protocols

package
v2.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2022 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var StringToType = map[string]Type{
	"sniper":      Sniper,
	"pitchfork":   PitchFork,
	"clusterbomb": ClusterBomb,
}

StringToType is an table for conversion of attack type from string.

Functions

func BuildPayloadFromOptions

func BuildPayloadFromOptions(options *Options) map[string]interface{}

BuildPayloadFromOptions returns a map with the payloads provided via CLI

func CopyMap

func CopyMap(originalMap map[string]interface{}) map[string]interface{}

CopyMap creates a new copy of an existing map

Types

type ConditionType

type ConditionType int

conditionType is the type of condition for matcher

type Executer

type Executer interface {
	// Compile compiles the execution generators preparing any requests possible.
	Compile() error
	// Requests returns the total number of requests the rule will perform
	Requests() int
	// Execute executes the protocol group and returns true or false if results were found.
	Execute(input string) (*Result, error)
}

Executer is an interface implemented any protocol based request executer.

type ExecuterOptions

type ExecuterOptions struct {
	// TemplateID is the ID of the template for the request
	TemplateID string
	// TemplateInfo contains information block of the template request
	TemplateInfo map[string]interface{}

	Options *Options
}

type Extractor

type Extractor struct {
	// description: |
	//   Name of the extractor. Name should be lowercase and must not contain
	//   spaces or underscores (_).
	// examples:
	//   - value: "\"cookie-extractor\""
	Name string `json:"name,omitempty" `
	// description: |
	//   Type is the type of the extractor.
	Type string `json:"type"`

	// description: |
	//   Regex contains the regular expression patterns to extract from a part.
	//
	//   Go regex engine does not support lookaheads or lookbehinds, so as a result
	//   they are also not supported in nuclei.
	// examples:
	//   - name: Braintree Access Token Regex
	//     value: >
	//       []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"}
	//   - name: Wordpress Author Extraction regex
	//     value: >
	//       []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?<span(?:[A-Za-z0-9 -\\_=\"]+)?>([A-Za-z0-9]+)<\\/span>"}
	Regex []string `json:"regex,omitempty" `
	// description: |
	//   Group specifies a numbered group to extract from the regex.
	// examples:
	//   - name: Example Regex Group
	//     value: "1"
	RegexGroup int `json:"group,omitempty" `

	// description: |
	//   kval contains the key-value pairs present in the HTTP response header.
	//   kval extractor can be used to extract HTTP response header and cookie key-value pairs.
	//   kval extractor inputs are case-insensitive, and does not support dash (-) in input which can replaced with underscores (_)
	// 	 For example, Content-Type should be replaced with content_type
	//
	//   A list of supported parts is available in docs for request types.
	// examples:
	//   - name: Extract Server Header From HTTP Response
	//     value: >
	//       []string{"server"}
	//   - name: Extracting value of PHPSESSID Cookie
	//     value: >
	//       []string{"phpsessid"}
	//   - name: Extracting value of Content-Type Cookie
	//     value: >
	//       []string{"content_type"}
	KVal []string `json:"kval,omitempty" `

	// description: |
	//   Part is the part of the request response to extract data from.
	//
	//   Each protocol exposes a lot of different parts which are well
	//   documented in docs for each request type.
	// examples:
	//   - value: "\"body\""
	//   - value: "\"raw\""
	Part string `json:"part,omitempty" `
	// description: |
	//   Internal, when set to true will allow using the value extracted
	//   in the next request for some protocols (like HTTP).
	Internal bool `json:"internal,omitempty"`

	// description: |
	//   CaseInsensitive enables case-insensitive extractions. Default is false.
	// values:
	//   - false
	//   - true
	CaseInsensitive bool `json:"case-insensitive,omitempty" `
	// contains filtered or unexported fields
}

Extractor is used to extract part of response using a regex.

func (*Extractor) CompileExtractors

func (e *Extractor) CompileExtractors() error

CompileExtractors performs the initial setup operation on an extractor

func (*Extractor) ExtractKval

func (e *Extractor) ExtractKval(data map[string]interface{}) map[string]struct{}

ExtractKval extracts key value pairs from a data map

func (*Extractor) ExtractRegex

func (e *Extractor) ExtractRegex(corpus string) map[string]struct{}

ExtractRegex extracts text from a corpus and returns it

func (*Extractor) GetType

func (e *Extractor) GetType() ExtractorType

GetType returns the type of the matcher

type ExtractorType

type ExtractorType int

ExtractorType is the type of the extractor specified

const (
	// name:regex
	RegexExtractor ExtractorType = iota + 1
	// name:kval
	KValExtractor
)

name:ExtractorType

func GetSupportedExtractorTypes

func GetSupportedExtractorTypes() []ExtractorType

GetSupportedExtractorTypes returns list of supported types

type Generator

type Generator struct {
	Type Type
	// contains filtered or unexported fields
}

generator is the generator struct for generating payloads

func New

func New(payloads map[string]interface{}, payloadType Type) (*Generator, error)

