2020-12-21 14:31:32 +05:30
|
|
|
package protocols
|
|
|
|
|
|
2020-12-23 20:46:42 +05:30
|
|
|
import (
|
2024-04-25 15:37:56 +05:30
|
|
|
"context"
|
2023-11-11 02:12:27 +03:00
|
|
|
"encoding/base64"
|
2023-08-31 18:03:01 +05:30
|
|
|
"sync/atomic"
|
|
|
|
|
|
2025-06-16 22:24:52 +05:30
|
|
|
"github.com/projectdiscovery/fastdialer/fastdialer"
|
2025-07-09 14:47:26 -05:00
|
|
|
"github.com/projectdiscovery/gologger"
|
2022-10-12 22:04:37 -05:00
|
|
|
"github.com/projectdiscovery/ratelimit"
|
2023-08-31 18:03:01 +05:30
|
|
|
mapsutil "github.com/projectdiscovery/utils/maps"
|
2023-06-09 19:52:56 +05:30
|
|
|
stringsutil "github.com/projectdiscovery/utils/strings"
|
2021-09-07 17:31:46 +03:00
|
|
|
|
2021-10-28 17:20:07 +05:30
|
|
|
"github.com/logrusorgru/aurora"
|
2021-11-25 17:09:20 +02:00
|
|
|
|
2024-03-14 03:08:53 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/authprovider"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog"
|
2024-06-11 04:43:46 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/fuzz/frequency"
|
2025-02-13 18:46:28 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/fuzz/stats"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/input"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/js/compiler"
|
2024-03-13 21:46:30 +01:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/loader/parser"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/model"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators/extractors"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/progress"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/projectfile"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
|
2024-10-14 20:55:46 +07:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/globalmatchers"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/hosterrorscache"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/excludematchers"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/variables"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/reporting"
|
2023-11-27 19:54:45 +01:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/scan"
|
2023-10-17 17:44:13 +05:30
|
|
|
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
2024-05-15 15:34:59 +02:00
|
|
|
unitutils "github.com/projectdiscovery/utils/unit"
|
2020-12-23 20:46:42 +05:30
|
|
|
)
|
2020-12-23 16:16:16 +05:30
|
|
|
|
2024-02-02 02:05:30 +05:30
|
|
|
var (
|
2024-05-15 15:34:59 +02:00
|
|
|
MaxTemplateFileSizeForEncoding = unitutils.Mega
|
2024-02-02 02:05:30 +05:30
|
|
|
)
|
2023-11-11 02:12:27 +03:00
|
|
|
|
2020-12-25 20:33:52 +05:30
|
|
|
// Executer is an interface implemented any protocol based request executer.
|
2020-12-23 20:46:42 +05:30
|
|
|
type Executer interface {
|
2020-12-25 20:33:52 +05:30
|
|
|
// Compile compiles the execution generators preparing any requests possible.
|
2020-12-25 20:39:09 +05:30
|
|
|
Compile() error
|
2020-12-22 03:54:55 +05:30
|
|
|
// Requests returns the total number of requests the rule will perform
|
2020-12-29 15:38:14 +05:30
|
|
|
Requests() int
|
2020-12-25 20:33:52 +05:30
|
|
|
// Execute executes the protocol group and returns true or false if results were found.
|
2023-11-27 19:54:45 +01:00
|
|
|
Execute(ctx *scan.ScanContext) (bool, error)
|
2020-12-23 20:46:42 +05:30
|
|
|
// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
|
2023-11-27 19:54:45 +01:00
|
|
|
ExecuteWithResults(ctx *scan.ScanContext) ([]*output.ResultEvent, error)
|
2020-12-21 14:31:32 +05:30
|
|
|
}
|
2020-12-23 16:16:16 +05:30
|
|
|
|
2023-05-31 16:58:10 -04:00
|
|
|
// ExecutorOptions contains the configuration options for executer clients
|
|
|
|
|
type ExecutorOptions struct {
|
2020-12-25 02:24:55 +05:30
|
|
|
// TemplateID is the ID of the template for the request
|
|
|
|
|
TemplateID string
|
2020-12-29 12:08:46 +05:30
|
|
|
// TemplatePath is the path of the template for the request
|
|
|
|
|
TemplatePath string
|
2020-12-25 02:24:55 +05:30
|
|
|
// TemplateInfo contains information block of the template request
|
2021-07-12 17:20:01 +03:00
|
|
|
TemplateInfo model.Info
|
2024-09-19 18:58:20 +05:30
|
|
|
// TemplateVerifier is the verifier for the template
|
|
|
|
|
TemplateVerifier string
|
2023-11-11 02:12:27 +03:00
|
|
|
// RawTemplate is the raw template for the request
|
|
|
|
|
RawTemplate []byte
|
2020-12-23 20:46:42 +05:30
|
|
|
// Output is a writer interface for writing output events from executer.
