nuclei/v2/pkg/protocols/ssl/ssl.go

package ssl

import (
	"context"
	"crypto/tls"
	"fmt"
	"net"
	"net/url"
	"strings"
	"time"

	jsoniter "github.com/json-iterator/go"
	"github.com/pkg/errors"

	"github.com/projectdiscovery/cryptoutil"
	"github.com/projectdiscovery/fastdialer/fastdialer"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
	templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
	ztls "github.com/zmap/zcrypto/tls"
)

// Request is a request for the SSL protocol
type Request struct {
	// Operators for the current request go here.
	operators.Operators `yaml:",inline,omitempty"`
	CompiledOperators   *operators.Operators `yaml:"-"`
	// description: |
	//   Address contains address for the request
	Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"`
	// description: |
	//   Minimum tls version - auto if not specified.
	// values:
	//   - "sslv3"
	//   - "tls10"
	//   - "tls11"
	//   - "tls12"
	//   - "tls13"
	MinVersion string `yaml:"min_version,omitempty" jsonschema:"title=TLS version,description=Minimum tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
	// description: |
	//   Max tls version - auto if not specified.
	// values:
	//   - "sslv3"
	//   - "tls10"
	//   - "tls11"
	//   - "tls12"
	//   - "tls13"
	MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
	// description: |
	//   Client Cipher Suites  - auto if not specified.
	CiperSuites  []string `yaml:"cipher_suites,omitempty"`
	cipherSuites []uint16

	// cache any variables that may be needed for operation.
	dialer  *fastdialer.Dialer
	options *protocols.ExecuterOptions
}

// Compile compiles the request generators preparing any requests possible.
func (request *Request) Compile(options *protocols.ExecuterOptions) error {
	request.options = options

	client, err := networkclientpool.Get(options.Options, &networkclientpool.Configuration{})
	if err != nil {
		return errors.Wrap(err, "could not get network client")
	}
	request.dialer = client

	if request.options.Options.ZTLS {
		request.cipherSuites, err = toZTLSCiphers(request.CiperSuites)
	} else {
		request.cipherSuites, err = toTLSCiphers(request.CiperSuites)
	}
	if err != nil {
		return errors.Wrap(err, "invalid ciphersuites specified")
	}

	if len(request.Matchers) > 0 || len(request.Extractors) > 0 {
		compiled := &request.Operators
		if err := compiled.Compile(); err != nil {
			return errors.Wrap(err, "could not compile operators")
		}
		request.CompiledOperators = compiled
	}
	return nil
}

// Requests returns the total number of requests the rule will perform
func (request *Request) Requests() int {
	return 1
}

// GetID returns the ID for the request if any.
func (request *Request) GetID() string {
	return ""
}

// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
func (request *Request) ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
	address, err := getAddress(input)
	if err != nil {
		return nil
	}
	hostname, port, _ := net.SplitHostPort(address)

	requestOptions := request.options
	payloadValues := make(map[string]interface{})
	for k, v := range dynamicValues {
		payloadValues[k] = v
	}
	payloadValues["Hostname"] = address
	payloadValues["Host"] = hostname
	payloadValues["Port"] = port

	finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)
	if dataErr != nil {
		requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), dataErr)
		requestOptions.Progress.IncrementFailedRequestsBy(1)
		return errors.Wrap(dataErr, "could not evaluate template expressions")
	}

	addressToDial := string(finalAddress)
	var minVersion, maxVersion uint16
	if request.MinVersion != "" {
		version, err := toVersion(request.MinVersion)
		if err != nil {
			return err
		}
		minVersion = version
	}
	if request.MaxVersion != "" {
		version, err := toVersion(request.MaxVersion)
		if err != nil {
			return err
		}
		maxVersion = version
	}
	var conn net.Conn

	if request.options.Options.ZTLS {
		zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname}
		if minVersion > 0 {
			zconfig.MinVersion = minVersion
		}
		if maxVersion > 0 {
			zconfig.MaxVersion = maxVersion
		}
		if len(request.cipherSuites) > 0 {
			zconfig.CipherSuites = request.cipherSuites
		}
		conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig)
	} else {
		config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname}
		if minVersion > 0 {
			config.MinVersion = minVersion
		}
		if maxVersion > 0 {
			config.MaxVersion = maxVersion
		}
		if len(request.cipherSuites) > 0 {
			config.CipherSuites = request.cipherSuites
		}
		conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)
	}

