Merge branch 'master' into fix-http-ntlm-proxy

Author: staaldraad

autodiscover/autodiscover.go

@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"crypto/tls"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
 	"net/url"
@@ -13,21 +13,20 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/sensepost/ruler/http-ntlm"
 	httpntlm "github.com/sensepost/ruler/http-ntlm"
 	"github.com/sensepost/ruler/utils"
 )
 
 //globals
 
-//SessionConfig holds the configuration for this autodiscover session
+// SessionConfig holds the configuration for this autodiscover session
 var SessionConfig *utils.Session
 var autodiscoverStep int
 var secondaryEmail string //a secondary email to use, edge case seen in office365
 var Transport http.Transport
 var basicAuth = false
 
-//the xml for the autodiscover service
+// the xml for the autodiscover service
 const autodiscoverXML = `<?xml version="1.0" encoding="utf-8"?><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
 <Request><EMailAddress>{{.Email}}</EMailAddress>
 <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
@@ -44,10 +43,10 @@ func parseTemplate(tmpl string) (string, error) {
 	return buff.String(), nil
 }
 
-//createAutodiscover generates a domain name of the format autodiscover.domain.com
-//and checks if a DNS entry exists for it. If it doesn't it tries DNS for just the domain name.
-//returns an empty string if no valid domain was found.
-//returns the full (expected) autodiscover URL
+// createAutodiscover generates a domain name of the format autodiscover.domain.com
+// and checks if a DNS entry exists for it. If it doesn't it tries DNS for just the domain name.
+// returns an empty string if no valid domain was found.
+// returns the full (expected) autodiscover URL
 func createAutodiscover(domain string, https bool) string {
 	_, err := net.LookupHost(domain)
 	if err != nil {
@@ -59,7 +58,7 @@ func createAutodiscover(domain string, https bool) string {
 	return fmt.Sprintf("http://%s/autodiscover/autodiscover.xml", domain)
 }
 
-//GetMapiHTTP gets the details for MAPI/HTTP
+// GetMapiHTTP gets the details for MAPI/HTTP
 func GetMapiHTTP(email, autoURLPtr string, resp *utils.AutodiscoverResp) (*utils.AutodiscoverResp, string, error) {
 	//var resp *utils.AutodiscoverResp
 	var err error
@@ -88,7 +87,7 @@ func GetMapiHTTP(email, autoURLPtr string, resp *utils.AutodiscoverResp) (*utils
 	return resp, rawAutodiscover, nil
 }
 
-//GetRPCHTTP exports the RPC details for RPC/HTTP
+// GetRPCHTTP exports the RPC details for RPC/HTTP
 func GetRPCHTTP(email, autoURLPtr string, resp *utils.AutodiscoverResp) (*utils.AutodiscoverResp, string, string, string, bool, error) {
 	//var resp *utils.AutodiscoverResp
 	var err error
@@ -191,7 +190,7 @@ func GetRPCHTTP(email, autoURLPtr string, resp *utils.AutodiscoverResp) (*utils.
 	return resp, rawAutodiscover, RPCURL, user, ntlmAuth, nil
 }
 
-//CheckCache checks to see if there is a stored copy of the autodiscover record
+// CheckCache checks to see if there is a stored copy of the autodiscover record
 func CheckCache(email string) *utils.AutodiscoverResp {
 	//check the cache folder for a stored autodiscover record
 	email = strings.Replace(email, "@", "_", -1)
@@ -206,7 +205,7 @@ func CheckCache(email string) *utils.AutodiscoverResp {
 		return nil
 	}
 	utils.Info.Println("Found cached Autodiscover record. Using this (use --nocache to force new lookup)")
-	data, err := ioutil.ReadFile(path)
+	data, err := os.ReadFile(path)
 	if err != nil {
 		utils.Error.Println("Error reading stored record ", err)
 		return nil
@@ -216,7 +215,7 @@ func CheckCache(email string) *utils.AutodiscoverResp {
 	return &autodiscoverResp
 }
 
-//CreateCache function stores the raw autodiscover record to file
+// CreateCache function stores the raw autodiscover record to file
 func CreateCache(email, autodiscover string) {
 
 	if autodiscover == "" { //no autodiscover record passed in, don't try write
@@ -241,7 +240,7 @@ func CreateCache(email, autodiscover string) {
 	}
 }
 
-//Autodiscover function to retrieve mailbox details using the autodiscover mechanism from MS Exchange
+// Autodiscover function to retrieve mailbox details using the autodiscover mechanism from MS Exchange
 func Autodiscover(domain string) (*utils.AutodiscoverResp, string, error) {
 	if SessionConfig.Proxy == "" {
 		Transport = http.Transport{
@@ -259,8 +258,8 @@ func Autodiscover(domain string) (*utils.AutodiscoverResp, string, error) {
 	return autodiscover(domain, false)
 }
 