|
|
|
|
|
Output output.Writer
|
2020-12-24 01:42:04 +05:30
|
|
|
// Options contains configuration options for the executer.
|
2020-12-23 20:46:42 +05:30
|
|
|
Options *types.Options
|
2021-02-02 12:10:47 +05:30
|
|
|
// IssuesClient is a client for nuclei issue tracker reporting
|
2023-02-07 09:45:49 +01:00
|
|
|
IssuesClient reporting.Client
|
2020-12-25 20:33:52 +05:30
|
|
|
// Progress is a progress client for scan reporting
|
2021-03-09 17:19:03 +05:30
|
|
|
Progress progress.Progress
|
2020-12-24 01:42:04 +05:30
|
|
|
// RateLimiter is a rate-limiter for limiting sent number of requests.
|
2022-09-19 13:39:28 +02:00
|
|
|
RateLimiter *ratelimit.Limiter
|
2021-02-26 13:13:11 +05:30
|
|
|
// Catalog is a template catalog implementation for nuclei
|
2022-08-10 23:35:58 +05:30
|
|
|
Catalog catalog.Catalog
|
2020-12-29 01:30:07 +05:30
|
|
|
// ProjectFile is the project file for nuclei
|
|
|
|
|
ProjectFile *projectfile.ProjectFile
|
2021-02-21 16:31:34 +05:30
|
|
|
// Browser is a browser engine for running headless templates
|
|
|
|
|
Browser *engine.Browser
|
2021-04-16 16:56:41 +05:30
|
|
|
// Interactsh is a client for interactsh oob polling server
|
|
|
|
|
Interactsh *interactsh.Client
|
2021-08-16 21:24:37 +05:30
|
|
|
// HostErrorsCache is an optional cache for handling host errors
|
2022-07-18 15:35:53 -05:00
|
|
|
HostErrorsCache hosterrorscache.CacheInterface
|
2022-12-19 19:52:17 +05:30
|
|
|
// Stop execution once first match is found (Assigned while parsing templates)
|
|
|
|
|
// Note: this is different from Options.StopAtFirstMatch (Assigned from CLI option)
|
2021-11-29 16:01:06 +05:30
|
|
|
StopAtFirstMatch bool
|
2022-03-31 00:54:35 +05:30
|
|
|
// Variables is a list of variables from template
|
|
|
|
|
Variables variables.Variable
|
2023-05-25 18:32:35 +02:00
|
|
|
// Constants is a list of constants from template
|
|
|
|
|
Constants map[string]interface{}
|
2022-06-24 23:09:27 +05:30
|
|
|
// ExcludeMatchers is the list of matchers to exclude
|
|
|
|
|
ExcludeMatchers *excludematchers.ExcludeMatchers
|
2022-10-20 17:23:00 +05:30
|
|
|
// InputHelper is a helper for input normalization
|
|
|
|
|
InputHelper *input.Helper
|
2024-06-11 04:43:46 +05:30
|
|
|
// FuzzParamsFrequency is a cache for parameter frequency
|
|
|
|
|
FuzzParamsFrequency *frequency.Tracker
|
2025-02-13 18:46:28 +05:30
|
|
|
// FuzzStatsDB is a database for fuzzing stats
|
|
|
|
|
FuzzStatsDB *stats.Tracker
|
2021-02-06 00:36:43 +05:30
|
|
|
|
|
|
|
|
Operators []*operators.Operators // only used by offlinehttp module
|
2021-07-15 13:41:41 +03:00
|
|
|
|
2023-02-13 18:00:25 +05:30
|
|
|