	if err != nil {
		requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err)
		requestOptions.Progress.IncrementFailedRequestsBy(1)
		return errors.Wrap(err, "could not connect to server")
	}
	defer conn.Close()
	_ = conn.SetReadDeadline(time.Now().Add(time.Duration(requestOptions.Options.Timeout) * time.Second))

	requestOptions.Output.Request(requestOptions.TemplateID, address, request.Type().String(), err)
	gologger.Verbose().Msgf("Sent SSL request to %s", address)

	if requestOptions.Options.Debug || requestOptions.Options.DebugRequests || requestOptions.Options.StoreResponse {
		msg := fmt.Sprintf("[%s] Dumped SSL request for %s", requestOptions.TemplateID, input)
		if requestOptions.Options.Debug || requestOptions.Options.DebugRequests {
			gologger.Debug().Str("address", input).Msg(msg)
		}
		if requestOptions.Options.StoreResponse {
			request.options.Output.WriteStoreDebugData(input, request.options.TemplateID, request.Type().String(), msg)
		}
	}

	var (
		tlsData      interface{}
		certNotAfter int64
	)
	if request.options.Options.ZTLS {
		connTLS, ok := conn.(*ztls.Conn)
		if !ok {
			return nil
		}
		state := connTLS.ConnectionState()
		if len(state.PeerCertificates) == 0 {
			return nil
		}
		tlsData = cryptoutil.ZTLSGrab(connTLS)
		cert := connTLS.ConnectionState().PeerCertificates[0]
		certNotAfter = cert.NotAfter.Unix()
	} else {
		connTLS, ok := conn.(*tls.Conn)
		if !ok {
			return nil
		}
		state := connTLS.ConnectionState()
		if len(state.PeerCertificates) == 0 {
			return nil
		}
		tlsData = cryptoutil.TLSGrab(&state)
		cert := connTLS.ConnectionState().PeerCertificates[0]
		certNotAfter = cert.NotAfter.Unix()
	}
	jsonData, _ := jsoniter.Marshal(tlsData)
	jsonDataString := string(jsonData)

	data := make(map[string]interface{})

	data["type"] = request.Type().String()
	data["response"] = jsonDataString
	data["host"] = input
	data["matched"] = addressToDial
	data["not_after"] = float64(certNotAfter)
	data["ip"] = request.dialer.GetDialedIP(hostname)

	event := eventcreator.CreateEvent(request, data, requestOptions.Options.Debug || requestOptions.Options.DebugResponse)
	if requestOptions.Options.Debug || requestOptions.Options.DebugResponse || requestOptions.Options.StoreResponse {
		msg := fmt.Sprintf("[%s] Dumped SSL response for %s", requestOptions.TemplateID, input)
		if requestOptions.Options.Debug || requestOptions.Options.DebugResponse {
		gologger.Debug().Msg(msg)
		gologger.Print().Msgf("%s", responsehighlighter.Highlight(event.OperatorsResult, jsonDataString, requestOptions.Options.NoColor, false))
		}
		if requestOptions.Options.StoreResponse {
		request.options.Output.WriteStoreDebugData(input, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s\n%s", msg, jsonDataString))
		}
	}
	callback(event)
	return nil
}

// RequestPartDefinitions contains a mapping of request part definitions and their
// description. Multiple definitions are separated by commas.
// Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.
var RequestPartDefinitions = map[string]string{
	"type":      "Type is the type of request made",
	"response":  "JSON SSL protocol handshake details",
	"not_after": "Timestamp after which the remote cert expires",
	"host":      "Host is the input to the template",
	"matched":   "Matched is the input which was matched upon",
}

// getAddress returns the address of the host to make request to
func getAddress(toTest string) (string, error) {
	if strings.Contains(toTest, "://") {
		parsed, err := url.Parse(toTest)
		if err != nil {
			return "", err
		}
		_, port, _ := net.SplitHostPort(parsed.Host)

		if strings.ToLower(parsed.Scheme) == "https" && port == "" {
			toTest = net.JoinHostPort(parsed.Host, "443")
		} else {
			toTest = parsed.Host
		}
		return toTest, nil
	}
	return toTest, nil
}

// Match performs matching operation for a matcher on model and returns:
// true and a list of matched snippets if the matcher type is supports it
// otherwise false and an empty string slice
func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string) {
	return protocols.MakeDefaultMatchFunc(data, matcher)
}

