add exp concept code

iiiusky · Jun 17, 2021 · a4f86d2 · a4f86d2
1 parent ae4cfd0
commit a4f86d2
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go
@@ -85,6 +85,7 @@ based on templates offering massive extensibility and ease of use.`)
 	set.BoolVar(&options.SystemResolvers, "system-resolvers", false, "Use system dns resolving as error fallback")
 	set.IntVar(&options.PageTimeout, "page-timeout", 20, "Seconds to wait for each page in headless")
 	set.BoolVarP(&options.NewTemplates, "new-templates", "nt", false, "Only run newly added templates")
+	set.BoolVar(&options.ExploitMode, "exp", false, "exploit mode")
 	set.StringVarP(&options.DiskExportDirectory, "markdown-export", "me", "", "Directory to export results in markdown format")
 	set.StringVarP(&options.SarifExport, "sarif-export", "se", "", "File to export results in sarif format")
 	set.BoolVar(&options.NoInteractsh, "no-interactsh", false, "Do not use interactsh server for blind interaction polling")

diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go
@@ -72,7 +72,8 @@ type Request struct {
 	// ReqCondition automatically assigns numbers to requests and preserves
 	// their history for being matched at the end.
 	// Currently only works with sequential http requests.
-	ReqCondition bool `yaml:"req-condition"`
+	ReqCondition bool                   `yaml:"req-condition"`
+	Vars         map[string]interface{} `yaml:"vars"`
 }
 
 // GetID returns the unique ID of the request if any.

diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go
@@ -3,6 +3,7 @@ package http
 import (
 	"bytes"
 	"fmt"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -253,6 +254,8 @@ const drainReqSize = int64(8 * 1024)
 func (r *Request) executeRequest(reqURL string, request *generatedRequest, previous output.InternalEvent, callback protocols.OutputEventCallback, requestCount int) error {
 	r.setCustomHeaders(request)
 
+	r.setVars(request)
+
 	var (
 		resp          *http.Response
 		fromcache     bool
@@ -445,3 +448,15 @@ func (r *Request) setCustomHeaders(req *generatedRequest) {
 		}
 	}
 }
+
+// setCustomHeaders sets the custom headers for generated request
+func (r *Request) setVars(req *generatedRequest) {
+	req.request.Request.URL.Path = replacer.Replace(req.request.Request.URL.Path, req.original.Vars)
+	req.request.Request.URL.RawQuery = replacer.Replace(req.request.Request.URL.RawQuery, req.original.Vars)
+
+	for k, v := range r.customHeaders {
+		if req.rawRequest != nil {
+			req.rawRequest.Headers[k] = replacer.Replace(req.rawRequest.Headers[v], req.original.Vars)
+		}
+	}
+}
diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go
@@ -127,4 +127,6 @@ type Options struct {
 	NewTemplates bool
 	// NoInteractsh disables use of interactsh server for interaction polling
 	NoInteractsh bool
+	// ExploitMode disables use of interactsh server for interaction polling
+	ExploitMode bool
 }