-//MAPIDiscover function to do the autodiscover request but specify the MAPI header
-//indicating that the MAPI end-points should be returned
+// MAPIDiscover function to do the autodiscover request but specify the MAPI header
+// indicating that the MAPI end-points should be returned
 func MAPIDiscover(domain string) (*utils.AutodiscoverResp, string, error) {
 	//set transport
 	if SessionConfig.Proxy == "" {
@@ -345,7 +344,7 @@ func autodiscover(domain string, mapi bool) (*utils.AutodiscoverResp, string, er
 
 	if SessionConfig.Basic == true {
 		if SessionConfig.Domain != "" {
-			req.SetBasicAuth(SessionConfig.Domain + "\\" + SessionConfig.User, SessionConfig.Pass)
+			req.SetBasicAuth(SessionConfig.Domain+"\\"+SessionConfig.User, SessionConfig.Pass)
 		} else {
 			req.SetBasicAuth(SessionConfig.Email, SessionConfig.Pass)
 		}
@@ -375,7 +374,7 @@ func autodiscover(domain string, mapi bool) (*utils.AutodiscoverResp, string, er
 
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, "", err
 	}
@@ -492,17 +491,17 @@ func redirectAutodiscover(redirdom string) (string, error) {
 	return resp.Header.Get("Location"), nil
 }
 
-//InsecureRedirectsO365 allows forwarding the Authorization header even when we shouldn't
+// InsecureRedirectsO365 allows forwarding the Authorization header even when we shouldn't
 type InsecureRedirectsO365 struct {
 	Transport http.RoundTripper
 	User      string
 	Pass      string
 	Insecure  bool
 }
 
-//RoundTrip custom redirector that allows us to forward the auth header, even when the domain changes.
-//This is needed as some office365 domains will redirect from autodiscover.domain.com to autodiscover.outlook.com
-//and Go does not forward Sensitive headers such as Authorization (https://golang.org/src/net/http/client.go#41)
+// RoundTrip custom redirector that allows us to forward the auth header, even when the domain changes.
+// This is needed as some office365 domains will redirect from autodiscover.domain.com to autodiscover.outlook.com
+// and Go does not forward Sensitive headers such as Authorization (https://golang.org/src/net/http/client.go#41)
 func (l InsecureRedirectsO365) RoundTrip(req *http.Request) (resp *http.Response, err error) {
 	t := l.Transport
 

autodiscover/brute.go

@@ -3,10 +3,10 @@ package autodiscover
 import (
 	"crypto/tls"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -311,7 +311,7 @@ func UserPassBruteForce() {
 func readFile(filename string) []string {
 	var outputs []string
 
-	data, err := ioutil.ReadFile(filename)
+	data, err := os.ReadFile(filename)
 	if err != nil {
 		utils.Error.Println("Input file not found")
 		return nil

forms/rulerforms.go

@@ -11,7 +11,7 @@ import (
 	"github.com/sensepost/ruler/utils"
 )
 
-//CreateFormAttachmentPointer creates the first attachment that holds info about the new form
+// CreateFormAttachmentPointer creates the first attachment that holds info about the new form
 func CreateFormAttachmentPointer(folderid, messageid []byte) error {
 	utils.Info.Println("Create Form Pointer Attachment")
 	data := []byte("FormStg=%d\\FS525C.tmp\nMsgCls=IPM.Note.grr\nBaseMsgCls=IPM.Note\n") //don't think this is strictly necessary
@@ -31,17 +31,17 @@ func CreateFormAttachmentPointer(folderid, messageid []byte) error {
 	return err
 }
 
-//CreateFormAttachmentTemplate creates the template attachment holding the actual command to execute
+// CreateFormAttachmentTemplate creates the template attachment holding the actual command to execute
 func CreateFormAttachmentTemplate(folderid, messageid []byte, pstr string) error {
 	return CreateFormAttachmentWithTemplate(folderid, messageid, pstr, "templates/formtemplate.bin")
 }
 
-//CreateFormAttachmentForDeleteTemplate creates the template attachment holding the actual command to execute
+// CreateFormAttachmentForDeleteTemplate creates the template attachment holding the actual command to execute
 func CreateFormAttachmentForDeleteTemplate(folderid, messageid []byte, pstr string) error {
 	return CreateFormAttachmentWithTemplate(folderid, messageid, pstr, "templates/formdeletetemplate.bin")
 }
 
-//CreateFormAttachmentWithTemplate creates a form with a specific template
+// CreateFormAttachmentWithTemplate creates a form with a specific template
 func CreateFormAttachmentWithTemplate(folderid, messageid []byte, pstr, templatepath string) error {
 	utils.Info.Println("Create Form Template Attachment")
 
@@ -89,7 +89,7 @@ func CreateFormAttachmentWithTemplate(folderid, messageid []byte, pstr, template
 	return err
 }
 