New creates a new generator structure for payload generation

func (*Generator) NewIterator

func (g *Generator) NewIterator() *Iterator

NewIterator creates a new iterator for the payloads generator

type InternalEvent

type InternalEvent map[string]interface{}

type InternalWrappedEvent

type InternalWrappedEvent struct {
	InternalEvent   InternalEvent
	Results         []*ResultEvent
	OperatorsResult *Result
}

type Iterator

type Iterator struct {
	Type Type
	// contains filtered or unexported fields
}

Iterator is a single instance of an iterator for a generator structure

func (*Iterator) Remaining

func (i *Iterator) Remaining() int

Remaining returns the amount of requests left for the generator.

func (*Iterator) Reset

func (i *Iterator) Reset()

Reset resets the iterator back to its initial value

func (*Iterator) Total

func (i *Iterator) Total() int

Total returns the amount of input combinations available

func (*Iterator) Value

func (i *Iterator) Value() (map[string]interface{}, bool)

Value returns the next value for an iterator

type Matcher

type Matcher struct {
	// Type is the type of the matcher
	Type string `json:"type"`
	// Condition is the optional condition between two matcher variables
	//
	// By default, the condition is assumed to be OR.
	Condition string `json:"condition,omitempty"`

	// Part is the part of the data to match
	Part string `json:"part,omitempty"`

	// Negative specifies if the match should be reversed
	// It will only match if the condition is not true.
	Negative bool `json:"negative,omitempty"`

	// Name is matcher Name
	Name string `json:"name,omitempty"`
	// Status are the acceptable status codes for the response
	Status []int `json:"status,omitempty"`
	// Size is the acceptable size for the response
	Size []int `json:"size,omitempty"`
	// Words are the words required to be present in the response
	Words []string `json:"words,omitempty"`
	// Regex are the regex pattern required to be present in the response
	Regex []string `json:"regex,omitempty"`
	// Binary are the binary characters required to be present in the response
	Binary []string `json:"binary,omitempty"`
	// DSL are the dsl queries
	DSL []string `json:"dsl,omitempty"`
	// Encoding specifies the encoding for the word content if any.
	Encoding string `json:"encoding,omitempty"`

	MatchersCondition string `json:"matchers-condition"`
	Matchers          []Matcher
	// contains filtered or unexported fields
}

func (*Matcher) CompileMatchers

func (m *Matcher) CompileMatchers() error

CompileMatchers performs the initial setup operation on a matcher

func (*Matcher) GetType

func (m *Matcher) GetType() MatcherType

getType returns the type of the matcher

func (*Matcher) MatchBinary

func (m *Matcher) MatchBinary(corpus string) bool

MatchBinary matches a binary check against a corpus

func (*Matcher) MatchRegex

func (m *Matcher) MatchRegex(corpus string) bool

MatchRegex matches a regex check against a corpus

func (*Matcher) MatchSize

func (m *Matcher) MatchSize(length int) bool

MatchSize matches a size check against a corpus

func (*Matcher) MatchStatusCode

func (m *Matcher) MatchStatusCode(statusCode int) bool

MatchStatusCode matches a status code check against a corpus

func (*Matcher) MatchWords

func (m *Matcher) MatchWords(corpus string) bool

MatchWords matches a word check against a corpus.

func (*Matcher) Result

func (m *Matcher) Result(data bool) bool

Result reverts the results of the match if the matcher is of type negative.

