http

package
v3.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 12, 2024 License: MIT Imports: 68 Imported by: 0

Documentation

Index

Constants

View Source
const CRLF = "\r\n"
View Source
const (
	Once flowMark = iota
)
View Source
const (
	ReqURLPatternKey = "req_url_pattern"
)
View Source
const (
	SetThreadToCountZero = "set-thread-count-to-zero"
)

Variables

View Source
var (
	ErrEvalExpression = errorutil.NewWithTag("expr", "could not evaluate helper expressions")
	ErrUnresolvedVars = errorutil.NewWithFmt("unresolved variables `%v` found in request")
)

ErrEvalExpression

View Source
var (
	MaxBodyRead = 10 * unitutils.Mega
	// ErrMissingVars is error occured when variables are missing
	ErrMissingVars = errkit.New("stop execution due to unresolved variables").SetKind(nucleierr.ErrTemplateLogic).Build()
	// ErrHttpEngineRequestDeadline is error occured when request deadline set by http request engine is exceeded
	ErrHttpEngineRequestDeadline = errkit.New("http request engine deadline exceeded").SetKind(errkit.ErrKindDeadline).Build()
)
View Source
var (

	// ErrTimeoutAnnotationDeadline is the error returned when a specific amount of time was exceeded for a request
	// which was alloted using @timeout annotation this usually means that vulnerability was not found
	// in rare case it could also happen due to network congestion
	// the assigned class is TemplateLogic since this in almost every case means that server is not vulnerable
	ErrTimeoutAnnotationDeadline = errkit.New("timeout annotation deadline exceeded").SetKind(nucleierr.ErrTemplateLogic).Build()
	// ErrRequestTimeoutDeadline is the error returned when a specific amount of time was exceeded for a request
	// this happens when the request execution exceeds alloted time
	ErrRequestTimeoutDeadline = errkit.New("request timeout deadline exceeded when notimeout is set").SetKind(errkit.ErrKindDeadline).Build()
)
View Source
var ErrNoIgnoreList = errors.New("unknown signature types")
View Source
var HTTPMethodMapping = map[HTTPMethodType]string{
	HTTPGet:     "GET",
	HTTPHead:    "HEAD",
	HTTPPost:    "POST",
	HTTPPut:     "PUT",
	HTTPDelete:  "DELETE",
	HTTPConnect: "CONNECT",
	HTTPOptions: "OPTIONS",
	HTTPTrace:   "TRACE",
	HTTPPatch:   "PATCH",
	HTTPPurge:   "PURGE",
	HTTPDebug:   "DEBUG",
}

HTTPMethodMapping is a table for conversion of method from string.

View Source
var LeaveDefaultPorts = false

LeaveDefaultPorts skips normalization of default standard ports

View Source
var RequestPartDefinitions = map[string]string{
	"template-id":           "ID of the template executed",
	"template-info":         "Info Block of the template executed",
	"template-path":         "Path of the template executed",
	"host":                  "Host is the input to the template",
	"matched":               "Matched is the input which was matched upon",
	"type":                  "Type is the type of request made",
	"request":               "HTTP request made from the client",
	"response":              "HTTP response received from server",
	"status_code":           "Status Code received from the Server",
	"body":                  "HTTP response body received from server (default)",
	"content_length":        "HTTP Response content length",
	"header,all_headers":    "HTTP response headers",
	"duration":              "HTTP request time duration",
	"all":                   "HTTP response body + headers",
	"cookies_from_response": "HTTP response cookies in name:value format",
	"headers_from_response": "HTTP response headers in name:value format",
}

RequestPartDefinitions contains a mapping of request part definitions and their description. Multiple definitions are separated by commas. Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.

