daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2496 from projectdiscovery/dev 

v2.7.7
dev
Sandeep Singh 2022-08-26 15:13:19 +05:30 committed by GitHub
parent a477fe0637 8f8ab429ff
commit 1010cca84e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
69 changed files with 1144 additions and 438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -111,19 +111,20 @@ TEMPLATES:
-tl list all available templates
FILTERING:
-a, -author string[] templates to run based on authors (comma-separated, file)
-tags string[] templates to run based on tags (comma-separated, file)
-etags, -exclude-tags string[] templates to exclude based on tags (comma-separated, file)
-itags, -include-tags string[] tags to be executed even if they are excluded either by default or configuration
-id, -template-id string[] templates to run based on template ids (comma-separated, file)
-eid, -exclude-id string[] templates to exclude based on template ids (comma-separated, file)
-it, -include-templates string[] templates to be executed even if they are excluded either by default or configuration
-et, -exclude-templates string[] template or template directory to exclude (comma-separated, file)
-em, -exclude-matchers string[] template matchers to exclude in result
-s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical, unknown
-es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown
-pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-a, -author string[] templates to run based on authors (comma-separated, file)
-tags string[] templates to run based on tags (comma-separated, file)
-etags, -exclude-tags string[] templates to exclude based on tags (comma-separated, file)
-itags, -include-tags string[] tags to be executed even if they are excluded either by default or configuration
-id, -template-id string[] templates to run based on template ids (comma-separated, file)
-eid, -exclude-id string[] templates to exclude based on template ids (comma-separated, file)
-it, -include-templates string[] templates to be executed even if they are excluded either by default or configuration
-et, -exclude-templates string[] template or template directory to exclude (comma-separated, file)
-em, -exclude-matchers string[] template matchers to exclude in result
-s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical, unknown
-es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown
-pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-tc, -template-condition string[] templates to run based on expression condition
OUTPUT:
-o, -output string output file to write found issues/vulnerabilities
@ -158,6 +159,9 @@ CONFIGURATIONS:
-sml, -show-match-line show match lines for file templates, works with extractors only
-ztls use ztls library with autofallback to standard one for tls13
-sni string tls sni hostname to use (default: input domain name)
-i, -interface string network interface to use for network scan
-sip, -source-ip string source ip address to use for network scan
-config-directory string Override the default config path ($home/.config)
INTERACTSH:
-iserver, -interactsh-server string interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
@ -189,10 +193,11 @@ OPTIMIZATIONS:
-no-stdin Disable Stdin processing
HEADLESS:
-headless enable templates that require headless browser support (root user on linux will disable sandbox)
-page-timeout int seconds to wait for each page in headless mode (default 20)
-sb, -show-browser show the browser on the screen when running templates with headless mode
-sc, -system-chrome Use local installed chrome browser instead of nuclei installed
-headless enable templates that require headless browser support (root user on linux will disable sandbox)
-page-timeout int seconds to wait for each page in headless mode (default 20)
-sb, -show-browser show the browser on the screen when running templates with headless mode
-sc, -system-chrome Use local installed chrome browser instead of nuclei installed
-lha, -list-headless-action list available headless actions
DEBUG:
-debug show all requests and responses
@ -205,6 +210,7 @@ DEBUG:
-version show nuclei version
-hm, -hang-monitor enable nuclei hang monitoring
-v, -verbose show verbose output
-profile-mem string optional nuclei memory profile dump file
-vv display templates loaded for scan
-ep, -enable-pprof enable pprof debugging server
-tv, -templates-version shows the version of the installed nuclei-templates

4
README_CN.md
View File

@ -14,7 +14,7 @@
<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
<a href="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml"><img src="https://github.com/projectdiscovery/nuclei/actions/workflows/build-test.yml/badge.svg?branch=master"></a>
</p>
<p align="center">
<a href="#工作流程">工作流程</a>
<a href="#安装Nuclei">安装</a>
@ -143,7 +143,7 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
-ni, -no-interactsh 禁用反连检测平台,同时排除基于反连检测的模板
限速:
-r1, -rate-limit int 每秒最大请求量默认150
-rl, -rate-limit int 每秒最大请求量默认150
-rlm, -rate-limit-minute int 每分钟最大请求量
-bs, -bulk-size int 每个模板最大并行检测数默认25
-c, -concurrency int 并行执行的最大模板数量默认25

18
integration_tests/http/annotation-timeout.yaml Normal file
View File

@ -0,0 +1,18 @@
id: annotation-timeout
info:
name: Basic Annotation Timeout
author: pdteam
severity: info
requests:
- raw:
- |
@timeout: 5s
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
words:
- "This is test matcher text"

86
v2/cmd/cve-annotate/main.go
View File

@ -5,9 +5,9 @@ import (
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"log"
"net/http"
"net/url"
"os"
"regexp"
"strings"
@ -50,7 +50,7 @@ func main() {
}
func process() error {
tempDir, err := ioutil.TempDir("", "nuclei-nvd-%s")
tempDir, err := os.MkdirTemp("", "nuclei-nvd-%s")
if err != nil {
return err
}
@ -71,7 +71,16 @@ func process() error {
if err != nil {
return err
}
getCVEData(client, path, string(data))
dataString := string(data)
// First try to resolve references to tags
dataString, err = parseAndAddReferenceBasedTags(path, dataString)
if err != nil {
log.Printf("Could not parse reference tags %s: %s\n", path, err)
continue
}
// Next try and fill CVE data
getCVEData(client, path, dataString)
}
return nil
}
@ -228,7 +237,7 @@ func getCVEData(client *nvd.Client, filePath, data string) {
newTemplate := strings.ReplaceAll(data, infoBlockClean, newInfoBlockData)
if changed {
_ = ioutil.WriteFile(filePath, []byte(newTemplate), 0644)
_ = os.WriteFile(filePath, []byte(newTemplate), 0644)
fmt.Printf("Wrote updated template to %s\n", filePath)
}
}
@ -290,12 +299,15 @@ func parseAndAddCISAKevTagTemplate(path string, data string) (string, error) {
return "", errors.Wrap(err, "could not decode template yaml")
}
splitted := strings.Split(block.Info.Tags, ",")
if len(splitted) == 0 {
return data, nil
}
var cisaIndex = -1
for i, tag := range splitted {
// If we already have tag, return
if tag == "kev" {
return "", nil
return data, nil
}
if tag == "cisa" {
cisaIndex = i
@ -306,9 +318,67 @@ func parseAndAddCISAKevTagTemplate(path string, data string) (string, error) {
splitted = append(splitted[:cisaIndex], splitted[cisaIndex+1:]...)
}
splitted = append(splitted, "kev")
final := strings.Join(splitted, ",")
replaced := strings.Replace(data, block.Info.Tags, final, -1)
return replaced, ioutil.WriteFile(path, []byte(replaced), os.ModePerm)
replaced := strings.ReplaceAll(data, block.Info.Tags, strings.Join(splitted, ","))
return replaced, os.WriteFile(path, []byte(replaced), os.ModePerm)
}
// parseAndAddReferenceBasedTags parses and adds reference based tags to templates
func parseAndAddReferenceBasedTags(path string, data string) (string, error) {
block := &InfoBlock{}
if err := yaml.NewDecoder(strings.NewReader(data)).Decode(block); err != nil {
return "", errors.Wrap(err, "could not decode template yaml")
}
splitted := strings.Split(block.Info.Tags, ",")
if len(splitted) == 0 {
return data, nil
}
tagsCurrent := fmt.Sprintf("tags: %s", block.Info.Tags)
newTags := suggestTagsBasedOnReference(block.Info.Reference, splitted)
if len(newTags) == len(splitted) {
return data, nil
}
replaced := strings.ReplaceAll(data, tagsCurrent, fmt.Sprintf("tags: %s", strings.Join(newTags, ",")))
return replaced, os.WriteFile(path, []byte(replaced), os.ModePerm)
}
var referenceMapping = map[string]string{
"huntr.dev": "huntr",
"hackerone.com": "hackerone",
"tenable.com": "tenable",
"packetstormsecurity.org": "packetstorm",
"seclists.org": "seclists",
"wpscan.com": "wpscan",
"packetstormsecurity.com": "packetstorm",
"exploit-db.com": "edb",
"https://github.com/rapid7/metasploit-framework/": "msf",
"https://github.com/vulhub/vulhub/": "vulhub",
}
func suggestTagsBasedOnReference(references, currentTags []string) []string {
uniqueTags := make(map[string]struct{})
for _, value := range currentTags {
uniqueTags[value] = struct{}{}
}
for _, reference := range references {
parsed, err := url.Parse(reference)
if err != nil {
continue
}
hostname := parsed.Hostname()
for value, tag := range referenceMapping {
if strings.HasSuffix(hostname, value) || strings.HasPrefix(reference, value) {
uniqueTags[tag] = struct{}{}
}
}
}
newTags := make([]string, 0, len(uniqueTags))
for tag := range uniqueTags {
newTags = append(newTags, tag)
}
return newTags
}
// Cloning struct from nuclei as we don't want any validation

5
v2/cmd/docgen/docgen.go
View File

@ -3,7 +3,6 @@ package main
import (
"bytes"
"encoding/json"
"io/ioutil"
"log"
"os"
"regexp"
@ -22,7 +21,7 @@ func main() {
if err != nil {
log.Fatalf("Could not encode docs: %s\n", err)
}
err = ioutil.WriteFile(os.Args[1], data, 0644)
err = os.WriteFile(os.Args[1], data, 0644)
if err != nil {
log.Fatalf("Could not write docs: %s\n", err)
}
@ -44,7 +43,7 @@ func main() {
for _, match := range pathRegex.FindAllStringSubmatch(schema, -1) {
schema = strings.ReplaceAll(schema, match[0], match[1])
}
err = ioutil.WriteFile(os.Args[2], []byte(schema), 0644)
err = os.WriteFile(os.Args[2], []byte(schema), 0644)
if err != nil {
log.Fatalf("Could not write jsonschema: %s\n", err)
}

17
v2/cmd/functional-test/main.go
View File

@ -85,7 +85,22 @@ func runTestCase(testCase string, debug bool) bool {
}
func runIndividualTestCase(testcase string, debug bool) error {
parts := strings.Fields(testcase)
quoted := false
// split upon unquoted spaces
parts := strings.FieldsFunc(testcase, func(r rune) bool {
if r == '"' {
quoted = !quoted
}
return !quoted && r == ' '
})
// Quoted strings containing spaces are expressions and must have trailing \" removed
for index, part := range parts {
if strings.Contains(part, " ") {
parts[index] = strings.Trim(part, "\"")
}
}
var finalArgs []string
if len(parts) > 1 {

3
v2/cmd/functional-test/testcases.txt
View File

@ -46,6 +46,9 @@
{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates cves/2021/
{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates cves/2017/CVE-2017-7269.yaml
{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -include-templates cves/2017/CVE-2017-7269.yaml
{{binary}} -tags cve -author geeknik,pdteam -tc severity=='high'
{{binary}} -tc contains(authors,'pdteam')
{{binary}} -t cves/ -t exposures/ -tc contains(tags,'cve') -exclude-templates cves/2020/CVE-2020-9757.yaml
{{binary}} -w workflows
{{binary}} -w workflows -author geeknik,pdteam
{{binary}} -w workflows -severity high,critical