// DoNotCache bool disables optional caching of the templates structure
|
|
|
|
|
DoNotCache bool
|
|
|
|
|
|
2021-10-28 17:20:07 +05:30
|
|
|
Colorizer aurora.Aurora
|
2021-07-15 13:41:41 +03:00
|
|
|
WorkflowLoader model.WorkflowLoader
|
2021-11-29 14:38:45 +01:00
|
|
|
ResumeCfg *types.ResumeCfg
|
2023-06-09 19:52:56 +05:30
|
|
|
// ProtocolType is the type of the template
|
|
|
|
|
ProtocolType templateTypes.ProtocolType
|
2023-08-31 18:03:01 +05:30
|
|
|
// Flow is execution flow for the template (written in javascript)
|
|
|
|
|
Flow string
|
|
|
|
|
// IsMultiProtocol is true if template has more than one protocol
|
|
|
|
|
IsMultiProtocol bool
|
|
|
|
|
// templateStore is a map which contains template context for each scan (i.e input * template-id pair)
|
|
|
|
|
templateCtxStore *mapsutil.SyncLockMap[string, *contextargs.Context]
|
2023-09-16 16:02:17 +05:30
|
|
|
// JsCompiler is abstracted javascript compiler which adds node modules and provides execution
|
|
|
|
|
// environment for javascript templates
|
|
|
|
|
JsCompiler *compiler.Compiler
|
2024-03-14 03:08:53 +05:30
|
|
|
// AuthProvider is a provider for auth strategies
|
|
|
|
|
AuthProvider authprovider.AuthProvider
|
2024-03-07 15:57:38 +03:00
|
|
|
//TemporaryDirectory is the directory to store temporary files
|
|
|
|
|
TemporaryDirectory string
|
2024-03-13 21:46:30 +01:00
|
|
|
Parser parser.Parser
|
2024-03-30 23:50:31 +05:30
|
|
|
// ExportReqURLPattern exports the request URL pattern
|
|
|
|
|
// in ResultEvent it contains the exact url pattern (ex: {{BaseURL}}/{{randstr}}/xyz) used in the request
|
|
|
|
|
ExportReqURLPattern bool
|
2024-10-14 20:55:46 +07:00
|
|
|
// GlobalMatchers is the storage for global matchers with http passive templates
|
|
|
|
|
GlobalMatchers *globalmatchers.Storage
|
2025-07-09 14:47:26 -05:00
|
|
|
// Logger is the shared logging instance
|
|
|
|
|
Logger *gologger.Logger
|
2025-06-16 22:24:52 +05:30
|
|
|
// CustomFastdialer is a fastdialer dialer instance
|
|
|
|
|
CustomFastdialer *fastdialer.Dialer
|
2024-02-02 02:05:30 +05:30
|
|
|
}
|
|
|
|
|
|
2024-04-03 19:40:09 +02:00
|
|
|
// todo: centralizing components is not feasible with current clogged architecture
|
|
|
|
|
// a possible approach could be an internal event bus with pub-subs? This would be less invasive than
|
|
|
|
|
// reworking dep injection from scratch
|
2025-07-09 14:47:26 -05:00
|
|
|
func (e *ExecutorOptions) RateLimitTake() {
|
|
|
|
|
// The code below can race and there isn't a great way to fix this without adding an idempotent
|
|
|
|
|
// function to the rate limiter implementation. For now, stick with whatever rate is already set.
