working poc

projectdiscovery · Oct 8, 2020 · eb73df7 · eb73df7
1 parent 1fccfc1
commit eb73df7
Show file tree

Hide file tree

Showing 4 changed files with 230 additions and 39 deletions.
diff --git a/v2/go.mod b/v2/go.mod
@@ -16,9 +16,9 @@ require (
 	github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1
 	github.com/projectdiscovery/retryabledns v1.0.4
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
-	github.com/stretchr/testify v1.5.1
+	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/vbauerster/mpb/v5 v5.3.0
-	golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c
+	golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0
 	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
 	gopkg.in/yaml.v2 v2.3.0
 )
diff --git a/v2/go.sum b/v2/go.sum
@@ -1,17 +1,20 @@
+github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4=
 github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg=
 github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
+github.com/blang/semver v1.1.0 h1:ol1rO7QQB5uy7umSNV7VAmLugfLRD+17sYJujRNYPhg=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/d5/tengo v1.24.8 h1:PRJ+NWt7ae/9sSbIfThOBTkPSvNV+dwYoBAvwfNgNJY=
 github.com/d5/tengo/v2 v2.6.2 h1:AnPhA/Y5qrNLb5QSWHU9uXq25T3QTTdd2waTgsAHMdc=
 github.com/d5/tengo/v2 v2.6.2/go.mod h1:XRGjEs5I9jYIKTxly6HCF8oiiilk5E/RYXOZ5b0DZC8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
 github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II=
 github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
@@ -35,21 +38,24 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLD
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/projectdiscovery/gologger v1.0.1 h1:FzoYQZnxz9DCvSi/eg5A6+ET4CQ0CDUs27l6Exr8zMQ=
 github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE=
+github.com/projectdiscovery/rawhttp v0.0.1 h1:g9lzZPNBZsIAscTS2VLgv8RGQJcFXsOOTlzU49mDeBk=
+github.com/projectdiscovery/rawhttp v0.0.1/go.mod h1:RkML6Yq6hf4z2wAUXisa15al4bS+wuJnlhM5ZOfn9k4=
 github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1 h1:I3aE8ta92M2XbrYKNYOTlXhodxyH+zQOt1jIatorhQA=
 github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/retryabledns v1.0.4 h1:0Va7qHlWQsIXjRLISTjzfN3tnJmHYDudY05Nu3IJd60=
 github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
 github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek=
+github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
 github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/vbauerster/mpb v1.1.3 h1:IRgic8VFaURXkW0VxDLkNOiNaAgtw0okB2YIaVvJDI4=
+github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw=
 github.com/vbauerster/mpb/v5 v5.3.0 h1:vgrEJjUzHaSZKDRRxul5Oh4C72Yy/5VEMb0em+9M0mQ=
 github.com/vbauerster/mpb/v5 v5.3.0/go.mod h1:4yTkvAb8Cm4eylAp6t0JRq6pXDkFJ4krUlDqWYkakAs=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -61,10 +67,9 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c h1:dk0ukUIHmGHqASjP0iue2261isepFCC6XRCSd1nHgDw=
-golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c/go.mod h1:iQL9McJNjoIa5mjH6nYTCTZXUN6RP+XW3eib7Ya3XcI=
+golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 h1:wBouT66WTYFXdxfVdz9sVWARVd/2vfGcmI45D2gj45M=
+golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -73,12 +78,13 @@ golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=

diff --git a/v2/pkg/executer/executer_http.go b/v2/pkg/executer/executer_http.go
@@ -26,6 +26,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/templates"
 	"github.com/projectdiscovery/rawhttp"
 	"github.com/projectdiscovery/retryablehttp-go"
+	"github.com/remeh/sizedwaitgroup"
 	"golang.org/x/net/proxy"
 )
 
@@ -37,19 +38,18 @@ const (
 // HTTPExecuter is client for performing HTTP requests
 // for a template.
 type HTTPExecuter struct {
-	coloredOutput         bool
-	debug                 bool
-	Results               bool
-	jsonOutput            bool
-	jsonRequest           bool
-	httpClient            *retryablehttp.Client
-	rawHttpClient         *rawhttp.Client
-	rawPipelineHTTPClient *rawhttp.PipelineClient
-	template              *templates.Template
-	bulkHTTPRequest       *requests.BulkHTTPRequest
-	writer                *bufwriter.Writer
-	customHeaders         requests.CustomHeaders
-	CookieJar             *cookiejar.Jar
+	coloredOutput   bool
+	debug           bool
+	Results         bool
+	jsonOutput      bool
+	jsonRequest     bool
+	httpClient      *retryablehttp.Client
+	rawHttpClient   *rawhttp.Client
+	template        *templates.Template
+	bulkHTTPRequest *requests.BulkHTTPRequest
+	writer          *bufwriter.Writer
+	customHeaders   requests.CustomHeaders
+	CookieJar       *cookiejar.Jar
 
 	colorizer   colorizer.NucleiColorizer
 	decolorizer *regexp.Regexp
@@ -107,31 +107,98 @@ func NewHTTPExecuter(options *HTTPOptions) (*HTTPExecuter, error) {
 