38
v2/cmd/integration-test/custom-dir.go Normal file
View File

@ -0,0 +1,38 @@
package main
import (
"os"
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
)
type customConfigDirTest struct{}
var customConfigDirTestCases = map[string]testutils.TestCase{
"dns/cname-fingerprint.yaml": &customConfigDirTest{},
}
// Execute executes a test case and returns an error if occurred
func (h *customConfigDirTest) Execute(filePath string) error {
customTempDirectory, err := os.MkdirTemp("", "")
if err != nil {
return err
}
defer os.RemoveAll(customTempDirectory)
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "8x8exch02.8x8.com", debug, "-config-directory", customTempDirectory)
if err != nil {
return err
}
if len(results) == 0 {
return nil
}
files, err := os.ReadDir(customTempDirectory)
if err != nil {
return err
}
var fileNames []string
for _, file := range files {
fileNames = append(fileNames, file.Name())
}
return expectResultsCount(fileNames, 3)
}

23
v2/cmd/integration-test/http.go
View File

@ -11,6 +11,7 @@ import (
"regexp"
"strconv"
"strings"
"time"
"github.com/julienschmidt/httprouter"
@ -52,6 +53,7 @@ var httpTestcases = map[string]testutils.TestCase{
"http/get-sni.yaml": &customCLISNI{},
"http/redirect-match-url.yaml": &httpRedirectMatchURL{},
"http/get-sni-unsafe.yaml": &customCLISNIUnsafe{},
"http/annotation-timeout.yaml": &annotationTimeout{},
}
type httpInteractshRequest struct{}
@ -584,7 +586,7 @@ func (h *httpRawUnsafeRequest) Execute(filePath string) error {
ts := testutils.NewTCPServer(nil, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test"))
_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test"))
})
defer ts.Close()
@ -909,3 +911,22 @@ func (h *customCLISNIUnsafe) Execute(filePath string) error {
}
return expectResultsCount(results, 1)
}
type annotationTimeout struct{}
// Execute executes a test case and returns an error if occurred
func (h *annotationTimeout) Execute(filePath string) error {
router := httprouter.New()
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
time.Sleep(4 * time.Second)
fmt.Fprintf(w, "This is test matcher text")
})
ts := httptest.NewTLSServer(router)
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-timeout", "1")
if err != nil {
return err
}
return expectResultsCount(results, 1)
}

29
v2/cmd/integration-test/integration-test.go
View File

@ -19,20 +19,21 @@ var (
failed = aurora.Red("[✘]").String()
protocolTests = map[string]map[string]testutils.TestCase{
"http": httpTestcases,
"network": networkTestcases,
"dns": dnsTestCases,
"workflow": workflowTestcases,
"loader": loaderTestcases,
"websocket": websocketTestCases,
"headless": headlessTestcases,
"whois": whoisTestCases,
"ssl": sslTestcases,
"code": codeTestcases,
"templatesPath": templatesPathTestCases,
"templatesDir": templatesDirTestCases,
"file": fileTestcases,
"offlineHttp": offlineHttpTestcases,
"http": httpTestcases,
"network": networkTestcases,
"dns": dnsTestCases,
"workflow": workflowTestcases,
"loader": loaderTestcases,
"websocket": websocketTestCases,
"headless": headlessTestcases,
"whois": whoisTestCases,
"ssl": sslTestcases,
"code": codeTestcases,
"templatesPath": templatesPathTestCases,
"templatesDir": templatesDirTestCases,
"file": fileTestcases,
"offlineHttp": offlineHttpTestcases,
"customConfigDir": customConfigDirTestCases,
}
)

5
v2/cmd/integration-test/loader.go
View File

@ -2,7 +2,6 @@ package main
import (
"fmt"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
@ -49,7 +48,7 @@ func (h *remoteTemplateList) Execute(templateList string) error {
defer ts.Close()
configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
err := ioutil.WriteFile("test-config.yaml", []byte(configFileData), os.ModePerm)
err := os.WriteFile("test-config.yaml", []byte(configFileData), os.ModePerm)
if err != nil {
return err
}
@ -148,7 +147,7 @@ func (h *remoteWorkflowList) Execute(workflowList string) error {
defer ts.Close()
configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
err := ioutil.WriteFile("test-config.yaml", []byte(configFileData), os.ModePerm)
err := os.WriteFile("test-config.yaml", []byte(configFileData), os.ModePerm)
if err != nil {
return err
}

32
v2/cmd/nuclei/main.go
View File

@ -1,7 +1,9 @@
package main
import (
"errors"
"fmt"
"io"
"os"
"os/signal"
"path/filepath"
@ -32,7 +34,6 @@ func main() {
if err := runner.ConfigureOptions(); err != nil {
gologger.Fatal().Msgf("Could not initialize options: %s\n", err)
}
readConfig()
// Profiling related code
@ -145,6 +146,7 @@ on extensive configurability, massive extensibility and ease of use.`)
flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())),
flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("templates to run based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
flagSet.VarP(&options.ExcludeProtocols, "exclude-type", "ept", fmt.Sprintf("templates to exclude based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
flagSet.FileStringSliceVarP(&options.IncludeConditions, "template-condition", "tc", nil, "templates to run based on expression condition"),
)
flagSet.CreateGroup("output", "Output",
@ -181,6 +183,9 @@ on extensive configurability, massive extensibility and ease of use.`)
flagSet.BoolVarP(&options.ShowMatchLine, "show-match-line", "sml", false, "show match lines for file templates, works with extractors only"),
flagSet.BoolVar(&options.ZTLS, "ztls", false, "use ztls library with autofallback to standard one for tls13"),
flagSet.StringVar(&options.SNI, "sni", "", "tls sni hostname to use (default: input domain name)"),
flagSet.StringVarP(&options.Interface, "interface", "i", "", "network interface to use for network scan"),
flagSet.StringVarP(&options.SourceIP, "source-ip", "sip", "", "source ip address to use for network scan"),
flagSet.StringVar(&options.CustomConfigDir, "config-directory", "", "Override the default config path ($home/.config)"),
)
flagSet.CreateGroup("interactsh", "interactsh",
@ -220,6 +225,7 @@ on extensive configurability, massive extensibility and ease of use.`)
flagSet.IntVar(&options.PageTimeout, "page-timeout", 20, "seconds to wait for each page in headless mode"),
flagSet.BoolVarP(&options.ShowBrowser, "show-browser", "sb", false, "show the browser on the screen when running templates with headless mode"),
flagSet.BoolVarP(&options.UseInstalledChrome, "system-chrome", "sc", false, "Use local installed chrome browser instead of nuclei installed"),
flagSet.BoolVarP(&options.ShowActions, "list-headless-action", "lha", false, "list available headless actions"),
)
flagSet.CreateGroup("debug", "Debug",
@ -260,7 +266,29 @@ on extensive configurability, massive extensibility and ease of use.`)
if options.LeaveDefaultPorts {
http.LeaveDefaultPorts = true
}
if options.CustomConfigDir != "" {
originalIgnorePath := config.GetIgnoreFilePath()
config.SetCustomConfigDirectory(options.CustomConfigDir)
configPath := filepath.Join(options.CustomConfigDir, "config.yaml")
ignoreFile := filepath.Join(options.CustomConfigDir, ".nuclei-ignore")
if !fileutil.FileExists(ignoreFile) {
_ = fileutil.CopyFile(originalIgnorePath, ignoreFile)
}
readConfigFile := func() error {
if err := flagSet.MergeConfigFile(configPath); err != nil && !errors.Is(err, io.EOF) {
defaultConfigPath, _ := goflags.GetConfigFilePath()
err = fileutil.CopyFile(defaultConfigPath, configPath)
if err != nil {
return err
}
return errors.New("reload the config file")
}
return nil
}
if err := readConfigFile(); err != nil {
_ = readConfigFile()
}
}
if cfgFile != "" {
if err := flagSet.MergeConfigFile(cfgFile); err != nil {
gologger.Fatal().Msgf("Could not read config: %s\n", err)

11
v2/go.mod
View File

@ -5,7 +5,7 @@ go 1.17
require (
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible
github.com/alecthomas/jsonschema v0.0.0-20211022214203-8b29eab41725
github.com/andygrunwald/go-jira v1.15.1
github.com/andygrunwald/go-jira v1.16.0
github.com/antchfx/htmlquery v1.2.5
github.com/apex/log v1.9.0
github.com/blang/semver v3.5.1+incompatible
@ -48,7 +48,7 @@ require (
github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible
github.com/valyala/fasttemplate v1.2.1
github.com/weppos/publicsuffix-go v0.15.1-0.20210928183822-5ee35905bd95
github.com/xanzy/go-gitlab v0.72.0
github.com/xanzy/go-gitlab v0.73.1
go.uber.org/atomic v1.9.0
go.uber.org/multierr v1.8.0
go.uber.org/ratelimit v0.2.0
@ -59,12 +59,13 @@ require (
moul.io/http2curl v1.0.0
)
require github.com/aws/aws-sdk-go v1.44.77
require github.com/aws/aws-sdk-go v1.44.83
require github.com/projectdiscovery/folderutil v0.0.0-20220215113126-add60a1e8e08
require (
github.com/DataDog/gostackparse v0.5.0
github.com/antchfx/xmlquery v1.3.12
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
github.com/docker/go-units v0.4.0
github.com/h2non/filetype v1.1.3
@ -77,7 +78,7 @@ require (
github.com/projectdiscovery/nvd v1.0.9
github.com/projectdiscovery/sliceutil v0.0.0-20220511171050-c7d9bc5cadd9
github.com/projectdiscovery/urlutil v0.0.0-20210525140139-b874f06ad921
github.com/projectdiscovery/wappalyzergo v0.0.55
github.com/projectdiscovery/wappalyzergo v0.0.56
github.com/stretchr/testify v1.8.0
github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b
gopkg.in/yaml.v3 v3.0.1
@ -110,7 +111,7 @@ require (
github.com/goburrow/cache v0.1.4 // indirect
github.com/gobwas/httphead v0.1.0 // indirect
github.com/gobwas/pool v0.2.1 // indirect
github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.4 // indirect