|
|
|
|
|
/*
|
|
|
|
|
if e.RateLimiter.GetLimit() != uint(e.Options.RateLimit) {
|
|
|
|
|
e.RateLimiter.SetLimit(uint(e.Options.RateLimit))
|
|
|
|
|
e.RateLimiter.SetDuration(e.Options.RateLimitDuration)
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
if e.RateLimiter != nil {
|
|
|
|
|
e.RateLimiter.Take()
|
2024-04-03 19:40:09 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-02-02 02:05:30 +05:30
|
|
|
// GetThreadsForPayloadRequests returns the number of threads to use as default for
|
|
|
|
|
// given max-request of payloads
|
|
|
|
|
func (e *ExecutorOptions) GetThreadsForNPayloadRequests(totalRequests int, currentThreads int) int {
|
2024-02-13 01:20:19 +05:30
|
|
|
if currentThreads > 0 {
|
2024-02-02 02:05:30 +05:30
|
|
|
return currentThreads
|
|
|
|
|
}
|
2024-04-03 23:06:08 +02:00
|
|
|
|
|
|
|
|
return e.Options.PayloadConcurrency
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CreateTemplateCtxStore creates template context store (which contains templateCtx for every scan)
|
|
|
|
|
func (e *ExecutorOptions) CreateTemplateCtxStore() {
|
|
|
|
|
e.templateCtxStore = &mapsutil.SyncLockMap[string, *contextargs.Context]{
|
|
|
|
|
Map: make(map[string]*contextargs.Context),
|
|
|
|
|
ReadOnly: atomic.Bool{},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RemoveTemplateCtx removes template context of given scan from store
|
|
|
|
|
func (e *ExecutorOptions) RemoveTemplateCtx(input *contextargs.MetaInput) {
|
|
|
|
|
scanId := input.GetScanHash(e.TemplateID)
|
|
|
|
|
if e.templateCtxStore != nil {
|
|
|
|
|
e.templateCtxStore.Delete(scanId)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-18 05:53:42 +05:30
|
|
|
// HasTemplateCtx returns true if template context exists for given input
|
|
|
|
|
func (e *ExecutorOptions) HasTemplateCtx(input *contextargs.MetaInput) bool {
|
|
|
|
|
scanId := input.GetScanHash(e.TemplateID)
|
|
|
|
|
if e.templateCtxStore != nil {
|
|
|
|
|
return e.templateCtxStore.Has(scanId)
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
// GetTemplateCtx returns template context for given input
|
|
|
|
|
func (e *ExecutorOptions) GetTemplateCtx(input *contextargs.MetaInput) *contextargs.Context {
|
|
|
|
|
scanId := input.GetScanHash(e.TemplateID)
|
2025-07-18 13:40:58 -05:00
|
|
|
if e.templateCtxStore == nil {
|
|
|
|
|
// if template context store is not initialized create it
|
|
|
|
|
e.CreateTemplateCtxStore()
|
|
|
|
|
}
|
|
|
|
|
// get template context from store
|
2023-08-31 18:03:01 +05:30
|
|
|
templateCtx, ok := e.templateCtxStore.Get(scanId)
|
|
|
|
|
if !ok {
|
|
|
|
|
// if template context does not exist create new and add it to store and return it
|
2024-04-25 15:37:56 +05:30
|
|
|
templateCtx = contextargs.New(context.Background())
|
2024-01-18 05:53:42 +05:30
|
|
|
templateCtx.MetaInput = input
|
2023-08-31 18:03:01 +05:30
|
|
|
_ = e.templateCtxStore.Set(scanId, templateCtx)
|
|
|
|
|
}
|
|
|
|
|
return templateCtx
|
2023-06-09 19:52:56 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddTemplateVars adds vars to template context with given template type as prefix
|
|
|
|
|
// this method is no-op if template is not multi protocol
|
2023-08-31 18:03:01 +05:30
|
|
|
func (e *ExecutorOptions) AddTemplateVars(input *contextargs.MetaInput, reqType templateTypes.ProtocolType, reqID string, vars map[string]interface{}) {
|
|
|
|
|
// if we wan't to disable adding response variables and other variables to template context
|
|
|
|
|
// this is the statement that does it . template context is currently only enabled for
|
|
|
|
|
// multiprotocol and flow templates
|
|
|
|
|
if !e.IsMultiProtocol && e.Flow == "" {
|
|
|
|
|
// no-op if not multi protocol template or flow template
|
2023-06-09 19:52:56 +05:30
|
|
|
return
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
templateCtx := e.GetTemplateCtx(input)
|
2023-06-09 19:52:56 +05:30
|
|
|
for k, v := range vars {
|
2024-08-04 18:14:08 +05:30
|
|
