projectdiscovery · ehsandeep · Jun 30, 2023 · May 31, 2023 · Jun 1, 2023 · Jun 1, 2023
diff --git a/integration_tests/http/matcher-status-per-request.yaml b/integration_tests/http/matcher-status-per-request.yaml
@@ -0,0 +1,40 @@
+id: matcher-status-per-request
+
+info:
+  name: Test Matcher Status Per Request
+  author: pdteam
+  severity: critical
+
+variables:
+  username: test
+  password: admin
+  date: 2023-05-31
+
+http:
+  - method: GET
+    path:
+      - "{{RootURL}}/login?username={{username}}&password={{password}}"
+      - "{{BaseURL}}/admin-pannel"
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/dashboard?date={{date}}"
+      - "{{BaseURL}}/signup"
+
+  - method: POST
+    path:
+      - "{{BaseURL}}/filemanager/upload.php"
+    body: "fldr=&url=file:///etc/passwd"
+
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "matcher status"
+
+      - type: status
+        status:
+          - 200
diff --git a/integration_tests/http/matcher-status.yaml b/integration_tests/http/matcher-status.yaml
@@ -0,0 +1,40 @@
+id: matchet-status
+
+info:
+  name: Test Matcher Status
+  author: pdteam
+  severity: critical
+
+variables:
+  username: test
+  password: admin
+  date: 2023-05-31
+
+http:
+  - method: GET
+    path:
+      - "{{RootURL}}/login?username={{username}}&password={{password}}"
+      - "{{BaseURL}}/admin-pannel"
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/dashboard?date={{date}}"
+      - "{{BaseURL}}/signup"
+
+  - method: POST
+    path:
+      - "{{BaseURL}}/filemanager/upload.php"
+    body: "fldr=&url=file:///etc/passwd"
+
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "matcher status"
+
+      - type: status
+        status:
+          - 200
diff --git a/v2/cmd/integration-test/http.go b/v2/cmd/integration-test/http.go
@@ -78,6 +78,8 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/cl-body-with-header.yaml":                 &httpCLBodyWithHeader{},
 	"http/save-extractor-values-to-file.yaml":       &httpSaveExtractorValuesToFile{},
 	"http/cli-with-constants.yaml":                  &ConstantWithCliVar{},
+	"http/matcher-status.yaml":                      &matcherStatusTest{},
+	"http/matcher-status-per-request.yaml":          &matcherStatusPerRequestTest{},
 	"http/disable-path-automerge.yaml":              &httpDisablePathAutomerge{},
 }
 
@@ -1425,6 +1427,42 @@ func (h *ConstantWithCliVar) Execute(filePath string) error {
 	return expectResultsCount(got, 1)
 }
 
+type matcherStatusTest struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *matcherStatusTest) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/200", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		w.WriteHeader(http.StatusOK)
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-ms")
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 1)
+}
+
+type matcherStatusPerRequestTest struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *matcherStatusPerRequestTest) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/200", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		w.WriteHeader(http.StatusOK)
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-msr")
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 5)
+}
+
 // disable path automerge in raw request
 type httpDisablePathAutomerge struct{}
 

diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go
@@ -175,6 +175,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 		flagSet.BoolVarP(&options.Timestamp, "timestamp", "ts", false, "enables printing timestamp in cli output"),
 		flagSet.StringVarP(&options.ReportingDB, "report-db", "rdb", "", "nuclei reporting database (always use this to persist report data)"),
 		flagSet.BoolVarP(&options.MatcherStatus, "matcher-status", "ms", false, "display match failure status"),
+		flagSet.BoolVarP(&options.MatchStatusPerRequest, "matcher-status-request", "msr", false, "display match failure status per request"),
 		flagSet.StringVarP(&options.MarkdownExportDirectory, "markdown-export", "me", "", "directory to export results in markdown format"),
 		flagSet.StringVarP(&options.SarifExport, "sarif-export", "se", "", "file to export results in SARIF format"),
 		flagSet.StringVarP(&options.JSONExport, "json-export", "je", "", "file to export results in JSON format"),

diff --git a/v2/pkg/output/output.go b/v2/pkg/output/output.go
@@ -45,19 +45,19 @@ type Writer interface {
 