Functions

func GetDefaultSignerVars

func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}

GetDefaultSignerVars returns the default signer variables

func GetVariablesNamesSkipList

func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}

GetVariablesNamesSkipList depending on the signature type

Types

type HTTPMethodType

type HTTPMethodType int

HTTPMethodType is the type of the method specified

const (
	// name:GET
	HTTPGet HTTPMethodType = iota + 1
	// name:HEAD
	HTTPHead
	// name:POST
	HTTPPost
	// name:PUT
	HTTPPut
	// name:DELETE
	HTTPDelete
	// name:CONNECT
	HTTPConnect
	// name:OPTIONS
	HTTPOptions
	// name:TRACE
	HTTPTrace
	// name:PATCH
	HTTPPatch
	// name:PURGE
	HTTPPurge
	// name:Debug
	HTTPDebug
)

name:HTTPMethodType

func GetSupportedHTTPMethodTypes

func GetSupportedHTTPMethodTypes() []HTTPMethodType

GetSupportedHTTPMethodTypes returns list of supported types

func (HTTPMethodType) String

func (t HTTPMethodType) String() string

type HTTPMethodTypeHolder

type HTTPMethodTypeHolder struct {
	MethodType HTTPMethodType `mapping:"true"`
}

HTTPMethodTypeHolder is used to hold internal type of the HTTP Method

func (HTTPMethodTypeHolder) JSONSchema

func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema

func (*HTTPMethodTypeHolder) MarshalJSON

func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)

func (HTTPMethodTypeHolder) MarshalYAML

func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)

func (HTTPMethodTypeHolder) String

func (holder HTTPMethodTypeHolder) String() string

func (*HTTPMethodTypeHolder) UnmarshalJSON

func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error

func (*HTTPMethodTypeHolder) UnmarshalYAML

func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error

type Request

type Request struct {
	// Operators for the current request go here.
	operators.Operators `yaml:",inline" json:",inline"`
	// description: |
	//   Path contains the path/s for the HTTP requests. It supports variables
	//   as placeholders.
	// examples:
	//   - name: Some example path values
	//     value: >
	//       []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"}
	Path []string `` /* 136-byte string literal not displayed */
	// description: |
	//   Raw contains HTTP Requests in Raw format.
	// examples:
	//   - name: Some example raw requests
	//     value: |
	//       []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"}
	Raw []string `yaml:"raw,omitempty" json:"raw,omitempty" jsonschema:"http requests in raw format,description=HTTP Requests in Raw Format"`
	// ID is the optional id of the request
	ID string `yaml:"id,omitempty" json:"id,omitempty" jsonschema:"title=id for the http request,description=ID for the HTTP Request"`
	// description: |
	//  Name is the optional name of the request.
	//
	//  If a name is specified, all the named request in a template can be matched upon
	//  in a combined manner allowing multi-request based matchers.
	Name string `` /* 135-byte string literal not displayed */
	// description: |
	//   Attack is the type of payload combinations to perform.
	//
	//   batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates
	//   permutations and combinations for all payloads.
	// values:
	//   - "batteringram"
	//   - "pitchfork"
	//   - "clusterbomb"
	AttackType generators.AttackTypeHolder `` /* 216-byte string literal not displayed */
	// description: |
	//   Method is the HTTP Request Method.
	Method HTTPMethodTypeHolder `` /* 255-byte string literal not displayed */
	// description: |
	//   Body is an optional parameter which contains HTTP Request body.
	// examples:
	//   - name: Same Body for a Login POST request
	//     value: "\"username=test&password=test\""
	Body string `` /* 167-byte string literal not displayed */
	// description: |
	//   Payloads contains any payloads for the current request.
	//
	//   Payloads support both key-values combinations where a list
	//   of payloads is provided, or optionally a single file can also
	//   be provided as payload which will be read on run-time.
	Payloads map[string]interface{} `` /* 167-byte string literal not displayed */

