Fixing inconsistent behavior for custom ports with schemes

common/customports/customport.go

@@ -43,12 +43,20 @@ func (c *CustomPorts) Set(value string) error {
 		} else if strings.HasPrefix(potentialPort, httpx.HTTPS+":") {
 			potentialPort = strings.TrimPrefix(potentialPort, httpx.HTTPS+":")
 			protocol = httpx.HTTPS
+		} else if strings.HasPrefix(potentialPort, httpx.HTTPandHTTPS+":") {
+			potentialPort = strings.TrimPrefix(potentialPort, httpx.HTTPandHTTPS+":")
+			protocol = httpx.HTTPandHTTPS
 		}
 
 		potentialRange := strings.Split(potentialPort, "-")
 		// it's a single port?
 		if len(potentialRange) < portRangeParts {
 			if p, err := strconv.Atoi(potentialPort); err == nil {
+				if existingProtocol, ok := Ports[p]; ok {
+					if existingProtocol == httpx.HTTP && protocol == httpx.HTTPS || existingProtocol == httpx.HTTPS && protocol == httpx.HTTP {
+						protocol = httpx.HTTPandHTTPS
+					}
+				}
 				Ports[p] = protocol
 			} else {
 				gologger.Warning().Msgf("Could not cast port to integer, your value: %s, resulting error %s. Skipping it\n",
@@ -79,6 +87,11 @@ func (c *CustomPorts) Set(value string) error {
 			}
 
 			for i := lowP; i <= highP; i++ {
+				if existingProtocol, ok := Ports[i]; ok {
+					if existingProtocol == httpx.HTTP && protocol == httpx.HTTPS || existingProtocol == httpx.HTTPS && protocol == httpx.HTTP {
+						protocol = httpx.HTTPandHTTPS
+					}
+				}
 				Ports[i] = protocol
 			}
 		}

common/httpx/http2.go

@@ -16,8 +16,10 @@ const (
 	HTTP = "http"
 	// HTTPS defines the secure http scheme
 	HTTPS = "https"
-	// HTTPorHTTPS defines the both http and https scheme
+	// HTTPorHTTPS defines both http and https scheme in mutual exclusion
 	HTTPorHTTPS = "http|https"
+	// HTTPandHTTPS defines both http and https scheme
+	HTTPandHTTPS = "http&https"
 )
 
 // SupportHTTP2 checks if the target host supports HTTP2

runner/runner.go

@@ -501,7 +501,7 @@ func (r *Runner) RunEnumeration() {
 
 func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.HTTPX, protocol string, scanopts *scanOptions, output chan Result) {
 	protocols := []string{protocol}
-	if scanopts.NoFallback {
+	if scanopts.NoFallback || protocol == httpx.HTTPandHTTPS {
 		protocols = []string{httpx.HTTPS, httpx.HTTP}
 	}
 
@@ -535,7 +535,12 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 			}
 		}
 
-		for port, wantedProtocol := range customport.Ports {
+		for port, wantedProtocolForPort := range customport.Ports {
+			wantedProtocols := []string{wantedProtocolForPort}
+			if wantedProtocolForPort == httpx.HTTPandHTTPS {
+				wantedProtocols = []string{httpx.HTTPS, httpx.HTTP}
+			}
+			for _, wantedProtocol := range wantedProtocols {
 				for _, method := range scanopts.Methods {
 					wg.Add()
 					go func(port int, method, protocol string) {
@@ -555,6 +560,7 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 					}(port, method, wantedProtocol)
 				}
 			}
+		}
 		if r.options.ShowStatistics {
 			r.stats.IncrementCounter("hosts", 1)
 		}
@@ -592,7 +598,7 @@ func targets(target string) chan string {
 
 func (r *Runner) analyze(hp *httpx.HTTPX, protocol, domain, method string, scanopts *scanOptions) Result {
 	origProtocol := protocol
-	if protocol == httpx.HTTPorHTTPS {
+	if protocol == httpx.HTTPorHTTPS || protocol == httpx.HTTPandHTTPS {
 		protocol = httpx.HTTPS
 	}
 	retried := false