httptpl

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2024 License: AGPL-3.0 Imports: 68 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Exports = map[string]interface{}{
	"Scan":     ScanLegacy,
	"ScanAuto": ScanAuto,

	"customVulnFilter":        WithCustomVulnFilter,
	"tags":                    WithTags,
	"excludeTags":             nucleiOptionDummy("excludeTags"),
	"workflows":               nucleiOptionDummy("workflows"),
	"templates":               WithTemplateName,
	"excludeTemplates":        WithExcludeTemplates,
	"templatesDir":            nucleiOptionDummy("templatesDir"),
	"headers":                 nucleiOptionDummy("headers"),
	"severity":                nucleiOptionDummy("severity"),
	"output":                  nucleiOptionDummy("output"),
	"proxy":                   lowhttp.WithProxy,
	"logFile":                 nucleiOptionDummy("logFile"),
	"reportingDB":             nucleiOptionDummy("reportingDB"),
	"reportingConfig":         nucleiOptionDummy("reportingConfig"),
	"bulkSize":                WithConcurrentTemplates,
	"templatesThreads":        WithConcurrentInTemplates,
	"timeout":                 _timeout,
	"pageTimeout":             _timeout,
	"retry":                   lowhttp.WithRetryTimes,
	"rateLimit":               rateLimit,
	"headless":                nucleiOptionDummy("headless"),
	"showBrowser":             nucleiOptionDummy("showBrowser"),
	"dnsResolver":             lowhttp.WithDNSServers,
	"systemDnsResolver":       nucleiOptionDummy("systemDnsResolver"),
	"metrics":                 nucleiOptionDummy("metrics"),
	"debug":                   WithDebug,
	"interactshTimeout":       WithOOBTimeout,
	"debugRequest":            WithDebugRequest,
	"debugResponse":           WithDebugResponse,
	"silent":                  nucleiOptionDummy("silent"),
	"version":                 nucleiOptionDummy("version"),
	"verbose":                 WithVerbose,
	"noColor":                 nucleiOptionDummy("noColor"),
	"updateTemplates":         nucleiOptionDummy("updateTemplates"),
	"templatesVersion":        nucleiOptionDummy("templatesVersion"),
	"templateList":            nucleiOptionDummy("templateList"),
	"stopAtFirstMatch":        nucleiOptionDummy("stopAtFirstMatch"),
	"noMeta":                  nucleiOptionDummy("noMeta"),
	"newTemplates":            nucleiOptionDummy("newTemplates"),
	"noInteractsh":            noInteractsh,
	"reverseUrl":              nucleiOptionDummy("reverseUrl"),
	"enableReverseConnection": WithEnableReverseConnectionFeature,
	"targetConcurrent":        WithConcurrentTarget,
	"rawTemplate":             WithTemplateRaw,
	"fuzzQueryTemplate":       WithFuzzQueryTemplate,
	"exactTemplateIns":        WithExactTemplateInstance,
	"all":                     WithAllTemplate,

	"runtimeId":         WithHttpTplRuntimeId,
	"mode":              WithMode,
	"resultCallback":    _callback,
	"tcpResultCallback": _tcpCallback,
	"https":             lowhttp.WithHttps,
	"http2":             lowhttp.WithHttp2,
	"fromPlugin":        lowhttp.WithFromPlugin,
	"context":           WithContext,
}
View Source 
var (
	PublicIPGetOnce sync.Once
)

Functions

func CheckingDNSLogOOB added in v1.2.2 

func CheckingDNSLogOOB(token string, timeout ...float64) bool

func ExecNucleiTag added in v1.2.8 

func ExecNucleiTag(raw string, vars map[string]any) (result string, err error)

ExecNucleiTag 执行包含tag的字符串

func ExtractKValFromBody added in v1.2.6 

func ExtractKValFromBody(body string) map[string]interface{}

func ExtractKValFromResponse 

func ExtractKValFromResponse(rsp []byte) map[string]interface{}

func ExtractResultToString added in v1.2.3 

func ExtractResultToString(i interface{}) string

func FuzzCalcExpr 

func FuzzCalcExpr() map[string]any

func FuzzCalcExpr2 added in v1.2.8 

func FuzzCalcExpr2() map[string]any

func FuzzCalcExpr3 added in v1.2.8 

func FuzzCalcExpr3() map[string]any

func FuzzNucleiTag added in v1.2.8 

func FuzzNucleiTag(raw string, vars map[string]any, payload map[string][]string, mode string) (result [][]byte, err error)