// Extract performs extracting operation for an extractor on model and returns true or false.
func (request *Request) Extract(data map[string]interface{}, matcher *extractors.Extractor) map[string]struct{} {
	return protocols.MakeDefaultExtractFunc(data, matcher)
}

// MakeResultEvent creates a result event from internal wrapped event
func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent {
	return protocols.MakeDefaultResultEvent(request, wrapped)
}

// GetCompiledOperators returns a list of the compiled operators
func (request *Request) GetCompiledOperators() []*operators.Operators {
	return []*operators.Operators{request.CompiledOperators}
}

// Type returns the type of the protocol request
func (request *Request) Type() templateTypes.ProtocolType {
	return templateTypes.SSLProtocol
}

func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent {
	data := &output.ResultEvent{
		TemplateID:       types.ToString(request.options.TemplateID),
		TemplatePath:     types.ToString(request.options.TemplatePath),
		Info:             request.options.TemplateInfo,
		Type:             types.ToString(wrapped.InternalEvent["type"]),
		Host:             types.ToString(wrapped.InternalEvent["host"]),
		Matched:          types.ToString(wrapped.InternalEvent["host"]),
		Metadata:         wrapped.OperatorsResult.PayloadValues,
		ExtractedResults: wrapped.OperatorsResult.OutputExtracts,
		Timestamp:        time.Now(),
		MatcherStatus:    true,
		IP:               types.ToString(wrapped.InternalEvent["ip"]),
	}
	return data
}
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`package ssl`

			`import (`
			`"context"`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`"crypto/tls"`
Issue 1705 save responses on disk (#1727) * save response on disk * lint error check * store raw request/response * lint error fix * file path * mock test fix * readme update * .txt extension Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-01 14:29:02 -05:00			`"fmt"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"net"`
			`"net/url"`
			`"strings"`
			`"time"`

Added debug for SSL 2021-11-01 18:02:45 +05:30			`jsoniter "github.com/json-iterator/go"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/pkg/errors"`
refactor: uniformly sorted imports 2021-11-25 17:09:20 +02:00
Added debug for SSL 2021-11-01 18:02:45 +05:30			`"github.com/projectdiscovery/cryptoutil"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/projectdiscovery/fastdialer/fastdialer"`
Fixed some bugs with ssl protocols + misc enhancements 2021-09-24 19:35:00 +05:30			`"github.com/projectdiscovery/gologger"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"`
Added debug for SSL 2021-11-01 18:02:45 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
Add support for ztls for ssl/crypto templates 2022-01-24 16:15:02 +01:00			`ztls "github.com/zmap/zcrypto/tls"`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`)`

			`// Request is a request for the SSL protocol`
			`type Request struct {`
			`// Operators for the current request go here.`
			operators.Operators `yaml:",inline,omitempty"`
			CompiledOperators *operators.Operators `yaml:"-"`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`// description: \|`
			`// Address contains address for the request`
using standard library for tls13 2022-01-25 13:26:22 +01:00			Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"`
			`// description: \|`
			`// Minimum tls version - auto if not specified.`
			`// values:`
			`// - "sslv3"`
			`// - "tls10"`
			`// - "tls11"`
			`// - "tls12"`
			`// - "tls13"`
			MinVersion string `yaml:"min_version,omitempty" jsonschema:"title=TLS version,description=Minimum tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
			`// description: \|`
			`// Max tls version - auto if not specified.`
			`// values:`
			`// - "sslv3"`
			`// - "tls10"`
			`// - "tls11"`
			`// - "tls12"`
			`// - "tls13"`
			MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
			`// description: \|`
making ztls global and optional 2022-01-25 20:48:21 +01:00			`// Client Cipher Suites - auto if not specified.`
Added more tests and ciphersuits for SSL protocol 2022-03-07 14:07:30 +05:30			CiperSuites []string `yaml:"cipher_suites,omitempty"`
			`cipherSuites []uint16`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
			`// cache any variables that may be needed for operation.`
			`dialer *fastdialer.Dialer`
			`options *protocols.ExecuterOptions`
			`}`