	// description: |
	//   Headers contains HTTP Headers to send with the request.
	// examples:
	//   - value: |
	//       map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"}
	Headers map[string]string `` /* 173-byte string literal not displayed */
	// description: |
	//   RaceCount is the number of times to send a request in Race Condition Attack.
	// examples:
	//   - name: Send a request 5 times
	//     value: "5"
	RaceNumberRequests int `` /* 197-byte string literal not displayed */
	// description: |
	//   MaxRedirects is the maximum number of redirects that should be followed.
	// examples:
	//   - name: Follow up to 5 redirects
	//     value: "5"
	MaxRedirects int `` /* 182-byte string literal not displayed */
	// description: |
	//   PipelineConcurrentConnections is number of connections to create during pipelining.
	// examples:
	//   - name: Create 40 concurrent connections
	//     value: 40
	PipelineConcurrentConnections int `` /* 211-byte string literal not displayed */
	// description: |
	//   PipelineRequestsPerConnection is number of requests to send per connection when pipelining.
	// examples:
	//   - name: Send 100 requests per pipeline connection
	//     value: 100
	PipelineRequestsPerConnection int `` /* 242-byte string literal not displayed */
	// description: |
	//   Threads specifies number of threads to use sending requests. This enables Connection Pooling.
	//
	//   Connection: Close attribute must not be used in request while using threads flag, otherwise
	//   pooling will fail and engine will continue to close connections after requests.
	// examples:
	//   - name: Send requests using 10 concurrent threads
	//     value: 10
	Threads int `` /* 202-byte string literal not displayed */
	// description: |
	//   MaxSize is the maximum size of http response body to read in bytes.
	// examples:
	//   - name: Read max 2048 bytes of the response
	//     value: 2048
	MaxSize int `` /* 166-byte string literal not displayed */

	// Fuzzing describes schema to fuzz http requests
	Fuzzing []*fuzz.Rule `` /* 162-byte string literal not displayed */

	CompiledOperators *operators.Operators `yaml:"-" json:"-"`

	// description: |
	//   SelfContained specifies if the request is self-contained.
	SelfContained bool `yaml:"self-contained,omitempty" json:"self-contained,omitempty"`

	// description: |
	//   Signature is the request signature method
	// values:
	//   - "AWS"
	Signature SignatureTypeHolder `` /* 187-byte string literal not displayed */

	// description: |
	//   CookieReuse is an optional setting that enables cookie reuse for
	//   all requests defined in raw section.
	// Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
	CookieReuse bool `` /* 162-byte string literal not displayed */

	// description: |
	//   DisableCookie is an optional setting that disables cookie reuse
	DisableCookie bool `` /* 168-byte string literal not displayed */

	// description: |
	//   Enables force reading of the entire raw unsafe request body ignoring
	//   any specified content length headers.
	ForceReadAllBody bool `` /* 159-byte string literal not displayed */
	// description: |
	//   Redirects specifies whether redirects should be followed by the HTTP Client.
	//
	//   This can be used in conjunction with `max-redirects` to control the HTTP request redirects.
	Redirects bool `` /* 172-byte string literal not displayed */
	// description: |
	//   Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.
	//
	//   This can be used in conjunction with `max-redirects` to control the HTTP request redirects.
	HostRedirects bool `` /* 209-byte string literal not displayed */
	// description: |
	//   Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining
	//
	//   All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests.
	Pipeline bool `` /* 186-byte string literal not displayed */
	// description: |
	//   Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.
	//
	//   This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete
	//   control over the request, with no normalization performed by the client.
	Unsafe bool `` /* 198-byte string literal not displayed */
	// description: |
	//   Race determines if all the request have to be attempted at the same time (Race Condition)
	//
	//   The actual number of requests that will be sent is determined by the `race_count`  field.
	Race bool `` /* 210-byte string literal not displayed */
	// description: |
	//   ReqCondition automatically assigns numbers to requests and preserves their history.
	//
	//   This allows matching on them later for multi-request conditions.
	// Deprecated: request condition will be detected automatically (https://github.com/secoba/nuclei/issues/2393)
	ReqCondition bool `` /* 187-byte string literal not displayed */
	// description: |
	//   StopAtFirstMatch stops the execution of the requests and template as soon as a match is found.
	StopAtFirstMatch bool `` /* 166-byte string literal not displayed */
	// description: |
	//   SkipVariablesCheck skips the check for unresolved variables in request
	SkipVariablesCheck bool `` /* 179-byte string literal not displayed */
	// description: |
	//   IterateAll iterates all the values extracted from internal extractors
	// Deprecated: Use flow instead . iterate-all will be removed in future releases
	IterateAll bool `` /* 170-byte string literal not displayed */
	// description: |
	//   DigestAuthUsername specifies the username for digest authentication
	DigestAuthUsername string `` /* 209-byte string literal not displayed */
	// description: |
	//   DigestAuthPassword specifies the password for digest authentication
	DigestAuthPassword string `` /* 209-byte string literal not displayed */
	// description: |
	//  DisablePathAutomerge disables merging target url path with raw request path
	DisablePathAutomerge bool `` /* 193-byte string literal not displayed */
	// description: |
	//   Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not
	FuzzPreCondition []*matchers.Matcher `` /* 221-byte string literal not displayed */
	// description: |
	//  FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR
	FuzzPreConditionOperator string `` /* 205-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request contains a http request to be made from a template