FuzzNucleiTag 使用payload对包含tag的字符串进行fuzz

func GetNucleiDSLFunctions 

func GetNucleiDSLFunctions() map[string]interface{}

func GetPublicIP added in v1.2.4 

func GetPublicIP() string

func IsExprReady 

func IsExprReady(expr string, m map[string]interface{}) (bool, []string)

func LoadPayloads added in v1.2.8 

func LoadPayloads(data map[string]any) map[string][]string

func LoadVarFromRawResponse 

func LoadVarFromRawResponse(rsp []byte, duration float64, sufs ...string) map[string]interface{}

func MockEchoPlugin added in v1.2.4 

func MockEchoPlugin(onTokens ...func(string)) (string, error)

func RenderNucleiTagWithVar added in v1.2.8 

func RenderNucleiTagWithVar(raw string, vars map[string]any) (result string, err error)

RenderNucleiTagWithVar 渲染变量 (只渲染变量不执行)

func RequireOOBAddr added in v1.2.2 

func RequireOOBAddr(timeout ...float64) (string, string, error)

func ScanAuto 

func ScanAuto(items any, opt ...interface{})

func ScanLegacy added in v1.2.3 

func ScanLegacy(target any, opt ...interface{}) (chan *tools.PocVul, error)

func ScanLegacyWithFilter added in v1.3.1 

func ScanLegacyWithFilter(target any, filterVul *filter.StringFilter, opt ...interface{}) (chan *tools.PocVul, error)

func ScanPacket 

func ScanPacket(req []byte, opts ...interface{}) (count uint64)

func ScanUrl 

func ScanUrl(u string, opt ...interface{}) (count uint64)

func WhatsMyIP added in v1.2.4 

func WhatsMyIP() (string, error)

Types

type Config 

type Config struct {
	// Templates 内部 HTTP 网络并发
	ConcurrentInTemplates int
	// Templates 外部 HTTP 网络并发
	ConcurrentTemplates int
	// ConcurrentTarget 批量扫描的并发
	ConcurrentTarget int

	Callback ResultCallback

	// runtime id for match task
	RuntimeId string
	Ctx       context.Context

	// nuclei / xray
	Mode string

	EnableReverseConnectionFeature bool

	// 搜索 yakit.YakScript
	SingleTemplateRaw      string
	ExactTemplateInstances []*yakit.YakScript
	TemplateName           []string
	FuzzQueryTemplate      []string
	ExcludeTemplates       []string
	Tags                   []string
	QueryAll               bool

	// DebugMode
	Debug         bool
	DebugRequest  bool
	DebugResponse bool

	Verbose bool

	OOBTimeout                float64
	OOBRequireCallback        func(...float64) (string, string, error)
	OOBRequireCheckingTrigger func(string, ...float64) bool

	// onTempalteLoaded
	OnTemplateLoaded  func(*YakTemplate) bool
	BeforeSendPackage func(data []byte, isHttps bool) []byte
	// contains filtered or unexported fields
}

func NewConfig 

func NewConfig(opts ...ConfigOption) *Config

func (*Config) AppendHTTPResultCallback added in v1.2.2 

func (c *Config) AppendHTTPResultCallback(handler HTTPResultCallback)

func (*Config) AppendResultCallback 

func (c *Config) AppendResultCallback(handler ResultCallback)

func (*Config) AppendTCPResultCallback added in v1.2.2 

func (c *Config) AppendTCPResultCallback(handler TCPResultCallback)

func (*Config) ExecuteResultCallback 

func (c *Config) ExecuteResultCallback(y *YakTemplate, bulk *YakRequestBulkConfig, rsp []*lowhttp.LowhttpResponse, result bool, extractor map[string]interface{})

func (*Config) ExecuteTCPResultCallback added in v1.2.2 

func (c *Config) ExecuteTCPResultCallback(y *YakTemplate, bulk *YakNetworkBulkConfig, rsp []*NucleiTcpResponse, result bool, extractor map[string]interface{})

