From 75dd6553ba94a26247feba9ea614f55b13c2591e Mon Sep 17 00:00:00 2001 From: Ice3man Date: Wed, 1 May 2024 02:06:31 +0530 Subject: [PATCH 1/3] feat: added fuzzing output enhancements --- pkg/fuzz/execute.go | 4 +++- pkg/fuzz/parts.go | 9 +++++---- pkg/output/format_screen.go | 14 ++++++++++++++ pkg/output/output.go | 8 ++++++++ pkg/protocols/http/request_fuzz.go | 7 +++++++ 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go index 23b3e6e976..bd1414638e 100644 --- a/pkg/fuzz/execute.go +++ b/pkg/fuzz/execute.go @@ -57,6 +57,8 @@ type GeneratedRequest struct { DynamicValues map[string]interface{} // Component is the component for the request Component component.Component + // Parameter being fuzzed + Parameter string } // Execute executes a fuzzing rule accepting a callback on which @@ -223,7 +225,7 @@ func (rule *Rule) executeRuleValues(input *ExecuteRuleInput, ruleComponent compo if err != nil { return err } - if gotErr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent); gotErr != nil { + if gotErr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, ""); gotErr != nil { return gotErr } } diff --git a/pkg/fuzz/parts.go b/pkg/fuzz/parts.go index 2796a7dc96..4c01135f66 100644 --- a/pkg/fuzz/parts.go +++ b/pkg/fuzz/parts.go @@ -68,7 +68,7 @@ func (rule *Rule) executePartComponentOnValues(input *ExecuteRuleInput, payloadS return err } - if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent); qerr != nil { + if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, key); qerr != nil { return qerr } // fmt.Printf("executed with value: %s\n", evaluated) @@ -90,7 +90,7 @@ func (rule *Rule) executePartComponentOnValues(input *ExecuteRuleInput, payloadS if err != nil { return err } - if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent); qerr != nil { + if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, ""); qerr != nil { err = qerr return err } @@ -125,7 +125,7 @@ func (rule *Rule) executePartComponentOnKV(input *ExecuteRuleInput, payload Valu return err } - if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent); qerr != nil { + if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, key); qerr != nil { return err } @@ -144,12 +144,13 @@ func (rule *Rule) executePartComponentOnKV(input *ExecuteRuleInput, payload Valu } // execWithInput executes a rule with input via callback -func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp.Request, interactURLs []string, component component.Component) error { +func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp.Request, interactURLs []string, component component.Component, parameter string) error { request := GeneratedRequest{ Request: httpReq, InteractURLs: interactURLs, DynamicValues: input.Values, Component: component, + Parameter: parameter, } if !input.Callback(request) { return types.ErrNoMoreRequests diff --git a/pkg/output/format_screen.go b/pkg/output/format_screen.go index 2d6310df3f..0682447894 100644 --- a/pkg/output/format_screen.go +++ b/pkg/output/format_screen.go @@ -106,5 +106,19 @@ func (w *StandardWriter) formatScreen(output *ResultEvent) []byte { } builder.WriteString("]") } + + // If it is a fuzzing output, enrich with additional + // metadata for the match. + if output.IsFuzzingResult { + builder.WriteString(" [") + builder.WriteString(output.FuzzingPosition) + builder.WriteRune(':') + builder.WriteString(w.aurora.BrightMagenta(output.FuzzingParameter).String()) + builder.WriteString("]") + + builder.WriteString(" [") + builder.WriteString(output.FuzzingMethod) + builder.WriteString("]") + } return builder.Bytes() } diff --git a/pkg/output/output.go b/pkg/output/output.go index 4a85c32480..044d164f1f 100644 --- a/pkg/output/output.go +++ b/pkg/output/output.go @@ -175,6 +175,14 @@ type ResultEvent struct { // must be enabled by setting protocols.ExecuterOptions.ExportReqURLPattern to true ReqURLPattern string `json:"req_url_pattern,omitempty"` + // Fields related to HTTP Fuzzing functionality of nuclei. + // The output contains additional fields when the result is + // for a fuzzing template. + IsFuzzingResult bool `json:"is_fuzzing_result,omitempty"` + FuzzingMethod string `json:"fuzzing_method,omitempty"` + FuzzingParameter string `json:"fuzzing_parameter,omitempty"` + FuzzingPosition string `json:"fuzzing_position,omitempty"` + FileToIndexPosition map[string]int `json:"-"` Error string `json:"error,omitempty"` } diff --git a/pkg/protocols/http/request_fuzz.go b/pkg/protocols/http/request_fuzz.go index 42065576ad..bc5f9caa9b 100644 --- a/pkg/protocols/http/request_fuzz.go +++ b/pkg/protocols/http/request_fuzz.go @@ -170,6 +170,13 @@ func (request *Request) executeGeneratedFuzzingRequest(gr fuzz.GeneratedRequest, } var gotMatches bool requestErr := request.executeRequest(input, req, gr.DynamicValues, hasInteractMatchers, func(event *output.InternalWrappedEvent) { + for _, result := range event.Results { + result.IsFuzzingResult = true + result.FuzzingMethod = gr.Request.Method + result.FuzzingParameter = gr.Parameter + result.FuzzingPosition = gr.Component.Name() + } + if hasInteractMarkers && hasInteractMatchers && request.options.Interactsh != nil { requestData := &interactsh.RequestData{ MakeResultFunc: request.MakeResultEvent, From 4a8f66f3ea81ee6843f7edcd95c2a6d9402fd83d Mon Sep 17 00:00:00 2001 From: Ice3man Date: Fri, 3 May 2024 16:56:12 +0530 Subject: [PATCH 2/3] changes as requested --- pkg/output/format_screen.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/output/format_screen.go b/pkg/output/format_screen.go index 0682447894..433d631a35 100644 --- a/pkg/output/format_screen.go +++ b/pkg/output/format_screen.go @@ -109,7 +109,7 @@ func (w *StandardWriter) formatScreen(output *ResultEvent) []byte { // If it is a fuzzing output, enrich with additional // metadata for the match. - if output.IsFuzzingResult { + if output.IsFuzzingResult && output.FuzzingParameter != "" { builder.WriteString(" [") builder.WriteString(output.FuzzingPosition) builder.WriteRune(':') From 03a3113c891b6494a3ec7ddf666e2decb1e49085 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Fri, 3 May 2024 18:10:41 +0530 Subject: [PATCH 3/3] misc --- pkg/output/format_screen.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkg/output/format_screen.go b/pkg/output/format_screen.go index 433d631a35..9d0f03efaf 100644 --- a/pkg/output/format_screen.go +++ b/pkg/output/format_screen.go @@ -109,12 +109,14 @@ func (w *StandardWriter) formatScreen(output *ResultEvent) []byte { // If it is a fuzzing output, enrich with additional // metadata for the match. - if output.IsFuzzingResult && output.FuzzingParameter != "" { - builder.WriteString(" [") - builder.WriteString(output.FuzzingPosition) - builder.WriteRune(':') - builder.WriteString(w.aurora.BrightMagenta(output.FuzzingParameter).String()) - builder.WriteString("]") + if output.IsFuzzingResult { + if output.FuzzingParameter != "" { + builder.WriteString(" [") + builder.WriteString(output.FuzzingPosition) + builder.WriteRune(':') + builder.WriteString(w.aurora.BrightMagenta(output.FuzzingParameter).String()) + builder.WriteString("]") + } builder.WriteString(" [") builder.WriteString(output.FuzzingMethod)