type MatcherType

type MatcherType = int

MatcherType is the type of the matcher specified

const (
	// WordsMatcher matches responses with words
	WordsMatcher MatcherType = iota + 1
	// RegexMatcher matches responses with regexes
	RegexMatcher
	// BinaryMatcher matches responses with words
	BinaryMatcher
	// StatusMatcher matches responses with status codes
	StatusMatcher
	// SizeMatcher matches responses with response size
	SizeMatcher
	// DSLMatcher matches based upon dsl syntax
	DSLMatcher
)

type Operators

type Operators struct {
	// Matchers contains the detection mechanism for the request to identify
	// whether the request was successful
	Matchers []*Matcher `json:"matchers,omitempty"`
	// Extractors contains the extraction mechanism for the request to identify
	// and extract parts of the response.
	Extractors []*Extractor `json:"extractors,omitempty"`
	// MatchersCondition is the condition of the matchers
	// whether to use AND or OR. Default is OR.
	MatchersCondition string `json:"matchers-condition,omitempty"`
	// contains filtered or unexported fields
}

operators contains the operators that can be applied on protocols

func (*Operators) Compile

func (r *Operators) Compile() error

func (*Operators) Execute

func (operators *Operators) Execute(data map[string]interface{}, match matchFunc, extract extractFunc) (*Result, bool)

Execute executes the operators on data and returns a result structure

func (*Operators) ExecuteInternalExtractors

func (operators *Operators) ExecuteInternalExtractors(data map[string]interface{}, extract extractFunc) map[string]interface{}

ExecuteInternalExtractors executes internal dynamic extractors

func (*Operators) GetMatchersCondition

func (r *Operators) GetMatchersCondition() ConditionType

getMatchersCondition returns the condition for the matchers

type Options

type Options struct {
	VarsPayload map[string]interface{}
	AttackType  string
}

type OutputEventCallback

type OutputEventCallback func(result *InternalWrappedEvent)

type Request

type Request interface {
	// Compile compiles the request generators preparing any requests possible.
	Compile(options *ExecuterOptions) error
	// Requests returns the total number of requests the rule will perform
	Requests() int
	// GetID returns the ID for the request if any. IDs are used for multi-request
	// condition matching. So, two requests can be sent and their match can
	// be evaluated from the third request by using the IDs for both requests.
	//GetID() string
	// Match performs matching operation for a matcher on model and returns true or false.
	Match(data map[string]interface{}, matcher *Matcher) bool
	// Extract performs extracting operation for a extractor on model and returns true or false.
	//Extract(data map[string]interface{}, matcher *extractors.Extractor) map[string]struct{}
	// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
	ExecuteWithResults(input string, dynamicValues map[string]interface{}, callback OutputEventCallback) error
}

Request is an interface implemented any protocol based request generator.

type Result

type Result struct {
	// Matched is true if any matchers matched
	Matched bool
	// Extracted is true if any result type values were extracted
	Extracted bool
	// Matches is a map of matcher names that we matched
	Matches map[string]struct{}
	// Extracts contains all the data extracted from inputs
	Extracts map[string][]string
	// OutputExtracts is the list of extracts to be displayed on screen.
	OutputExtracts []string
	// DynamicValues contains any dynamic values to be templated
	DynamicValues map[string]interface{}
	// PayloadValues contains payload values provided by user. (Optional)
	PayloadValues map[string]interface{}
}

Result is a result structure created from operators running on data.

type ResultEvent

type ResultEvent struct {
	//TemplateID is the ID of the template for the result.
	TemplateID string `json:"templateID"`
	// Info contains information block of the template for the result.
	//Info map[string]interface{} `json:"info,inline"`
	// MatcherName is the name of the matcher matched if any.
	MatcherName string `json:"matcher_name,omitempty"`
	// ExtractorName is the name of the extractor matched if any.
	ExtractorName string `json:"extractor_name,omitempty"`
	// Type is the type of the result event.
	Type string `json:"type"`
	// Host is the host input on which match was found.
	Host string `json:"host,omitempty"`
	// Path is the path input on which match was found.
	Path string `json:"path,omitempty"`
	// Matched contains the matched input in its transformed form.
	Matched string `json:"matched,omitempty"`
	// ExtractedResults contains the extraction result from the inputs.
	ExtractedResults []string `json:"extracted_results,omitempty"`
	// Request is the optional dumped request for the match.
	//Request string `json:"request,omitempty"`
	// Response is the optional dumped response for the match.
	//Response string `json:"response,omitempty"`
	// Metadata contains any optional metadata for the event
	Metadata map[string]interface{} `json:"meta,omitempty"`
	// IP is the IP address for the found result event.
	IP string `json:"ip,omitempty"`
	// Timestamp is the time the result was found at.
	Timestamp time.Time `json:"timestamp"`
}

type Type

type Type int

Type is type of attack

const (
	// Sniper replaces each variables with values at a time.
	Sniper Type = iota + 1
	// PitchFork replaces variables with positional value from multiple wordlists
	PitchFork
	// ClusterBomb replaces variables with all possible combinations of values
	ClusterBomb
)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL