diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index 279e6eea6..1e6d4d05a 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -12,6 +12,7 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/operators" "github.com/projectdiscovery/nuclei/v2/pkg/protocols" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns/dnsclientpool" "github.com/projectdiscovery/retryabledns" @@ -193,7 +194,11 @@ func (request *Request) Make(host string) (*dns.Msg, error) { var q dns.Question - final := replacer.Replace(request.Name, GenerateDNSVariables(host)) + vars := GenerateDNSVariables(host) + variablesMap := request.options.Variables.Evaluate(vars) + vars = generators.MergeMaps(variablesMap, variablesMap) + + final := replacer.Replace(request.Name, vars) q.Name = dns.Fqdn(final) q.Qclass = request.class diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 9bdea6387..91b63a1af 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -11,7 +11,6 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/protocols" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators" - "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/variables" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/httpclientpool" "github.com/projectdiscovery/rawhttp" "github.com/projectdiscovery/retryablehttp-go" @@ -70,9 +69,6 @@ type Request struct { // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. Payloads map[string]interface{} `yaml:"payloads,omitempty" jsonschema:"title=payloads for the http request,description=Payloads contains any payloads for the current request"` - // description: | - // Variables contains any variables for the current request. - Variables variables.Variable `yaml:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"` // description: | // Headers contains HTTP Headers to send with the request. diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go index 3b23ecbc4..4f3a2151c 100644 --- a/v2/pkg/protocols/http/request.go +++ b/v2/pkg/protocols/http/request.go @@ -240,8 +240,8 @@ func (request *Request) ExecuteWithResults(reqURL string, dynamicValues, previou // returns two values, error and skip, which skips the execution for the request instance. executeFunc := func(data string, payloads, dynamicValue map[string]interface{}) (bool, error) { hasInteractMatchers := interactsh.HasMatchers(request.CompiledOperators) - variablesMap := request.Variables.Evaluate(generators.MergeMaps(dynamicValues, payloads)) - dynamicValues = generators.MergeMaps(variablesMap, dynamicValues) + variablesMap := request.options.Variables.Evaluate(generators.MergeMaps(dynamicValues, payloads)) + payloads = generators.MergeMaps(variablesMap, payloads) generatedHttpRequest, err := generator.Make(reqURL, data, payloads, dynamicValue) if err != nil { diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 27a79fafe..bb56de66e 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -11,7 +11,6 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/protocols" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators" - "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/variables" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool" ) @@ -44,9 +43,6 @@ type Request struct { // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. Payloads map[string]interface{} `yaml:"payloads,omitempty" jsonschema:"title=payloads for the network request,description=Payloads contains any payloads for the current request"` - // description: | - // Variables contains any variables for the current request. - Variables variables.Variable `yaml:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"` // description: | // Inputs contains inputs for the network socket diff --git a/v2/pkg/protocols/network/request.go b/v2/pkg/protocols/network/request.go index ddf2bad55..ccba31a55 100644 --- a/v2/pkg/protocols/network/request.go +++ b/v2/pkg/protocols/network/request.go @@ -101,8 +101,8 @@ func (request *Request) executeRequestWithPayloads(variables map[string]interfac err error ) - variablesMap := request.Variables.Evaluate(generators.MergeMaps(variables, payloads)) - variables = generators.MergeMaps(variablesMap, variables) + variablesMap := request.options.Variables.Evaluate(generators.MergeMaps(variables, payloads)) + payloads = generators.MergeMaps(variablesMap, payloads) if host, _, splitErr := net.SplitHostPort(actualAddress); splitErr == nil { hostname = host diff --git a/v2/pkg/protocols/protocols.go b/v2/pkg/protocols/protocols.go index abe348e9e..6cf421378 100644 --- a/v2/pkg/protocols/protocols.go +++ b/v2/pkg/protocols/protocols.go @@ -15,6 +15,7 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/projectfile" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/hosterrorscache" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/variables" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine" "github.com/projectdiscovery/nuclei/v2/pkg/reporting" templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types" @@ -63,6 +64,8 @@ type ExecuterOptions struct { HostErrorsCache *hosterrorscache.Cache // Stop execution once first match is found StopAtFirstMatch bool + // Variables is a list of variables from template + Variables variables.Variable Operators []*operators.Operators // only used by offlinehttp module diff --git a/v2/pkg/templates/compile.go b/v2/pkg/templates/compile.go index 24e334edd..ea5c05b11 100644 --- a/v2/pkg/templates/compile.go +++ b/v2/pkg/templates/compile.go @@ -63,6 +63,10 @@ func Parse(filePath string, preprocessor Preprocessor, options protocols.Execute options.TemplatePath = filePath options.StopAtFirstMatch = template.StopAtFirstMatch + if template.Variables.Len() > 0 { + options.Variables = template.Variables + } + // If no requests, and it is also not a workflow, return error. if template.Requests() == 0 { return nil, fmt.Errorf("no requests defined for %s", template.ID) diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 2680392b8..95bed41e7 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -7,6 +7,7 @@ import ( validate "github.com/go-playground/validator/v10" "github.com/projectdiscovery/nuclei/v2/pkg/model" "github.com/projectdiscovery/nuclei/v2/pkg/protocols" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/variables" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/file" "github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless" @@ -98,6 +99,10 @@ type Template struct { // - "AWS" Signature http.SignatureTypeHolder `yaml:"signature,omitempty" jsonschema:"title=signature is the http request signature method,description=Signature is the HTTP Request signature Method,enum=AWS"` + // description: | + // Variables contains any variables for the current request. + Variables variables.Variable `yaml:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"` + // TotalRequests is the total number of requests for the template. TotalRequests int `yaml:"-" json:"-"` // Executer is the actual template executor for running template requests