|
if stringsutil.HasPrefixAny(k, templateTypes.SupportedProtocolsStrings()...) {
|
|
|
|
|
// this was inherited from previous protocols no need to modify it we can directly set it or omit
|
|
|
|
|
templateCtx.Set(k, v)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2023-06-09 19:52:56 +05:30
|
|
|
if !stringsutil.EqualFoldAny(k, "template-id", "template-info", "template-path") {
|
2023-08-31 18:03:01 +05:30
|
|
|
if reqID != "" {
|
|
|
|
|
k = reqID + "_" + k
|
|
|
|
|
} else if reqType < templateTypes.InvalidProtocol {
|
|
|
|
|
k = reqType.String() + "_" + k
|
2023-06-09 19:52:56 +05:30
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
templateCtx.Set(k, v)
|
2023-06-09 19:52:56 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddTemplateVar adds given var to template context with given template type as prefix
|
|
|
|
|
// this method is no-op if template is not multi protocol
|
2023-08-31 18:03:01 +05:30
|
|
|
func (e *ExecutorOptions) AddTemplateVar(input *contextargs.MetaInput, templateType templateTypes.ProtocolType, reqID string, key string, value interface{}) {
|
|
|
|
|
if !e.IsMultiProtocol && e.Flow == "" {
|
|
|
|
|
// no-op if not multi protocol template or flow template
|
2023-06-09 19:52:56 +05:30
|
|
|
return
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
templateCtx := e.GetTemplateCtx(input)
|
2024-08-04 18:14:08 +05:30
|
|
|
if stringsutil.HasPrefixAny(key, templateTypes.SupportedProtocolsStrings()...) {
|
|
|
|
|
// this was inherited from previous protocols no need to modify it we can directly set it or omit
|
|
|
|
|
templateCtx.Set(key, value)
|
|
|
|
|
return
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
if reqID != "" {
|
|
|
|
|
key = reqID + "_" + key
|
|
|
|
|
} else if templateType < templateTypes.InvalidProtocol {
|
|
|
|
|
key = templateType.String() + "_" + key
|
2023-06-09 19:52:56 +05:30
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
templateCtx.Set(key, value)
|
2020-12-23 16:16:16 +05:30
|
|
|
}
|
2020-12-25 20:33:52 +05:30
|
|
|
|
2021-10-27 16:50:36 +05:30
|
|
|
// Copy returns a copy of the executeroptions structure
|
2025-07-09 14:47:26 -05:00
|
|
|
func (e *ExecutorOptions) Copy() *ExecutorOptions {
|
|
|
|
|
copy := &ExecutorOptions{
|
|
|
|
|
TemplateID: e.TemplateID,
|
|
|
|
|
TemplatePath: e.TemplatePath,
|
|
|
|
|
TemplateInfo: e.TemplateInfo,
|
|
|
|
|
TemplateVerifier: e.TemplateVerifier,
|
|
|
|
|
RawTemplate: e.RawTemplate,
|
|
|
|
|
Output: e.Output,
|
|
|
|
|
Options: e.Options,
|
|
|
|
|
IssuesClient: e.IssuesClient,
|
|
|
|
|
Progress: e.Progress,
|
|
|
|
|
RateLimiter: e.RateLimiter,
|
|
|
|
|
Catalog: e.Catalog,
|
|
|
|
|
ProjectFile: e.ProjectFile,
|
|
|
|
|
Browser: e.Browser,
|
|
|
|
|
Interactsh: e.Interactsh,
|
|
|
|
|
HostErrorsCache: e.HostErrorsCache,
|
|
|
|
|
StopAtFirstMatch: e.StopAtFirstMatch,
|
|
|
|
|
Variables: e.Variables,
|
|
|
|
|
Constants: e.Constants,
|
|
|
|
|
ExcludeMatchers: e.ExcludeMatchers,
|
|
|
|
|
InputHelper: e.InputHelper,
|
|
|
|
|
FuzzParamsFrequency: e.FuzzParamsFrequency,
|
|
|
|
|
FuzzStatsDB: e.FuzzStatsDB,
|
|
|
|
|
Operators: e.Operators,
|
|
|
|
|
DoNotCache: e.DoNotCache,
|
|
|
|
|
Colorizer: e.Colorizer,
|
|
|
|
|
WorkflowLoader: e.WorkflowLoader,
|
|
|
|
|
ResumeCfg: e.ResumeCfg,
|
|
|
|
|
ProtocolType: e.ProtocolType,
|
|
|
|
|
Flow: e.Flow,
|
|
|
|
|
IsMultiProtocol: e.IsMultiProtocol,
|
|
|
|
|
JsCompiler: e.JsCompiler,
|
|
|
|
|
AuthProvider: e.AuthProvider,
|
|
|
|
|
TemporaryDirectory: e.TemporaryDirectory,
|
|
|
|
|
Parser: e.Parser,
|
|
|
|
|
ExportReqURLPattern: e.ExportReqURLPattern,
|
|
|
|
|
GlobalMatchers: e.GlobalMatchers,
|
|
|
|
|
Logger: e.Logger,
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
copy.CreateTemplateCtxStore()
|
2021-10-27 16:50:36 +05:30
|
|
|
return copy
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-25 20:33:52 +05:30
|
|
|
// Request is an interface implemented any protocol based request generator.