			`// Compile compiles the request generators preparing any requests possible.`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) Compile(options protocols.ExecuterOptions) error {`
			`request.options = options`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
			`client, err := networkclientpool.Get(options.Options, &networkclientpool.Configuration{})`
			`if err != nil {`
			`return errors.Wrap(err, "could not get network client")`
			`}`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`request.dialer = client`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
Added more tests and ciphersuits for SSL protocol 2022-03-07 14:07:30 +05:30			`if request.options.Options.ZTLS {`
			`request.cipherSuites, err = toZTLSCiphers(request.CiperSuites)`
			`} else {`
			`request.cipherSuites, err = toTLSCiphers(request.CiperSuites)`
			`}`
			`if err != nil {`
			`return errors.Wrap(err, "invalid ciphersuites specified")`
			`}`

Misc changes according to review 2021-11-03 02:34:48 +05:30			`if len(request.Matchers) > 0 \|\| len(request.Extractors) > 0 {`
			`compiled := &request.Operators`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`if err := compiled.Compile(); err != nil {`
			`return errors.Wrap(err, "could not compile operators")`
			`}`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`request.CompiledOperators = compiled`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`}`
			`return nil`
			`}`

			`// Requests returns the total number of requests the rule will perform`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request *Request) Requests() int {`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`return 1`
			`}`

			`// GetID returns the ID for the request if any.`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request *Request) GetID() string {`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`return ""`
			`}`

			`// ExecuteWithResults executes the protocol requests and returns results instead of writing them.`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request *Request) ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error {`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`address, err := getAddress(input)`
			`if err != nil {`
			`return nil`
			`}`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`hostname, port, _ := net.SplitHostPort(address)`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`requestOptions := request.options`
			`payloadValues := make(map[string]interface{})`
			`for k, v := range dynamicValues {`
			`payloadValues[k] = v`
			`}`
			`payloadValues["Hostname"] = address`
			`payloadValues["Host"] = hostname`
			`payloadValues["Port"] = port`

			`finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)`
			`if dataErr != nil {`
			`requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), dataErr)`
			`requestOptions.Progress.IncrementFailedRequestsBy(1)`
			`return errors.Wrap(dataErr, "could not evaluate template expressions")`
			`}`

			`addressToDial := string(finalAddress)`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`var minVersion, maxVersion uint16`
adding support for configurable TLS version/cipher suites 2022-01-24 18:20:29 +01:00			`if request.MinVersion != "" {`
			`version, err := toVersion(request.MinVersion)`
			`if err != nil {`
			`return err`
			`}`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`minVersion = version`
adding support for configurable TLS version/cipher suites 2022-01-24 18:20:29 +01:00			`}`
			`if request.MaxVersion != "" {`
			`version, err := toVersion(request.MaxVersion)`
			`if err != nil {`
			`return err`
			`}`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`maxVersion = version`
adding support for configurable TLS version/cipher suites 2022-01-24 18:20:29 +01:00			`}`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`var conn net.Conn`
making ztls global and optional 2022-01-25 20:48:21 +01:00
			`if request.options.Options.ZTLS {`
fixing tls config generation 2022-01-25 20:57:54 +01:00			`zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname}`
			`if minVersion > 0 {`
			`zconfig.MinVersion = minVersion`
			`}`
			`if maxVersion > 0 {`
			`zconfig.MaxVersion = maxVersion`
			`}`
Added more tests and ciphersuits for SSL protocol 2022-03-07 14:07:30 +05:30			`if len(request.cipherSuites) > 0 {`
			`zconfig.CipherSuites = request.cipherSuites`
fixing tls config generation 2022-01-25 20:57:54 +01:00			`}`
making ztls global and optional 2022-01-25 20:48:21 +01:00			`conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig)`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`} else {`
fixing tls config generation 2022-01-25 20:57:54 +01:00			`config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname}`
			`if minVersion > 0 {`
			`config.MinVersion = minVersion`
			`}`
			`if maxVersion > 0 {`
			`config.MaxVersion = maxVersion`
			`}`
Added more tests and ciphersuits for SSL protocol 2022-03-07 14:07:30 +05:30			`if len(request.cipherSuites) > 0 {`
			`config.CipherSuites = request.cipherSuites`
adding support for configurable TLS version/cipher suites 2022-01-24 18:20:29 +01:00			`}`
using standard library for tls13 2022-01-25 13:26:22 +01:00			`conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)`
adding support for configurable TLS version/cipher suites 2022-01-24 18:20:29 +01:00			`}`

Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`if err != nil {`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err)`
			`requestOptions.Progress.IncrementFailedRequestsBy(1)`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`return errors.Wrap(err, "could not connect to server")`
			`}`
			`defer conn.Close()`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`_ = conn.SetReadDeadline(time.Now().Add(time.Duration(requestOptions.Options.Timeout) * time.Second))`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`requestOptions.Output.Request(requestOptions.TemplateID, address, request.Type().String(), err)`
Fixed some bugs with ssl protocols + misc enhancements 2021-09-24 19:35:00 +05:30			`gologger.Verbose().Msgf("Sent SSL request to %s", address)`

Issue 1705 save responses on disk (#1727) * save response on disk * lint error check * store raw request/response * lint error fix * file path * mock test fix * readme update * .txt extension Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-01 14:29:02 -05:00			`if requestOptions.Options.Debug \|\| requestOptions.Options.DebugRequests \|\| requestOptions.Options.StoreResponse {`
			`msg := fmt.Sprintf("[%s] Dumped SSL request for %s", requestOptions.TemplateID, input)`
			`if requestOptions.Options.Debug \|\| requestOptions.Options.DebugRequests {`
			`gologger.Debug().Str("address", input).Msg(msg)`
			`}`
			`if requestOptions.Options.StoreResponse {`
			`request.options.Output.WriteStoreDebugData(input, request.options.TemplateID, request.Type().String(), msg)`
			`}`
Added debug for SSL 2021-11-01 18:02:45 +05:30			`}`

making ztls global and optional 2022-01-25 20:48:21 +01:00			`var (`
			`tlsData interface{}`
			`certNotAfter int64`
			`)`
			`if request.options.Options.ZTLS {`
			`connTLS, ok := conn.(*ztls.Conn)`
			`if !ok {`
			`return nil`
			`}`
			`state := connTLS.ConnectionState()`
			`if len(state.PeerCertificates) == 0 {`
			`return nil`
			`}`
			`tlsData = cryptoutil.ZTLSGrab(connTLS)`
			`cert := connTLS.ConnectionState().PeerCertificates[0]`
			`certNotAfter = cert.NotAfter.Unix()`
			`} else {`
			`connTLS, ok := conn.(*tls.Conn)`
			`if !ok {`
			`return nil`
			`}`
			`state := connTLS.ConnectionState()`
			`if len(state.PeerCertificates) == 0 {`
			`return nil`
			`}`
			`tlsData = cryptoutil.TLSGrab(&state)`
			`cert := connTLS.ConnectionState().PeerCertificates[0]`
			`certNotAfter = cert.NotAfter.Unix()`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`}`
making ztls global and optional 2022-01-25 20:48:21 +01:00			`jsonData, _ := jsoniter.Marshal(tlsData)`
Added debug for SSL 2021-11-01 18:02:45 +05:30			`jsonDataString := string(jsonData)`

Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`data := make(map[string]interface{})`
Added debug for SSL 2021-11-01 18:02:45 +05:30
Added matched-status flag + template-path and url to output (#1272) * Added matched-status flag + template-path and url to output 2021-11-22 17:53:25 +05:30			`data["type"] = request.Type().String()`
Added debug for SSL 2021-11-01 18:02:45 +05:30			`data["response"] = jsonDataString`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`data["host"] = input`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`data["matched"] = addressToDial`
making ztls global and optional 2022-01-25 20:48:21 +01:00			`data["not_after"] = float64(certNotAfter)`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`data["ip"] = request.dialer.GetDialedIP(hostname)`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`event := eventcreator.CreateEvent(request, data, requestOptions.Options.Debug \|\| requestOptions.Options.DebugResponse)`
Issue 1705 save responses on disk (#1727) * save response on disk * lint error check * store raw request/response * lint error fix * file path * mock test fix * readme update * .txt extension Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-01 14:29:02 -05:00			`if requestOptions.Options.Debug \|\| requestOptions.Options.DebugResponse \|\| requestOptions.Options.StoreResponse {`
			`msg := fmt.Sprintf("[%s] Dumped SSL response for %s", requestOptions.TemplateID, input)`
			`if requestOptions.Options.Debug \|\| requestOptions.Options.DebugResponse {`
			`gologger.Debug().Msg(msg)`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`gologger.Print().Msgf("%s", responsehighlighter.Highlight(event.OperatorsResult, jsonDataString, requestOptions.Options.NoColor, false))`
Issue 1705 save responses on disk (#1727) * save response on disk * lint error check * store raw request/response * lint error fix * file path * mock test fix * readme update * .txt extension Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-01 14:29:02 -05:00			`}`
			`if requestOptions.Options.StoreResponse {`
			`request.options.Output.WriteStoreDebugData(input, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s\n%s", msg, jsonDataString))`
			`}`
Added debug for SSL 2021-11-01 18:02:45 +05:30			`}`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`callback(event)`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`return nil`
			`}`

