Documentation ¶
Index ¶
- Constants
- Variables
- func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}
- func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}
- type HTTPMethodType
- type HTTPMethodTypeHolder
- func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema
- func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)
- func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)
- func (holder HTTPMethodTypeHolder) String() string
- func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error
- func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
- type Request
- func (request *Request) Compile(options *protocols.ExecutorOptions) error
- func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, ...) error
- func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}
- func (request *Request) GetCompiledOperators() []*operators.Operators
- func (request *Request) GetID() string
- func (request *Request) IsClusterable() bool
- func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)
- func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
- func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
- func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
- func (request *Request) NeedsRequestCondition() bool
- func (r *Request) Options() *protocols.ExecutorOptions
- func (request *Request) Requests() int
- func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool
- func (request *Request) TmplClusterKey() uint64
- func (request *Request) Type() templateTypes.ProtocolType
- type SignatureType
- type SignatureTypeHolder
- func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema
- func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)
- func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)
- func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error
- func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
Constants ¶
const CRLF = "\r\n"
const (
Once flowMark = iota
)
const (
ReqURLPatternKey = "req_url_pattern"
)
const (
SetThreadToCountZero = "set-thread-count-to-zero"
)
Variables ¶
var ( ErrEvalExpression = errorutil.NewWithTag("expr", "could not evaluate helper expressions") ErrUnresolvedVars = errorutil.NewWithFmt("unresolved variables `%v` found in request") )
ErrEvalExpression
var ( MaxBodyRead = 10 * unitutils.Mega // ErrMissingVars is error occured when variables are missing ErrMissingVars = errkit.New("stop execution due to unresolved variables").SetKind(nucleierr.ErrTemplateLogic).Build() // ErrHttpEngineRequestDeadline is error occured when request deadline set by http request engine is exceeded ErrHttpEngineRequestDeadline = errkit.New("http request engine deadline exceeded").SetKind(errkit.ErrKindDeadline).Build() )
var ( // ErrTimeoutAnnotationDeadline is the error returned when a specific amount of time was exceeded for a request // which was alloted using @timeout annotation this usually means that vulnerability was not found // in rare case it could also happen due to network congestion // the assigned class is TemplateLogic since this in almost every case means that server is not vulnerable ErrTimeoutAnnotationDeadline = errkit.New("timeout annotation deadline exceeded").SetKind(nucleierr.ErrTemplateLogic).Build() // ErrRequestTimeoutDeadline is the error returned when a specific amount of time was exceeded for a request // this happens when the request execution exceeds alloted time ErrRequestTimeoutDeadline = errkit.New("request timeout deadline exceeded when notimeout is set").SetKind(errkit.ErrKindDeadline).Build() )
var ErrNoIgnoreList = errors.New("unknown signature types")
var HTTPMethodMapping = map[HTTPMethodType]string{ HTTPGet: "GET", HTTPHead: "HEAD", HTTPPost: "POST", HTTPPut: "PUT", HTTPDelete: "DELETE", HTTPConnect: "CONNECT", HTTPOptions: "OPTIONS", HTTPTrace: "TRACE", HTTPPatch: "PATCH", HTTPPurge: "PURGE", HTTPDebug: "DEBUG", }
HTTPMethodMapping is a table for conversion of method from string.
var LeaveDefaultPorts = false
LeaveDefaultPorts skips normalization of default standard ports
var RequestPartDefinitions = map[string]string{
"template-id": "ID of the template executed",
"template-info": "Info Block of the template executed",
"template-path": "Path of the template executed",
"host": "Host is the input to the template",
"matched": "Matched is the input which was matched upon",
"type": "Type is the type of request made",
"request": "HTTP request made from the client",
"response": "HTTP response received from server",
"status_code": "Status Code received from the Server",
"body": "HTTP response body received from server (default)",
"content_length": "HTTP Response content length",
"header,all_headers": "HTTP response headers",
"duration": "HTTP request time duration",
"all": "HTTP response body + headers",
"cookies_from_response": "HTTP response cookies in name:value format",
"headers_from_response": "HTTP response headers in name:value format",
}
RequestPartDefinitions contains a mapping of request part definitions and their description. Multiple definitions are separated by commas. Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.
