Adding support for udp payload

[jesusprubio]

Most UDP services do not reply to empty requests. This PR adds a flag to include the data to write to the connection.

Partial solution to this issue: #462

Summary by CodeRabbit

• New Features

  • Added --connect-payload (-cp) flag to send a custom payload during CONNECT scans; payload is included when probing targets.

• Bug Fixes

  • Validation added to prevent using --connect-payload with non-CONNECT scan types, with a clear error message.

• Tests

  • Tests updated to cover the new validation for connect-payload usage.

• Documentation

  • README updated with usage examples and notes about UDP payload applicability.

[GeorginaReeder]

Thanks for your contribution @jesusprubio !

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

[coderabbitai]

Walkthrough

Adds a new connect payload option and CLI flag, threads it through runner logic, updates Scanner.ConnectPort to accept and write the payload (notably for UDP), and enforces validation that a connect payload is only allowed for connect scans. Tests and README updated accordingly.

Changes

Cohort / File(s)	Summary
Options & CLI flag pkg/runner/options.go	Added Options.ConnectPayload string; introduced --connect-payload (-cp) CLI flag wired to this field.
Runner payload propagation pkg/runner/runner.go	Plumbed ConnectPayload through runner flow; updated handleHostPort(ctx, host, payload, p) signature and call sites; passed payload to scanner.ConnectPort(host, payload, p, timeout).
Validation & tests pkg/runner/validate.go, pkg/runner/validate_test.go	Switched some error construction/wrapping to standard errors and errkit.Wrap; added validation rejecting ConnectPayload unless ScanType is connect; updated tests to assert the new validation error.
Scanner connect behavior pkg/scan/scan.go	Changed Scanner.ConnectPort signature to include payload string; when dialing UDP, write payload (via conn.Write([]byte(payload))) instead of nil; call sites updated.
Docs README.md	Documented new -cp/--connect-payload flag and usage examples showing UDP payload usage in connect scans.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant CLI as CLI
  participant Runner as Runner
  participant Scanner as Scanner
  participant Net as Network Socket

  CLI->>Runner: Parse args (includes --connect-payload)
  Runner->>Runner: store options.ConnectPayload
  Runner->>Scanner: ConnectPort(host, payload, port, timeout)
  alt UDP connect scan
    Scanner->>Net: Dial UDP
    Note right of Scanner #D6F5D6: New — write provided payload to socket
    Scanner->>Net: Write(payload)
    Net-->>Scanner: Response / Timeout
  else TCP connect scan
    Scanner->>Net: Dial TCP
    Note right of Scanner #F0F0F0: No payload write for TCP in diff
  end
  Scanner-->>Runner: (open, err)
  Runner-->>CLI: Report result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paw—payloads in tow,
Through ports I hop where bytes may go.
A carrot flag: -cp!
Only with CONNECT may I play,
UDP hums and sends my say—🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly captures the primary change by indicating that UDP payload support has been added, which directly reflects the new feature implemented in the PR. It is concise, clear, and focused on the main enhancement without extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 425bdf7 and c85cc65.

📒 Files selected for processing (1)

• README.md (3 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

README.md

44-44: Unordered list indentation
Expected: 0; Actual: 1

(MD007, ul-indent)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-windows
• GitHub Check: build-linux
• GitHub Check: build-mac
• GitHub Check: Functional Test (ubuntu-latest)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

pkg/runner/options.go (1)

76-76: Consider minor comment refinement.

The comment "Payload to use with CONNECT scan types" could be slightly clearer. Consider "Payload to send in CONNECT scans" to match the CLI help text.

-	ConnectPayload    string              // Payload to use with CONNECT scan types
+	ConnectPayload    string              // Payload to send in CONNECT scans

pkg/runner/validate.go (1)

144-146: Consider validation ordering for better UX.