-//CreateFormMessage creates the associate message that holds the form data
+// CreateFormMessage creates the associate message that holds the form data
 func CreateFormMessage(suffix, assocRule string) ([]byte, error) {
 	folderid := mapi.AuthSession.Folderids[mapi.INBOX]
 	propertyTagx := make([]mapi.TaggedPropertyValue, 10)
@@ -158,8 +158,8 @@ func CreateFormMessage(suffix, assocRule string) ([]byte, error) {
 	return msg.MessageID, err
 }
 
-//CreateFormTriggerMessage creates a valid message to trigger RCE through an existing form
-//requires a valid suffix to be supplied
+// CreateFormTriggerMessage creates a valid message to trigger RCE through an existing form
+// requires a valid suffix to be supplied
 func CreateFormTriggerMessage(suffix, subject, body string) ([]byte, error) {
 	folderid := mapi.AuthSession.Folderids[mapi.INBOX]
 	propertyTagx := make([]mapi.TaggedPropertyValue, 8)
@@ -186,7 +186,7 @@ func CreateFormTriggerMessage(suffix, subject, body string) ([]byte, error) {
 	return msg.MessageID, nil
 }
 
-//DeleteForm is used to delete a specific form stored in an associated table
+// DeleteForm is used to delete a specific form stored in an associated table
 func DeleteForm(suffix string, folderid []byte) ([]byte, error) {
 
 	columns := make([]mapi.PropertyTag, 3)
@@ -251,7 +251,7 @@ func DeleteForm(suffix string, folderid []byte) ([]byte, error) {
 	return nil, nil
 }
 
-//DisplayForms is used to display all forms  in the specified folder
+// DisplayForms is used to display all forms  in the specified folder
 func DisplayForms(folderid []byte) error {
 
 	columns := make([]mapi.PropertyTag, 2)
@@ -284,8 +284,8 @@ func DisplayForms(folderid []byte) error {
 	return nil
 }
 
-//CheckForm verfies that a form does not already exist.
-//having multiple forms with same suffix causes issues in outlook..
+// CheckForm verfies that a form does not already exist.
+// having multiple forms with same suffix causes issues in outlook..
 func CheckForm(folderid []byte, suffix string) error {
 	columns := make([]mapi.PropertyTag, 2)
 	columns[0] = mapi.PidTagOfflineAddressBookName

go.mod

@@ -1,12 +1,20 @@
 module github.com/sensepost/ruler
 
-go 1.15
+go 1.21
 
 require (
-	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef
 	github.com/staaldraad/go-ntlm v0.0.0-20200612175713-cd032d41aa8c
-	github.com/urfave/cli v1.22.5
-	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 // indirect
-	golang.org/x/net v0.0.0-20210119194325-5f4716e94777
+	github.com/urfave/cli v1.22.15
+	golang.org/x/net v0.26.0
 	gopkg.in/yaml.v2 v2.4.0
 )
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+)

go.sum

@@ -1,31 +1,46 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c h1:aY2hhxLhjEAbfXOx2nRJxCXezC6CO2V/yN+OCr1srtk=
-github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/staaldraad/go-ntlm v0.0.0-20200612175713-cd032d41aa8c h1:ZGPsFTrrYiQUmVV+86h6HX9ml4PyrA1REy8NWQwrcBE=
 github.com/staaldraad/go-ntlm v0.0.0-20200612175713-cd032d41aa8c/go.mod h1:Jzdz9vcdmcS8ZT5Q+UYGSx8PSIKaQtxQvNVUqN/MOMQ=
-github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
-github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
+github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

http-ntlm/ntlmtransport.go

@@ -12,7 +12,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
@@ -54,7 +53,7 @@ func (t NtlmTransport) RoundTrip(req *http.Request) (res *http.Response, err err
 	b, _ := session.GenerateNegotiateMessage()
 	// first send NTLM Negotiate header
 	r, _ := http.NewRequest("GET", req.URL.String(), strings.NewReader(""))
-	r.Header.Add("Authorization", "NTLM " + utils.EncBase64(b.Bytes()))
+	r.Header.Add("Authorization", "NTLM "+utils.EncBase64(b.Bytes()))
 	r.Header.Add("User-Agent", req.UserAgent())
 
 	if t.Proxy == "" {
@@ -84,7 +83,7 @@ func (t NtlmTransport) RoundTrip(req *http.Request) (res *http.Response, err err
 
 		// it's necessary to reuse the same http connection
 		// in order to do that it's required to read Body and close it
-		_, err = io.Copy(ioutil.Discard, resp.Body)
+		_, err = io.Copy(io.Discard, resp.Body)
 		if err != nil {
 			return nil, err
 		}
@@ -134,7 +133,7 @@ func (t NtlmTransport) RoundTrip(req *http.Request) (res *http.Response, err err
 		}
 
 		// set NTLM Authorization header
-		req.Header.Set("Authorization", "NTLM " + utils.EncBase64(authenticate.Bytes()))
+		req.Header.Set("Authorization", "NTLM "+utils.EncBase64(authenticate.Bytes()))
 
 		resp, err = client.Do(req)
 	}