Fixing inconsistent behavior for custom ports with schemes

2024-11-28 22:01:28 +03:00 · 2021-08-16 15:53:28 +02:00 · 2021-08-16 15:53:28 +02:00 · 5919040a93
commit 5919040a93
parent 088b27f677
3 changed files with 41 additions and 20 deletions
--- a/common/customports/customport.go
+++ b/common/customports/customport.go
@ -43,12 +43,20 @@ func (c *CustomPorts) Set(value string) error {
 		} else if strings.HasPrefix(potentialPort, httpx.HTTPS+":") {
 			potentialPort = strings.TrimPrefix(potentialPort, httpx.HTTPS+":")
 			protocol = httpx.HTTPS
+		} else if strings.HasPrefix(potentialPort, httpx.HTTPandHTTPS+":") {
+			potentialPort = strings.TrimPrefix(potentialPort, httpx.HTTPandHTTPS+":")
+			protocol = httpx.HTTPandHTTPS
 		}

 		potentialRange := strings.Split(potentialPort, "-")
 		// it's a single port?
 		if len(potentialRange) < portRangeParts {
 			if p, err := strconv.Atoi(potentialPort); err == nil {
+				if existingProtocol, ok := Ports[p]; ok {
+					if existingProtocol == httpx.HTTP && protocol == httpx.HTTPS || existingProtocol == httpx.HTTPS && protocol == httpx.HTTP {
+						protocol = httpx.HTTPandHTTPS
+					}
+				}
 				Ports[p] = protocol
 			} else {
 				gologger.Warning().Msgf("Could not cast port to integer, your value: %s, resulting error %s. Skipping it\n",
@ -79,6 +87,11 @@ func (c *CustomPorts) Set(value string) error {
 			}

 			for i := lowP; i <= highP; i++ {
+				if existingProtocol, ok := Ports[i]; ok {
+					if existingProtocol == httpx.HTTP && protocol == httpx.HTTPS || existingProtocol == httpx.HTTPS && protocol == httpx.HTTP {
+						protocol = httpx.HTTPandHTTPS
+					}
+				}
 				Ports[i] = protocol
 			}
 		}
--- a/common/httpx/http2.go
+++ b/common/httpx/http2.go
@ -16,8 +16,10 @@ const (
 	HTTP = "http"
 	// HTTPS defines the secure http scheme
 	HTTPS = "https"
-	// HTTPorHTTPS defines the both http and https scheme
+	// HTTPorHTTPS defines both http and https scheme in mutual exclusion
 	HTTPorHTTPS = "http|https"
+	// HTTPandHTTPS defines both http and https scheme
+	HTTPandHTTPS = "http&https"
 )

 // SupportHTTP2 checks if the target host supports HTTP2
--- a/runner/runner.go
+++ b/runner/runner.go
@ -501,7 +501,7 @@ func (r *Runner) RunEnumeration() {

 func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.HTTPX, protocol string, scanopts *scanOptions, output chan Result) {
 	protocols := []string{protocol}
-	if scanopts.NoFallback {
+	if scanopts.NoFallback || protocol == httpx.HTTPandHTTPS {
 		protocols = []string{httpx.HTTPS, httpx.HTTP}
 	}

@ -535,24 +535,30 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 			}
 		}

-		for port, wantedProtocol := range customport.Ports {
-			for _, method := range scanopts.Methods {
-				wg.Add()
-				go func(port int, method, protocol string) {
-					defer wg.Done()
-					h, _ := urlutil.ChangePort(target, fmt.Sprint(port))
-					result := r.analyze(hp, protocol, h, method, scanopts)
-					output <- result
-					if scanopts.TLSProbe && result.TLSData != nil {
-						scanopts.TLSProbe = false
-						for _, tt := range result.TLSData.DNSNames {
-							r.process(tt, wg, hp, protocol, scanopts, output)
+		for port, wantedProtocolForPort := range customport.Ports {
+			wantedProtocols := []string{wantedProtocolForPort}
+			if wantedProtocolForPort == httpx.HTTPandHTTPS {
+				wantedProtocols = []string{httpx.HTTPS, httpx.HTTP}
+			}
+			for _, wantedProtocol := range wantedProtocols {
+				for _, method := range scanopts.Methods {
+					wg.Add()
+					go func(port int, method, protocol string) {
+						defer wg.Done()
+						h, _ := urlutil.ChangePort(target, fmt.Sprint(port))
+						result := r.analyze(hp, protocol, h, method, scanopts)
+						output <- result
+						if scanopts.TLSProbe && result.TLSData != nil {
+							scanopts.TLSProbe = false
+							for _, tt := range result.TLSData.DNSNames {
+								r.process(tt, wg, hp, protocol, scanopts, output)
+							}
+							for _, tt := range result.TLSData.CommonName {
+								r.process(tt, wg, hp, protocol, scanopts, output)
+							}
 						}
-						for _, tt := range result.TLSData.CommonName {
-							r.process(tt, wg, hp, protocol, scanopts, output)
-						}
-					}
-				}(port, method, wantedProtocol)
+					}(port, method, wantedProtocol)
+				}
 			}
 		}
 		if r.options.ShowStatistics {
@ -592,7 +598,7 @@ func targets(target string) chan string {

 func (r *Runner) analyze(hp *httpx.HTTPX, protocol, domain, method string, scanopts *scanOptions) Result {
 	origProtocol := protocol
-	if protocol == httpx.HTTPorHTTPS {
+	if protocol == httpx.HTTPorHTTPS || protocol == httpx.HTTPandHTTPS {
 		protocol = httpx.HTTPS
 	}
 	retried := false