2020-07-16 10:57:28 +02:00
|
|
|
package executer
|
2020-04-26 05:50:33 +05:30
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
|
2020-06-27 20:19:43 +05:30
|
|
|
jsoniter "github.com/json-iterator/go"
|
2020-04-26 06:33:59 +05:30
|
|
|
"github.com/projectdiscovery/gologger"
|
2020-07-01 16:17:24 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/matchers"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/requests"
|
2020-04-26 05:50:33 +05:30
|
|
|
)
|
|
|
|
|
|
2020-04-26 06:33:59 +05:30
|
|
|
// writeOutputHTTP writes http output to streams
|
2020-07-18 21:42:23 +02:00
|
|
|
func (e *HTTPExecuter) writeOutputHTTP(req *requests.HttpRequest, matcher *matchers.Matcher, extractorResults []string) {
|
2020-06-27 20:19:43 +05:30
|
|
|
URL := req.Request.URL.String()
|
|
|
|
|
|
|
|
|
|
if e.jsonOutput {
|
|
|
|
|
output := jsonOutput{
|
2020-07-16 10:57:28 +02:00
|
|
|
Template: e.template.ID,
|
|
|
|
|
Type: "http",
|
|
|
|
|
Matched: URL,
|
|
|
|
|
Severity: e.template.Info.Severity,
|
|
|
|
|
Author: e.template.Info.Author,
|
|
|
|
|
Description: e.template.Info.Description,
|
2020-06-27 20:19:43 +05:30
|
|
|
}
|
|
|
|
|
if matcher != nil && len(matcher.Name) > 0 {
|
|
|
|
|
output.MatcherName = matcher.Name
|
|
|
|
|
}
|
|
|
|
|
if len(extractorResults) > 0 {
|
|
|
|
|
output.ExtractedResults = extractorResults
|
|
|
|
|
}
|
|
|
|
|
data, err := jsoniter.Marshal(output)
|
|
|
|
|
if err != nil {
|
|
|
|
|
gologger.Warningf("Could not marshal json output: %s\n", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gologger.Silentf("%s", string(data))
|
|
|
|
|
|
|
|
|
|
if e.writer != nil {
|
|
|
|
|
e.outputMutex.Lock()
|
|
|
|
|
e.writer.Write(data)
|
|
|
|
|
e.writer.WriteRune('\n')
|
|
|
|
|
e.outputMutex.Unlock()
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-26 05:50:33 +05:30
|
|
|
builder := &strings.Builder{}
|
|
|
|
|
|
|
|
|
|
builder.WriteRune('[')
|
|
|
|
|
builder.WriteString(e.template.ID)
|
2020-04-26 06:33:59 +05:30
|
|
|
if matcher != nil && len(matcher.Name) > 0 {
|
2020-04-26 05:50:33 +05:30
|
|
|
builder.WriteString(":")
|
|
|
|
|
builder.WriteString(matcher.Name)
|
|
|
|
|
}
|
|
|
|
|
builder.WriteString("] [http] ")
|
|
|
|
|
|
|
|
|
|
// Escape the URL by replacing all % with %%
|
|
|
|
|
escapedURL := strings.Replace(URL, "%", "%%", -1)
|
|
|
|
|
builder.WriteString(escapedURL)
|
|
|
|
|
|
|
|
|
|
// If any extractors, write the results
|
|
|
|
|
if len(extractorResults) > 0 {
|
|
|
|
|
builder.WriteString(" [")
|
|
|
|
|
for i, result := range extractorResults {
|
|
|
|
|
builder.WriteString(result)
|
|
|
|
|
if i != len(extractorResults)-1 {
|
|
|
|
|
builder.WriteRune(',')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
builder.WriteString("]")
|
|
|
|
|
}
|
2020-05-14 18:09:36 +02:00
|
|
|
|
|
|
|
|
// write meta if any
|
|
|
|
|
if len(req.Meta) > 0 {
|
|
|
|
|
builder.WriteString(" [")
|
|
|
|
|
var metas []string
|
|
|
|
|
for name, value := range req.Meta {
|
|
|
|
|
metas = append(metas, name+"="+value.(string))
|
|
|
|
|
}
|
|
|
|
|
builder.WriteString(strings.Join(metas, ","))
|
|
|
|
|
builder.WriteString("]")
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-26 05:50:33 +05:30
|
|
|
builder.WriteRune('\n')
|
|
|
|
|
|
2020-04-26 06:33:59 +05:30
|
|
|
// Write output to screen as well as any output file
|
|
|
|
|
message := builder.String()
|
|
|
|
|
gologger.Silentf("%s", message)
|
|
|
|
|
|
|
|
|
|
if e.writer != nil {
|
|
|
|
|
e.outputMutex.Lock()
|
|
|
|
|
e.writer.WriteString(message)
|
|
|
|
|
e.outputMutex.Unlock()
|
|
|
|
|
}
|
2020-04-26 05:50:33 +05:30
|
|
|
}
|