func (*Request) CanCluster

func (request *Request) CanCluster(other *Request) bool

CanCluster returns true if the request can be clustered.

This used by the clustering engine to decide whether two requests are similar enough to be considered one and can be checked by just adding the matcher/extractors for the request and the correct IDs.

func (*Request) Compile

func (request *Request) Compile(options *protocols.ExecutorOptions) error

Compile compiles the protocol request for further execution.

func (*Request) ExecuteWithResults

func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error

ExecuteWithResults executes the final request on a URL

func (*Request) Extract

func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}

Extract performs extracting operation for an extractor on model and returns true or false.

func (*Request) GetCompiledOperators

func (request *Request) GetCompiledOperators() []*operators.Operators

func (*Request) GetID

func (request *Request) GetID() string

GetID returns the unique ID of the request if any.

func (Request) JSONSchemaExtend

func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)

func (*Request) MakeResultEvent

func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent

MakeResultEvent creates a result event from internal wrapped event

func (*Request) MakeResultEventItem

func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent

func (*Request) Match

func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)

Match matches a generic data response again a given matcher TODO: Try to consolidate this in protocols.MakeDefaultMatchFunc to avoid any inconsistencies

func (*Request) NeedsRequestCondition

func (request *Request) NeedsRequestCondition() bool

NeedsRequestCondition determines if request condition should be enabled

func (*Request) Options

func (r *Request) Options() *protocols.ExecutorOptions

Options returns executer options for http request

func (*Request) Requests

func (request *Request) Requests() int

Requests returns the total number of requests the YAML rule will perform

func (*Request) ShouldFuzzTarget

func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool

ShouldFuzzTarget checks if given target should be fuzzed or not using `filter` field in template

func (*Request) Type

func (request *Request) Type() templateTypes.ProtocolType

Type returns the type of the protocol request

type SignatureType

type SignatureType int

SignatureType is the type of signature

const (
	AWSSignature SignatureType = iota + 1
)

Supported values for the SignatureType

func GetSupportedSignaturesTypes

func GetSupportedSignaturesTypes() []SignatureType

func (SignatureType) String

func (t SignatureType) String() string

type SignatureTypeHolder

type SignatureTypeHolder struct {
	Value SignatureType
}

SignatureTypeHolder is used to hold internal type of the signature

func (SignatureTypeHolder) JSONSchema

func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema

func (SignatureTypeHolder) MarshalJSON

func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)

func (SignatureTypeHolder) MarshalYAML

func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)

func (*SignatureTypeHolder) UnmarshalJSON

func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error

func (*SignatureTypeHolder) UnmarshalYAML

func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error

Directories

Path Synopsis
Package raw provides raw http request parsing abilities for nuclei.
Package raw provides raw http request parsing abilities for nuclei.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL