data: %s\n", err)
			return
		}
	}
}
typo global correction 2020-07-16 10:57:28 +02:00			`package executer`
Added executor + refactor 2020-04-26 05:50:33 +05:30
			`import (`
json-request option for request/response output in JSON matches 2020-07-15 13:38:45 +02:00			`"net/http"`
			`"net/http/httputil"`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`"strings"`

Added json output support 2020-06-27 20:19:43 +05:30			`jsoniter "github.com/json-iterator/go"`
Finished executer for per-request execution 2020-04-26 06:33:59 +05:30			`"github.com/projectdiscovery/gologger"`
v2 update 2020-07-01 16:17:24 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/matchers"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/requests"`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`)`

Finished executer for per-request execution 2020-04-26 06:33:59 +05:30			`// writeOutputHTTP writes http output to streams`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00			`func (e HTTPExecuter) writeOutputHTTP(req requests.HTTPRequest, resp http.Response, body string, matcher matchers.Matcher, extractorResults []string) {`
Added json output support 2020-06-27 20:19:43 +05:30			`URL := req.Request.URL.String()`

			`if e.jsonOutput {`
			`output := jsonOutput{`
typo global correction 2020-07-16 10:57:28 +02:00			`Template: e.template.ID,`
			`Type: "http",`
			`Matched: URL,`
Add template name to JSON output Fixes #258 2020-08-27 22:13:42 +02:00			`Name: e.template.Info.Name,`
typo global correction 2020-07-16 10:57:28 +02:00			`Severity: e.template.Info.Severity,`
			`Author: e.template.Info.Author,`
			`Description: e.template.Info.Description,`
Added json output support 2020-06-27 20:19:43 +05:30			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added json output support 2020-06-27 20:19:43 +05:30			`if matcher != nil && len(matcher.Name) > 0 {`
			`output.MatcherName = matcher.Name`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added json output support 2020-06-27 20:19:43 +05:30			`if len(extractorResults) > 0 {`
			`output.ExtractedResults = extractorResults`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
json-request option for request/response output in JSON matches 2020-07-15 13:38:45 +02:00			`if e.jsonRequest {`
			`dumpedRequest, err := httputil.DumpRequest(req.Request.Request, true)`
			`if err != nil {`
			`gologger.Warningf("could not dump request: %s\n", err)`
			`} else {`
			`output.Request = string(dumpedRequest)`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
json-request option for request/response output in JSON matches 2020-07-15 13:38:45 +02:00			`dumpedResponse, err := httputil.DumpResponse(resp, false)`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
json-request option for request/response output in JSON matches 2020-07-15 13:38:45 +02:00			`if err != nil {`
			`gologger.Warningf("could not dump response: %s\n", err)`
			`} else {`
			`output.Response = string(dumpedResponse) + body`
			`}`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added json output support 2020-06-27 20:19:43 +05:30			`data, err := jsoniter.Marshal(output)`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added json output support 2020-06-27 20:19:43 +05:30			`if err != nil {`
			`gologger.Warningf("Could not marshal json output: %s\n", err)`
			`}`

			`gologger.Silentf("%s", string(data))`

			`if e.writer != nil {`
Fixed inconsistent output hopefully 2020-09-10 16:32:01 +05:30			`if err := e.writer.Write(data); err != nil {`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00			`gologger.Errorf("Could not write output data: %s\n", err)`
			`return`
			`}`
Added json output support 2020-06-27 20:19:43 +05:30			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added json output support 2020-06-27 20:19:43 +05:30			`return`
			`}`

Added executor + refactor 2020-04-26 05:50:33 +05:30			`builder := &strings.Builder{}`
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`colorizer := e.colorizer`
Added executor + refactor 2020-04-26 05:50:33 +05:30
			`builder.WriteRune('[')`
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`builder.WriteString(colorizer.BrightGreen(e.template.ID).String())`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Finished executer for per-request execution 2020-04-26 06:33:59 +05:30			`if matcher != nil && len(matcher.Name) > 0 {`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`builder.WriteString(":")`
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`builder.WriteString(colorizer.BrightGreen(matcher.Name).Bold().String())`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`builder.WriteString("] [")`
			`builder.WriteString(colorizer.BrightBlue("http").String())`
			`builder.WriteString("] ")`
Added executor + refactor 2020-04-26 05:50:33 +05:30
			`// Escape the URL by replacing all % with %%`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00			`escapedURL := strings.ReplaceAll(URL, "%", "%%")`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`builder.WriteString(escapedURL)`

			`// If any extractors, write the results`
			`if len(extractorResults) > 0 {`
			`builder.WriteString(" [")`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added executor + refactor 2020-04-26 05:50:33 +05:30			`for i, result := range extractorResults {`
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`builder.WriteString(colorizer.BrightCyan(result).String())`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added executor + refactor 2020-04-26 05:50:33 +05:30			`if i != len(extractorResults)-1 {`
			`builder.WriteRune(',')`
			`}`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Added executor + refactor 2020-04-26 05:50:33 +05:30			`builder.WriteString("]")`
			`}`
added payload info to output 2020-05-14 18:09:36 +02:00
			`// write meta if any`
			`if len(req.Meta) > 0 {`
			`builder.WriteString(" [")`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
added payload info to output 2020-05-14 18:09:36 +02:00			`var metas []string`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
added payload info to output 2020-05-14 18:09:36 +02:00			`for name, value := range req.Meta {`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00			`metas = append(metas, colorizer.BrightYellow(name).Bold().String()+"="+colorizer.BrightYellow(value.(string)).String())`
added payload info to output 2020-05-14 18:09:36 +02:00			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
added payload info to output 2020-05-14 18:09:36 +02:00			`builder.WriteString(strings.Join(metas, ","))`
			`builder.WriteString("]")`
			`}`

Added executor + refactor 2020-04-26 05:50:33 +05:30			`builder.WriteRune('\n')`

Finished executer for per-request execution 2020-04-26 06:33:59 +05:30			`// Write output to screen as well as any output file`
			`message := builder.String()`
			`gologger.Silentf("%s", message)`

			`if e.writer != nil {`
Add initial coloring support in output results 2020-07-29 00:43:05 +02:00			`if e.coloredOutput {`
			`message = e.decolorizer.ReplaceAllString(message, "")`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00
Fixed inconsistent output hopefully 2020-09-10 16:32:01 +05:30			`if err := e.writer.WriteString(message); err != nil {`
Initial adoption of golangci-lint for CI 2020-08-25 23:24:31 +02:00			`gologger.Errorf("Could not write output data: %s\n", err)`
			`return`
			`}`
Finished executer for per-request execution 2020-04-26 06:33:59 +05:30			`}`
Added executor + refactor 2020-04-26 05:50:33 +05:30			`}`