Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Solve nuclei dsl parsing #407

Merged
merged 9 commits into from
Feb 9, 2024
Merged

Solve nuclei dsl parsing #407

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8f84396
Solve nuclei dsl parsing
Feb 9, 2024
44f3df6
fix():windows show file newline
Feb 9, 2024
7626323
Merge pull request #5 from wh0am1i/dev
wh0am1i Feb 9, 2024
fbf973c
fix():W292 no newline at end of file
Feb 9, 2024
89bfc79
Merge pull request #6 from wh0am1i/dev
wh0am1i Feb 9, 2024
a581372
fix():W292 no newline at end of file
Feb 9, 2024
3d61eb1
Merge pull request #7 from wh0am1i/dev
wh0am1i Feb 9, 2024
ca0b78d
fix():W391
Feb 9, 2024
cdcbc89
Merge pull request #8 from wh0am1i/dev
wh0am1i Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pocsuite3/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
__title__ = 'pocsuite3'
__version__ = '2.0.7'
__version__ = '2.0.8'
__author__ = 'Knownsec 404 Team'
__author_email__ = '[email protected]'
__license__ = 'GPLv2'
Expand Down
2 changes: 1 addition & 1 deletion pocsuite3/lib/core/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ def get_poc_name(code):
if re.search(r'register_poc', code):
return extract_regex_result(r"""(?sm)POCBase\):.*?name\s*=\s*['"](?P<result>.*?)['"]""", code)
elif re.search(r'matchers:\s*-', code):
return extract_regex_result(r"""(?sm)\s*name\s*:\s*(?P<result>[^\n]*).*matchers:""", code)
return extract_regex_result(r"""(?sm)\s*name\s*:\s*(?P<result>[^\r\n]*).*matchers:""", code)
return ''


Expand Down
6 changes: 6 additions & 0 deletions pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ class Marker:
# ParenthesisClose marker - end of a placeholder
ParenthesisClose = "}}"

def extract_timeout_value(raw_timeout: str) -> int:
match = re.search(r'@timeout:?(\d+)s', raw_timeout, re.IGNORECASE)
if match:
return int(match.group(1))
return None


def auto_convert_types(func):
@wraps(func)
Expand Down
27 changes: 24 additions & 3 deletions pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from collections import OrderedDict
from dataclasses import dataclass, field
import time
from typing import Union, List, Optional

from requests_toolbelt.utils import dump
Expand Down Expand Up @@ -254,6 +255,10 @@ def extract_dict(text, line_sep='\n', kv_sep='='):

def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
request_count = len(request.path + request.raw)
# Determine the number of requests and modify the req_condition attribute of the HttpRequest object
if request_count > 1:
request.req_condition = True

for payload_instance in payload_generator(request.payloads, request.attack):
current_index = 0
dynamic_values.update(payload_instance)
Expand All @@ -272,9 +277,14 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
else:
raw = path.strip()
raws = list(map(lambda x: x.strip(), raw.splitlines()))
method, path, _ = raws[0].split(' ')
url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}'

# Extract timeout value
if raws[0].startswith('@timeout'):
timeout = Marker.extract_timeout_value(raws[0])
del raws[0]
method, path, _ = raws[0].split(' ')
kwargs.setdefault('timeout', timeout)
else:
method, path, _ = raws[0].split(' ')
if method == "POST":
index = 0
for i in raws:
Expand All @@ -290,6 +300,8 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
else:
headers = extract_dict('\n'.join(raws[1:]), '\n', ": ")

url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}'

kwargs.setdefault('allow_redirects', request.redirects)
kwargs.setdefault('data', data)
kwargs.setdefault('headers', headers)
Expand Down Expand Up @@ -324,7 +336,13 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un
session.max_redirects = request.max_redirects
else:
session.max_redirects = 10

# Calculate response time
start_time = time.time()
response = session.request(method=method, url=url, **kwargs)
end_time = time.time()
resp_time = end_time - start_time

# for debug purpose
try:
logger.debug(dump.dump_all(response).decode('utf-8'))
Expand All @@ -337,6 +355,9 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un
response = None

resp_data = http_response_to_dsl_map(response)
if response is not None:
resp_data['duration'] = resp_time

if response:
response.close()

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ def find_packages(where='.'):

setup(
name='pocsuite3',
version='2.0.7',
version='2.0.8',
url='https://pocsuite.org',
description='Open-sourced remote vulnerability testing framework.',
long_description=long_description,
Expand Down
Loading