23
v2/go.sum
View File

@ -93,11 +93,13 @@ github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgp
github.com/andybalholm/cascadia v1.1.0 h1:BuuO6sSfQNFRu1LppgbD25Hr2vLYW25JvxHs5zzsLTo=
github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
github.com/andygrunwald/go-jira v1.14.0/go.mod h1:KMo2f4DgMZA1C9FdImuLc04x4WQhn5derQpnsuBFgqE=
github.com/andygrunwald/go-jira v1.15.1 h1:6J9aYKb9sW8bxv3pBLYBrs0wdsFrmGI5IeTgWSKWKc8=
github.com/andygrunwald/go-jira v1.15.1/go.mod h1:GIYN1sHOIsENWUZ7B4pDeT/nxEtrZpE8l0987O67ZR8=
github.com/andygrunwald/go-jira v1.16.0 h1:PU7C7Fkk5L96JvPc6vDVIrd99vdPnYudHu4ju2c2ikQ=
github.com/andygrunwald/go-jira v1.16.0/go.mod h1:UQH4IBVxIYWbgagc0LF/k9FRs9xjIiQ8hIcC6HfLwFU=
github.com/antchfx/htmlquery v1.2.3/go.mod h1:B0ABL+F5irhhMWg54ymEZinzMSi0Kt3I2if0BLYa3V0=
github.com/antchfx/htmlquery v1.2.5 h1:1lXnx46/1wtv1E/kzmH8vrfMuUKYgkdDBA9pIdMJnk4=
github.com/antchfx/htmlquery v1.2.5/go.mod h1:2MCVBzYVafPBmKbrmwB9F5xdd+IEgRY61ci2oOsOQVw=
github.com/antchfx/xmlquery v1.3.12 h1:6TMGpdjpO/P8VhjnaYPXuqT3qyJ/VsqoyNTmJzNBTQ4=
github.com/antchfx/xmlquery v1.3.12/go.mod h1:3w2RvQvTz+DaT5fSgsELkSJcdNgkmg6vuXDEuhdwsPQ=
github.com/antchfx/xpath v1.1.6/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
github.com/antchfx/xpath v1.2.1 h1:qhp4EW6aCOVr5XIkT+l6LJ9ck/JsUH/yyauNgTQkBF8=
github.com/antchfx/xpath v1.2.1/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs=
@ -112,8 +114,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.44.77 h1:m5rTfdv04/swD+vTuS2zn4NEwKX3yEJPMhiVCFDL/mU=
github.com/aws/aws-sdk-go v1.44.77/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.44.83 h1:7+Rtc2Eio6EKUNoZeMV/IVxzVrY5oBQcNPtCcgIHYJA=
github.com/aws/aws-sdk-go v1.44.83/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
@ -230,8 +232,8 @@ github.com/gobwas/ws v1.1.0 h1:7RFti/xnNkMJnrK7D1yQ/iCIB5OrrY/54/H930kIbHA=
github.com/gobwas/ws v1.1.0/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIbezhfL0=
github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v4 v4.3.0 h1:kHL1vqdqWNfATmA0FNMdmZNMyZI1U6O31X4rlIPoBog=
github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -584,8 +586,8 @@ github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3 h1:Eb
github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3/go.mod h1:mF5sh4jTghoGWwgUb9qWi5waTFklClDbtrqtJU93awc=
github.com/projectdiscovery/urlutil v0.0.0-20210525140139-b874f06ad921 h1:EgaxpJm7+lKppfAHkFHs+S+II0lodp4Gu3leZCCkWlc=
github.com/projectdiscovery/urlutil v0.0.0-20210525140139-b874f06ad921/go.mod h1:oXLErqOpqEAp/ueQlknysFxHO3CUNoSiDNnkiHG+Jpo=
github.com/projectdiscovery/wappalyzergo v0.0.55 h1:dDWuohTrAUWrphnFB+uAL33QrDWBbdM+z7sTzSxy8PY=
github.com/projectdiscovery/wappalyzergo v0.0.55/go.mod h1:9aSADdt5z/pw9LFZF7Q8RrLnkyqZl1H4Ezivi8Td7l0=
github.com/projectdiscovery/wappalyzergo v0.0.56 h1:774LsI8tAUAYROQhTX9VsxoQN2kAC5m9CcNj3BHsvTs=
github.com/projectdiscovery/wappalyzergo v0.0.56/go.mod h1:9aSADdt5z/pw9LFZF7Q8RrLnkyqZl1H4Ezivi8Td7l0=
github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24=
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6/go.mod h1:8OfZj8p/axkUM/TJoS/O9LDjj/S8u17rxRbqluE9CU4=
@ -686,8 +688,8 @@ github.com/weppos/publicsuffix-go v0.15.1-0.20210928183822-5ee35905bd95/go.mod h
github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ=
github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM=
github.com/xanzy/go-gitlab v0.50.3/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE=
github.com/xanzy/go-gitlab v0.72.0 h1:/9BQTftUE7GRK/RO1eeWxG1cOE+tjwBrvRdpkeSOq6w=
github.com/xanzy/go-gitlab v0.72.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA=
github.com/xanzy/go-gitlab v0.73.1 h1:UMagqUZLJdjss1SovIC+kJCH4k2AZWXl58gJd38Y/hI=
github.com/xanzy/go-gitlab v0.73.1/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
@ -982,6 +984,7 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

12
v2/internal/runner/healthcheck.go
View File

@ -7,7 +7,6 @@ import (
"runtime"
"strings"
"github.com/mitchellh/go-homedir"
"github.com/projectdiscovery/fileutil"
"github.com/projectdiscovery/goflags"
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
@ -18,7 +17,6 @@ import (
func DoHealthCheck(options *types.Options) string {
// RW permissions on config file
cfgFilePath, _ := goflags.GetConfigFilePath()
cfgFileFolder := filepath.Dir(cfgFilePath)
var test strings.Builder
test.WriteString(fmt.Sprintf("Version: %s\n", config.Version))
test.WriteString(fmt.Sprintf("Operative System: %s\n", runtime.GOOS))
@ -28,9 +26,13 @@ func DoHealthCheck(options *types.Options) string {
var testResult string
nucleiIgnorePath := filepath.Join(cfgFileFolder, ".nuclei-ignore")
homedir, _ := homedir.Dir()
nucleiTemplatePath := filepath.Join(homedir, "nuclei-templates/.checksum")
nucleiIgnorePath := config.GetIgnoreFilePath()
cf, _ := config.ReadConfiguration()
templatePath := ""
if cf != nil {
templatePath = cf.TemplatesDirectory
}
nucleiTemplatePath := filepath.Join(templatePath, "/", ".checksum")
for _, filename := range []string{cfgFilePath, nucleiIgnorePath, nucleiTemplatePath} {
ok, err := fileutil.IsReadable(filename)
if ok {

8
v2/internal/runner/options.go
View File

@ -19,6 +19,7 @@ import (
"github.com/projectdiscovery/gologger/levels"
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
@ -57,6 +58,13 @@ func ParseOptions(options *types.Options) {
gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)
os.Exit(0)
}
if options.ShowActions {
gologger.Info().Msgf("Showing available headless actions: ")
for action := range engine.ActionStringToAction {
gologger.Print().Msgf("\t%s", action)
}
os.Exit(0)
}
if options.StoreResponseDir != DefaultDumpTrafficOutputFolder && !options.StoreResponse {
gologger.Debug().Msgf("Store response directory specified, enabling \"store-resp\" flag automatically\n")
options.StoreResponse = true

10
v2/internal/runner/runner.go
View File

@ -6,7 +6,7 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"io"
"net/http"
_ "net/http/pprof"
"os"
@ -377,7 +377,11 @@ func (r *Runner) RunEnumeration() error {
}
executerOpts.WorkflowLoader = workflowLoader
store, err := loader.New(loader.NewConfig(r.options, r.templatesConfig, r.catalog, executerOpts))
templateConfig := r.templatesConfig
if templateConfig == nil {
templateConfig = &config.Config{}
}
store, err := loader.New(loader.NewConfig(r.options, templateConfig, r.catalog, executerOpts))
if err != nil {
return errors.Wrap(err, "could not load templates from config")
}
@ -556,7 +560,7 @@ func (r *Runner) readNewTemplatesWithVersionFile(version string) ([]string, erro
if resp.StatusCode != http.StatusOK {
return nil, errors.New("version not found")
}
data, err := ioutil.ReadAll(resp.Body)
data, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}

3
v2/internal/runner/update.go
View File

@ -9,7 +9,6 @@ import (
"encoding/hex"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"path/filepath"
@ -220,7 +219,7 @@ func (r *Runner) checkNucleiIgnoreFileUpdates(configDir string) bool {
return false
}
if len(data) > 0 {
_ = ioutil.WriteFile(filepath.Join(configDir, nucleiIgnoreFile), data, 0644)
_ = os.WriteFile(filepath.Join(configDir, nucleiIgnoreFile), data, 0644)
}
if r.templatesConfig != nil {
if err := config.WriteConfiguration(r.templatesConfig); err != nil {

23
v2/internal/runner/update_test.go
View File

@ -4,7 +4,6 @@ import (
"archive/zip"
"context"
"io"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
@ -22,21 +21,21 @@ import (
func TestDownloadReleaseAndUnzipAddition(t *testing.T) {
gologger.DefaultLogger.SetWriter(&testutils.NoopWriter{})
templatesDirectory, err := ioutil.TempDir("", "template-*")
templatesDirectory, err := os.MkdirTemp("", "template-*")
require.Nil(t, err, "could not create temp directory")
defer os.RemoveAll(templatesDirectory)
r := &Runner{templatesConfig: &config.Config{TemplatesDirectory: templatesDirectory}, options: testutils.DefaultOptions}
newTempDir, err := ioutil.TempDir("", "new-tmp-*")
newTempDir, err := os.MkdirTemp("", "new-tmp-*")
require.Nil(t, err, "could not create temp directory")
defer os.RemoveAll(newTempDir)
err = ioutil.WriteFile(filepath.Join(newTempDir, "base.yaml"), []byte("id: test"), os.ModePerm)
err = os.WriteFile(filepath.Join(newTempDir, "base.yaml"), []byte("id: test"), os.ModePerm)
require.Nil(t, err, "could not create base file")
err = ioutil.WriteFile(filepath.Join(newTempDir, "new.yaml"), []byte("id: test"), os.ModePerm)
err = os.WriteFile(filepath.Join(newTempDir, "new.yaml"), []byte("id: test"), os.ModePerm)
require.Nil(t, err, "could not create new file")
err = ioutil.WriteFile(filepath.Join(newTempDir, ".new-additions"), []byte("new.yaml"), os.ModePerm)
err = os.WriteFile(filepath.Join(newTempDir, ".new-additions"), []byte("new.yaml"), os.ModePerm)
require.Nil(t, err, "could not create new file")
err = zipFromDirectory("new.zip", newTempDir)
@ -57,13 +56,13 @@ func TestDownloadReleaseAndUnzipAddition(t *testing.T) {
func TestDownloadReleaseAndUnzipDeletion(t *testing.T) {
gologger.DefaultLogger.SetWriter(&testutils.NoopWriter{})
baseTemplates, err := ioutil.TempDir("", "old-temp-*")
baseTemplates, err := os.MkdirTemp("", "old-temp-*")
require.Nil(t, err, "could not create temp directory")
defer os.RemoveAll(baseTemplates)
err = ioutil.WriteFile(filepath.Join(baseTemplates, "base.yaml"), []byte("id: test"), os.ModePerm)
err = os.WriteFile(filepath.Join(baseTemplates, "base.yaml"), []byte("id: test"), os.ModePerm)
require.Nil(t, err, "could not create write base file")
err = ioutil.WriteFile(filepath.Join(baseTemplates, ".new-additions"), []byte("base.yaml"), os.ModePerm)
err = os.WriteFile(filepath.Join(baseTemplates, ".new-additions"), []byte("base.yaml"), os.ModePerm)
require.Nil(t, err, "could not create new file")
err = zipFromDirectory("base.zip", baseTemplates)
@ -75,7 +74,7 @@ func TestDownloadReleaseAndUnzipDeletion(t *testing.T) {
}))
defer ts.Close()
templatesDirectory, err := ioutil.TempDir("", "template-*")
templatesDirectory, err := os.MkdirTemp("", "template-*")
require.Nil(t, err, "could not create temp directory")
defer os.RemoveAll(templatesDirectory)
@ -85,11 +84,11 @@ func TestDownloadReleaseAndUnzipDeletion(t *testing.T) {
require.Nil(t, err, "could not download release and unzip")
require.Equal(t, "base.yaml", results.additions[0], "could not get correct base addition")
newTempDir, err := ioutil.TempDir("", "new-tmp-*")
newTempDir, err := os.MkdirTemp("", "new-tmp-*")
require.Nil(t, err, "could not create temp directory")
defer os.RemoveAll(newTempDir)
err = ioutil.WriteFile(filepath.Join(newTempDir, ".new-additions"), []byte(""), os.ModePerm)
err = os.WriteFile(filepath.Join(newTempDir, ".new-additions"), []byte(""), os.ModePerm)
require.Nil(t, err, "could not create new file")
err = zipFromDirectory("new.zip", newTempDir)

