2020-08-29 13:26:11 +00:00
|
|
|
package runner
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/karrick/godirwalk"
|
|
|
|
|
"github.com/projectdiscovery/gologger"
|
2020-12-29 10:08:14 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
|
2020-08-29 13:26:11 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
|
2021-02-04 12:59:28 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/types"
|
2020-08-29 13:26:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// getParsedTemplatesFor parse the specified templates and returns a slice of the parsable ones, optionally filtered
|
|
|
|
|
// by severity, along with a flag indicating if workflows are present.
|
2021-03-05 06:38:31 +00:00
|
|
|
func (r *Runner) getParsedTemplatesFor(templatePaths, severities []string, workflows bool) (parsedTemplates map[string]*templates.Template, workflowCount int) {
|
2020-08-29 13:26:11 +00:00
|
|
|
filterBySeverity := len(severities) > 0
|
|
|
|
|
|
2021-03-07 06:15:00 +00:00
|
|
|
if !workflows {
|
|
|
|
|
gologger.Info().Msgf("Loading templates...")
|
|
|
|
|
} else {
|
|
|
|
|
gologger.Info().Msgf("Loading workflows...")
|
|
|
|
|
}
|
2020-08-29 13:26:11 +00:00
|
|
|
|
2021-02-26 07:43:11 +00:00
|
|
|
parsedTemplates = make(map[string]*templates.Template)
|
2020-08-29 13:26:11 +00:00
|
|
|
for _, match := range templatePaths {
|
|
|
|
|
t, err := r.parseTemplateFile(match)
|
2020-12-29 10:08:14 +00:00
|
|
|
if err != nil {
|
2021-02-04 16:41:53 +00:00
|
|
|
gologger.Warning().Msgf("Could not parse file '%s': %s\n", match, err)
|
2020-12-29 10:08:14 +00:00
|
|
|
continue
|
|
|
|
|
}
|
2021-03-05 06:47:10 +00:00
|
|
|
if t == nil {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2021-03-05 06:38:31 +00:00
|
|
|
if len(t.Workflows) == 0 && workflows {
|
2021-02-22 07:34:42 +00:00
|
|
|
continue // don't print if user only wants to run workflows
|
|
|
|
|
}
|
2021-03-05 06:38:31 +00:00
|
|
|
if len(t.Workflows) > 0 && !workflows {
|
|
|
|
|
continue // don't print workflow if user only wants to run templates
|
|
|
|
|
}
|
2020-12-29 14:16:52 +00:00
|
|
|
if len(t.Workflows) > 0 {
|
|
|
|
|
workflowCount++
|
|
|
|
|
}
|
2021-02-04 12:59:28 +00:00
|
|
|
sev := strings.ToLower(types.ToString(t.Info["severity"]))
|
2021-01-12 09:44:49 +00:00
|
|
|
if !filterBySeverity || hasMatchingSeverity(sev, severities) {
|
2021-01-13 07:28:23 +00:00
|
|
|
parsedTemplates[t.ID] = t
|
2021-02-04 12:59:28 +00:00
|
|
|
gologger.Info().Msgf("%s\n", r.templateLogMsg(t.ID, types.ToString(t.Info["name"]), types.ToString(t.Info["author"]), sev))
|
2020-12-29 10:08:14 +00:00
|
|
|
} else {
|
2021-03-13 18:04:44 +00:00
|
|
|
gologger.Warning().Msgf("Excluding template %s due to severity filter (%s not in [%s])", t.ID, sev, severities)
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return parsedTemplates, workflowCount
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-29 10:08:14 +00:00
|
|
|
// parseTemplateFile returns the parsed template file
|
|
|
|
|
func (r *Runner) parseTemplateFile(file string) (*templates.Template, error) {
|
2021-02-05 19:06:43 +00:00
|
|
|
executerOpts := protocols.ExecuterOptions{
|
2021-02-07 20:37:19 +00:00
|
|
|
Output: r.output,
|
|
|
|
|
Options: r.options,
|
|
|
|
|
Progress: r.progress,
|
2021-02-26 07:43:11 +00:00
|
|
|
Catalog: r.catalog,
|
2021-02-07 20:37:19 +00:00
|
|
|
IssuesClient: r.issuesClient,
|
|
|
|
|
RateLimiter: r.ratelimiter,
|
|
|
|
|
ProjectFile: r.projectFile,
|
2021-02-21 11:01:34 +00:00
|
|
|
Browser: r.browser,
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
2020-12-29 10:08:14 +00:00
|
|
|
template, err := templates.Parse(file, executerOpts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
2021-03-05 06:47:10 +00:00
|
|
|
if template == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2020-12-29 10:08:14 +00:00
|
|
|
return template, nil
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
2020-08-29 21:02:45 +00:00
|
|
|