 	// initiate raw http client
 	rawClient := rawhttp.NewClient(rawhttp.DefaultOptions)
-	// initiate raw pipeline http client
-	rawPipelineHTTPClient := rawhttp.NewPipelineClient(rawhttp.DefaultPipelineOptions)
 
 	executer := &HTTPExecuter{
-		debug:                 options.Debug,
-		jsonOutput:            options.JSON,
-		jsonRequest:           options.JSONRequests,
-		httpClient:            client,
-		rawHttpClient:         rawClient,
-		rawPipelineHTTPClient: rawPipelineHTTPClient,
-		template:              options.Template,
-		bulkHTTPRequest:       options.BulkHTTPRequest,
-		writer:                options.Writer,
-		customHeaders:         options.CustomHeaders,
-		CookieJar:             options.CookieJar,
-		coloredOutput:         options.ColoredOutput,
-		colorizer:             *options.Colorizer,
-		decolorizer:           options.Decolorizer,
+		debug:           options.Debug,
+		jsonOutput:      options.JSON,
+		jsonRequest:     options.JSONRequests,
+		httpClient:      client,
+		rawHttpClient:   rawClient,
+		template:        options.Template,
+		bulkHTTPRequest: options.BulkHTTPRequest,
+		writer:          options.Writer,
+		customHeaders:   options.CustomHeaders,
+		CookieJar:       options.CookieJar,
+		coloredOutput:   options.ColoredOutput,
+		colorizer:       *options.Colorizer,
+		decolorizer:     options.Decolorizer,
 	}
 
 	return executer, nil
 }
 
+func (e *HTTPExecuter) ExecuteTurboHTTP(ctx context.Context, p progress.IProgress, reqURL string) (result Result) {
+	result.Matches = make(map[string]interface{})
+	result.Extractions = make(map[string]interface{})
+
+	result.Matches = make(map[string]interface{})
+	result.Extractions = make(map[string]interface{})
+	dynamicvalues := make(map[string]interface{})
+
+	// verify if the URL is already being processed
+	if e.bulkHTTPRequest.HasGenerator(reqURL) {
+		return
+	}
+
+	remaining := e.bulkHTTPRequest.GetRequestCount()
+	e.bulkHTTPRequest.CreateGenerator(reqURL)
+
+	// need to extract the target from the url
+	URL, err := url.Parse(reqURL)
+	if err != nil {
+		return
+	}
+
+	pipeOptions := rawhttp.DefaultPipelineOptions
+	pipeOptions.Host = URL.Host
+	pipeOptions.MaxConnections = 1
+	if e.bulkHTTPRequest.PipelineMaxWorkers > 0 {
+		pipeOptions.MaxConnections = e.bulkHTTPRequest.PipelineMaxWorkers
+	}
+	pipeclient := rawhttp.NewPipelineClient(pipeOptions)
+
+	// Workers that keeps enqueuing new requests
+	maxWorkers := 150
+	if e.bulkHTTPRequest.PipelineMaxWorkers > 0 {
+		maxWorkers = e.bulkHTTPRequest.PipelineMaxWorkers
+	}
+
+	swg := sizedwaitgroup.New(maxWorkers)
+	for e.bulkHTTPRequest.Next(reqURL) && !result.Done {
+		request, err := e.bulkHTTPRequest.MakeHTTPRequest(ctx, reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL))
+		if err != nil {
+			result.Error = err
+			p.Drop(remaining)
+		} else {
+			swg.Add()
+			go func(httpRequest *requests.HTTPRequest) {
+				defer swg.Done()
+
+				// If the request was built correctly then execute it
+				err = e.handleHTTPPipeline(pipeclient, reqURL, httpRequest, dynamicvalues, &result)
+				if err != nil {
+					result.Error = errors.Wrap(err, "could not handle http request")
+					p.Drop(remaining)
+				}
+
+			}(request)
+		}
+
+		e.bulkHTTPRequest.Increment(reqURL)
+	}
+
+	swg.Wait()
+
+	return result
+}
+
 // ExecuteHTTP executes the HTTP request on a URL
 func (e *HTTPExecuter) ExecuteHTTP(ctx context.Context, p progress.IProgress, reqURL string) (result Result) {
+	// verify if pipeline was requested
+	if e.bulkHTTPRequest.Pipeline {
+		return e.ExecuteTurboHTTP(ctx, p, reqURL)
+	}
+
 	result.Matches = make(map[string]interface{})
 	result.Extractions = make(map[string]interface{})
 	dynamicvalues := make(map[string]interface{})
@@ -169,6 +236,122 @@ func (e *HTTPExecuter) ExecuteHTTP(ctx context.Context, p progress.IProgress, re
 	return result
 }
 
