Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Add helper function for rand stuffs #234

Closed
dwisiswant0 opened this issue Aug 16, 2020 · 3 comments · Fixed by #348
Closed

[feature] Add helper function for rand stuffs #234

dwisiswant0 opened this issue Aug 16, 2020 · 3 comments · Fixed by #348
Assignees
@Mzack9999
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v2.2.0

Comments

@dwisiswant0
Copy link
Member

dwisiswant0 commented Aug 16, 2020
edited
Loading

Is your feature request related to a problem? Please describe.

Hi, I think it would be very useful to add a new help function to generate random stuffs.

For example, as in the Metasploit module.

> grep "def self.rand" /usr/share/metasploit-framework/lib/rex/text.rb
def self.rand_char(bad, chars = AllChars)
def self.rand_base(len, bad, *foo)
def self.rand_text(len, bad='', chars = AllChars)
def self.rand_text_alpha(len, bad='')
def self.rand_text_alpha_lower(len, bad='')
def self.rand_text_alpha_upper(len, bad='')
def self.rand_text_alphanumeric(len, bad='')
def self.rand_text_numeric(len, bad='')
def self.rand_text_english(len, bad='')
def self.rand_text_highascii(len, bad='')
def self.randomize_space(str)
def self.rand_hostname
def self.rand_state()
@ehsandeep ehsandeep added Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Type: Enhancement Most issues will probably ask for additions or changes. and removed enhancement labels Aug 16, 2020
@averagesecurityguy
Copy link

The idea would be to add random values within payloads like:

id: put-method-enabled

info:
  name: PUT method enabled
  author: xElkomy
  severity: high

# https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled

requests:
  - raw:
      - |
        PUT /{{RandFile}} HTTP/1.1
        Content-Type: text/plain
        {{RandText}}
      - |
        GET /{{RandFile}} HTTP/1.1
        Content-Type: text/plain
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - {{RandText}}

If so, I believe this is the place where the values would be added to the templates, right?

nuclei/v2/pkg/requests/bulk-http-request.go

Lines 84 to 94 in bdb3321

func (r *BulkHTTPRequest) MakeHTTPRequest(baseURL string, dynamicValues map[string]interface{}, data string) (*HttpRequest, error) {
parsed, err := url.Parse(baseURL)
if err != nil {
return nil, err
}
hostname := parsed.Host
values := generators.MergeMaps(dynamicValues, map[string]interface{}{
"BaseURL": baseURL,
"Hostname": hostname,
})

Would just need to define the rand methods, maybe in a new file, requests/randtext.go?

If this is all correct, I can try to put together a PR next week.

Mzack9999 added a commit that referenced this issue Oct 11, 2020
@Mzack9999
adding random generators - close #234
ed855c9
@Mzack9999 Mzack9999 linked a pull request Oct 11, 2020 that will close this issue
reducing locking #348
Merged
@Mzack9999 Mzack9999 added this to the 2.1.2 milestone Oct 11, 2020
@Mzack9999 Mzack9999 self-assigned this Oct 11, 2020
@dwisiswant0 dwisiswant0 mentioned this issue Feb 24, 2021
Closed
@marcelo321
Copy link

Sorry guys but can anyone like me the dcoumentation for the random string/int generation? since I can't find it and i don't know how to use it properly

@dwisiswant0
Copy link
Member Author

@marcelo321 - see https://nuclei.projectdiscovery.io/templating-guide/helper-functions/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v2.2.0
Development

Successfully merging a pull request may close this issue.

reducing locking projectdiscovery/nuclei
5 participants
@averagesecurityguy @ehsandeep @Mzack9999 @dwisiswant0 @marcelo321