|
|
|
|
|
type Request interface {
|
|
|
|
|
// Compile compiles the request generators preparing any requests possible.
|
2023-05-31 16:58:10 -04:00
|
|
|
Compile(options *ExecutorOptions) error
|
2020-12-25 20:33:52 +05:30
|
|
|
// Requests returns the total number of requests the rule will perform
|
2020-12-29 15:38:14 +05:30
|
|
|
Requests() int
|
2021-01-16 14:10:24 +05:30
|
|
|
// GetID returns the ID for the request if any. IDs are used for multi-request
|
|
|
|
|
// condition matching. So, two requests can be sent and their match can
|
|
|
|
|
// be evaluated from the third request by using the IDs for both requests.
|
|
|
|
|
GetID() string
|
2021-09-29 19:43:46 +03:00
|
|
|
// Match performs matching operation for a matcher on model and returns:
|
|
|
|
|
// true and a list of matched snippets if the matcher type is supports it
|
|
|
|
|
// otherwise false and an empty string slice
|
|
|
|
|
Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
|
2021-09-07 17:31:46 +03:00
|
|
|
// Extract performs extracting operation for an extractor on model and returns true or false.
|
2020-12-25 20:33:52 +05:30
|
|
|
Extract(data map[string]interface{}, matcher *extractors.Extractor) map[string]struct{}
|
|
|
|
|
// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
|
2022-10-03 12:12:20 +02:00
|
|
|
ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback OutputEventCallback) error
|
2021-10-06 21:53:03 +03:00
|
|
|
// MakeResultEventItem creates a result event from internal wrapped event. Intended to be used by MakeResultEventItem internally
|
|
|
|
|
MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
|
|
|
|
|
// MakeResultEvent creates a flat list of result events from an internal wrapped event, based on successful matchers and extracted data
|
2021-10-01 16:52:38 +03:00
|
|
|
MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
|
|
|
|
|
// GetCompiledOperators returns a list of the compiled operators
|
|
|
|
|
GetCompiledOperators() []*operators.Operators
|
2021-11-05 03:01:41 +05:30
|
|
|
// Type returns the type of the protocol request
|
|
|
|
|
Type() templateTypes.ProtocolType
|
2020-12-25 20:33:52 +05:30
|
|
|
}
|
2021-01-01 19:36:21 +05:30
|
|
|
|
|
|
|
|
// OutputEventCallback is a callback event for any results found during scanning.
|
|
|
|
|
type OutputEventCallback func(result *output.InternalWrappedEvent)
|
2021-10-06 21:53:03 +03:00
|
|
|
|
|
|
|
|
func MakeDefaultResultEvent(request Request, wrapped *output.InternalWrappedEvent) []*output.ResultEvent {
|
2024-01-10 16:34:40 +05:30
|
|
|
// Note: operator result is generated if something was succesfull match/extract/dynamic-extract
|
|
|
|
|
// but results should not be generated if
|
|
|
|
|
// 1. no match was found and some dynamic values were extracted
|
|
|
|
|
// 2. if something was extracted (matchers exist but no match was found)
|
2021-10-06 21:53:03 +03:00
|
|
|
if len(wrapped.OperatorsResult.DynamicValues) > 0 && !wrapped.OperatorsResult.Matched {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2024-01-10 16:34:40 +05:30
|
|
|
// check if something was extracted (except dynamic values)
|
|
|
|
|
extracted := len(wrapped.OperatorsResult.Extracts) > 0 || len(wrapped.OperatorsResult.OutputExtracts) > 0
|
|
|
|
|
if extracted && len(wrapped.OperatorsResult.Operators.Matchers) > 0 && !wrapped.OperatorsResult.Matched {
|
|
|
|
|
// if extracted and matchers exist but no match was found then don't generate result
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2021-10-06 21:53:03 +03:00
|
|
|
|
|
|
|
|
results := make([]*output.ResultEvent, 0, len(wrapped.OperatorsResult.Matches)+1)
|
|
|
|
|
|
|
|
|
|
// If we have multiple matchers with names, write each of them separately.
