Random IP Helper Function

[skhalsa-sigsci]

Proposed changes

This PR introduces a helper function called rand_ip that allows you to generate a random IPV4 or IPV6 address in each request from a user supplied CIDR range. The generated IP can be used in HTTP headers to bypass/defeat protection mechanisms. Examples of HTTP headers that could use the rand_ip function:

• Client-IP
• X-Forwared-For
• TRUE-CLIENT-IP
• HTTP_CLIENT_IP
• HTTP_X_FORWARDED_FOR
• HTTP_X_FORWARDED
• HTTP_X_CLUSTER_CLIENT_IP
• HTTP_FORWARDED_FOR
• HTTP_FORWARDED

The following is an example request using the rand_ip function.

id: brute-force

info:
  name: ATO Brute Force
  author: skhalsa-sigsci
  severity: info
  description: ato brute force
  tags: ato,bruteforce

requests:

- payloads:
    username: nuclei/payloads/usernames.txt
    password: nuclei/payloads/passwords.txt
  
  attack: clusterbomb

  headers:
    X-Forwarded-For: '{{rand_ip("192.168.0.0/24")}}'

  raw:
  - |-
    POST /login HTTP/2
    Host: {{Hostname}}
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
    Content-Type: application/x-www-form-urlencoded
    Accept: */*

    name={{username}}&password={{password}}

  stop-at-first-match: true
  matchers:
  - type: status
    status:
    - 406

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[xstevens]

Before we merge we wanted to expand upon this to accept multiple CIDRs. We're working on updating the code and tests.

[xstevens]

This should be all set for review. We updated rand_ip to use variadic args.