Merge pull request #407 from wh0am1i/master

Solve nuclei dsl parsing
knownsec · Feb 9, 2024 · e7f2843 · e7f2843
2 parents 5a83196 + cdcbc89
commit e7f2843
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 6 deletions.
diff --git a/pocsuite3/__init__.py b/pocsuite3/__init__.py
@@ -1,5 +1,5 @@
 __title__ = 'pocsuite3'
-__version__ = '2.0.7'
+__version__ = '2.0.8'
 __author__ = 'Knownsec 404 Team'
 __author_email__ = '[email protected]'
 __license__ = 'GPLv2'

diff --git a/pocsuite3/lib/core/common.py b/pocsuite3/lib/core/common.py
@@ -582,7 +582,7 @@ def get_poc_name(code):
     if re.search(r'register_poc', code):
         return extract_regex_result(r"""(?sm)POCBase\):.*?name\s*=\s*['"](?P<result>.*?)['"]""", code)
     elif re.search(r'matchers:\s*-', code):
-        return extract_regex_result(r"""(?sm)\s*name\s*:\s*(?P<result>[^\n]*).*matchers:""", code)
+        return extract_regex_result(r"""(?sm)\s*name\s*:\s*(?P<result>[^\r\n]*).*matchers:""", code)
     return ''
 
 

diff --git a/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py
@@ -31,6 +31,12 @@ class Marker:
     # ParenthesisClose marker - end of a placeholder
     ParenthesisClose = "}}"
 
+    def extract_timeout_value(raw_timeout: str) -> int:
+        match = re.search(r'@timeout:?(\d+)s', raw_timeout, re.IGNORECASE)
+        if match:
+            return int(match.group(1))
+        return None
+
 
 def auto_convert_types(func):
     @wraps(func)

diff --git a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py
@@ -1,5 +1,6 @@
 from collections import OrderedDict
 from dataclasses import dataclass, field
+import time
 from typing import Union, List, Optional
 
 from requests_toolbelt.utils import dump
@@ -254,6 +255,10 @@ def extract_dict(text, line_sep='\n', kv_sep='='):
 
 def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
     request_count = len(request.path + request.raw)
+    # Determine the number of requests and modify the req_condition attribute of the HttpRequest object
+    if request_count > 1:
+        request.req_condition = True
+
     for payload_instance in payload_generator(request.payloads, request.attack):
         current_index = 0
         dynamic_values.update(payload_instance)
@@ -272,9 +277,14 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
             else:
                 raw = path.strip()
                 raws = list(map(lambda x: x.strip(), raw.splitlines()))
-                method, path, _ = raws[0].split(' ')
-                url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}'
-
+                # Extract timeout value
+                if raws[0].startswith('@timeout'):
+                    timeout = Marker.extract_timeout_value(raws[0])
+                    del raws[0]
+                    method, path, _ = raws[0].split(' ')
+                    kwargs.setdefault('timeout', timeout)
+                else:
+                    method, path, _ = raws[0].split(' ')
                 if method == "POST":
                     index = 0
                     for i in raws:
@@ -290,6 +300,8 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict):
                 else:
                     headers = extract_dict('\n'.join(raws[1:]), '\n', ": ")
 
+                url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}'
+
             kwargs.setdefault('allow_redirects', request.redirects)
             kwargs.setdefault('data', data)
             kwargs.setdefault('headers', headers)
@@ -324,7 +336,13 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un
                         session.max_redirects = request.max_redirects
                     else:
                         session.max_redirects = 10
+
+                    # Calculate response time
+                    start_time = time.time()
                     response = session.request(method=method, url=url, **kwargs)
+                    end_time = time.time()
+                    resp_time = end_time - start_time
+
                     # for debug purpose
                     try:
                         logger.debug(dump.dump_all(response).decode('utf-8'))
@@ -337,6 +355,9 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un
                     response = None
 
                 resp_data = http_response_to_dsl_map(response)
+                if response is not None:
+                    resp_data['duration'] = resp_time
+
                 if response:
                     response.close()
 

diff --git a/setup.py b/setup.py
@@ -21,7 +21,7 @@ def find_packages(where='.'):
 
 setup(
     name='pocsuite3',
-    version='2.0.7',
+    version='2.0.8',
     url='https://pocsuite.org',
     description='Open-sourced remote vulnerability testing framework.',
     long_description=long_description,