Documentation ¶
Index ¶
- Constants
- Variables
- func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}
- func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}
- type HTTPMethodType
- type HTTPMethodTypeHolder
- func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema
- func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)
- func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)
- func (holder HTTPMethodTypeHolder) String() string
- func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error
- func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
- type Request
- func (request *Request) CanCluster(other *Request) bool
- func (request *Request) Compile(options *protocols.ExecutorOptions) error
- func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, ...) error
- func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}
- func (request *Request) GetCompiledOperators() []*operators.Operators
- func (request *Request) GetID() string
- func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)
- func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
- func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
- func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
- func (request *Request) NeedsRequestCondition() bool
- func (r *Request) Options() *protocols.ExecutorOptions
- func (request *Request) Requests() int
- func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool
- func (request *Request) Type() templateTypes.ProtocolType
- type SignatureType
- type SignatureTypeHolder
- func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema
- func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)
- func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)
- func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error
- func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
Constants ¶
const CRLF = "\r\n"
const (
Once flowMark = iota
)
const (
ReqURLPatternKey = "req_url_pattern"
)
const (
SetThreadToCountZero = "set-thread-count-to-zero"
)
Variables ¶
var ( ErrEvalExpression = errorutil.NewWithTag("expr", "could not evaluate helper expressions") ErrUnresolvedVars = errorutil.NewWithFmt("unresolved variables `%v` found in request") )
ErrEvalExpression
var ( MaxBodyRead = 10 * unitutils.Mega // ErrMissingVars is error occured when variables are missing ErrMissingVars = errkit.New("stop execution due to unresolved variables").SetKind(nucleierr.ErrTemplateLogic).Build() // ErrHttpEngineRequestDeadline is error occured when request deadline set by http request engine is exceeded ErrHttpEngineRequestDeadline = errkit.New("http request engine deadline exceeded").SetKind(errkit.ErrKindDeadline).Build() )
var ( // ErrTimeoutAnnotationDeadline is the error returned when a specific amount of time was exceeded for a request // which was alloted using @timeout annotation this usually means that vulnerability was not found // in rare case it could also happen due to network congestion // the assigned class is TemplateLogic since this in almost every case means that server is not vulnerable ErrTimeoutAnnotationDeadline = errkit.New("timeout annotation deadline exceeded").SetKind(nucleierr.ErrTemplateLogic).Build() // ErrRequestTimeoutDeadline is the error returned when a specific amount of time was exceeded for a request // this happens when the request execution exceeds alloted time ErrRequestTimeoutDeadline = errkit.New("request timeout deadline exceeded when notimeout is set").SetKind(errkit.ErrKindDeadline).Build() )
var ErrNoIgnoreList = errors.New("unknown signature types")
var HTTPMethodMapping = map[HTTPMethodType]string{ HTTPGet: "GET", HTTPHead: "HEAD", HTTPPost: "POST", HTTPPut: "PUT", HTTPDelete: "DELETE", HTTPConnect: "CONNECT", HTTPOptions: "OPTIONS", HTTPTrace: "TRACE", HTTPPatch: "PATCH", HTTPPurge: "PURGE", HTTPDebug: "DEBUG", }
HTTPMethodMapping is a table for conversion of method from string.
var LeaveDefaultPorts = false
LeaveDefaultPorts skips normalization of default standard ports
var RequestPartDefinitions = map[string]string{
"template-id": "ID of the template executed",
"template-info": "Info Block of the template executed",
"template-path": "Path of the template executed",
"host": "Host is the input to the template",
"matched": "Matched is the input which was matched upon",
"type": "Type is the type of request made",
"request": "HTTP request made from the client",
"response": "HTTP response received from server",
"status_code": "Status Code received from the Server",
"body": "HTTP response body received from server (default)",
"content_length": "HTTP Response content length",
"header,all_headers": "HTTP response headers",
"duration": "HTTP request time duration",
"all": "HTTP response body + headers",
"cookies_from_response": "HTTP response cookies in name:value format",
"headers_from_response": "HTTP response headers in name:value format",
}
RequestPartDefinitions contains a mapping of request part definitions and their description. Multiple definitions are separated by commas. Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.