+func (e *HTTPExecuter) handleHTTPPipeline(pipeline *rawhttp.PipelineClient, reqURL string, request *requests.HTTPRequest, dynamicvalues map[string]interface{}, result *Result) error {
+	// TODO: for now just a copy+paste for testing purposes => Needs to be fully async
+	e.setCustomHeaders(request)
+
+	var (
+		resp *http.Response
+		err  error
+	)
+
+	if e.debug {
+		dumpedRequest, err := requests.Dump(request, reqURL)
+		if err != nil {
+			return err
+		}
+
+		gologger.Infof("Dumped HTTP request for %s (%s)\n\n", reqURL, e.template.ID)
+		fmt.Fprintf(os.Stderr, "%s", string(dumpedRequest))
+	}
+
+	timeStart := time.Now()
+	resp, err = pipeline.DoRaw(request.RawRequest.Method, reqURL, request.RawRequest.Path, requests.ExpandMapValues(request.RawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.RawRequest.Data)))
+	if err != nil {
+		return err
+	}
+	duration := time.Since(timeStart)
+
+	if e.debug {
+		dumpedResponse, dumpErr := httputil.DumpResponse(resp, true)
+		if dumpErr != nil {
+			return errors.Wrap(dumpErr, "could not dump http response")
+		}
+
+		gologger.Infof("Dumped HTTP response for %s (%s)\n\n", reqURL, e.template.ID)
+		fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse))
+	}
+
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		_, copyErr := io.Copy(ioutil.Discard, resp.Body)
+		if copyErr != nil {
+			resp.Body.Close()
+			return copyErr
+		}
+
+		resp.Body.Close()
+
+		return errors.Wrap(err, "could not read http body")
+	}
+
+	resp.Body.Close()
+
+	// net/http doesn't automatically decompress the response body if an encoding has been specified by the user in the request
+	// so in case we have to manually do it
+	data, err = requests.HandleDecompression(request, data)
+	if err != nil {
+		return errors.Wrap(err, "could not decompress http body")
+	}
+
+	// Convert response body from []byte to string with zero copy
+	body := unsafeToString(data)
+
+	headers := headersToString(resp.Header)
+	matcherCondition := e.bulkHTTPRequest.GetMatchersCondition()
+
+	for _, matcher := range e.bulkHTTPRequest.Matchers {
+		// Check if the matcher matched
+		if !matcher.Match(resp, body, headers, duration) {
+			// If the condition is AND we haven't matched, try next request.
+			if matcherCondition == matchers.ANDCondition {
+				return nil
+			}
+		} else {
+			// If the matcher has matched, and its an OR
+			// write the first output then move to next matcher.
+			if matcherCondition == matchers.ORCondition {
+				result.Matches[matcher.Name] = nil
+				// probably redundant but ensures we snapshot current payload values when matchers are valid
+				result.Meta = request.Meta
+				e.writeOutputHTTP(request, resp, body, matcher, nil)
+				result.GotResults = true
+			}
+		}
+	}
+
+	// All matchers have successfully completed so now start with the
+	// next task which is extraction of input from matchers.
+	var extractorResults, outputExtractorResults []string
+
+	for _, extractor := range e.bulkHTTPRequest.Extractors {
+		for match := range extractor.Extract(resp, body, headers) {
+			if _, ok := dynamicvalues[extractor.Name]; !ok {
+				dynamicvalues[extractor.Name] = match
+			}
+
+			extractorResults = append(extractorResults, match)
+
+			if !extractor.Internal {
+				outputExtractorResults = append(outputExtractorResults, match)
+			}
+		}
+		// probably redundant but ensures we snapshot current payload values when extractors are valid
+		result.Meta = request.Meta
+		result.Extractions[extractor.Name] = extractorResults
+	}
+
+	// Write a final string of output if matcher type is
+	// AND or if we have extractors for the mechanism too.
+	if len(outputExtractorResults) > 0 || matcherCondition == matchers.ANDCondition {
+		e.writeOutputHTTP(request, resp, body, nil, outputExtractorResults)
+
+		result.GotResults = true
+	}
+
+	return nil
+}
+
 func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest, dynamicvalues map[string]interface{}, result *Result) error {
 	e.setCustomHeaders(request)
 

diff --git a/v2/pkg/requests/bulk-http-request.go b/v2/pkg/requests/bulk-http-request.go
@@ -65,7 +65,9 @@ type BulkHTTPRequest struct {
 	Raw []string `yaml:"raw,omitempty"`
 	// Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining (race conditions/billions requests)
 	// All requests must be indempotent (GET/POST)
-	Pipeline bool `yaml:"pipeline,omitempty"`
+	Pipeline               bool `yaml:"pipeline,omitempty"`
+	PipelineMaxConnections int  `yaml:"pipeline-max-connections,omitempty"`
+	PipelineMaxWorkers     int  `yaml:"pipeline-max-workers,omitempty"`
 	// Specify in order to skip request RFC normalization
 	Unsafe bool `yaml:"unsafe,omitempty"`
 	// DisableAutoHostname Enable/Disable Host header for unsafe raw requests