Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Adding new status flag #323

Merged
merged 8 commits into from
Jul 23, 2021
Merged

[Feature] Adding new status flag #323

merged 8 commits into from
Jul 23, 2021

Conversation

LuitelSamikshya
Copy link
Contributor

No description provided.

@Mzack9999 Mzack9999 changed the title https://github.com/projectdiscovery/httpx/issues/319 [Feature] Adding new status flag Jul 20, 2021
@Mzack9999 Mzack9999 added the Type: Enhancement Most issues will probably ask for additions or changes. label Jul 20, 2021
@Mzack9999 Mzack9999 linked an issue Jul 20, 2021 that may be closed by this pull request
JSON output enhancement + Optional probe flag #319
Closed
2 tasks
@Mzack9999 Mzack9999 self-requested a review July 20, 2021 08:49
Mzack9999
Mzack9999 approved these changes Jul 20, 2021
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$ cat test.txt | go run . -status
https://www.aaaaahackerone.com [failure]
https://www.hackerone.com [success]
$ cat test.txt | go run . -status -json
{"timestamp":"2021-07-20T10:46:33.001886+02:00","url":"https://www.aaaaahackerone.com","original-input":"www.aaaaahackerone.com","error":"could not resolve host","failed":true}
{"timestamp":"2021-07-20T10:46:33.731353+02:00","scheme":"https","port":"443","path":"/","body-sha256":"76b917579934ae32852d184485702b0b5140c8c6a2199d06bbf7fdf09957430b","header-sha256":"edcc859af1819c9b648e0600647e85346bb691418957e923710a2c6df64d3c63","a":["104.16.99.52","104.16.100.52"],"url":"https://www.hackerone.com","title":"HackerOne | Hacker-Powered Security, Bug Bounties, \u0026 Pentests","webserver":"cloudflare","content-type":"text/html","method":"GET","host":"104.16.99.52","content-length":56234,"status-code":200,"csp":{"domains":["*.mktoutil.com","s3.amazonaws.com","fonts.gstatic.com","*.youtube.com","*.bidr.io","*.twimg.com","*.cloudflare.com","via.placeholder.com","https://*.bred4tula.com","https://*.googletagmanager.com","*.ads-twitter.com","*.demandbase.com","fonts.googleapis.com","https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598","js.driftt.com","*.google-analytics.com","*.stripe.com","embedwistia-a.akamaihd.net","cdn.bizibly.com","cdn.ttgtmedia.com","munchkin.marketo.net","*.6sc.co","cdn.bizible.com","id.rlcdn.com","*.6sense.com","secure.adnxs.com","stats.g.doubleclick.net","*.company-target.com","*.wistia.com","api.lever.co","*.google.com","*.linkedin.com","snap.licdn.com","unpkg.com","*.typekit.net","*.twitter.com","my.pima.app","*.adsymptotic.com","*.techtarget.com","cdn.syndication.twimg.com","t.co","*.youtube-nocookie.com","*.marketo.com","*.litix.io","*.mktoresp.com","hackerone.com","fast.wistia.com","embed-fastly.wistia.com","checkout.stripe.com"]},"response-time":"910.864343ms"}

@Mzack9999 Mzack9999 requested a review from ehsandeep July 20, 2021 08:52
ehsandeep
ehsandeep reviewed Jul 20, 2021
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other flags are not working when using status flag.

chaos -d hackerone.com | ./httpx -status -title

https://mta-sts.forwarding.hackerone.com [success]
https://mta-sts.managed.hackerone.com [success]
https://docs.hackerone.com [success]
https://mta-sts.hackerone.com [success]
https://ns.hackerone.com [failed]
https://a.ns.hackerone.com [failed]
https://support.hackerone.com [success]

@ehsandeep
Copy link
Member

As per feature request, original-input is expected to be added in JSON output for valid hosts, in that way we know the input value for probed URLs, so we need to swap the addition for valid URLs JSON output instead of adding in failed probes.

@ehsandeep
Copy link
Member

Adding colored output along with no-color support will be useful, for example, red for failed, and green for success.

@Mzack9999 Mzack9999 self-requested a review July 23, 2021 12:11
Mzack9999
Mzack9999 requested changes Jul 23, 2021
View reviewed changes
runner/runner.go Outdated
@@ -903,6 +952,7 @@ retry:
HeaderSHA256: headersSha,
raw: resp.Raw,
URL: fullURL,
OriginalInput: domain,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OriginalInput => Input

runner/runner.go Outdated
@@ -944,10 +994,12 @@ type Result struct {
CNAMEs []string `json:"cnames,omitempty"`
raw string
URL string `json:"url,omitempty"`
OriginalInput string `json:"input,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OriginalInput => Input

runner/runner.go
@@ -605,6 +606,54 @@ retry:
}

resp, err := hp.Do(req)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-status should work along with other options, unfortunately in this position we are unable to perform retries from https to http. I would refactor it as follows:

resp, err := hp.Do(req)

	fullURL := req.URL.String()

	builder := &strings.Builder{}
	builder.WriteString(stringz.RemoveURLDefaultPort(fullURL))

	if r.options.Status {
		builder.WriteString(" [")
		outputStatus := "success"

		if err != nil {
			outputStatus = "failure"
		}

		switch {
		case !scanopts.OutputWithNoColor && err != nil:
			builder.WriteString(aurora.Red(outputStatus).String())
		case !scanopts.OutputWithNoColor && err == nil:
			builder.WriteString(aurora.Green(outputStatus).String())
		default:
			builder.WriteString(outputStatus)
		}

		builder.WriteRune(']')
	}

	errString := ""
	if err != nil {
		errString = err.Error()
		splitErr := strings.Split(errString, ":")
		errString = strings.TrimSpace(splitErr[len(splitErr)-1])
	}

	if err != nil {
		if !retried && origProtocol == httpx.HTTPorHTTPS {
			if protocol == httpx.HTTPS {
				protocol = httpx.HTTP
			} else {
				protocol = httpx.HTTPS
			}
			retried = true
			goto retry
		}
		return Result{URL: URL.String(), Input: domain, Timestamp: time.Now(), err: err, Failed: err != nil, Error: errString, str: builder.String()}
	}

Mzack9999
Mzack9999 approved these changes Jul 23, 2021
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

$ cat test.txt | go run . -title -status -silent
https://www.hackerone.com [success] [HackerOne | Hacker-Powered Security, Bug Bounties, & Pentests]
http://www.aaaaahackerone.com [failure]

@Mzack9999 Mzack9999 mentioned this pull request Jul 23, 2021
Closed
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jul 23, 2021
@ehsandeep ehsandeep merged commit b9a1822 into projectdiscovery:dev Jul 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees

@LuitelSamikshya LuitelSamikshya

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JSON output enhancement + Optional probe flag
3 participants
@LuitelSamikshya @ehsandeep @Mzack9999