The validation correctly enforces that connect payloads require connect scans. However, the current placement means users might see this error even when the code would automatically fall back to connect scan (e.g., due to routing failure at line 148-151).

Consider moving this validation after all automatic scan-type adjustments, or automatically switching to connect scan when a payload is specified (similar to the proxy handling at lines 139-142).

Current flow:

1. Line 139-142: Auto-adjust SynScan → ConnectScan if proxy is used
2. Line 144-146: Error if ConnectPayload with non-ConnectScan
3. Line 148-151: Auto-adjust SynScan → ConnectScan if routing fails

Potential improvement:

// Move after routing check (line 151)
if options.ConnectPayload != "" && options.ScanType != ConnectScan {
	gologger.Warning().Msgf("Connect payload requires connect scan: falling back to connect scan")
	options.ScanType = ConnectScan
}

Or move after all adjustments:

// After line 151
if options.ConnectPayload != "" && options.ScanType != ConnectScan {
	return errors.New("connect payload can only be used with connect scan")
}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 490dac6 and 805ce8e.

📒 Files selected for processing (5)

• pkg/runner/options.go (2 hunks)
• pkg/runner/runner.go (6 hunks)
• pkg/runner/validate.go (3 hunks)
• pkg/runner/validate_test.go (1 hunks)
• pkg/scan/scan.go (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

pkg/runner/validate.go (1)

pkg/runner/default.go (1)

• ConnectScan (16-16)

pkg/scan/scan.go (1)

pkg/port/port.go (1)

• Port (10-17)

pkg/runner/validate_test.go (1)

pkg/runner/default.go (1)

• SynScan (15-15)

🔇 Additional comments (4)

pkg/scan/scan.go (1)

389-445: LGTM! UDP payload implementation is correct.

The signature change and UDP payload write are implemented correctly:

• The payload parameter is properly added to the method signature
• For UDP, the payload is written to the connection, enabling proper service discovery
• TCP connections remain unchanged (line 444), as they succeed on connect without data
• Empty payloads are handled correctly (empty byte slice)

pkg/runner/runner.go (2)

348-348: LGTM! Payload extraction is efficient.

Extracting the payload once and reusing it throughout is the right approach.

---

836-866: LGTM! Payload propagation is consistent.

The handleHostPort signature update and payload passing to ConnectPort are implemented correctly across all code paths.

pkg/runner/validate_test.go (1)

20-24: LGTM! Test coverage for payload validation is appropriate.

The test correctly verifies that using ConnectPayload with SynScan results in the expected validation error.

[Mzack9999]

@coderabbitai update the linked issue, describing the partial implementation with a global udp payload for all ports

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Fetch details of issue #462
gh issue view 462 --repo projectdiscovery/naabu --json title,body,state,number,url

Length of output: 493

---

🏁 Script executed:

#!/bin/bash
# Add a comment to issue #462 describing the partial implementation
gh issue comment 462 --repo projectdiscovery/naabu --body "A partial implementation has been added in PR #1051.

This PR introduces a \`--connect-payload\` flag that allows specifying a UDP payload to be sent during connect scans. However, this is a **global payload** that applies to all ports uniformly, rather than service-specific probes tailored to individual port/service combinations as originally requested.

**Current implementation:**
- Adds a \`--connect-payload\` (\`-cp\`) CLI flag
- The specified payload is sent to all UDP ports during connect scans
- Works for scenarios where the same probe can be used across multiple services

**Future enhancement:**
A complete solution would involve implementing service-specific probes (similar to nmap's approach) that automatically select appropriate payloads based on the target port and expected service.

cc: @jesusprubio for the contribution"

Length of output: 76

---

@Mzack9999, I've updated issue #462 with a description of the partial implementation. The comment explains:

• The new --connect-payload flag introduced in this PR
• That it's a global payload applying to all ports (not service-specific)
• The difference between the current implementation and the originally requested feature
• A note about future enhancements for service-specific probes

You can view the comment here: #462 (comment)