nuclei/pkg/requests/requests.go

package requests

import (
	"io/ioutil"
	"net/http"
	"net/url"
	"strings"

	"github.com/projectdiscovery/nuclei/pkg/matchers"
	"github.com/valyala/fasttemplate"
)

// Request contains a request to be made from a template
type Request struct {
	// Method is the request method, whether GET, POST, PUT, etc
	Method string `yaml:"method"`
	// Path contains the path/s for the request
	Path []string `yaml:"path"`
	// Headers contains headers to send with the request
	Headers map[string]string `yaml:"headers,omitempty"`
	// Body is an optional parameter which contains the request body for POST methods, etc
	Body string `yaml:"body,omitempty"`
	// Matchers contains the detection mechanism for the request to identify
	// whether the request was successful
	Matchers []*matchers.Matcher `yaml:"matchers"`
}

// MakeRequest creates a *http.Request from a request template
func (r *Request) MakeRequest(baseURL string) ([]*http.Request, error) {
	parsed, err := url.Parse(baseURL)
	if err != nil {
		return nil, err
	}
	hostname := parsed.Hostname()

	requests := make([]*http.Request, 0, len(r.Path))
	for _, path := range r.Path {
		// Replace the dynamic variables in the URL if any
		t := fasttemplate.New(path, "{{", "}}")
		url := t.ExecuteString(map[string]interface{}{
			"BaseURL":  baseURL,
			"Hostname": hostname,
		})

		// Build a request on the specified URL
		req, err := http.NewRequest(r.Method, url, nil)
		if err != nil {
			return nil, err
		}

		// Check if the user requested a request body
		if r.Body != "" {
			req.Body = ioutil.NopCloser(strings.NewReader(r.Body))
		}

		// Set the header values requested
		for header, value := range r.Headers {
			req.Header.Set(header, value)
		}

		// Set some headers only if the header wasn't supplied by the user
		if _, ok := r.Headers["User-Agent"]; !ok {
			req.Header.Set("User-Agent", "Nuclei (@pdiscoveryio)")
		}
		req.Header.Set("Accept", "*/*")
		req.Header.Set("Accept-Language", "en")
		req.Header.Set("Connection", "close")
		req.Close = true

		requests = append(requests, req)
	}

	return requests, nil
}
Added readme + templates/requests start 2020-04-04 00:17:57 +05:30			`package requests`

			`import (`
Added requests + compile 2020-04-04 02:50:32 +05:30			`"io/ioutil"`
			`"net/http"`
Added dynamic templating 2020-04-04 03:26:11 +05:30			`"net/url"`
Added requests + compile 2020-04-04 02:50:32 +05:30			`"strings"`

Added readme + templates/requests start 2020-04-04 00:17:57 +05:30			`"github.com/projectdiscovery/nuclei/pkg/matchers"`
Added dynamic templating 2020-04-04 03:26:11 +05:30			`"github.com/valyala/fasttemplate"`
Added readme + templates/requests start 2020-04-04 00:17:57 +05:30			`)`

			`// Request contains a request to be made from a template`
			`type Request struct {`
			`// Method is the request method, whether GET, POST, PUT, etc`
			Method string `yaml:"method"`
			`// Path contains the path/s for the request`
			Path []string `yaml:"path"`
			`// Headers contains headers to send with the request`
			Headers map[string]string `yaml:"headers,omitempty"`
			`// Body is an optional parameter which contains the request body for POST methods, etc`
			Body string `yaml:"body,omitempty"`
			`// Matchers contains the detection mechanism for the request to identify`
			`// whether the request was successful`
			Matchers []*matchers.Matcher `yaml:"matchers"`
			`}`
Added requests + compile 2020-04-04 02:50:32 +05:30
			`// MakeRequest creates a *http.Request from a request template`
			`func (r Request) MakeRequest(baseURL string) ([]http.Request, error) {`
Added dynamic templating 2020-04-04 03:26:11 +05:30			`parsed, err := url.Parse(baseURL)`
			`if err != nil {`
			`return nil, err`
			`}`
			`hostname := parsed.Hostname()`
Added requests + compile 2020-04-04 02:50:32 +05:30
Added dynamic templating 2020-04-04 03:26:11 +05:30			`requests := make([]*http.Request, 0, len(r.Path))`
Added requests + compile 2020-04-04 02:50:32 +05:30			`for _, path := range r.Path {`
Added dynamic templating 2020-04-04 03:26:11 +05:30			`// Replace the dynamic variables in the URL if any`
			`t := fasttemplate.New(path, "{{", "}}")`
			`url := t.ExecuteString(map[string]interface{}{`
			`"BaseURL": baseURL,`
			`"Hostname": hostname,`
			`})`
Added requests + compile 2020-04-04 02:50:32 +05:30
Added dynamic templating 2020-04-04 03:26:11 +05:30			`// Build a request on the specified URL`
Added requests + compile 2020-04-04 02:50:32 +05:30			`req, err := http.NewRequest(r.Method, url, nil)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Check if the user requested a request body`
			`if r.Body != "" {`
			`req.Body = ioutil.NopCloser(strings.NewReader(r.Body))`
			`}`

			`// Set the header values requested`
			`for header, value := range r.Headers {`
			`req.Header.Set(header, value)`
			`}`
Added working runners + misc + logics etc 2020-04-04 15:59:05 +05:30
			`// Set some headers only if the header wasn't supplied by the user`
			`if _, ok := r.Headers["User-Agent"]; !ok {`
			`req.Header.Set("User-Agent", "Nuclei (@pdiscoveryio)")`
			`}`
			`req.Header.Set("Accept", "/")`
			`req.Header.Set("Accept-Language", "en")`
			`req.Header.Set("Connection", "close")`
			`req.Close = true`

Added requests + compile 2020-04-04 02:50:32 +05:30			`requests = append(requests, req)`
			`}`

			`return requests, nil`
			`}`