Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/operators/extractors/extractors.go
2070 views
1
package extractors

2


3
import (

4
	"regexp"

5


6
	"github.com/Knetic/govaluate"

7
	"github.com/itchyny/gojq"

8
)

9


10
// Extractor is used to extract part of response using a regex.

11
type Extractor struct {

12
	// description: |

13
	//   Name of the extractor. Name should be lowercase and must not contain

14
	//   spaces or underscores (_).

15
	// examples:

16
	//   - value: "\"cookie-extractor\""

17
	Name string `yaml:"name,omitempty" json:"name,omitempty" jsonschema:"title=name of the extractor,description=Name of the extractor"`

18
	// description: |

19
	//   Type is the type of the extractor.

20
	Type ExtractorTypeHolder `json:"type" yaml:"type"`

21
	// extractorType is the internal type of the extractor

22
	extractorType ExtractorType

23


24
	// description: |

25
	//   Regex contains the regular expression patterns to extract from a part.

26
	//

27
	//   Go regex engine does not support lookaheads or lookbehinds, so as a result

28
	//   they are also not supported in nuclei.

29
	// examples:

30
	//   - name: Braintree Access Token Regex

31
	//     value: >

32
	//       []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"}

33
	//   - name: Wordpress Author Extraction regex

34
	//     value: >

35
	//       []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?<span(?:[A-Za-z0-9 -\\_=\"]+)?>([A-Za-z0-9]+)<\\/span>"}

36
	Regex []string `yaml:"regex,omitempty" json:"regex,omitempty" jsonschema:"title=regex to extract from part,description=Regex to extract from part"`

37
	// description: |

38
	//   Group specifies a numbered group to extract from the regex.

39
	// examples:

40
	//   - name: Example Regex Group

41
	//     value: "1"

42
	RegexGroup int `yaml:"group,omitempty" json:"group,omitempty" jsonschema:"title=group to extract from regex,description=Group to extract from regex"`

43
	// regexCompiled is the compiled variant

44
	regexCompiled []*regexp.Regexp

45


46
	// description: |

47
	//   kval contains the key-value pairs present in the HTTP response header.

48
	//   kval extractor can be used to extract HTTP response header and cookie key-value pairs.

49
	//   kval extractor inputs are case-insensitive, and does not support dash (-) in input which can replaced with underscores (_)

50
	// 	 For example, Content-Type should be replaced with content_type

51
	//

52
	//   A list of supported parts is available in docs for request types.

53
	// examples:

54
	//   - name: Extract Server Header From HTTP Response

55
	//     value: >

56
	//       []string{"server"}

57
	//   - name: Extracting value of PHPSESSID Cookie

58
	//     value: >

59
	//       []string{"phpsessid"}

60
	//   - name: Extracting value of Content-Type Cookie

61
	//     value: >

62
	//       []string{"content_type"}

63
	KVal []string `yaml:"kval,omitempty" json:"kval,omitempty" jsonschema:"title=kval pairs to extract from response,description=Kval pairs to extract from response"`

64


65
	// description: |

66
	//   JSON allows using jq-style syntax to extract items from json response

67
	//

68
	// examples:

69
	//   - value: >

70
	//       []string{".[] | .id"}

71
	//   - value: >

72
	//       []string{".batters | .batter | .[] | .id"}

73
	JSON []string `yaml:"json,omitempty" json:"json,omitempty" jsonschema:"title=json jq expressions to extract data,description=JSON JQ expressions to evaluate from response part"`

74
	// description: |

75
	//   XPath allows using xpath expressions to extract items from html response

76
	//

77
	// examples:

78
	//   - value: >

79
	//       []string{"/html/body/div/p[2]/a"}

80
	XPath []string `yaml:"xpath,omitempty" json:"xpath,omitempty" jsonschema:"title=html xpath expressions to extract data,description=XPath allows using xpath expressions to extract items from html response"`

81
	// description: |

82
	//   Attribute is an optional attribute to extract from response XPath.

83
	//

84
	// examples:

85
	//   - value: "\"href\""

86
	Attribute string `yaml:"attribute,omitempty" json:"attribute,omitempty" jsonschema:"title=optional attribute to extract from xpath,description=Optional attribute to extract from response XPath"`

87


88
	// jsonCompiled is the compiled variant

89
	jsonCompiled []*gojq.Code

90


91
	// description: |

92
	//   Extracts using DSL expressions.

93
	DSL         []string `yaml:"dsl,omitempty" json:"dsl,omitempty" jsonschema:"title=dsl expressions to extract,description=Optional attribute to extract from response dsl"`

94
	dslCompiled []*govaluate.EvaluableExpression

95


96
	// description: |

97
	//   Part is the part of the request response to extract data from.

98
	//

99
	//   Each protocol exposes a lot of different parts which are well

100
	//   documented in docs for each request type.

101
	// examples:

102
	//   - value: "\"body\""

103
	//   - value: "\"raw\""

104
	Part string `yaml:"part,omitempty" json:"part,omitempty" jsonschema:"title=part of response to extract data from,description=Part of the request response to extract data from"`

105
	// description: |

106
	//   Internal, when set to true will allow using the value extracted

107
	//   in the next request for some protocols (like HTTP).

108
	Internal bool `yaml:"internal,omitempty" json:"internal,omitempty" jsonschema:"title=mark extracted value for internal variable use,description=Internal when set to true will allow using the value extracted in the next request for some protocols"`

109


110
	// description: |

111
	//   CaseInsensitive enables case-insensitive extractions. Default is false.

112
	// values:

113
	//   - false

114
	//   - true

115
	CaseInsensitive bool `yaml:"case-insensitive,omitempty" json:"case-insensitive,omitempty" jsonschema:"title=use case insensitive extract,description=use case insensitive extract"`

116
}

117


118