Functions ¶
func GetDefaultSignerVars ¶
func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}
GetDefaultSignerVars returns the default signer variables
func GetVariablesNamesSkipList ¶
func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}
GetVariablesNamesSkipList depending on the signature type
Types ¶
type HTTPMethodType ¶
type HTTPMethodType int
HTTPMethodType is the type of the method specified
const ( // name:GET HTTPGet HTTPMethodType = iota + 1 // name:HEAD HTTPHead // name:POST HTTPPost // name:PUT HTTPPut // name:DELETE HTTPDelete // name:CONNECT HTTPConnect // name:OPTIONS HTTPOptions // name:TRACE HTTPTrace // name:PATCH HTTPPatch // name:PURGE HTTPPurge // name:Debug HTTPDebug )
name:HTTPMethodType
func GetSupportedHTTPMethodTypes ¶
func GetSupportedHTTPMethodTypes() []HTTPMethodType
GetSupportedHTTPMethodTypes returns list of supported types
func (HTTPMethodType) String ¶
func (t HTTPMethodType) String() string
type HTTPMethodTypeHolder ¶
type HTTPMethodTypeHolder struct {
MethodType HTTPMethodType `mapping:"true"`
}
HTTPMethodTypeHolder is used to hold internal type of the HTTP Method
func (HTTPMethodTypeHolder) JSONSchema ¶
func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema
func (*HTTPMethodTypeHolder) MarshalJSON ¶
func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)
func (HTTPMethodTypeHolder) MarshalYAML ¶
func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)
func (HTTPMethodTypeHolder) String ¶
func (holder HTTPMethodTypeHolder) String() string
func (*HTTPMethodTypeHolder) UnmarshalJSON ¶
func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error
func (*HTTPMethodTypeHolder) UnmarshalYAML ¶
func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
type Request ¶
type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline" json:",inline"` // description: | // Path contains the path/s for the HTTP requests. It supports variables // as placeholders. // examples: // - name: Some example path values // value: > // []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"} Path []string `` /* 136-byte string literal not displayed */ // description: | // Raw contains HTTP Requests in Raw format. // examples: // - name: Some example raw requests // value: | // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw,omitempty" json:"raw,omitempty" jsonschema:"http requests in raw format,description=HTTP Requests in Raw Format"` // ID is the optional id of the request ID string `yaml:"id,omitempty" json:"id,omitempty" jsonschema:"title=id for the http request,description=ID for the HTTP Request"` // description: | // Name is the optional name of the request. // // If a name is specified, all the named request in a template can be matched upon // in a combined manner allowing multi-request based matchers. Name string `` /* 135-byte string literal not displayed */ // description: | // Attack is the type of payload combinations to perform. // // batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates // permutations and combinations for all payloads. // values: // - "batteringram" // - "pitchfork" // - "clusterbomb" AttackType generators.AttackTypeHolder `` /* 216-byte string literal not displayed */ // description: | // Method is the HTTP Request Method. Method HTTPMethodTypeHolder `` /* 255-byte string literal not displayed */ // description: | // Body is an optional parameter which contains HTTP Request body. // examples: // - name: Same Body for a Login POST request // value: "\"username=test&password=test\"" Body string `` /* 167-byte string literal not displayed */ // description: | // Payloads contains any payloads for the current request. // // Payloads support both key-values combinations where a list // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. Payloads map[string]interface{} `` /* 167-byte string literal not displayed */ // description: | // Headers contains HTTP Headers to send with the request. // examples: // - value: | // map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"} Headers map[string]string `` /* 173-byte string literal not displayed */ // description: | // RaceCount is the number of times to send a request in Race Condition Attack. // examples: // - name: Send a request 5 times // value: "5" RaceNumberRequests int `` /* 197-byte string literal not displayed */ // description: | // MaxRedirects is the maximum number of redirects that should be followed. // examples: // - name: Follow up to 5 redirects // value: "5" MaxRedirects int `` /* 182-byte string literal not displayed */ // description: | // PipelineConcurrentConnections is number of connections to create during pipelining. // examples: // - name: Create 40 concurrent connections // value: 40 PipelineConcurrentConnections int `` /* 211-byte string literal not displayed */ // description: | // PipelineRequestsPerConnection is number of requests to send per connection when pipelining. // examples: // - name: Send 100 requests per pipeline connection // value: 100 PipelineRequestsPerConnection int `` /* 242-byte string literal not displayed */ // description: | // Threads specifies number of threads to use sending requests. This enables Connection Pooling. // // Connection: Close attribute must not be used in request while using threads flag, otherwise // pooling will fail and engine will continue to close connections after requests. // examples: // - name: Send requests using 10 concurrent threads // value: 10 Threads int `` /* 202-byte string literal not displayed */ // description: | // MaxSize is the maximum size of http response body to read in bytes. // examples: // - name: Read max 2048 bytes of the response // value: 2048 MaxSize int `` /* 166-byte string literal not displayed */ // Fuzzing describes schema to fuzz http requests Fuzzing []*fuzz.Rule `` /* 162-byte string literal not displayed */ CompiledOperators *operators.Operators `yaml:"-" json:"-"` // description: | // SelfContained specifies if the request is self-contained. SelfContained bool `yaml:"self-contained,omitempty" json:"self-contained,omitempty"` // description: | // Signature is the request signature method // values: // - "AWS" Signature SignatureTypeHolder `` /* 187-byte string literal not displayed */ // description: | // CookieReuse is an optional setting that enables cookie reuse for // all requests defined in raw section. // Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases. CookieReuse bool `` /* 162-byte string literal not displayed */ // description: | // DisableCookie is an optional setting that disables cookie reuse DisableCookie bool `` /* 168-byte string literal not displayed */ // description: | // Enables force reading of the entire raw unsafe request body ignoring // any specified content length headers. ForceReadAllBody bool `` /* 159-byte string literal not displayed */ // description: | // Redirects specifies whether redirects should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. Redirects bool `` /* 172-byte string literal not displayed */ // description: | // Redirects specifies whether only redirects to the same host should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. HostRedirects bool `` /* 209-byte string literal not displayed */ // description: | // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining // // All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests. Pipeline bool `` /* 186-byte string literal not displayed */ // description: | // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. // // This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete // control over the request, with no normalization performed by the client. Unsafe bool `` /* 198-byte string literal not displayed */ // description: | // Race determines if all the request have to be attempted at the same time (Race Condition) // // The actual number of requests that will be sent is determined by the `race_count` field. Race bool `` /* 210-byte string literal not displayed */ // description: | // ReqCondition automatically assigns numbers to requests and preserves their history. // // This allows matching on them later for multi-request conditions. // Deprecated: request condition will be detected automatically (https://github.com/secoba/nuclei/issues/2393) ReqCondition bool `` /* 187-byte string literal not displayed */ // description: | // StopAtFirstMatch stops the execution of the requests and template as soon as a match is found. StopAtFirstMatch bool `` /* 166-byte string literal not displayed */ // description: | // SkipVariablesCheck skips the check for unresolved variables in request SkipVariablesCheck bool `` /* 179-byte string literal not displayed */ // description: | // IterateAll iterates all the values extracted from internal extractors // Deprecated: Use flow instead . iterate-all will be removed in future releases IterateAll bool `` /* 170-byte string literal not displayed */ // description: | // DigestAuthUsername specifies the username for digest authentication DigestAuthUsername string `` /* 209-byte string literal not displayed */ // description: | // DigestAuthPassword specifies the password for digest authentication DigestAuthPassword string `` /* 209-byte string literal not displayed */ // description: | // DisablePathAutomerge disables merging target url path with raw request path DisablePathAutomerge bool `` /* 193-byte string literal not displayed */ // description: | // Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not FuzzPreCondition []*matchers.Matcher `` /* 221-byte string literal not displayed */ // description: | // FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR FuzzPreConditionOperator string `` /* 205-byte string literal not displayed */ // contains filtered or unexported fields }
Request contains a http request to be made from a template
func (*Request) CanCluster ¶
CanCluster returns true if the request can be clustered.
This used by the clustering engine to decide whether two requests are similar enough to be considered one and can be checked by just adding the matcher/extractors for the request and the correct IDs.
func (*Request) Compile ¶
func (request *Request) Compile(options *protocols.ExecutorOptions) error
Compile compiles the protocol request for further execution.
func (*Request) ExecuteWithResults ¶
func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error
ExecuteWithResults executes the final request on a URL
func (*Request) Extract ¶
func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}
Extract performs extracting operation for an extractor on model and returns true or false.
func (*Request) GetCompiledOperators ¶
func (Request) JSONSchemaExtend ¶
func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)
func (*Request) MakeResultEvent ¶
func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
MakeResultEvent creates a result event from internal wrapped event
func (*Request) MakeResultEventItem ¶
func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
func (*Request) Match ¶
func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
Match matches a generic data response again a given matcher TODO: Try to consolidate this in protocols.MakeDefaultMatchFunc to avoid any inconsistencies
func (*Request) NeedsRequestCondition ¶
NeedsRequestCondition determines if request condition should be enabled
func (*Request) Options ¶
func (r *Request) Options() *protocols.ExecutorOptions
Options returns executer options for http request
func (*Request) ShouldFuzzTarget ¶
func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool
ShouldFuzzTarget checks if given target should be fuzzed or not using `filter` field in template
func (*Request) Type ¶
func (request *Request) Type() templateTypes.ProtocolType
Type returns the type of the protocol request
type SignatureType ¶
type SignatureType int
SignatureType is the type of signature
const (
AWSSignature SignatureType = iota + 1
)
Supported values for the SignatureType
func GetSupportedSignaturesTypes ¶
func GetSupportedSignaturesTypes() []SignatureType
func (SignatureType) String ¶
func (t SignatureType) String() string
type SignatureTypeHolder ¶
type SignatureTypeHolder struct {
Value SignatureType
}
SignatureTypeHolder is used to hold internal type of the signature
func (SignatureTypeHolder) JSONSchema ¶
func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema
func (SignatureTypeHolder) MarshalJSON ¶
func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)
func (SignatureTypeHolder) MarshalYAML ¶
func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)
func (*SignatureTypeHolder) UnmarshalJSON ¶
func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error
func (*SignatureTypeHolder) UnmarshalYAML ¶
func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package raw provides raw http request parsing abilities for nuclei.
|
Package raw provides raw http request parsing abilities for nuclei. |