 // StandardWriter is a writer writing output to file and screen for results.
 type StandardWriter struct {
-	json             bool
-	jsonReqResp      bool
-	timestamp        bool
-	noMetadata       bool
-	matcherStatus    bool
-	mutex            *sync.Mutex
-	aurora           aurora.Aurora
-	outputFile       io.WriteCloser
-	traceFile        io.WriteCloser
-	errorFile        io.WriteCloser
-	severityColors   func(severity.Severity) string
-	storeResponse    bool
-	storeResponseDir string
+	json                  bool
+	jsonReqResp           bool
+	timestamp             bool
+	noMetadata            bool
+	matcherStatus         bool
+	mutex                 *sync.Mutex
+	aurora                aurora.Aurora
+	outputFile            io.WriteCloser
+	traceFile             io.WriteCloser
+	errorFile             io.WriteCloser
+	severityColors        func(severity.Severity) string
+	storeResponse         bool
+	storeResponseDir      string
 }
 
 var decolorizerRegex = regexp.MustCompile(`\x1B\[[0-9;]*[a-zA-Z]`)
@@ -187,20 +187,21 @@ func NewStandardWriter(options *types.Options) (*StandardWriter, error) {
 			gologger.Fatal().Msgf("Could not create output directory '%s': %s\n", options.StoreResponseDir, err)
 		}
 	}
+
 	writer := &StandardWriter{
-		json:             options.JSONL,
-		jsonReqResp:      options.JSONRequests,
-		noMetadata:       options.NoMeta,
-		matcherStatus:    options.MatcherStatus,
-		timestamp:        options.Timestamp,
-		aurora:           auroraColorizer,
-		mutex:            &sync.Mutex{},
-		outputFile:       outputFile,
-		traceFile:        traceOutput,
-		errorFile:        errorOutput,
-		severityColors:   colorizer.New(auroraColorizer),
-		storeResponse:    options.StoreResponse,
-		storeResponseDir: options.StoreResponseDir,
+		json:                  options.JSONL,
+		jsonReqResp:           options.JSONRequests,
+		noMetadata:            options.NoMeta,
+		matcherStatus:         options.MatcherStatus || options.MatchStatusPerRequest,
+		timestamp:             options.Timestamp,
+		aurora:                auroraColorizer,
+		mutex:                 &sync.Mutex{},
+		outputFile:            outputFile,
+		traceFile:             traceOutput,
+		errorFile:             errorOutput,
+		severityColors:        colorizer.New(auroraColorizer),
+		storeResponse:         options.StoreResponse,
+		storeResponseDir:      options.StoreResponseDir,
 	}
 	return writer, nil
 }

