mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 22:35:27 +00:00
f26996cb89
* introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
147 lines
4.7 KiB
Go
147 lines
4.7 KiB
Go
package offlinehttp
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"os"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/projectdiscovery/gologger"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/eventcreator"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
|
|
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
|
|
"github.com/projectdiscovery/utils/conversion"
|
|
syncutil "github.com/projectdiscovery/utils/sync"
|
|
unitutils "github.com/projectdiscovery/utils/unit"
|
|
)
|
|
|
|
var _ protocols.Request = &Request{}
|
|
|
|
const maxSize = 5 * unitutils.Mega
|
|
|
|
// Type returns the type of the protocol request
|
|
func (request *Request) Type() templateTypes.ProtocolType {
|
|
return templateTypes.OfflineHTTPProtocol
|
|
}
|
|
|
|
// RawInputMode is a flag to indicate if the input is raw input
|
|
// rather than a file path
|
|
var RawInputMode = false
|
|
|
|
// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
|
|
func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
|
|
if RawInputMode {
|
|
return request.executeRawInput(input.MetaInput.Input, "", input, callback)
|
|
}
|
|
|
|
wg, err := syncutil.New(syncutil.WithSize(request.options.Options.BulkSize))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = request.getInputPaths(input.MetaInput.Input, func(data string) {
|
|
wg.Add()
|
|
|
|
go func(data string) {
|
|
defer wg.Done()
|
|
|
|
file, err := os.Open(data)
|
|
if err != nil {
|
|
gologger.Error().Msgf("Could not open file path %s: %s\n", data, err)
|
|
return
|
|
}
|
|
defer func() {
|
|
_ = file.Close()
|
|
}()
|
|
|
|
stat, err := file.Stat()
|
|
if err != nil {
|
|
gologger.Error().Msgf("Could not stat file path %s: %s\n", data, err)
|
|
return
|
|
}
|
|
if stat.Size() >= int64(maxSize) {
|
|
gologger.Verbose().Msgf("Could not process path %s: exceeded max size\n", data)
|
|
return
|
|
}
|
|
|
|
buffer, err := io.ReadAll(file)
|
|
if err != nil {
|
|
gologger.Error().Msgf("Could not read file path %s: %s\n", data, err)
|
|
return
|
|
}
|
|
dataStr := conversion.String(buffer)
|
|
|
|
if err := request.executeRawInput(dataStr, data, input, callback); err != nil {
|
|
gologger.Error().Msgf("Could not execute raw input %s: %s\n", data, err)
|
|
return
|
|
}
|
|
}(data)
|
|
})
|
|
wg.Wait()
|
|
if err != nil {
|
|
request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, "file", err)
|
|
request.options.Progress.IncrementFailedRequestsBy(1)
|
|
return errors.Wrap(err, "could not send file request")
|
|
}
|
|
request.options.Progress.IncrementRequests()
|
|
return nil
|
|
}
|
|
|
|
func (request *Request) executeRawInput(data, inputString string, input *contextargs.Context, callback protocols.OutputEventCallback) error {
|
|
resp, err := readResponseFromString(data)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not read raw response")
|
|
}
|
|
|
|
if request.options.Options.Debug || request.options.Options.DebugRequests {
|
|
gologger.Info().Msgf("[%s] Dumped offline-http request for %s", request.options.TemplateID, data)
|
|
gologger.Print().Msgf("%s", data)
|
|
}
|
|
gologger.Verbose().Msgf("[%s] Sent OFFLINE-HTTP request to %s", request.options.TemplateID, data)
|
|
|
|
dumpedResponse, err := httputil.DumpResponse(resp, true)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not dump raw http response")
|
|
}
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return errors.Wrap(err, "could not read raw http response body")
|
|
}
|
|
reqURL := inputString
|
|
if inputString == "" {
|
|
reqURL = getURLFromRequest(resp.Request)
|
|
}
|
|
|
|
outputEvent := request.responseToDSLMap(resp, data, reqURL, data, conversion.String(dumpedResponse), conversion.String(body), utils.HeadersToString(resp.Header), 0, nil)
|
|
// add response fields to template context and merge templatectx variables to output event
|
|
request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), outputEvent)
|
|
if request.options.HasTemplateCtx(input.MetaInput) {
|
|
outputEvent = generators.MergeMaps(outputEvent, request.options.GetTemplateCtx(input.MetaInput).GetAll())
|
|
}
|
|
outputEvent["ip"] = ""
|
|
|
|
event := eventcreator.CreateEvent(request, outputEvent, request.options.Options.Debug || request.options.Options.DebugResponse)
|
|
callback(event)
|
|
return nil
|
|
}
|
|
|
|
func getURLFromRequest(req *http.Request) string {
|
|
if req.URL.Scheme == "" {
|
|
req.URL.Scheme = "https"
|
|
}
|
|
return fmt.Sprintf("%s://%s%s", req.URL.Scheme, req.Host, req.URL.Path)
|
|
}
|
|
|
|
// UpdateOptions replaces this request's options with a new copy
|
|
func (r *Request) UpdateOptions(opts *protocols.ExecutorOptions) {
|
|
r.options = opts
|
|
}
|