Added part definition information to docs + misc 2021-11-26 16:23:54 +05:30			`// RequestPartDefinitions contains a mapping of request part definitions and their`
			`// description. Multiple definitions are separated by commas.`
			`// Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.`
			`var RequestPartDefinitions = map[string]string{`
			`"type": "Type is the type of request made",`
			`"response": "JSON SSL protocol handshake details",`
			`"not_after": "Timestamp after which the remote cert expires",`
			`"host": "Host is the input to the template",`
			`"matched": "Matched is the input which was matched upon",`
			`}`

Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`// getAddress returns the address of the host to make request to`
			`func getAddress(toTest string) (string, error) {`
			`if strings.Contains(toTest, "://") {`
			`parsed, err := url.Parse(toTest)`
			`if err != nil {`
			`return "", err`
			`}`
			`_, port, _ := net.SplitHostPort(parsed.Host)`

Merge from dev 2021-11-03 18:58:00 +05:30			`if strings.ToLower(parsed.Scheme) == "https" && port == "" {`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`toTest = net.JoinHostPort(parsed.Host, "443")`
			`} else {`
			`toTest = parsed.Host`
			`}`
Fixed some bugs with ssl protocols + misc enhancements 2021-09-24 19:35:00 +05:30			`return toTest, nil`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`}`
			`return toTest, nil`
			`}`

merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`// Match performs matching operation for a matcher on model and returns:`
			`// true and a list of matched snippets if the matcher type is supports it`
			`// otherwise false and an empty string slice`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) Match(data map[string]interface{}, matcher matchers.Matcher) (bool, []string) {`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`return protocols.MakeDefaultMatchFunc(data, matcher)`
			`}`

			`// Extract performs extracting operation for an extractor on model and returns true or false.`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) Extract(data map[string]interface{}, matcher extractors.Extractor) map[string]struct{} {`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`return protocols.MakeDefaultExtractFunc(data, matcher)`
			`}`

			`// MakeResultEvent creates a result event from internal wrapped event`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) MakeResultEvent(wrapped output.InternalWrappedEvent) []*output.ResultEvent {`
			`return protocols.MakeDefaultResultEvent(request, wrapped)`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`}`

			`// GetCompiledOperators returns a list of the compiled operators`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) GetCompiledOperators() []operators.Operators {`
			`return []*operators.Operators{request.CompiledOperators}`
merge from engine-refactor and dev 2021-10-29 18:26:06 +05:30			`}`

Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`// Type returns the type of the protocol request`
			`func (request *Request) Type() templateTypes.ProtocolType {`
			`return templateTypes.SSLProtocol`
			`}`

Misc changes according to review 2021-11-03 02:34:48 +05:30			`func (request Request) MakeResultEventItem(wrapped output.InternalWrappedEvent) *output.ResultEvent {`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`data := &output.ResultEvent{`
Misc changes according to review 2021-11-03 02:34:48 +05:30			`TemplateID: types.ToString(request.options.TemplateID),`
			`TemplatePath: types.ToString(request.options.TemplatePath),`
			`Info: request.options.TemplateInfo,`
Added matched-status flag + template-path and url to output (#1272) * Added matched-status flag + template-path and url to output 2021-11-22 17:53:25 +05:30			`Type: types.ToString(wrapped.InternalEvent["type"]),`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`Host: types.ToString(wrapped.InternalEvent["host"]),`
			`Matched: types.ToString(wrapped.InternalEvent["host"]),`
			`Metadata: wrapped.OperatorsResult.PayloadValues,`
			`ExtractedResults: wrapped.OperatorsResult.OutputExtracts,`
			`Timestamp: time.Now(),`
Added matched-status flag + template-path and url to output (#1272) * Added matched-status flag + template-path and url to output 2021-11-22 17:53:25 +05:30			`MatcherStatus: true,`
Added ssl protocol to nuclei 2021-09-22 22:41:07 +05:30			`IP: types.ToString(wrapped.InternalEvent["ip"]),`
			`}`
			`return data`
			`}`