Functions ¶
func GetDefaultSignerVars ¶
func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}
GetDefaultSignerVars returns the default signer variables
func GetVariablesNamesSkipList ¶
func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}
GetVariablesNamesSkipList depending on the signature type
Types ¶
type HTTPMethodType ¶
type HTTPMethodType int
HTTPMethodType is the type of the method specified
const ( // name:GET HTTPGet HTTPMethodType = iota + 1 // name:HEAD HTTPHead // name:POST HTTPPost // name:PUT HTTPPut // name:DELETE HTTPDelete // name:CONNECT HTTPConnect // name:OPTIONS HTTPOptions // name:TRACE HTTPTrace // name:PATCH HTTPPatch // name:PURGE HTTPPurge // name:Debug HTTPDebug )
name:HTTPMethodType
func GetSupportedHTTPMethodTypes ¶
func GetSupportedHTTPMethodTypes() []HTTPMethodType
GetSupportedHTTPMethodTypes returns list of supported types
func (HTTPMethodType) String ¶
func (t HTTPMethodType) String() string
type HTTPMethodTypeHolder ¶
type HTTPMethodTypeHolder struct {
MethodType HTTPMethodType `mapping:"true"`
}
HTTPMethodTypeHolder is used to hold internal type of the HTTP Method
func (HTTPMethodTypeHolder) JSONSchema ¶ added in v3.2.4
func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema
func (*HTTPMethodTypeHolder) MarshalJSON ¶
func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)
func (HTTPMethodTypeHolder) MarshalYAML ¶
func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)
func (HTTPMethodTypeHolder) String ¶
func (holder HTTPMethodTypeHolder) String() string
func (*HTTPMethodTypeHolder) UnmarshalJSON ¶
func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error
func (*HTTPMethodTypeHolder) UnmarshalYAML ¶
func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
type Request ¶
type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline" json:",inline"` // description: | // Path contains the path/s for the HTTP requests. It supports variables // as placeholders. // examples: // - name: Some example path values // value: > // []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"} Path []string `` /* 136-byte string literal not displayed */ // description: | // Raw contains HTTP Requests in Raw format. // examples: // - name: Some example raw requests // value: | // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw,omitempty" json:"raw,omitempty" jsonschema:"http requests in raw format,description=HTTP Requests in Raw Format"` // ID is the optional id of the request ID string `yaml:"id,omitempty" json:"id,omitempty" jsonschema:"title=id for the http request,description=ID for the HTTP Request"` // description: | // Name is the optional name of the request. // // If a name is specified, all the named request in a template can be matched upon // in a combined manner allowing multi-request based matchers. Name string `` /* 135-byte string literal not displayed */ // description: | // Attack is the type of payload combinations to perform. // // batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates // permutations and combinations for all payloads. // values: // - "batteringram" // - "pitchfork" // - "clusterbomb" AttackType generators.AttackTypeHolder `` /* 216-byte string literal not displayed */ // description: | // Method is the HTTP Request Method. Method HTTPMethodTypeHolder `` /* 255-byte string literal not displayed */ // description: | // Body is an optional parameter which contains HTTP Request body. // examples: // - name: Same Body for a Login POST request // value: "\"username=test&password=test\"" Body string `` /* 167-byte string literal not displayed */ // description: | // Payloads contains any payloads for the current request. // // Payloads support both key-values combinations where a list // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. Payloads map[string]interface{} `` /* 167-byte string literal not displayed */ // description: | // Headers contains HTTP Headers to send with the request. // examples: // - value: | // map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"} Headers map[string]string `` /* 173-byte string literal not displayed */ // description: | // RaceCount is the number of times to send a request in Race Condition Attack. // examples: // - name: Send a request 5 times // value: "5" RaceNumberRequests int `` /* 197-byte string literal not displayed */ // description: | // MaxRedirects is the maximum number of redirects that should be followed. // examples: // - name: Follow up to 5 redirects // value: "5" MaxRedirects int `` /* 182-byte string literal not displayed */ // description: | // PipelineConcurrentConnections is number of connections to create during pipelining. // examples: // - name: Create 40 concurrent connections // value: 40 PipelineConcurrentConnections int `` /* 211-byte string literal not displayed */ // description: | // PipelineRequestsPerConnection is number of requests to send per connection when pipelining. // examples: // - name: Send 100 requests per pipeline connection // value: 100 PipelineRequestsPerConnection int `` /* 242-byte string literal not displayed */ // description: | // Threads specifies number of threads to use sending requests. This enables Connection Pooling. // // Connection: Close attribute must not be used in request while using threads flag, otherwise // pooling will fail and engine will continue to close connections after requests. // examples: // - name: Send requests using 10 concurrent threads // value: 10 Threads int `` /* 202-byte string literal not displayed */ // description: | // MaxSize is the maximum size of http response body to read in bytes. // examples: // - name: Read max 2048 bytes of the response // value: 2048 MaxSize int `` /* 166-byte string literal not displayed */ // Fuzzing describes schema to fuzz http requests Fuzzing []*fuzz.Rule `` /* 162-byte string literal not displayed */ CompiledOperators *operators.Operators `yaml:"-" json:"-"` // description: | // SelfContained specifies if the request is self-contained. SelfContained bool `yaml:"self-contained,omitempty" json:"self-contained,omitempty"` // description: | // Signature is the request signature method // values: // - "AWS" Signature SignatureTypeHolder `` /* 187-byte string literal not displayed */ // description: | // SkipSecretFile skips the authentication or authorization configured in the secret file. SkipSecretFile bool `` /* 189-byte string literal not displayed */ // description: | // CookieReuse is an optional setting that enables cookie reuse for // all requests defined in raw section. // Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases. CookieReuse bool `` /* 162-byte string literal not displayed */ // description: | // DisableCookie is an optional setting that disables cookie reuse DisableCookie bool `` /* 168-byte string literal not displayed */ // description: | // Enables force reading of the entire raw unsafe request body ignoring // any specified content length headers. ForceReadAllBody bool `` /* 159-byte string literal not displayed */ // description: | // Redirects specifies whether redirects should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. Redirects bool `` /* 172-byte string literal not displayed */ // description: | // Redirects specifies whether only redirects to the same host should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. HostRedirects bool `` /* 209-byte string literal not displayed */ // description: | // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining // // All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests. Pipeline bool `` /* 186-byte string literal not displayed */ // description: | // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. // // This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete // control over the request, with no normalization performed by the client. Unsafe bool `` /* 198-byte string literal not displayed */ // description: | // Race determines if all the request have to be attempted at the same time (Race Condition) // // The actual number of requests that will be sent is determined by the `race_count` field. Race bool `` /* 210-byte string literal not displayed */ // description: | // ReqCondition automatically assigns numbers to requests and preserves their history. // // This allows matching on them later for multi-request conditions. // Deprecated: request condition will be detected automatically (https://github.com/projectdiscovery/nuclei/issues/2393) ReqCondition bool `` /* 187-byte string literal not displayed */ // description: | // StopAtFirstMatch stops the execution of the requests and template as soon as a match is found. StopAtFirstMatch bool `` /* 166-byte string literal not displayed */ // description: | // SkipVariablesCheck skips the check for unresolved variables in request SkipVariablesCheck bool `` /* 179-byte string literal not displayed */ // description: | // IterateAll iterates all the values extracted from internal extractors // Deprecated: Use flow instead . iterate-all will be removed in future releases IterateAll bool `` /* 170-byte string literal not displayed */ // description: | // DigestAuthUsername specifies the username for digest authentication DigestAuthUsername string `` /* 209-byte string literal not displayed */ // description: | // DigestAuthPassword specifies the password for digest authentication DigestAuthPassword string `` /* 209-byte string literal not displayed */ // description: | // DisablePathAutomerge disables merging target url path with raw request path DisablePathAutomerge bool `` /* 193-byte string literal not displayed */ // description: | // Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not FuzzPreCondition []*matchers.Matcher `` /* 221-byte string literal not displayed */ // description: | // FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR FuzzPreConditionOperator string `` /* 205-byte string literal not displayed */ // contains filtered or unexported fields }
Request contains a http request to be made from a template
func (*Request) Compile ¶
func (request *Request) Compile(options *protocols.ExecutorOptions) error
Compile compiles the protocol request for further execution.
func (*Request) ExecuteWithResults ¶
func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error
ExecuteWithResults executes the final request on a URL
func (*Request) Extract ¶
func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}
Extract performs extracting operation for an extractor on model and returns true or false.
func (*Request) GetCompiledOperators ¶
func (*Request) IsClusterable ¶ added in v3.3.0
IsClusterable returns true if the request is eligible to be clustered.
func (Request) JSONSchemaExtend ¶ added in v3.2.4
func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)
func (*Request) MakeResultEvent ¶
func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
MakeResultEvent creates a result event from internal wrapped event
func (*Request) MakeResultEventItem ¶
func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
func (*Request) Match ¶
func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
Match matches a generic data response again a given matcher TODO: Try to consolidate this in protocols.MakeDefaultMatchFunc to avoid any inconsistencies
func (*Request) NeedsRequestCondition ¶
NeedsRequestCondition determines if request condition should be enabled
func (*Request) Options ¶
func (r *Request) Options() *protocols.ExecutorOptions
Options returns executer options for http request
func (*Request) ShouldFuzzTarget ¶ added in v3.2.0
func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool
ShouldFuzzTarget checks if given target should be fuzzed or not using `filter` field in template
func (*Request) TmplClusterKey ¶ added in v3.3.0
TmplClusterKey generates a unique key for the request to be used in the clustering process.
func (*Request) Type ¶
func (request *Request) Type() templateTypes.ProtocolType
Type returns the type of the protocol request
type SignatureType ¶
type SignatureType int
SignatureType is the type of signature
const (
AWSSignature SignatureType = iota + 1
)
Supported values for the SignatureType
func GetSupportedSignaturesTypes ¶
func GetSupportedSignaturesTypes() []SignatureType
func (SignatureType) String ¶
func (t SignatureType) String() string
type SignatureTypeHolder ¶
type SignatureTypeHolder struct {
Value SignatureType
}
SignatureTypeHolder is used to hold internal type of the signature
func (SignatureTypeHolder) JSONSchema ¶ added in v3.2.4
func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema
func (SignatureTypeHolder) MarshalJSON ¶
func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)
func (SignatureTypeHolder) MarshalYAML ¶
func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)
func (*SignatureTypeHolder) UnmarshalJSON ¶
func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error
func (*SignatureTypeHolder) UnmarshalYAML ¶
func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package raw provides raw http request parsing abilities for nuclei.
|
Package raw provides raw http request parsing abilities for nuclei. |