func (r *Runner) templateLogMsg(id, name, author, severity string) string {
|
2020-08-29 13:26:11 +00:00
|
|
|
// Display the message for the template
|
|
|
|
|
message := fmt.Sprintf("[%s] %s (%s)",
|
2020-12-29 10:08:14 +00:00
|
|
|
r.colorizer.BrightBlue(id).String(),
|
|
|
|
|
r.colorizer.Bold(name).String(),
|
|
|
|
|
r.colorizer.BrightYellow("@"+author).String())
|
2020-08-29 13:26:11 +00:00
|
|
|
if severity != "" {
|
2020-12-29 10:08:14 +00:00
|
|
|
message += " [" + r.severityColors.Data[severity] + "]"
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
2020-08-29 21:02:45 +00:00
|
|
|
return message
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *Runner) logAvailableTemplate(tplPath string) {
|
|
|
|
|
t, err := r.parseTemplateFile(tplPath)
|
2020-12-29 10:08:14 +00:00
|
|
|
if err != nil {
|
|
|
|
|
gologger.Error().Msgf("Could not parse file '%s': %s\n", tplPath, err)
|
2021-01-14 07:51:21 +00:00
|
|
|
} else {
|
2021-02-04 12:59:28 +00:00
|
|
|
gologger.Print().Msgf("%s\n", r.templateLogMsg(t.ID, types.ToString(t.Info["name"]), types.ToString(t.Info["author"]), types.ToString(t.Info["severity"])))
|
2020-08-29 21:02:45 +00:00
|
|
|
}
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListAvailableTemplates prints available templates to stdout
|
2020-08-29 21:02:45 +00:00
|
|
|
func (r *Runner) listAvailableTemplates() {
|
|
|
|
|
if r.templatesConfig == nil {
|
|
|
|
|
return
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
2020-08-30 11:25:34 +00:00
|
|
|
if _, err := os.Stat(r.templatesConfig.TemplatesDirectory); os.IsNotExist(err) {
|
2020-12-29 10:08:14 +00:00
|
|
|
gologger.Error().Msgf("%s does not exists", r.templatesConfig.TemplatesDirectory)
|
2020-08-30 11:25:34 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-29 10:08:14 +00:00
|
|
|
gologger.Print().Msgf(
|
2020-08-30 11:25:34 +00:00
|
|
|
"\nListing available v.%s nuclei templates for %s",
|
|
|
|
|
r.templatesConfig.CurrentVersion,
|
|
|
|
|
r.templatesConfig.TemplatesDirectory,
|
|
|
|
|
)
|
2020-08-29 21:02:45 +00:00
|
|
|
err := directoryWalker(
|
|
|
|
|
r.templatesConfig.TemplatesDirectory,
|
|
|
|
|
func(path string, d *godirwalk.Dirent) error {
|
|
|
|
|
if d.IsDir() && path != r.templatesConfig.TemplatesDirectory {
|
2020-12-29 10:08:14 +00:00
|
|
|
gologger.Print().Msgf("\n%s:\n\n", r.colorizer.Bold(r.colorizer.BgBrightBlue(d.Name())).String())
|
2020-08-29 21:02:45 +00:00
|
|
|
} else if strings.HasSuffix(path, ".yaml") {
|
|
|
|
|
r.logAvailableTemplate(path)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
// directory couldn't be walked
|
|
|
|
|
if err != nil {
|
2020-12-29 10:08:14 +00:00
|
|
|
gologger.Error().Msgf("Could not find templates in directory '%s': %s\n", r.templatesConfig.TemplatesDirectory, err)
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func hasMatchingSeverity(templateSeverity string, allowedSeverities []string) bool {
|
|
|
|
|
for _, s := range allowedSeverities {
|
2021-03-13 17:54:30 +00:00
|
|
|
finalSeverities := []string{}
|
|
|
|
|
if strings.Contains(s, ",") {
|
|
|
|
|
finalSeverities = strings.Split(s, ",")
|
|
|
|
|
} else {
|
|
|
|
|
finalSeverities = append(finalSeverities, s)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, sev := range finalSeverities {
|
|
|
|
|
sev = strings.ToLower(sev)
|
|
|
|
|
if sev != "" && strings.HasPrefix(templateSeverity, sev) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2020-08-29 13:26:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func directoryWalker(fsPath string, callback func(fsPath string, d *godirwalk.Dirent) error) error {
|
|
|
|
|
err := godirwalk.Walk(fsPath, &godirwalk.Options{
|
|
|
|
|
Callback: callback,
|
|
|
|
|
ErrorCallback: func(fsPath string, err error) godirwalk.ErrorAction {
|
|
|
|
|
return godirwalk.SkipNode
|
|
|
|
|
},
|
|
|
|
|
Unsorted: true,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// directory couldn't be walked
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
