Record all requests and responses to the results

cmd/nuclei/main.go

@@ -284,6 +284,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 
 	flagSet.CreateGroup("output", "Output",
 		flagSet.StringVarP(&options.Output, "output", "o", "", "output file to write found issues/vulnerabilities"),
+		flagSet.BoolVarP(&options.IncludeChain, "include-chain", "irc", false, "include all http request, response chain in json|l output"),
 		flagSet.BoolVarP(&options.StoreResponse, "store-resp", "sresp", false, "store all request/response passed through nuclei to output directory"),
 		flagSet.StringVarP(&options.StoreResponseDir, "store-resp-dir", "srd", runner.DefaultDumpTrafficOutputFolder, "store all request/response passed through nuclei to custom directory"),
 		flagSet.BoolVar(&options.Silent, "silent", false, "display findings only"),

pkg/output/output.go

@@ -67,6 +67,7 @@ type StandardWriter struct {
 	traceFile             io.WriteCloser
 	errorFile             io.WriteCloser
 	severityColors        func(severity.Severity) string
+	includeChain          bool
 	storeResponse         bool
 	storeResponseDir      string
 	omitTemplate          bool
@@ -130,6 +131,13 @@ func (iwe *InternalWrappedEvent) SetOperatorResult(operatorResult *operators.Res
 	iwe.OperatorsResult = operatorResult
 }
 
+type Steps struct {
+	// Request is the optional, dumped request for the match.
+	Request string `json:"request,omitempty"`
+	// Response is the optional, dumped response for the match.
+	Response string `json:"response,omitempty"`
+}
+
 // ResultEvent is a wrapped result event for a single nuclei output.
 type ResultEvent struct {
 	// Template is the relative filename for the template
@@ -169,6 +177,8 @@ type ResultEvent struct {
 	Request string `json:"request,omitempty"`
 	// Response is the optional, dumped response for the match.
 	Response string `json:"response,omitempty"`
+	// Storage request and response list.
+	Steps []Steps `json:"steps,omitempty"`
 	// Metadata contains any optional metadata for the event
 	Metadata map[string]interface{} `json:"meta,omitempty"`
 	// IP is the IP address for the found result event.
@@ -265,6 +275,7 @@ func NewStandardWriter(options *types.Options) (*StandardWriter, error) {
 		traceFile:        traceOutput,
 		errorFile:        errorOutput,
 		severityColors:   colorizer.New(auroraColorizer),
+		includeChain:     options.IncludeChain,
 		storeResponse:    options.StoreResponse,
 		storeResponseDir: options.StoreResponseDir,
 		omitTemplate:     options.OmitTemplate,
@@ -286,7 +297,9 @@ func (w *StandardWriter) Write(event *ResultEvent) error {
 		event.CURLCommand = redactKeys(event.CURLCommand, w.KeysToRedact)
 		event.Matched = redactKeys(event.Matched, w.KeysToRedact)
 	}
-
+	if !w.includeChain {
+		event.Steps = make([]Steps, 0)
+	}
 	event.Timestamp = time.Now()
 
 	var data []byte

pkg/protocols/common/helpers/writer/writer.go

@@ -1,28 +1,56 @@
 package writer
 
 import (
+	"fmt"
+
 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/progress"
 	"github.com/projectdiscovery/nuclei/v3/pkg/reporting"
 )
 
 // WriteResult is a helper for writing results to the output
-func WriteResult(data *output.InternalWrappedEvent, output output.Writer, progress progress.Progress, issuesClient reporting.Client) bool {
+func WriteResult(data *output.InternalWrappedEvent, outputs output.Writer, progress progress.Progress, issuesClient reporting.Client) bool {
 	// Handle the case where no result found for the template.
 	// In this case, we just show misc information about the failed
 	// match for the template.
 	if !data.HasOperatorResult() {
 		return false
 	}
 	var matched bool
+	steps := make([]output.Steps, 0)
+	if types, ok := data.InternalEvent["type"]; ok {
+		switch types.(string) {
+		case "dns":
+			request, request_ok := data.InternalEvent["request"]
+			response, response_ok := data.InternalEvent["raw"]
+			if request_ok && response_ok {
+				steps = append(steps, output.Steps{Request: fmt.Sprintf("%v", request), Response: fmt.Sprintf("%v", response)})
+			}
+		case "http":
+			index := 0
+			for {
+				index = index + 1
+				key := fmt.Sprintf("http_%d", index)
+				request, request_ok := data.InternalEvent[fmt.Sprintf("%s_request", key)]
+				response, response_ok := data.InternalEvent[fmt.Sprintf("%s_response", key)]
+				if !request_ok || !response_ok {
+					break
+				}
+				steps = append(steps, output.Steps{Request: request.(string), Response: response.(string)})
+			}
+		default:
+
+		}
+	}
 	for _, result := range data.Results {
+		result.Steps = steps
 		if issuesClient != nil {
 			if err := issuesClient.CreateIssue(result); err != nil {
 				gologger.Warning().Msgf("Could not create issue on tracker: %s", err)
 			}
 		}
-		if err := output.Write(result); err != nil {
+		if err := outputs.Write(result); err != nil {
 			gologger.Warning().Msgf("Could not write output event: %s\n", err)
 		}
 		if !matched {

pkg/types/types.go

@@ -275,6 +275,8 @@ type Options struct {
 	ShowMatchLine bool
 	// EnablePprof enables exposing pprof runtime information with a webserver.
 	EnablePprof bool
+	// Include all requests, response chains in JSON line output
+	IncludeChain bool
 	// StoreResponse stores received response to output directory
 	StoreResponse bool
 	// StoreResponseDir stores received response to custom directory