27
v2/pkg/catalog/config/config.go
View File

@ -28,8 +28,16 @@ type Config struct {
const nucleiConfigFilename = ".templates-config.json"
// Version is the current version of nuclei
const Version = `2.7.6`
const Version = `2.7.7`
var customConfigDirectory string
func SetCustomConfigDirectory(dir string) {
customConfigDirectory = dir
if !fileutil.FolderExists(dir) {
_ = fileutil.CreateFolder(dir)
}
}
func getConfigDetails() (string, error) {
configDir, err := GetConfigDir()
if err != nil {
@ -42,7 +50,15 @@ func getConfigDetails() (string, error) {
// GetConfigDir returns the nuclei configuration directory
func GetConfigDir() (string, error) {
home, err := homedir.Dir()
var (
home string
err error
)
if customConfigDirectory != "" {
home = customConfigDirectory
return home, nil
}
home, err = homedir.Dir()
if err != nil {
return "", err
}
@ -55,7 +71,6 @@ func ReadConfiguration() (*Config, error) {
if err != nil {
return nil, err
}
file, err := os.Open(templatesConfigFile)
if err != nil {
return nil, err
@ -100,7 +115,7 @@ type IgnoreFile struct {
// ReadIgnoreFile reads the nuclei ignore file returning blocked tags and paths
func ReadIgnoreFile() IgnoreFile {
file, err := os.Open(getIgnoreFilePath())
file, err := os.Open(GetIgnoreFilePath())
if err != nil {
gologger.Error().Msgf("Could not read nuclei-ignore file: %s\n", err)
return IgnoreFile{}
@ -138,8 +153,8 @@ func OverrideIgnoreFilePath(customPath string) error {
return nil
}
// getIgnoreFilePath returns the ignore file path for the runner
func getIgnoreFilePath() string {
// GetIgnoreFilePath returns the ignore file path for the runner
func GetIgnoreFilePath() string {
var defIgnoreFilePath string
if customIgnoreFilePath != "" {

75
v2/pkg/catalog/loader/filter/tag_filter.go
View File

@ -4,7 +4,11 @@ import (
"errors"
"strings"
"github.com/Knetic/govaluate"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
"github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl"
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
)
@ -20,6 +24,7 @@ type TagFilter struct {
excludeTypes map[types.ProtocolType]struct{}
allowedIds map[string]struct{}
excludeIds map[string]struct{}
includeConditions map[string]*govaluate.EvaluableExpression
}
// ErrExcluded is returned for excluded templates
@ -30,7 +35,8 @@ var ErrExcluded = errors.New("the template was excluded")
// unless it is explicitly specified by user using the includeTags (matchAllows field).
// Matching rule: (tag1 OR tag2...) AND (author1 OR author2...) AND (severity1 OR severity2...) AND (extraTags1 OR extraTags2...)
// Returns true if the template matches the filter criteria, false otherwise.
func (tagFilter *TagFilter) Match(templateTags, templateAuthors []string, templateSeverity severity.Severity, extraTags []string, templateType types.ProtocolType, templateId string) (bool, error) {
func (tagFilter *TagFilter) Match(template *templates.Template, extraTags []string) (bool, error) {
templateTags := template.Info.Tags.ToSlice()
for _, templateTag := range templateTags {
_, blocked := tagFilter.block[templateTag]
_, allowed := tagFilter.matchAllows[templateTag]
@ -48,19 +54,23 @@ func (tagFilter *TagFilter) Match(templateTags, templateAuthors []string, templa
return false, nil
}
if !isAuthorMatch(tagFilter, templateAuthors) {
if !isAuthorMatch(tagFilter, template.Info.Authors.ToSlice()) {
return false, nil
}
if !isSeverityMatch(tagFilter, templateSeverity) {
if !isSeverityMatch(tagFilter, template.Info.SeverityHolder.Severity) {
return false, nil
}
if !isTemplateTypeMatch(tagFilter, templateType) {
if !isTemplateTypeMatch(tagFilter, template.Type()) {
return false, nil
}
if !isIdMatch(tagFilter, templateId) {
if !isIdMatch(tagFilter, strings.ToLower(template.ID)) {
return false, nil
}
if !isConditionMatch(tagFilter, template) {
return false, nil
}
@ -167,6 +177,46 @@ func isIdMatch(tagFilter *TagFilter, templateId string) bool {
return included && !excluded
}
func isConditionMatch(tagFilter *TagFilter, template *templates.Template) bool {
if len(tagFilter.includeConditions) == 0 {
return true
}
// attempts to unwrap fields to their basic types
// mapping must be manual because of various abstraction layers, custom marshaling and forceful validation
parameters := map[string]interface{}{
"id": template.ID,
"name": template.Info.Name,
"description": template.Info.Description,
"tags": template.Info.Tags.ToSlice(),
"authors": template.Info.Authors.ToSlice(),
"severity": template.Info.SeverityHolder.Severity.String(),
}
for k, v := range template.Info.Metadata {
parameters[k] = v
}
for _, expr := range tagFilter.includeConditions {
result, err := expr.Evaluate(parameters)
// in case of errors => skip
if err != nil {
// Using debug as the failure here might be legitimate (eg. template not having optional metadata fields => missing required fields)
gologger.Debug().Msgf("The expression condition couldn't be evaluated correctly for template \"%s\": %s\n", template.ID, err)
return false
}
resultBool, ok := result.(bool)
// in case the result is not boolean => skip
if !ok {
return false
}
// in case the result is false => skip
if !resultBool {
return false
}
}
return true
}
type Config struct {
Tags []string
ExcludeTags []string
@ -178,12 +228,13 @@ type Config struct {
ExcludeIds []string
Protocols types.ProtocolTypes
ExcludeProtocols types.ProtocolTypes
IncludeConditions []string
}
// New returns a tag filter for nuclei tag based execution
//
// It takes into account Tags, Severities, ExcludeSeverities, Authors, IncludeTags, ExcludeTags.
func New(config *Config) *TagFilter {
// It takes into account Tags, Severities, ExcludeSeverities, Authors, IncludeTags, ExcludeTags, Conditions.
func New(config *Config) (*TagFilter, error) {
filter := &TagFilter{
allowedTags: make(map[string]struct{}),
authors: make(map[string]struct{}),
@ -195,6 +246,7 @@ func New(config *Config) *TagFilter {
excludeTypes: make(map[types.ProtocolType]struct{}),
allowedIds: make(map[string]struct{}),
excludeIds: make(map[string]struct{}),
includeConditions: make(map[string]*govaluate.EvaluableExpression),
}
for _, tag := range config.ExcludeTags {
for _, val := range splitCommaTrim(tag) {
@ -261,7 +313,14 @@ func New(config *Config) *TagFilter {
delete(filter.excludeIds, val)
}
}
return filter
for _, includeCondition := range config.IncludeConditions {
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(includeCondition, dsl.HelperFunctions)
if err != nil {
return nil, err
}
filter.includeConditions[includeCondition] = compiled
}
return filter, nil
}
/*

