From 023fa19a48ad78d85c96d3fd9d2289d9a97a4b70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= <shadow1ng@qq.com>
Date: Mon, 11 Jul 2022 16:50:32 +0800
Subject: [PATCH] =?UTF-8?q?rule.Search=20=E6=AD=A3=E5=88=99=E5=8C=B9?=
 =?UTF-8?q?=E9=85=8D=E8=8C=83=E5=9B=B4=E4=BB=8Ebody=E6=94=B9=E6=88=90heade?=
 =?UTF-8?q?r+body?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 WebScan/lib/check.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/WebScan/lib/check.go b/WebScan/lib/check.go
index 8b72db8..08bd310 100644
--- a/WebScan/lib/check.go
+++ b/WebScan/lib/check.go
@@ -145,7 +145,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
 		variableMap["response"] = resp
 		// 先判断响应页面是否匹配search规则
 		if rule.Search != "" {
-			result := doSearch(strings.TrimSpace(rule.Search), string(resp.Body))
+			result := doSearch(strings.TrimSpace(rule.Search), GetHeader(resp.Headers)+string(resp.Body))
 			if result != nil && len(result) > 0 { // 正则匹配成功
 				for k, v := range result {
 					variableMap[k] = v
@@ -435,7 +435,7 @@ func clustersend(oReq *http.Request, variableMap map[string]interface{}, req *Re
 	variableMap["response"] = resp
 	// 先判断响应页面是否匹配search规则
 	if rule.Search != "" {
-		result := doSearch(strings.TrimSpace(rule.Search), string(resp.Body))
+		result := doSearch(strings.TrimSpace(rule.Search), GetHeader(resp.Headers)+string(resp.Body))
 		if result != nil && len(result) > 0 { // 正则匹配成功
 			for k, v := range result {
 				variableMap[k] = v
@@ -514,3 +514,12 @@ func CheckInfoPoc(infostr string) string {
 	}
 	return ""
 }
+
+func GetHeader(header map[string]string) (output string) {
+	for name, values := range header {
+		line := fmt.Sprintf("%s: %s\n", name, values)
+		output = output + line
+	}
+	output = output + "\r\n"
+	return
+}