|
|
|
|
|
if len(wrapped.OperatorsResult.Matches) > 0 {
|
|
|
|
|
for matcherNames := range wrapped.OperatorsResult.Matches {
|
|
|
|
|
data := request.MakeResultEventItem(wrapped)
|
|
|
|
|
data.MatcherName = matcherNames
|
|
|
|
|
results = append(results, data)
|
|
|
|
|
}
|
|
|
|
|
} else if len(wrapped.OperatorsResult.Extracts) > 0 {
|
|
|
|
|
for k, v := range wrapped.OperatorsResult.Extracts {
|
|
|
|
|
data := request.MakeResultEventItem(wrapped)
|
|
|
|
|
data.ExtractorName = k
|
|
|
|
|
data.ExtractedResults = v
|
|
|
|
|
results = append(results, data)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
data := request.MakeResultEventItem(wrapped)
|
|
|
|
|
results = append(results, data)
|
|
|
|
|
}
|
|
|
|
|
return results
|
|
|
|
|
}
|
2021-10-29 18:26:06 +05:30
|
|
|
|
|
|
|
|
// MakeDefaultExtractFunc performs extracting operation for an extractor on model and returns true or false.
|
|
|
|
|
func MakeDefaultExtractFunc(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{} {
|
2021-11-08 16:01:45 +05:30
|
|
|
part := extractor.Part
|
|
|
|
|
if part == "" {
|
|
|
|
|
part = "response"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
item, ok := data[part]
|
2022-04-20 11:32:13 +02:00
|
|
|
if !ok && !extractors.SupportsMap(extractor) {
|
2021-10-29 18:26:06 +05:30
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
itemStr := types.ToString(item)
|
|
|
|
|
|
|
|
|
|
switch extractor.GetType() {
|
|
|
|
|
case extractors.RegexExtractor:
|
|
|
|
|
return extractor.ExtractRegex(itemStr)
|
|
|
|
|
case extractors.KValExtractor:
|
|
|
|
|
return extractor.ExtractKval(data)
|
|
|
|
|
case extractors.JSONExtractor:
|
|
|
|
|
return extractor.ExtractJSON(itemStr)
|
|
|
|
|
case extractors.XPathExtractor:
|
2022-08-22 02:57:32 -07:00
|
|
|
return extractor.ExtractXPath(itemStr)
|
2022-04-20 11:32:13 +02:00
|
|
|
case extractors.DSLExtractor:
|
|
|
|
|
return extractor.ExtractDSL(data)
|
2021-10-29 18:26:06 +05:30
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// MakeDefaultMatchFunc performs matching operation for a matcher on model and returns true or false.
|
|
|
|
|
func MakeDefaultMatchFunc(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string) {
|
2021-11-08 16:01:45 +05:30
|
|
|
part := matcher.Part
|
|
|
|
|
if part == "" {
|
|
|
|
|
part = "response"
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-08 16:10:04 +05:30
|
|
|
partItem, ok := data[part]
|
2022-01-13 13:22:43 +05:30
|
|
|
if !ok && matcher.Type.MatcherType != matchers.DSLMatcher {
|
2021-10-29 18:26:06 +05:30
|
|
|
return false, nil
|
|
|
|
|
}
|
|
|
|
|
item := types.ToString(partItem)
|
|
|
|
|
|
|
|
|
|
switch matcher.GetType() {
|
|
|
|
|
case matchers.SizeMatcher:
|
|
|
|
|
result := matcher.Result(matcher.MatchSize(len(item)))
|
|
|
|
|
return result, nil
|
|
|
|
|
case matchers.WordsMatcher:
|
2021-11-03 18:58:00 +05:30
|
|
|
return matcher.ResultWithMatchedSnippet(matcher.MatchWords(item, nil))
|
2021-10-29 18:26:06 +05:30
|
|
|
case matchers.RegexMatcher:
|
2021-11-03 18:58:00 +05:30
|
|
|
return matcher.ResultWithMatchedSnippet(matcher.MatchRegex(item))
|
2021-10-29 18:26:06 +05:30
|
|
|
case matchers.BinaryMatcher:
|
2021-11-03 18:58:00 +05:30
|
|
|
return matcher.ResultWithMatchedSnippet(matcher.MatchBinary(item))
|
2021-10-29 18:26:06 +05:30
|
|
|
case matchers.DSLMatcher:
|
|
|
|
|
return matcher.Result(matcher.MatchDSL(data)), nil
|
2023-08-26 05:11:51 +12:00
|
|
|
case matchers.XPathMatcher:
|
|
|
|
|
return matcher.Result(matcher.MatchXPath(item)), []string{}
|
2021-10-29 18:26:06 +05:30
|
|
|
}
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
2023-11-11 02:12:27 +03:00
|
|
|
|
|
|
|
|
func (e *ExecutorOptions) EncodeTemplate() string {
|
|
|
|
|
if !e.Options.OmitTemplate && len(e.RawTemplate) <= MaxTemplateFileSizeForEncoding {
|
|
|
|
|
return base64.StdEncoding.EncodeToString(e.RawTemplate)
|
|
|
|
|
}
|
|
|
|
|
return ""
|
|
|
|
|
}
|
2025-07-09 14:47:26 -05:00
|
|
|
|
|
|
|
|
// ApplyNewEngineOptions updates an existing ExecutorOptions with options from a new engine. This
|
|
|
|
|
// handles things like the ExecutionID that need to be updated.