221
v2/pkg/catalog/loader/filter/tag_filter_test.go
View File

@ -3,145 +3,252 @@ package filter
import (
"testing"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http"
"github.com/stretchr/testify/require"
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/stringslice"
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
)
func TestTagBasedFilter(t *testing.T) {
{
filter := New(&Config{
Tags: []string{"cves", "2021", "jira"},
})
t.Run("true", func(t *testing.T) {
matched, _ := filter.Match([]string{"jira"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.True(t, matched, "could not get correct match")
})
t.Run("false", func(t *testing.T) {
matched, _ := filter.Match([]string{"consul"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.False(t, matched, "could not get correct match")
})
t.Run("match-extra-tags-positive", func(t *testing.T) {
matched, _ := filter.Match([]string{"cves", "vuln"}, []string{"pdteam"}, severity.Low, []string{"vuln"}, types.HTTPProtocol, "")
require.True(t, matched, "could not get correct match")
})
t.Run("match-extra-tags-negative", func(t *testing.T) {
matched, _ := filter.Match([]string{"cves"}, []string{"pdteam"}, severity.Low, []string{"vuln"}, types.HTTPProtocol, "")
require.False(t, matched, "could not get correct match")
})
newDummyTemplate := func(id string, tags, authors []string, severityValue severity.Severity, protocolType types.ProtocolType) *templates.Template {
dummyTemplate := &templates.Template{}
if id != "" {
dummyTemplate.ID = id
}
if len(tags) > 0 {
dummyTemplate.Info.Tags = stringslice.StringSlice{Value: tags}
}
if len(authors) > 0 {
dummyTemplate.Info.Authors = stringslice.StringSlice{Value: authors}
}
dummyTemplate.Info.SeverityHolder = severity.Holder{Severity: severityValue}
switch protocolType {
case types.DNSProtocol:
dummyTemplate.RequestsDNS = []*dns.Request{{}}
case types.HTTPProtocol:
dummyTemplate.RequestsHTTP = []*http.Request{{}}
}
return dummyTemplate
}
filter, err := New(&Config{
Tags: []string{"cves", "2021", "jira"},
})
require.Nil(t, err)
t.Run("true", func(t *testing.T) {
dummyTemplate := newDummyTemplate("", []string{"jira"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
})
t.Run("false", func(t *testing.T) {
dummyTemplate := newDummyTemplate("", []string{"consul"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("match-extra-tags-positive", func(t *testing.T) {
dummyTemplate := newDummyTemplate("", []string{"cves", "vuln"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, []string{"vuln"})
require.True(t, matched, "could not get correct match")
})
t.Run("match-extra-tags-negative", func(t *testing.T) {
dummyTemplate := newDummyTemplate("", []string{"cves"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, []string{"vuln"})
require.False(t, matched, "could not get correct match")
})
t.Run("not-match-excludes", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
ExcludeTags: []string{"dos"},
})
matched, err := filter.Match([]string{"dos"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"dos"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, err := filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
require.Equal(t, ErrExcluded, err, "could not get correct error")
})
t.Run("match-includes", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Tags: []string{"cves", "fuzz"},
ExcludeTags: []string{"dos", "fuzz"},
IncludeTags: []string{"fuzz"},
})
matched, err := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, err := filter.Match(dummyTemplate, nil)
require.Nil(t, err, "could not get match")
require.True(t, matched, "could not get correct match")
})
t.Run("match-includes", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Tags: []string{"fuzz"},
ExcludeTags: []string{"fuzz"},
})
matched, err := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, err := filter.Match(dummyTemplate, nil)
require.Nil(t, err, "could not get match")
require.True(t, matched, "could not get correct match")
})
t.Run("match-author", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Authors: []string{"pdteam"},
})
matched, _ := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
})
t.Run("match-severity", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Severities: severity.Severities{severity.High},
})
matched, _ := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.High, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.High, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
})
t.Run("match-id", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
IncludeIds: []string{"cve-test"},
})
matched, _ := filter.Match([]string{""}, []string{""}, severity.Low, nil, types.HTTPProtocol, "cve-test")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("cve-test", nil, nil, severity.Low, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
})
t.Run("match-exclude-severity", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
ExcludeSeverities: severity.Severities{severity.Low},
})
matched, _ := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.High, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.High, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
matched, _ = filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
dummyTemplate = newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("match-exclude-with-tags", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Tags: []string{"tag"},
ExcludeTags: []string{"another"},
})
matched, _ := filter.Match([]string{"another"}, []string{"pdteam"}, severity.High, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"another"}, []string{"pdteam"}, severity.High, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("match-conditions", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Authors: []string{"pdteam"},
Tags: []string{"jira"},
Severities: severity.Severities{severity.High},
})
matched, _ := filter.Match([]string{"jira", "cve"}, []string{"pdteam", "someOtherUser"}, severity.High, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"jira", "cve"}, []string{"pdteam", "someOtherUser"}, severity.High, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
matched, _ = filter.Match([]string{"jira"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
dummyTemplate = newDummyTemplate("", []string{"jira"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
matched, _ = filter.Match([]string{"jira"}, []string{"random"}, severity.Low, nil, types.HTTPProtocol, "")
dummyTemplate = newDummyTemplate("", []string{"jira"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
matched, _ = filter.Match([]string{"consul"}, []string{"random"}, severity.Low, nil, types.HTTPProtocol, "")
dummyTemplate = newDummyTemplate("", []string{"consul"}, []string{"random"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("match-type", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
Protocols: []types.ProtocolType{types.HTTPProtocol},
})
matched, _ := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.High, nil, types.HTTPProtocol, "")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.High, types.HTTPProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
})
t.Run("match-exclude-id", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
ExcludeIds: []string{"cve-test"},
})
matched, _ := filter.Match([]string{""}, []string{""}, severity.High, nil, types.DNSProtocol, "cve-test1")
require.Nil(t, err)
dummyTemplate := newDummyTemplate("cve-test1", nil, nil, severity.High, types.DNSProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
matched, _ = filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "cve-test")
dummyTemplate = newDummyTemplate("cve-test", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("match-exclude-type", func(t *testing.T) {
filter := New(&Config{
filter, err := New(&Config{
ExcludeProtocols: []types.ProtocolType{types.HTTPProtocol},
})
matched, _ := filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.High, nil, types.DNSProtocol, "")
require.True(t, matched, "could not get correct match")
require.Nil(t, err)
matched, _ = filter.Match([]string{"fuzz"}, []string{"pdteam"}, severity.Low, nil, types.HTTPProtocol, "")
dummyTemplate := newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.High, types.DNSProtocol)
matched, _ := filter.Match(dummyTemplate, nil)
require.True(t, matched, "could not get correct match")
dummyTemplate = newDummyTemplate("", []string{"fuzz"}, []string{"pdteam"}, severity.Low, types.HTTPProtocol)
matched, _ = filter.Match(dummyTemplate, nil)
require.False(t, matched, "could not get correct match")
})
t.Run("advanced-filtering-positive", func(t *testing.T) {
dummyTemplate := newDummyTemplate("test", []string{"jira", "test"}, []string{"test1", "test2"}, severity.High, types.HTTPProtocol)
// syntax error
testAdvancedFiltering(t, []string{"id==test'"}, dummyTemplate, true, false)
// basic properties
testAdvancedFiltering(t, []string{"id=='test'"}, dummyTemplate, false, true)
// simple element in slice with 'in' operator, multiple slice elements will require a custom helper function
testAdvancedFiltering(t, []string{"contains(tags,'test')"}, dummyTemplate, false, true)
testAdvancedFiltering(t, []string{"contains(authors,'test1')"}, dummyTemplate, false, true)
// helper function
testAdvancedFiltering(t, []string{"contains(id, 'te')"}, dummyTemplate, false, true)
testAdvancedFiltering(t, []string{"md5(id)=='098f6bcd4621d373cade4e832627b4f6'"}, dummyTemplate, false, true)
// boolean operators
testAdvancedFiltering(t, []string{"id!='nothing' && (contains(id, 'te') && id=='test')&& !contains(tags,'no_tag')"}, dummyTemplate, false, true)
// create some metadata
dummyTemplate.Info.Metadata = make(map[string]interface{})
dummyTemplate.Info.Metadata["test_value"] = "test"
dummyTemplate.Info.Metadata["bool_value"] = true
dummyTemplate.Info.Metadata["number_value"] = 1
testAdvancedFiltering(t, []string{"test_value == 'test' && bool_value && number_value>=1"}, dummyTemplate, false, true)
})
t.Run("advanced-filtering-negative", func(t *testing.T) {
dummyTemplate := newDummyTemplate("test", []string{"jira"}, []string{"test1", "test2"}, severity.High, types.HTTPProtocol)
// basic properties
testAdvancedFiltering(t, []string{"id=='test1'"}, dummyTemplate, false, false)
testAdvancedFiltering(t, []string{"!(id==test') && !contains(tags,'bla')"}, dummyTemplate, true, false)
// helper function
testAdvancedFiltering(t, []string{"!contains(id, 'bah')"}, dummyTemplate, false, true)
// boolean operators with nested negations
testAdvancedFiltering(t, []string{"id!='nothing' && !(!contains(id, 'te') && id=='test')&& !contains(tags,'no_tag')"}, dummyTemplate, false, true)
// create some metadata
dummyTemplate.Info.Metadata = make(map[string]interface{})
testAdvancedFiltering(t, []string{"non_existent_value == 'test'"}, dummyTemplate, false, false)
})
}
func testAdvancedFiltering(t *testing.T, includeConditions []string, template *templates.Template, shouldError, shouldMatch bool) {
// basic properties
advancedFilter, err := New(&Config{IncludeConditions: includeConditions})
if shouldError {
require.NotNil(t, err)
return
} else {
require.Nil(t, err)
}
matched, _ := advancedFilter.Match(template, nil)
require.Equal(t, shouldMatch, matched, "could not get correct match")
}

45
v2/pkg/catalog/loader/loader.go
View File

@ -38,6 +38,7 @@ type Config struct {
IncludeTags []string
IncludeIds []string
ExcludeIds []string
IncludeConditions []string
Catalog catalog.Catalog
ExecutorOptions protocols.ExecuterOptions
@ -79,6 +80,7 @@ func NewConfig(options *types.Options, templateConfig *config.Config, catalog ca
TemplatesDirectory: templateConfig.TemplatesDirectory,
Protocols: options.Protocols,
ExcludeProtocols: options.ExcludeProtocols,
IncludeConditions: options.IncludeConditions,
Catalog: catalog,
ExecutorOptions: executerOpts,
}
@ -87,21 +89,26 @@ func NewConfig(options *types.Options, templateConfig *config.Config, catalog ca
// New creates a new template store based on provided configuration
func New(config *Config) (*Store, error) {
tagFilter, err := filter.New(&filter.Config{
Tags: config.Tags,
ExcludeTags: config.ExcludeTags,
Authors: config.Authors,
Severities: config.Severities,
ExcludeSeverities: config.ExcludeSeverities,
IncludeTags: config.IncludeTags,
IncludeIds: config.IncludeIds,
ExcludeIds: config.ExcludeIds,
Protocols: config.Protocols,
ExcludeProtocols: config.ExcludeProtocols,
IncludeConditions: config.IncludeConditions,
})
if err != nil {
return nil, err
}
// Create a tag filter based on provided configuration
store := &Store{
config: config,
tagFilter: filter.New(&filter.Config{
Tags: config.Tags,
ExcludeTags: config.ExcludeTags,
Authors: config.Authors,
Severities: config.Severities,
ExcludeSeverities: config.ExcludeSeverities,
IncludeTags: config.IncludeTags,
IncludeIds: config.IncludeIds,
ExcludeIds: config.ExcludeIds,
Protocols: config.Protocols,
ExcludeProtocols: config.ExcludeProtocols,
}),
config: config,
tagFilter: tagFilter,
pathFilter: filter.NewPathFilter(&filter.PathFilterConfig{
IncludedTemplates: config.IncludeTemplates,
ExcludedTemplates: config.ExcludeTemplates,
@ -267,7 +274,11 @@ func (store *Store) LoadTemplates(templatesList []string) []*templates.Template
stats.Increment(parsers.RuntimeWarningsStats)
gologger.Warning().Msgf("Could not parse template %s: %s\n", templatePath, err)
} else if parsed != nil {
loadedTemplates = append(loadedTemplates, parsed)
if len(parsed.RequestsHeadless) > 0 && !store.config.ExecutorOptions.Options.Headless {
gologger.Warning().Msgf("Headless flag is required for headless template %s\n", templatePath)
} else {
loadedTemplates = append(loadedTemplates, parsed)
}
}
} else if err != nil {
gologger.Warning().Msgf("Could not load template %s: %s\n", templatePath, err)
@ -314,7 +325,11 @@ func (store *Store) LoadTemplatesWithTags(templatesList, tags []string) []*templ
stats.Increment(parsers.RuntimeWarningsStats)
gologger.Warning().Msgf("Could not parse template %s: %s\n", templatePath, err)
} else if parsed != nil {
loadedTemplates = append(loadedTemplates, parsed)
if len(parsed.RequestsHeadless) > 0 && !store.config.ExecutorOptions.Options.Headless {
gologger.Warning().Msgf("Headless flag is required for headless template %s\n", templatePath)
} else {
loadedTemplates = append(loadedTemplates, parsed)
}
}
} else if err != nil {
gologger.Warning().Msgf("Could not load template %s: %s\n", templatePath, err)

