feat: more logging + misc additions

projectdiscovery · Oct 30, 2024 · 64ef60e · 64ef60e
1 parent 0db2332
commit 64ef60e
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 6 deletions.
diff --git a/internal/server/exec.go b/internal/server/exec.go
@@ -22,7 +22,7 @@ type proxifyRequest struct {
 	} `json:"request"`
 }
 
-func runNucleiWithFuzzingInput(target PostReuestsHandlerRequest, templates []string) ([]output.ResultEvent, error) {
+func (s *DASTServer) runNucleiWithFuzzingInput(target PostReuestsHandlerRequest, templates []string) ([]output.ResultEvent, error) {
 	cmd := exec.Command("nuclei")
 
 	tempFile, err := os.CreateTemp("", "nuclei-fuzz-*.yaml")
@@ -54,7 +54,6 @@ func runNucleiWithFuzzingInput(target PostReuestsHandlerRequest, templates []str
 	argsArray := []string{
 		"-duc",
 		"-dast",
-		"-silent",
 		"-no-color",
 		"-jsonl",
 	}
@@ -63,15 +62,34 @@ func runNucleiWithFuzzingInput(target PostReuestsHandlerRequest, templates []str
 	}
 	argsArray = append(argsArray, "-l", tempFile.Name())
 	argsArray = append(argsArray, "-im=yaml")
+
+	var stderrBuf bytes.Buffer
+	if s.options.Verbose {
+		cmd.Stderr = &stderrBuf
+		argsArray = append(argsArray, "-v")
+	} else {
+		argsArray = append(argsArray, "-silent")
+	}
 	cmd.Args = append(cmd.Args, argsArray...)
 
-	data, err := cmd.Output()
+	stdoutPipe, err := cmd.StdoutPipe()
 	if err != nil {
-		return nil, fmt.Errorf("error running nuclei: %w", err)
+		return nil, fmt.Errorf("error creating stdout pipe: %s", err)
+	}
+
+	errWithStderr := func(err error) error {
+		if s.options.Verbose {
+			return fmt.Errorf("error running nuclei: %s\n%s", err, stderrBuf.String())
+		}
+		return fmt.Errorf("error starting nuclei: %s", err)
+	}
+
+	if err := cmd.Start(); err != nil {
+		return nil, errWithStderr(err)
 	}
 
 	var nucleiResult []output.ResultEvent
-	decoder := json.NewDecoder(bytes.NewReader(data))
+	decoder := json.NewDecoder(stdoutPipe)
 	for {
 		var result output.ResultEvent
 		if err := decoder.Decode(&result); err != nil {
@@ -86,5 +104,8 @@ func runNucleiWithFuzzingInput(target PostReuestsHandlerRequest, templates []str
 		}
 	}
 
+	if err := cmd.Wait(); err != nil {
+		return nil, errWithStderr(err)
+	}
 	return nucleiResult, nil
 }
diff --git a/internal/server/requests_worker.go b/internal/server/requests_worker.go
@@ -41,7 +41,7 @@ func (s *DASTServer) tasksConsumer() {
 }
 
 func (s *DASTServer) fuzzRequest(req PostReuestsHandlerRequest) {
-	results, err := runNucleiWithFuzzingInput(req, s.options.Templates)
+	results, err := s.runNucleiWithFuzzingInput(req, s.options.Templates)
 	if err != nil {
 		gologger.Warning().Msgf("Could not run nuclei: %s\n", err)
 		return

diff --git a/internal/server/server.go b/internal/server/server.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"encoding/json"
 	"fmt"
 	"strings"
 	"time"
@@ -48,6 +49,11 @@ type Options struct {
 func New(options *Options) (*DASTServer, error) {
 	bufferSize := options.Concurrency * 100
 
+	// If the user has specified no templates, use the default ones
+	// for DAST only.
+	if len(options.Templates) == 0 {
+		options.Templates = []string{"dast/"}
+	}
 	server := &DASTServer{
 		options:      options,
 		tasksPool:    pool.New().WithMaxGoroutines(options.Concurrency),
@@ -129,6 +135,11 @@ func (s *DASTServer) handleRequest(c echo.Context) error {
 		return c.JSON(400, map[string]string{"error": "missing required fields"})
 	}
 
+	if s.options.Verbose {
+		marshalIndented, _ := json.MarshalIndent(req, "", "  ")
+		gologger.Verbose().Msgf("Received request: %s", marshalIndented)
+	}
+
 	select {
 	case s.fuzzRequests <- req:
 		return c.NoContent(200)