|
|
|
|
|
func (e *ExecutorOptions) ApplyNewEngineOptions(n *ExecutorOptions) {
|
|
|
|
|
// TODO: cached code|headless templates have nil ExecuterOptions if -code or -headless are not enabled
|
|
|
|
|
if e == nil || n == nil || n.Options == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-18 13:40:58 -05:00
|
|
|
// The types.Options include the ExecutionID among other things
|
|
|
|
|
e.Options = n.Options.Copy()
|
|
|
|
|
|
|
|
|
|
// Keep the template-specific fields, but replace the rest
|
|
|
|
|
/*
|
|
|
|
|
e.TemplateID = n.TemplateID
|
|
|
|
|
e.TemplatePath = n.TemplatePath
|
|
|
|
|
e.TemplateInfo = n.TemplateInfo
|
|
|
|
|
e.TemplateVerifier = n.TemplateVerifier
|
|
|
|
|
e.RawTemplate = n.RawTemplate
|
|
|
|
|
e.Variables = n.Variables
|
|
|
|
|
e.Constants = n.Constants
|
|
|
|
|
*/
|
|
|
|
|
e.Output = n.Output
|
|
|
|
|
e.Options = n.Options
|
|
|
|
|
e.IssuesClient = n.IssuesClient
|
|
|
|
|
e.Progress = n.Progress
|
|
|
|
|
e.RateLimiter = n.RateLimiter
|
|
|
|
|
e.Catalog = n.Catalog
|
|
|
|
|
e.ProjectFile = n.ProjectFile
|
|
|
|
|
e.Browser = n.Browser
|
|
|
|
|
e.Interactsh = n.Interactsh
|
|
|
|
|
e.HostErrorsCache = n.HostErrorsCache
|
|
|
|
|
e.StopAtFirstMatch = n.StopAtFirstMatch
|
|
|
|
|
e.ExcludeMatchers = n.ExcludeMatchers
|
|
|
|
|
e.InputHelper = n.InputHelper
|
|
|
|
|
e.FuzzParamsFrequency = n.FuzzParamsFrequency
|
|
|
|
|
e.FuzzStatsDB = n.FuzzStatsDB
|
|
|
|
|
e.DoNotCache = n.DoNotCache
|
|
|
|
|
e.Colorizer = n.Colorizer
|
|
|
|
|
e.WorkflowLoader = n.WorkflowLoader
|
|
|
|
|
e.ResumeCfg = n.ResumeCfg
|
|
|
|
|
e.ProtocolType = n.ProtocolType
|
|
|
|
|
e.Flow = n.Flow
|
|
|
|
|
e.IsMultiProtocol = n.IsMultiProtocol
|
|
|
|
|
e.templateCtxStore = n.templateCtxStore
|
|
|
|
|
e.JsCompiler = n.JsCompiler
|
|
|
|
|
e.AuthProvider = n.AuthProvider
|
|
|
|
|
e.TemporaryDirectory = n.TemporaryDirectory
|
|
|
|
|
e.Parser = n.Parser
|
|
|
|
|
e.ExportReqURLPattern = n.ExportReqURLPattern
|
|
|
|
|
e.GlobalMatchers = n.GlobalMatchers
|
|
|
|
|
e.Logger = n.Logger
|
|
|
|
|
e.CustomFastdialer = n.CustomFastdialer
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