60
v2/pkg/operators/common/dsl/dsl.go
View File

@ -50,6 +50,13 @@ var invalidDslFunctionMessageTemplate = "%w. correct method signature %q"
var dslFunctions map[string]dslFunction
var (
// FunctionNames is a list of function names for expression evaluation usages
FunctionNames []string
// HelperFunctions is a pre-compiled list of govaluate DSL functions
HelperFunctions map[string]govaluate.ExpressionFunction
)
var functionSignaturePattern = regexp.MustCompile(`(\w+)\s*\((?:([\w\d,\s]+)\s+([.\w\d{}&*]+))?\)([\s.\w\d{}&*]+)?`)
var dateFormatRegex = regexp.MustCompile("%([A-Za-z])")
@ -566,6 +573,49 @@ func init() {
}
return nil, fmt.Errorf("invalid number: %T", args[0])
}),
"substr": makeDslWithOptionalArgsFunction(
"(str string, start int, optionalEnd int)",
func(args ...interface{}) (interface{}, error) {
if len(args) < 2 {
return nil, invalidDslFunctionError
}
argStr := types.ToString(args[0])
start, err := strconv.Atoi(types.ToString(args[1]))
if err != nil {
return nil, errors.Wrap(err, "invalid start position")
}
if len(args) == 2 {
return argStr[start:], nil
}
end, err := strconv.Atoi(types.ToString(args[2]))
if err != nil {
return nil, errors.Wrap(err, "invalid end position")
}
if end < 0 {
end += len(argStr)
}
return argStr[start:end], nil
},
),
"aes_cbc": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
key := []byte(types.ToString(args[0]))
cleartext := []byte(types.ToString(args[1]))
block, _ := aes.NewCipher(key)
blockSize := block.BlockSize()
n := blockSize - len(cleartext)%blockSize
temp := bytes.Repeat([]byte{byte(n)}, n)
cleartext = append(cleartext, temp...)
iv := make([]byte, 16)
if _, err := crand.Read(iv); err != nil {
return nil, err
}
blockMode := cipher.NewCBCEncrypter(block, iv)
ciphertext := make([]byte, len(cleartext))
blockMode.CryptBlocks(ciphertext, cleartext)
ciphertext = append(iv, ciphertext...)
return ciphertext, nil
}),
"aes_gcm": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
key := args[0].(string)
value := args[1].(string)
@ -592,6 +642,11 @@ func init() {
for funcName, dslFunc := range tempDslFunctions {
dslFunctions[funcName] = dslFunc(funcName)
}
HelperFunctions = helperFunctions()
FunctionNames = make([]string, 0, len(HelperFunctions))
for k := range HelperFunctions {
FunctionNames = append(FunctionNames, k)
}
}
func makeDslWithOptionalArgsFunction(signaturePart string, dslFunctionLogic govaluate.ExpressionFunction) func(functionName string) dslFunction {
@ -626,8 +681,8 @@ func createSignaturePart(numberOfParameters int) string {
return fmt.Sprintf("(%s interface{}) interface{}", strings.Join(params, ", "))
}
// HelperFunctions returns the dsl helper functions
func HelperFunctions() map[string]govaluate.ExpressionFunction {
// helperFunctions returns the dsl helper functions
func helperFunctions() map[string]govaluate.ExpressionFunction {
helperFunctions := make(map[string]govaluate.ExpressionFunction, len(dslFunctions))
for functionName, dslFunction := range dslFunctions {
@ -639,6 +694,7 @@ func HelperFunctions() map[string]govaluate.ExpressionFunction {
}
// AddHelperFunction allows creation of additional helper functions to be supported with templates
//
//goland:noinspection GoUnusedExportedFunction
func AddHelperFunction(key string, value func(args ...interface{}) (interface{}, error)) error {
if _, ok := dslFunctions[key]; !ok {

156
v2/pkg/operators/common/dsl/dsl_test.go
View File

@ -15,7 +15,7 @@ import (
)
func TestDSLURLEncodeDecode(t *testing.T) {
functions := HelperFunctions()
functions := HelperFunctions
encoded, err := functions["url_encode"]("&test\"")
require.Nil(t, err, "could not url encode")
@ -27,7 +27,7 @@ func TestDSLURLEncodeDecode(t *testing.T) {
}
func TestDSLTimeComparison(t *testing.T) {
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("unixtime() > not_after", HelperFunctions())
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("unixtime() > not_after", HelperFunctions)
require.Nil(t, err, "could not compare time")
result, err := compiled.Evaluate(map[string]interface{}{"not_after": float64(time.Now().Unix() - 1000)})
@ -36,13 +36,13 @@ func TestDSLTimeComparison(t *testing.T) {
}
func TestDSLGzipSerialize(t *testing.T) {
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("gzip(\"hello world\")", HelperFunctions())
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("gzip(\"hello world\")", HelperFunctions)
require.Nil(t, err, "could not compile encoder")
result, err := compiled.Evaluate(make(map[string]interface{}))
require.Nil(t, err, "could not evaluate compare time")
compiled, err = govaluate.NewEvaluableExpressionWithFunctions("gzip_decode(data)", HelperFunctions())
compiled, err = govaluate.NewEvaluableExpressionWithFunctions("gzip_decode(data)", HelperFunctions)
require.Nil(t, err, "could not compile decoder")
data, err := compiled.Evaluate(map[string]interface{}{"data": result})
@ -68,7 +68,7 @@ func TestDateTimeDSLFunction(t *testing.T) {
}
t.Run("with Unix time", func(t *testing.T) {
dateTimeFunction, err := govaluate.NewEvaluableExpressionWithFunctions("date_time(dateTimeFormat)", HelperFunctions())
dateTimeFunction, err := govaluate.NewEvaluableExpressionWithFunctions("date_time(dateTimeFormat)", HelperFunctions)
require.Nil(t, err, "could not compile encoder")
currentTime := time.Now()
@ -78,7 +78,7 @@ func TestDateTimeDSLFunction(t *testing.T) {
})
t.Run("without Unix time", func(t *testing.T) {
dateTimeFunction, err := govaluate.NewEvaluableExpressionWithFunctions("date_time(dateTimeFormat, unixTime)", HelperFunctions())
dateTimeFunction, err := govaluate.NewEvaluableExpressionWithFunctions("date_time(dateTimeFormat, unixTime)", HelperFunctions)
require.Nil(t, err, "could not compile encoder")
currentTime := time.Now()
@ -112,7 +112,7 @@ func TestDslFunctionSignatures(t *testing.T) {
{"remove_bad_chars", []interface{}{"a", "b", "c"}, nil, removeBadCharsSignatureError},
}
helperFunctions := HelperFunctions()
helperFunctions := HelperFunctions
for _, currentTestCase := range testCases {
methodName := currentTestCase.methodName
t.Run(methodName, func(t *testing.T) {
@ -132,76 +132,77 @@ func createSignatureError(signature string) string {
return fmt.Errorf(invalidDslFunctionMessageTemplate, invalidDslFunctionError, signature).Error()
}
func TestGetPrintableDslFunctionSignatures(t *testing.T) {
expected := ` aes_gcm(arg1, arg2 interface{}) interface{}
base64(arg1 interface{}) interface{}
base64_decode(arg1 interface{}) interface{}
base64_py(arg1 interface{}) interface{}
compare_versions(firstVersion, constraints ...string) bool
concat(args ...interface{}) string
contains(arg1, arg2 interface{}) interface{}
date_time(dateTimeFormat string, optionalUnixTime interface{}) string
dec_to_hex(arg1 interface{}) interface{}
ends_with(str string, suffix ...string) bool
generate_java_gadget(arg1, arg2, arg3 interface{}) interface{}
gzip(arg1 interface{}) interface{}
gzip_decode(arg1 interface{}) interface{}
hex_decode(arg1 interface{}) interface{}
hex_encode(arg1 interface{}) interface{}
hmac(arg1, arg2, arg3 interface{}) interface{}
html_escape(arg1 interface{}) interface{}
html_unescape(arg1 interface{}) interface{}
join(separator string, elements ...interface{}) string
len(arg1 interface{}) interface{}
line_ends_with(str string, suffix ...string) bool
line_starts_with(str string, prefix ...string) bool
md5(arg1 interface{}) interface{}
mmh3(arg1 interface{}) interface{}
print_debug(args ...interface{})
rand_base(length uint, optionalCharSet string) string
rand_char(optionalCharSet string) string
rand_int(optionalMin, optionalMax uint) int
rand_ip(cidr ...string) string
rand_text_alpha(length uint, optionalBadChars string) string
rand_text_alphanumeric(length uint, optionalBadChars string) string
rand_text_numeric(length uint, optionalBadNumbers string) string
regex(arg1, arg2 interface{}) interface{}
remove_bad_chars(arg1, arg2 interface{}) interface{}
repeat(arg1, arg2 interface{}) interface{}
replace(arg1, arg2, arg3 interface{}) interface{}
replace_regex(arg1, arg2, arg3 interface{}) interface{}
reverse(arg1 interface{}) interface{}
sha1(arg1 interface{}) interface{}
sha256(arg1 interface{}) interface{}
starts_with(str string, prefix ...string) bool
to_lower(arg1 interface{}) interface{}
to_number(arg1 interface{}) interface{}
to_string(arg1 interface{}) interface{}
to_upper(arg1 interface{}) interface{}
trim(arg1, arg2 interface{}) interface{}
trim_left(arg1, arg2 interface{}) interface{}
trim_prefix(arg1, arg2 interface{}) interface{}
trim_right(arg1, arg2 interface{}) interface{}
trim_space(arg1 interface{}) interface{}
trim_suffix(arg1, arg2 interface{}) interface{}
unix_time(optionalSeconds uint) float64
url_decode(arg1 interface{}) interface{}
url_encode(arg1 interface{}) interface{}
wait_for(seconds uint)
zlib(arg1 interface{}) interface{}
zlib_decode(arg1 interface{}) interface{}
`
t.Run("with coloring", func(t *testing.T) {
assert.Equal(t, expected, GetPrintableDslFunctionSignatures(false))
})
// TODO: the test is hard to maintain due to the presence of hardcoded color characters, it needs to be simplified
// func TestGetPrintableDslFunctionSignatures(t *testing.T) {
// expected := ` aes_gcm(arg1, arg2 interface{}) interface{}
// base64(arg1 interface{}) interface{}
// base64_decode(arg1 interface{}) interface{}
// base64_py(arg1 interface{}) interface{}
// compare_versions(firstVersion, constraints ...string) bool
// concat(args ...interface{}) string
// contains(arg1, arg2 interface{}) interface{}
// date_time(dateTimeFormat string, optionalUnixTime interface{}) string
// dec_to_hex(arg1 interface{}) interface{}
// ends_with(str string, suffix ...string) bool
// generate_java_gadget(arg1, arg2, arg3 interface{}) interface{}
// gzip(arg1 interface{}) interface{}
// gzip_decode(arg1 interface{}) interface{}
// hex_decode(arg1 interface{}) interface{}
// hex_encode(arg1 interface{}) interface{}
// hmac(arg1, arg2, arg3 interface{}) interface{}
// html_escape(arg1 interface{}) interface{}
// html_unescape(arg1 interface{}) interface{}
// join(separator string, elements ...interface{}) string
// len(arg1 interface{}) interface{}
// line_ends_with(str string, suffix ...string) bool
// line_starts_with(str string, prefix ...string) bool
// md5(arg1 interface{}) interface{}
// mmh3(arg1 interface{}) interface{}
// print_debug(args ...interface{})
// rand_base(length uint, optionalCharSet string) string
// rand_char(optionalCharSet string) string
// rand_int(optionalMin, optionalMax uint) int
// rand_ip(cidr ...string) string
// rand_text_alpha(length uint, optionalBadChars string) string
// rand_text_alphanumeric(length uint, optionalBadChars string) string
// rand_text_numeric(length uint, optionalBadNumbers string) string
// regex(arg1, arg2 interface{}) interface{}
// remove_bad_chars(arg1, arg2 interface{}) interface{}
// repeat(arg1, arg2 interface{}) interface{}
// replace(arg1, arg2, arg3 interface{}) interface{}
// replace_regex(arg1, arg2, arg3 interface{}) interface{}
// reverse(arg1 interface{}) interface{}
// sha1(arg1 interface{}) interface{}
// sha256(arg1 interface{}) interface{}
// starts_with(str string, prefix ...string) bool
// to_lower(arg1 interface{}) interface{}
// to_number(arg1 interface{}) interface{}
// to_string(arg1 interface{}) interface{}
// to_upper(arg1 interface{}) interface{}
// trim(arg1, arg2 interface{}) interface{}
// trim_left(arg1, arg2 interface{}) interface{}
// trim_prefix(arg1, arg2 interface{}) interface{}
// trim_right(arg1, arg2 interface{}) interface{}
// trim_space(arg1 interface{}) interface{}
// trim_suffix(arg1, arg2 interface{}) interface{}
// unix_time(optionalSeconds uint) float64
// url_decode(arg1 interface{}) interface{}
// url_encode(arg1 interface{}) interface{}
// wait_for(seconds uint)
// zlib(arg1 interface{}) interface{}
// zlib_decode(arg1 interface{}) interface{}
// `
// t.Run("with coloring", func(t *testing.T) {
// assert.Equal(t, expected, GetPrintableDslFunctionSignatures(false))
// })
t.Run("without coloring", func(t *testing.T) {
var decolorizerRegex = regexp.MustCompile(`\x1B\[[0-9;]*[a-zA-Z]`)
expectedSignaturesWithoutColor := decolorizerRegex.ReplaceAllString(expected, "")
// t.Run("without coloring", func(t *testing.T) {
// var decolorizerRegex = regexp.MustCompile(`\x1B\[[0-9;]*[a-zA-Z]`)
// expectedSignaturesWithoutColor := decolorizerRegex.ReplaceAllString(expected, "")
assert.Equal(t, expectedSignaturesWithoutColor, GetPrintableDslFunctionSignatures(true))
})
}
// assert.Equal(t, expectedSignaturesWithoutColor, GetPrintableDslFunctionSignatures(true))
// })
// }
func TestDslExpressions(t *testing.T) {
now := time.Now()
@ -268,6 +269,9 @@ func TestDslExpressions(t *testing.T) {
`compare_versions('v1.0.0', '>v0.0.1', '<v1.0.1')`: true,
`hmac('sha1', 'test', 'scrt')`: "8856b111056d946d5c6c92a21b43c233596623c6",
`hmac('sha256', 'test', 'scrt')`: "1f1bff5574f18426eb376d6dd5368a754e67a798aa2074644d5e3fd4c90c7a92",
`substr('xxtestxxx',2)`: "testxxx",
`substr('xxtestxxx',2,-2)`: "testx",
`substr('xxtestxxx',2,6)`: "test",
}
for dslExpression, expectedResult := range dslExpressions {
@ -343,7 +347,7 @@ func TestRandIntDslExpressions(t *testing.T) {
}
func evaluateExpression(t *testing.T, dslExpression string) interface{} {
compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, HelperFunctions())
compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, HelperFunctions)
require.NoError(t, err, "Error while compiling the %q expression", dslExpression)
actualResult, err := compiledExpression.Evaluate(make(map[string]interface{}))