func (*Config) GenerateYakTemplate 

func (c *Config) GenerateYakTemplate() (chan *YakTemplate, error)

func (*Config) IsNuclei 

func (c *Config) IsNuclei() bool

type ConfigOption 

type ConfigOption func(*Config)

func WithAllTemplate added in v1.2.7 

func WithAllTemplate(b bool) ConfigOption

func WithBeforeSendPackage added in v1.2.8 

func WithBeforeSendPackage(f func(data []byte, isHttps bool) []byte) ConfigOption

func WithConcurrentInTemplates 

func WithConcurrentInTemplates(i int) ConfigOption

func WithConcurrentTarget 

func WithConcurrentTarget(i int) ConfigOption

func WithConcurrentTemplates 

func WithConcurrentTemplates(i int) ConfigOption

func WithContext added in v1.3.2 

func WithContext(c context.Context) ConfigOption

func WithCustomVulnFilter added in v1.3.1 

func WithCustomVulnFilter(f *filter.StringFilter) ConfigOption

func WithDebug 

func WithDebug(b bool) ConfigOption

func WithDebugRequest 

func WithDebugRequest(b bool) ConfigOption

func WithDebugResponse 

func WithDebugResponse(b bool) ConfigOption

func WithEnableReverseConnectionFeature 

func WithEnableReverseConnectionFeature(b bool) ConfigOption

func WithExactTemplateInstance added in v1.3.2 

func WithExactTemplateInstance(script *yakit.YakScript) ConfigOption

func WithExcludeTemplates 

func WithExcludeTemplates(s ...string) ConfigOption

func WithFuzzQueryTemplate 

func WithFuzzQueryTemplate(s ...string) ConfigOption

func WithHttpTplRuntimeId added in v1.3.2 

func WithHttpTplRuntimeId(id string) ConfigOption

func WithMode 

func WithMode(s string) ConfigOption

func WithOOBRequireCallback added in v1.2.2 

func WithOOBRequireCallback(f func(...float64) (string, string, error)) ConfigOption

func WithOOBRequireCheckingTrigger added in v1.2.2 

func WithOOBRequireCheckingTrigger(f func(string, ...float64) bool) ConfigOption

func WithOOBTimeout added in v1.2.2 

func WithOOBTimeout(f float64) ConfigOption

func WithOnRisk added in v1.2.4 

func WithOnRisk(target string, onRisk func(i *yakit.Risk)) ConfigOption

func WithOnTemplateLoaded added in v1.2.7 

func WithOnTemplateLoaded(f func(template *YakTemplate) bool) ConfigOption

func WithResultCallback 

func WithResultCallback(f HTTPResultCallback) ConfigOption

func WithTCPResultCallback added in v1.2.2 

func WithTCPResultCallback(f TCPResultCallback) ConfigOption

func WithTags 

func WithTags(f ...string) ConfigOption

func WithTemplateName 

func WithTemplateName(s ...string) ConfigOption

func WithTemplateRaw 

func WithTemplateRaw(b string) ConfigOption

func WithVerbose 

func WithVerbose(b bool) ConfigOption

type HTTPResultCallback added in v1.2.2 

type HTTPResultCallback func(y *YakTemplate, reqBulk *YakRequestBulkConfig, rsp []*lowhttp.LowhttpResponse, result bool, extractor map[string]interface{})

type NucleiDSL 

type NucleiDSL struct {
	Functions         map[string]interface{}
	ExternalVarGetter func(string) (any, bool)
}

func NewNucleiDSLYakSandbox 

func NewNucleiDSLYakSandbox() *NucleiDSL

func (*NucleiDSL) Execute 

func (d *NucleiDSL) Execute(expr string, items ...map[string]interface{}) (interface{}, error)

func (*NucleiDSL) ExecuteAsBool 

func (d *NucleiDSL) ExecuteAsBool(expr string, items ...map[string]interface{}) (bool, error)

func (*NucleiDSL) ExecuteWithOnGetVar added in v1.2.8 

func (d *NucleiDSL) ExecuteWithOnGetVar(expr string, getter func(name string) (any, bool), items ...map[string]interface{}) (interface{}, error)

