Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add stop at first match for interactsh matchers #1417

Merged
merged 7 commits into from
Dec 30, 2021
Merged

Add stop at first match for interactsh matchers #1417

merged 7 commits into from
Dec 30, 2021

Conversation

parrasajad
Copy link
Contributor

@parrasajad parrasajad commented Dec 21, 2021
edited
Loading

Proposed changes

Extend stop at first match support to interactsh matchers

Example template (from issue)

id: test-interactsh

info:
  name: interactsh test
  author: pdteam
  severity: info

requests:
  - raw:
      - |
        GET /api/geoping/{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /api/geoping/{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers:
      - type: word
        part: interactsh_protocol  # Confirms the DNS Interaction
        words:
          - "dns"
echo https://geonet.shodan.io | nuclei -t test.yaml 

[test-interactsh] [http] [info] https://geonet.shodan.io/api/geoping/c70q752ciaeivnpbsr1gc8y48cyyyyyyr.interact.sh

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@parrasajad parrasajad linked an issue Dec 21, 2021 that may be closed by this pull request
Stop-at-first-match does not work with interactsh matchers #1361
Closed
ehsandeep
ehsandeep approved these changes Dec 21, 2021
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated to this PR, there is a whois test failing on macos - https://github.com/projectdiscovery/nuclei/runs/4593459674?check_suite_focus=true

Ice3man543
Ice3man543 requested changes Dec 21, 2021
View reviewed changes
Copy link
Member

@Ice3man543 Ice3man543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@parrasajad instead of having a global c.matched value and tracking it for ignoring further interact event, I guess what we should do here is to prevent duplicated interactsh matches from same template if we have stop at first match attribute. If we apply this globally, no interactions will match even for other templates since the interactsh client is shared.

We can implement some sort of tracking logic in protocols/common/interactsh for this.

@ehsandeep ehsandeep added the Status: Revision Needed Submitter of PR needs to revise the PR related to the issue. label Dec 22, 2021
@ehsandeep ehsandeep self-requested a review December 29, 2021 13:26
@parrasajad parrasajad added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: Revision Needed Submitter of PR needs to revise the PR related to the issue. labels Dec 30, 2021
Ice3man543
Ice3man543 approved these changes Dec 30, 2021
View reviewed changes
Copy link
Member

@Ice3man543 Ice3man543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@ehsandeep ehsandeep merged commit 657e1f4 into dev Dec 30, 2021
@ehsandeep ehsandeep deleted the interactsh-first-match-stop branch December 30, 2021 12:28
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Dec 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Ice3man543 Ice3man543 Ice3man543 approved these changes

Assignees

@parrasajad parrasajad

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stop-at-first-match does not work with interactsh matchers
3 participants
@parrasajad @ehsandeep @Ice3man543