2
v2/pkg/operators/extractors/compile.go
View File

@ -43,7 +43,7 @@ func (e *Extractor) CompileExtractors() error {
}
for _, dslExp := range e.DSL {
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(dslExp, dsl.HelperFunctions())
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(dslExp, dsl.HelperFunctions)
if err != nil {
return fmt.Errorf("could not compile dsl: %s", dslExp)
}

44
v2/pkg/operators/extractors/extract.go
View File

@ -3,9 +3,9 @@ package extractors
import (
"encoding/json"
"fmt"
"strings"
"github.com/antchfx/htmlquery"
"github.com/antchfx/xmlquery"
"strings"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
@ -59,7 +59,15 @@ func (e *Extractor) ExtractKval(data map[string]interface{}) map[string]struct{}
return results
}
// ExtractHTML extracts items from text using XPath selectors
// ExtractXPath extracts items from text using XPath selectors
func (e *Extractor) ExtractXPath(corpus string) map[string]struct{} {
if strings.HasPrefix(corpus, "<?xml") {
return e.ExtractXML(corpus)
}
return e.ExtractHTML(corpus)
}
// ExtractHTML extracts items from HTML using XPath selectors
func (e *Extractor) ExtractHTML(corpus string) map[string]struct{} {
results := make(map[string]struct{})
@ -88,6 +96,36 @@ func (e *Extractor) ExtractHTML(corpus string) map[string]struct{} {
return results
}
// ExtractXML extracts items from XML using XPath selectors
func (e *Extractor) ExtractXML(corpus string) map[string]struct{} {
results := make(map[string]struct{})
doc, err := xmlquery.Parse(strings.NewReader(corpus))
if err != nil {
return results
}
for _, k := range e.XPath {
nodes, err := xmlquery.QueryAll(doc, k)
if err != nil {
continue
}
for _, node := range nodes {
var value string
if e.Attribute != "" {
value = node.SelectAttr(e.Attribute)
} else {
value = node.InnerText()
}
if _, ok := results[value]; !ok {
results[value] = struct{}{}
}
}
}
return results
}
// ExtractJSON extracts text from a corpus using JQ queries and returns it
func (e *Extractor) ExtractJSON(corpus string) map[string]struct{} {
results := make(map[string]struct{})

2
v2/pkg/operators/matchers/compile.go
View File

@ -62,7 +62,7 @@ func (matcher *Matcher) CompileMatchers() error {
// Compile the dsl expressions
for _, dslExpression := range matcher.DSL {
compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, dsl.HelperFunctions())
compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, dsl.HelperFunctions)
if err != nil {
return &DslCompilationError{DslSignature: dslExpression, WrappedError: err}
}

2
v2/pkg/operators/matchers/match.go
View File

@ -173,7 +173,7 @@ func (matcher *Matcher) MatchDSL(data map[string]interface{}) bool {
logExpressionEvaluationFailure(matcher.Name, err)
return false
}
expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions())
expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions)
if err != nil {
logExpressionEvaluationFailure(matcher.Name, err)
return false

2
v2/pkg/operators/matchers/match_test.go
View File

@ -75,7 +75,7 @@ func TestHexEncoding(t *testing.T) {
}
func TestMatcher_MatchDSL(t *testing.T) {
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("contains(body, \"{{VARIABLE}}\")", dsl.HelperFunctions())
compiled, err := govaluate.NewEvaluableExpressionWithFunctions("contains(body, \"{{VARIABLE}}\")", dsl.HelperFunctions)
require.Nil(t, err, "couldn't compile expression")
m := &Matcher{Type: MatcherTypeHolder{MatcherType: DSLMatcher}, dslCompiled: []*govaluate.EvaluableExpression{compiled}}

14
v2/pkg/parsers/parser.go
View File

@ -9,10 +9,8 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/catalog"
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter"
"github.com/projectdiscovery/nuclei/v2/pkg/model"
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"
"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v2/pkg/utils"
"github.com/projectdiscovery/nuclei/v2/pkg/utils/stats"
)
@ -38,9 +36,7 @@ func LoadTemplate(templatePath string, tagFilter *filter.TagFilter, extraTags []
return false, validationError
}
templateId := strings.ToLower(template.ID)
return isTemplateInfoMetadataMatch(tagFilter, &template.Info, extraTags, template.Type(), templateId)
return isTemplateInfoMetadataMatch(tagFilter, template, extraTags)
}
// LoadWorkflow returns true if the workflow is valid and matches the filtering criteria.
@ -60,12 +56,8 @@ func LoadWorkflow(templatePath string, catalog catalog.Catalog) (bool, error) {
return false, nil
}
func isTemplateInfoMetadataMatch(tagFilter *filter.TagFilter, templateInfo *model.Info, extraTags []string, templateType types.ProtocolType, templateId string) (bool, error) {
templateTags := templateInfo.Tags.ToSlice()
templateAuthors := templateInfo.Authors.ToSlice()
templateSeverity := templateInfo.SeverityHolder.Severity
match, err := tagFilter.Match(templateTags, templateAuthors, templateSeverity, extraTags, templateType, templateId)
func isTemplateInfoMetadataMatch(tagFilter *filter.TagFilter, template *templates.Template, extraTags []string) (bool, error) {
match, err := tagFilter.Match(template, extraTags)
if err == filter.ErrExcluded {
return false, filter.ErrExcluded

6
v2/pkg/parsers/parser_test.go
View File

@ -57,7 +57,8 @@ func TestLoadTemplate(t *testing.T) {
t.Run(tc.name, func(t *testing.T) {
parsedTemplatesCache.Store(tc.name, tc.template, tc.templateErr)
tagFilter := filter.New(&filter.Config{})
tagFilter, err := filter.New(&filter.Config{})
require.Nil(t, err)
success, err := LoadTemplate(tc.name, tagFilter, nil, catalog)
if tc.expectedErr == nil {
require.NoError(t, err)
@ -98,7 +99,8 @@ func TestLoadTemplate(t *testing.T) {
}
parsedTemplatesCache.Store(name, template, nil)
tagFilter := filter.New(&filter.Config{})
tagFilter, err := filter.New(&filter.Config{})
require.Nil(t, err)
success, err := LoadTemplate(name, tagFilter, nil, catalog)
if tc.success {
require.NoError(t, err)

21
v2/pkg/parsers/workflow_loader.go
View File

@ -15,19 +15,24 @@ type workflowLoader struct {
// NewLoader returns a new workflow loader structure
func NewLoader(options *protocols.ExecuterOptions) (model.WorkflowLoader, error) {
tagFilter := filter.New(&filter.Config{
Tags: options.Options.Tags,
ExcludeTags: options.Options.ExcludeTags,
Authors: options.Options.Authors,
Severities: options.Options.Severities,
IncludeTags: options.Options.IncludeTags,
IncludeIds: options.Options.IncludeIds,
ExcludeIds: options.Options.ExcludeIds,
tagFilter, err := filter.New(&filter.Config{
Tags: options.Options.Tags,
ExcludeTags: options.Options.ExcludeTags,
Authors: options.Options.Authors,
Severities: options.Options.Severities,
IncludeTags: options.Options.IncludeTags,
IncludeIds: options.Options.IncludeIds,
ExcludeIds: options.Options.ExcludeIds,
IncludeConditions: options.Options.IncludeConditions,
})
if err != nil {
return nil, err
}
pathFilter := filter.NewPathFilter(&filter.PathFilterConfig{
IncludedTemplates: options.Options.IncludeTemplates,
ExcludedTemplates: options.Options.ExcludedTemplates,
}, options.Catalog)
return &workflowLoader{pathFilter: pathFilter, tagFilter: tagFilter, options: options}, nil
}