func (*NucleiDSL) GetUndefinedVarNames 

func (d *NucleiDSL) GetUndefinedVarNames(expr string, extra map[string]interface{}) []string

func (*NucleiDSL) MergeExternalGetter added in v1.3.2 

func (d *NucleiDSL) MergeExternalGetter(getters ...func(string) (any, bool)) func(string) (any, bool)

type NucleiTag added in v1.2.8 

type NucleiTag struct {
	parser.BaseTag
	GetVar     func(s string) (string, bool)
	ExecDSL    func(s string) (string, error)
	Payload    map[string][]string
	AttackMode string
}

func (*NucleiTag) Exec added in v1.2.8 

func (n *NucleiTag) Exec(raw *parser.FuzzResult, params ...map[string]*parser.TagMethod) ([]*parser.FuzzResult, error)

type NucleiTagData 

type NucleiTagData struct {
	IsExpr  bool
	Content string
}

type NucleiTcpResponse added in v1.2.2 

type NucleiTcpResponse struct {
	RawPacket  []byte
	RawRequest []byte
	RemoteAddr string
	RuntimeId  string
}

type RequestBulk 

type RequestBulk struct {
	Requests      []*requestRaw
	RequestConfig *YakRequestBulkConfig
}

type RequestConfig added in v1.2.7 

type RequestConfig struct {
	JsEnableRedirect     bool
	JsMaxRedirects       int
	EnableRedirect       bool
	MaxRedirects         int
	EtcHosts             map[string]string
	DNSServers           []string
	Variables            *YakVariables
	RepeatTimes          int64
	RetryInStatusCode    string
	RetryNotInStatusCode string
	Concurrent           int64
	MaxRetryTimes        int64
	DelayMinSeconds      float64
	DelayMaxSeconds      float64
	ForceFuzz            bool
	RequestTimeout       float64
	NoSystemProxy        bool
	Proxy                string
	Host                 string
	IsGmTLS              bool
	IsHTTPS              bool
}

type ResultCallback 

type ResultCallback func(y *YakTemplate, reqBulk any, rsp any, result bool, extractor map[string]interface{})

func HTTPResultCallbackWrapper added in v1.2.2 

func HTTPResultCallbackWrapper(callback HTTPResultCallback) ResultCallback

func TCPResultCallbackWrapper added in v1.2.2 

func TCPResultCallbackWrapper(callback TCPResultCallback) ResultCallback

type TCPRequestBulk added in v1.2.2 

type TCPRequestBulk struct {
	NetworkBulkConfig *YakNetworkBulkConfig
}

type TCPResultCallback added in v1.2.2 

type TCPResultCallback func(y *YakTemplate, reqBulk *YakNetworkBulkConfig, rsp []*NucleiTcpResponse, result bool, extractor map[string]interface{})

type TemplateVarType added in v1.2.7 

type TemplateVarType string
const (
	FuzztagType       TemplateVarType = "fuzztag"
	RawType           TemplateVarType = "raw"
	NucleiDslType     TemplateVarType = "nuclei-dsl"
	NucleiDynDataType TemplateVarType = "nuclei-dyn-data"
)

type TemplateVarTypePrefix added in v1.2.7 

type TemplateVarTypePrefix string
const (
	FuzztagPrefix TemplateVarTypePrefix = "@fuzztag"
	RawPrefix     TemplateVarTypePrefix = "@raw"
)

type Var 

type Var struct {
	Type TemplateVarType // 需要在保证nuclei中可以正确解析的情况下,携带类型信息,所以对于除nuclei-dsl类型的变量,在值前增加@raw、@fuzztag标记类型
	Data string
}

func NewVar added in v1.2.7 

func NewVar(v string) *Var

func (*Var) GetValue added in v1.2.7 

func (v *Var) GetValue() string

type YakExtractor 

type YakExtractor struct {
	Id   int
	Name string // name or index

	// regexp
	// json
	// kval
	// xpath
	// nuclei-dsl
	Type string

	// body
	// header
	// all
	Scope            string // header body all
	Groups           []string
	RegexpMatchGroup []int
	XPathAttribute   string
}

func NewExtractorFromGRPCModel 

func NewExtractorFromGRPCModel(m *ypb.HTTPResponseExtractor) *YakExtractor

func (*YakExtractor) Execute 

func (y *YakExtractor) Execute(rsp []byte, previous ...map[string]any) (map[string]interface{}, error)

type YakHTTPRequestPacket 

type YakHTTPRequestPacket struct {
	Request string
	// @SNI
	SNI string
	// @Timeout
	Timeout time.Duration
	// @Host
	OverrideHost string
}

func (*YakHTTPRequestPacket) GenerateRaw 

func (s *YakHTTPRequestPacket) GenerateRaw() []*requestRaw

type YakMatcher 

type YakMatcher struct {
	// status
	// content_length
	// binary
	// word
	// regexp
	// expr
	Id          int // first request means 1 second request means 2
	MatcherType string
	/*
		nuclei-dsl
			all_headers
			status_code
			content_length
			body
			raw
	*/
	ExprType string

	// status
	// header
	// body
	// raw
	// interactsh_protocol
	Scope string

	// or
	// and
	Condition string

	Group         []string
	GroupEncoding string

	Negative bool

	// or / and
	SubMatcherCondition string
	SubMatchers         []*YakMatcher

	// record poc name / script name or some verbose
	TemplateName string
}

func NewMatcherFromGRPCModel 

func NewMatcherFromGRPCModel(m *ypb.HTTPResponseMatcher) *YakMatcher

func (*YakMatcher) Execute 

func (y *YakMatcher) Execute(rsp *lowhttp.LowhttpResponse, vars map[string]interface{}, suf ...string) (bool, error)

func (*YakMatcher) ExecuteRaw added in v1.2.2 

func (y *YakMatcher) ExecuteRaw(rsp []byte, vars map[string]interface{}, suf ...string) (bool, error)

func (*YakMatcher) ExecuteRawResponse 

func (y *YakMatcher) ExecuteRawResponse(rsp []byte, vars map[string]interface{}, suf ...string) (bool, error)

func (*YakMatcher) ExecuteRawWithConfig added in v1.2.2 

func (y *YakMatcher) ExecuteRawWithConfig(config *Config, rsp []byte, vars map[string]interface{}, suf ...string) (bool, error)

func (*YakMatcher) ExecuteWithConfig added in v1.2.2 

func (y *YakMatcher) ExecuteWithConfig(config *Config, rsp *lowhttp.LowhttpResponse, vars map[string]interface{}, suf ...string) (bool, error)

type YakNetworkBulkConfig added in v1.2.2 

type YakNetworkBulkConfig struct {
	Inputs   []*YakTcpInput
	Hosts    []string
	ReadSize int

	Matcher   *YakMatcher
	Extractor []*YakExtractor
}

func (*YakNetworkBulkConfig) Execute added in v1.2.2 

func (y *YakNetworkBulkConfig) Execute(
	config *Config,
	vars map[string]interface{}, params map[string]string, lowhttpConfig *lowhttp.LowhttpExecConfig,
	callback func(rsp []*NucleiTcpResponse, matched bool, extractorResults map[string]any),
) error

type YakPayload 

type YakPayload struct {
	FromFile string
	Data     []string
}

type YakPayloads 

type YakPayloads struct {
	// contains filtered or unexported fields
}

func NewYakPayloads added in v1.2.8 

func NewYakPayloads(data map[string]any) (*YakPayloads, error)

func (*YakPayloads) AddPayloads added in v1.2.8 

func (y *YakPayloads) AddPayloads(data map[string]any) error

func (*YakPayloads) GetData added in v1.2.8 

func (y *YakPayloads) GetData() map[string][]string

func (*YakPayloads) GetRawMap added in v1.2.8 

func (y *YakPayloads) GetRawMap() map[string]any

func (*YakPayloads) GetRawPayloads added in v1.2.7 

func (y *YakPayloads) GetRawPayloads() map[string]*YakPayload

type YakRequestBulkConfig 

type YakRequestBulkConfig struct {
	Matcher   *YakMatcher
	Extractor []*YakExtractor