diff --git a/v2/pkg/protocols/common/executer/executer.go b/v2/pkg/protocols/common/executer/executer.go
@@ -70,6 +70,23 @@ func (e *Executer) Execute(input *contextargs.Context) (bool, error) {
 		})
 	}
 	previous := make(map[string]interface{})
+
+	var lastMatcherEvent *output.InternalWrappedEvent
+	writeFailureCallback := func(event *output.InternalWrappedEvent, matcherStatusPerReq, matcherStatus bool) {
+		if matcherStatusPerReq || matcherStatus {
+			results.CompareAndSwap(false, true)
+		}
+		if matcherStatus {
+			lastMatcherEvent = event
+			return
+		}
+		if matcherStatusPerReq {
+			if err := e.options.Output.WriteFailure(event.InternalEvent); err != nil {
+				gologger.Warning().Msgf("Could not write failure event to output: %s\n", err)
+			}
+		}
+	}
+
 	for _, req := range e.requests {
 		inputItem := input.Clone()
 		if e.options.InputHelper != nil && input.MetaInput.Input != "" {
@@ -93,17 +110,13 @@ func (e *Executer) Execute(input *contextargs.Context) (bool, error) {
 			// If no results were found, and also interactsh is not being used
 			// in that case we can skip it, otherwise we've to show failure in
 			// case of matcher-status flag.
-			if !event.HasOperatorResult() && !event.UsesInteractsh {
-				if err := e.options.Output.WriteFailure(event.InternalEvent); err != nil {
-					gologger.Warning().Msgf("Could not write failure event to output: %s\n", err)
-				}
+			if !event.HasOperatorResult() && !event.UsesInteractsh && e.options.Options.MatchStatusPerRequest {
+				writeFailureCallback(event, e.options.Options.MatchStatusPerRequest, e.options.Options.MatcherStatus)
 			} else {
 				if writer.WriteResult(event, e.options.Output, e.options.Progress, e.options.IssuesClient) {
 					results.CompareAndSwap(false, true)
 				} else {
-					if err := e.options.Output.WriteFailure(event.InternalEvent); err != nil {
-						gologger.Warning().Msgf("Could not write failure event to output: %s\n", err)
-					}
+					writeFailureCallback(event, e.options.Options.MatchStatusPerRequest, e.options.Options.MatcherStatus)
 				}
 			}
 		})
@@ -118,6 +131,10 @@ func (e *Executer) Execute(input *contextargs.Context) (bool, error) {
 			break
 		}
 	}
+
+	if lastMatcherEvent != nil {
+		writeFailureCallback(lastMatcherEvent, true, false)
+	}
 	return results.Load(), nil
 }
 

diff --git a/v2/pkg/protocols/network/request.go b/v2/pkg/protocols/network/request.go
@@ -61,6 +61,8 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata,
 		actualAddress := replacer.Replace(kv.address, variables)
 
 		if err := request.executeAddress(variables, actualAddress, address, input.MetaInput.Input, kv.tls, previous, callback); err != nil {
+			outputEvent := request.responseToDSLMap("", "", "", address, "")
+			callback(&output.InternalWrappedEvent{InternalEvent: outputEvent})
 			gologger.Warning().Msgf("[%v] Could not make network request for (%s) : %s\n", request.options.TemplateID, actualAddress, err)
 			continue
 		}

diff --git a/v2/pkg/protocols/network/request_test.go b/v2/pkg/protocols/network/request_test.go
@@ -87,7 +87,7 @@ func TestNetworkExecuteWithResults(t *testing.T) {
 		})
 		require.Nil(t, err, "could not execute network request")
 	})
-	require.Nil(t, finalEvent, "could not get event output from request")
+	require.Nil(t, finalEvent.Results, "could not get event output from request")
 
 	request.Inputs[0].Type = NetworkInputTypeHolder{NetworkInputType: hexType}
 	request.Inputs[0].Data = hex.EncodeToString([]byte(fmt.Sprintf("GET / HTTP/1.1\r\nHost: %s\r\n\r\n", parsed.Host)))

diff --git a/v2/pkg/testutils/integration.go b/v2/pkg/testutils/integration.go
@@ -63,7 +63,7 @@ func RunNucleiBareArgsAndGetResults(debug bool, extra ...string) ([]string, erro
 	if debug {
 		fmt.Println(string(data))
 	}
-	if err != nil {
+	if len(data) < 1 && err != nil {
 		return nil, fmt.Errorf("%v: %v", err.Error(), string(data))
 	}
 	var parts []string

diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go
@@ -268,6 +268,8 @@ type Options struct {
 	EnvironmentVariables bool
 	// MatcherStatus displays optional status for the failed matches as well
 	MatcherStatus bool
+	// MatchStatusPerRequest displays optional status for the failed matches per request
+	MatchStatusPerRequest bool
 	// ClientCertFile client certificate file (PEM-encoded) used for authenticating against scanned hosts
 	ClientCertFile string
 	// ClientKeyFile client key file (PEM-encoded) used for authenticating against scanned hosts