diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 781f0e2f6..91ddf60f8 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -194,6 +194,8 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.StringVarP(&options.Interface, "interface", "i", "", "network interface to use for network scan"), flagSet.StringVarP(&options.SourceIP, "source-ip", "sip", "", "source ip address to use for network scan"), flagSet.StringVar(&options.CustomConfigDir, "config-directory", "", "Override the default config path ($home/.config)"), + flagSet.IntVarP(&options.ResponseReadSize, "response-size-read", "rsr", 10*1024*1024, "max response size to read in bytes"), + flagSet.IntVarP(&options.ResponseSaveSize, "response-size-save", "rss", 1*1024*1024, "max response size to read in bytes"), ) flagSet.CreateGroup("interactsh", "interactsh", diff --git a/v2/pkg/protocols/http/operators.go b/v2/pkg/protocols/http/operators.go index 2521610c8..c9c0000db 100644 --- a/v2/pkg/protocols/http/operators.go +++ b/v2/pkg/protocols/http/operators.go @@ -158,8 +158,16 @@ func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent MatcherStatus: true, IP: types.ToString(wrapped.InternalEvent["ip"]), Request: types.ToString(wrapped.InternalEvent["request"]), - Response: types.ToString(wrapped.InternalEvent["response"]), + Response: request.truncateResponse(wrapped.InternalEvent["response"]), CURLCommand: types.ToString(wrapped.InternalEvent["curl-command"]), } return data } + +func (request *Request) truncateResponse(response interface{}) string { + responseString := types.ToString(response) + if len(responseString) > request.options.Options.ResponseSaveSize { + return responseString[:request.options.Options.ResponseSaveSize] + } + return responseString +} diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go index e9b34bf38..86a5f970a 100644 --- a/v2/pkg/protocols/http/request.go +++ b/v2/pkg/protocols/http/request.go @@ -538,6 +538,8 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ var bodyReader io.Reader if request.MaxSize != 0 { bodyReader = io.LimitReader(resp.Body, int64(request.MaxSize)) + } else if request.options.Options.ResponseReadSize != 0 { + bodyReader = io.LimitReader(resp.Body, int64(request.options.Options.ResponseReadSize)) } else { bodyReader = resp.Body } diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go index 1dc53be97..392777a40 100644 --- a/v2/pkg/types/types.go +++ b/v2/pkg/types/types.go @@ -244,6 +244,10 @@ type Options struct { Interface string // SourceIP sets custom source IP address for network requests SourceIP string + // ResponseReadSize is the maximum size of response to read + ResponseReadSize int + // ResponseSaveSize is the maximum size of response to save + ResponseSaveSize int // Health Check HealthCheck bool // Time to wait between each input read operation before closing the stream