	HTTPRequests []*YakHTTPRequestPacket

	StopAtFirstMatch bool

	CookieInherit      bool
	MaxSize            int
	NoFixContentLength bool
	Payloads           *YakPayloads

	// req-condition - 为 true 的时候,要等所有的请求发送完在执行 Matcher
	AfterRequested bool
	Method         string
	Paths          []string
	Headers        map[string]string
	Body           string
	MaxRedirects   int
	EnableRedirect bool
	// batteringram is not valid!
	// pitchfork means sync
	// cluster bomb means cartesian product
	AttackMode       string // sync // cartesian
	InheritVariables bool
}

func (*YakRequestBulkConfig) GenerateRaw 

func (c *YakRequestBulkConfig) GenerateRaw() []*RequestBulk

type YakTcpHosts added in v1.2.2 

type YakTcpHosts struct {
}

type YakTcpInput added in v1.2.2 

type YakTcpInput struct {
	// data / read(int) / type: hex
	Data string
	Read int
	Type string
}

func (*YakTcpInput) BuildPayload added in v1.2.2 

func (y *YakTcpInput) BuildPayload(vars map[string]any)

type YakTemplate 

type YakTemplate struct {
	//RequestConfig
	Id            string   `json:"id"`
	Name          string   `json:"name"`
	NameZh        string   `json:"nameZh,omitempty"`
	Author        string   `json:"author"`
	Severity      string   `json:"severity,omitempty"`
	Description   string   `json:"description"`
	DescriptionZh string   `json:"descriptionZh"`
	Reference     []string `json:"reference"`
	Tags          []string `json:"tags"`
	CVE           string
	ShodanQuery   string
	Verified      string
	Sign          string
	// SelfContained
	SelfContained bool

	// interactsh
	ReverseConnectionNeed bool `json:"reverseConnectionNeed"`

	TCPRequestSequences  []*YakNetworkBulkConfig
	HTTPRequestSequences []*YakRequestBulkConfig

	// placeHolderMap
	PlaceHolderMap map[string]string
	Variables      *YakVariables
}

func CreateYakTemplateFromNucleiTemplateRaw 

func CreateYakTemplateFromNucleiTemplateRaw(tplRaw string) (*YakTemplate, error)

func (*YakTemplate) CheckTemplateRisks added in v1.2.8 

func (y *YakTemplate) CheckTemplateRisks() error

func (*YakTemplate) Exec 

func (y *YakTemplate) Exec(config *Config, isHttps bool, reqOrigin []byte, opts ...lowhttp.LowhttpOpt) (int, error)

func (*YakTemplate) ExecWithUrl added in v1.2.8 

func (y *YakTemplate) ExecWithUrl(u string, config *Config, opts ...lowhttp.LowhttpOpt) (int, error)

func (*YakTemplate) GenerateRequestSequences added in v1.2.8 

func (y *YakTemplate) GenerateRequestSequences(u string) []*RequestBulk

func (*YakTemplate) NoMatcherAndExtractor added in v1.3.2 

func (y *YakTemplate) NoMatcherAndExtractor() bool

func (*YakTemplate) SignMainParams added in v1.2.8 

func (y *YakTemplate) SignMainParams() string

SignMainParams 对 method, paths, headers, body、raw、matcher、extractor、payloads 签名

type YakVariables 

type YakVariables struct {
	// contains filtered or unexported fields
}

func NewVars 

func NewVars() *YakVariables

func (*YakVariables) AutoSet 

func (v *YakVariables) AutoSet(key string, value string)

func (*YakVariables) GetRaw added in v1.2.7 

func (v *YakVariables) GetRaw() map[string]*Var

func (*YakVariables) Set 

func (v *YakVariables) Set(key string, value string)

func (*YakVariables) SetAsNucleiTags added in v1.2.7 

func (v *YakVariables) SetAsNucleiTags(key string, value string)

func (*YakVariables) SetNucleiDSL 

func (v *YakVariables) SetNucleiDSL(key string, value string)

func (*YakVariables) SetWithType added in v1.2.7 

func (v *YakVariables) SetWithType(key string, value string, typeName string) error

func (*YakVariables) ToMap 

func (v *YakVariables) ToMap() map[string]any

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.