3
v2/pkg/projectfile/httputil.go
View File

@ -6,7 +6,6 @@ import (
"encoding/gob"
"encoding/hex"
"io"
"io/ioutil"
"net/http"
)
@ -105,6 +104,6 @@ func fromInternalResponse(intResp *InternalResponse) *http.Response {
StatusCode: intResp.StatusCode,
Header: intResp.Headers,
ContentLength: contentLength,
Body: ioutil.NopCloser(bytes.NewReader(intResp.Body)),
Body: io.NopCloser(bytes.NewReader(intResp.Body)),
}
}

20
v2/pkg/protocols/common/automaticscan/automaticscan.go
View File

@ -2,7 +2,6 @@ package automaticscan
import (
"io"
"io/ioutil"
"net/http"
"os"
"path/filepath"
@ -19,6 +18,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/retryablehttp-go"
"github.com/projectdiscovery/sliceutil"
wappalyzer "github.com/projectdiscovery/wappalyzergo"
"gopkg.in/yaml.v2"
)
@ -159,7 +159,7 @@ func (s *Service) processWappalyzerInputPair(input string) {
return
}
reader := io.LimitReader(resp.Body, maxDefaultBody)
data, err := ioutil.ReadAll(reader)
data, err := io.ReadAll(reader)
if err != nil {
resp.Body.Close()
return
@ -196,7 +196,7 @@ func (s *Service) processWappalyzerInputPair(input string) {
if len(items) == 0 {
return
}
uniqueTags := uniqueSlice(items)
uniqueTags := sliceutil.Dedupe(items)
templatesList := s.store.LoadTemplatesWithTags(s.allTemplates, uniqueTags)
gologger.Info().Msgf("Executing tags (%v) for host %s (%d templates)", strings.Join(uniqueTags, ","), input, len(templatesList))
@ -221,17 +221,3 @@ func normalizeAppName(appName string) string {
}
return strings.ToLower(appName)
}
func uniqueSlice(slice []string) []string {
data := make(map[string]struct{}, len(slice))
for _, item := range slice {
if _, ok := data[item]; !ok {
data[item] = struct{}{}
}
}
finalSlice := make([]string, 0, len(data))
for item := range data {
finalSlice = append(finalSlice, item)
}
return finalSlice
}

52
v2/pkg/protocols/common/expressions/expressions.go
View File

@ -40,12 +40,12 @@ func evaluate(data string, base map[string]interface{}) (string, error) {
// - simple: containing base values keys (variables)
// - complex: containing helper functions [ + variables]
// literals like {{2+2}} are not considered expressions
expressions := findExpressions(data, marker.ParenthesisOpen, marker.ParenthesisClose, mergeFunctions(dsl.HelperFunctions(), mapToFunctions(base)))
expressions := findExpressions(data, marker.ParenthesisOpen, marker.ParenthesisClose, base)
for _, expression := range expressions {
// replace variable placeholders with base values
expression = replacer.Replace(expression, base)
// turns expressions (either helper functions+base values or base values)
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expression, dsl.HelperFunctions())
compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expression, dsl.HelperFunctions)
if err != nil {
continue
}
@ -63,7 +63,7 @@ func evaluate(data string, base map[string]interface{}) (string, error) {
// maxIterations to avoid infinite loop
const maxIterations = 250
func findExpressions(data, OpenMarker, CloseMarker string, functions map[string]govaluate.ExpressionFunction) []string {
func findExpressions(data, OpenMarker, CloseMarker string, base map[string]interface{}) []string {
var (
iterations int
exps []string
@ -100,7 +100,7 @@ func findExpressions(data, OpenMarker, CloseMarker string, functions map[string]
indexCloseMarkerOffset = indexCloseMarker + len(CloseMarker)
potentialMatch = innerData[indexOpenMarkerOffset:indexCloseMarker]
if isExpression(potentialMatch, functions) {
if isExpression(potentialMatch, base) {
closeMarkerFound = true
shouldSearchCloseMarker = false
exps = append(exps, potentialMatch)
@ -120,45 +120,21 @@ func findExpressions(data, OpenMarker, CloseMarker string, functions map[string]
return exps
}
func hasLiteralsOnly(data string) bool {
expr, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions())
if err == nil && expr != nil {
_, err = expr.Evaluate(nil)
return err == nil
}
return true
}
func isExpression(data string, functions map[string]govaluate.ExpressionFunction) bool {
func isExpression(data string, base map[string]interface{}) bool {
if _, err := govaluate.NewEvaluableExpression(data); err == nil {
return stringsutil.ContainsAny(data, getFunctionsNames(functions)...)
if stringsutil.ContainsAny(data, getFunctionsNames(base)...) {
return true
} else if stringsutil.ContainsAny(data, dsl.FunctionNames...) {
return true
}
return false
}
// check if it's a complex expression
_, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions())
_, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions)
return err == nil
}
func mapToFunctions(vars map[string]interface{}) map[string]govaluate.ExpressionFunction {
f := make(map[string]govaluate.ExpressionFunction)
for k := range vars {
f[k] = nil
}
return f
}
func mergeFunctions(m ...map[string]govaluate.ExpressionFunction) map[string]govaluate.ExpressionFunction {
o := make(map[string]govaluate.ExpressionFunction)
for _, mm := range m {
for k, v := range mm {
o[k] = v
}
}
return o
}
func getFunctionsNames(m map[string]govaluate.ExpressionFunction) []string {
var keys []string
func getFunctionsNames(m map[string]interface{}) []string {
keys := make([]string, 0, len(m))
for k := range m {
keys = append(keys, k)
}

12
v2/pkg/protocols/common/expressions/variables.go
View File

@ -4,6 +4,9 @@ import (
"errors"
"regexp"
"strings"
"github.com/Knetic/govaluate"
"github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl"
)
var (
@ -111,3 +114,12 @@ func ContainsVariablesWithIgnoreList(skipNames map[string]interface{}, items ...
return nil
}
func hasLiteralsOnly(data string) bool {
expr, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions)
if err == nil && expr != nil {
_, err = expr.Evaluate(nil)
return err == nil
}
return true
}

7
v2/pkg/protocols/common/helpers/eventcreator/eventcreator.go
View File

@ -1,9 +1,11 @@
package eventcreator
import (
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v2/pkg/operators"
"github.com/projectdiscovery/nuclei/v2/pkg/output"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
)
// CreateEvent wraps the outputEvent with the result of the operators defined on the request
@ -16,6 +18,11 @@ func CreateEvent(request protocols.Request, outputEvent output.InternalEvent, is
func CreateEventWithAdditionalOptions(request protocols.Request, outputEvent output.InternalEvent, isResponseDebug bool,
addAdditionalOptions func(internalWrappedEvent *output.InternalWrappedEvent)) *output.InternalWrappedEvent {
event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
// Dump response variables if ran in debug mode
if isResponseDebug {
gologger.Debug().Msgf("Protocol response variables: \n%s\n", vardump.DumpVariables(outputEvent))
}
for _, compiledOperator := range request.GetCompiledOperators() {
if compiledOperator != nil {
result, ok := compiledOperator.Execute(outputEvent, request.Match, request.Extract, isResponseDebug)

97
v2/pkg/protocols/common/protocolstate/state.go
View File

@ -1,6 +1,9 @@
package protocolstate
import (
"fmt"
"net"
"github.com/pkg/errors"
"github.com/projectdiscovery/fastdialer/fastdialer"
@ -16,6 +19,48 @@ func Init(options *types.Options) error {
return nil
}
opts := fastdialer.DefaultOptions
switch {
case options.SourceIP != "" && options.Interface != "":
isAssociated, err := isIpAssociatedWithInterface(options.SourceIP, options.Interface)
if err != nil {
return err
}
if isAssociated {
opts.Dialer = &net.Dialer{
LocalAddr: &net.TCPAddr{
IP: net.ParseIP(options.SourceIP),
},
}
} else {
return fmt.Errorf("source ip (%s) is not associated with the interface (%s)", options.SourceIP, options.Interface)
}
case options.SourceIP != "":
isAssociated, err := isIpAssociatedWithInterface(options.SourceIP, "any")
if err != nil {
return err
}
if isAssociated {
opts.Dialer = &net.Dialer{
LocalAddr: &net.TCPAddr{
IP: net.ParseIP(options.SourceIP),
},
}
} else {
return fmt.Errorf("source ip (%s) is not associated with any network interface", options.SourceIP)
}
case options.Interface != "":
ifadrr, err := interfaceAddress(options.Interface)
if err != nil {
return err
}
opts.Dialer = &net.Dialer{
LocalAddr: &net.TCPAddr{
IP: ifadrr,
},
}
}
if options.SystemResolvers {
opts.EnableFallback = true
}
@ -33,6 +78,58 @@ func Init(options *types.Options) error {
return nil
}
// isIpAssociatedWithInterface checks if the given IP is associated with the given interface.
func isIpAssociatedWithInterface(souceIP, interfaceName string) (bool, error) {
addrs, err := interfaceAddresses(interfaceName)
if err != nil {
return false, err
}
for _, addr := range addrs {
if ipnet, ok := addr.(*net.IPNet); ok {
if ipnet.IP.String() == souceIP {
return true, nil
}
}
}
return false, nil
}
// interfaceAddress returns the first IPv4 address of the given interface.
func interfaceAddress(interfaceName string) (net.IP, error) {
addrs, err := interfaceAddresses(interfaceName)
if err != nil {
return nil, err
}
var address net.IP
for _, addr := range addrs {
if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
if ipnet.IP.To4() != nil {
address = ipnet.IP
}
}
}
if address == nil {
return nil, fmt.Errorf("no suitable address found for interface: `%s`", interfaceName)
}
return address, nil
}
// interfaceAddresses returns all interface addresses.
func interfaceAddresses(interfaceName string) ([]net.Addr, error) {
if interfaceName == "any" {
return net.InterfaceAddrs()
}
ief, err := net.InterfaceByName(interfaceName)
if err != nil {
return nil, errors.Wrapf(err, "failed to get interface: `%s`", interfaceName)
}
addrs, err := ief.Addrs()
if err != nil {
return nil, errors.Wrapf(err, "failed to get interface addresses for: `%s`", interfaceName)
}
return addrs, nil
}
// Close closes the global shared fastdialer
func Close() {
if Dialer != nil {

26
v2/pkg/protocols/common/replacer/replacer.go
View File

@ -3,32 +3,20 @@ package replacer
import (
"strings"
"github.com/valyala/fasttemplate"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/marker"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
// Replace replaces placeholders in template with values on the fly.
func Replace(template string, values map[string]interface{}) string {
var replacerItems []string
builder := &strings.Builder{}
for key, val := range values {
builder.WriteString(marker.ParenthesisOpen)
builder.WriteString(key)
builder.WriteString(marker.ParenthesisClose)
replacerItems = append(replacerItems, builder.String())
builder.Reset()
replacerItems = append(replacerItems, types.ToString(val))
builder.WriteString(marker.General)
builder.WriteString(key)
builder.WriteString(marker.General)
replacerItems = append(replacerItems, builder.String())
builder.Reset()
replacerItems = append(replacerItems, types.ToString(val))
valuesMap := make(map[string]interface{}, len(values))
for k, v := range values {
valuesMap[k] = types.ToString(v)
}
replacer := strings.NewReplacer(replacerItems...)
final := replacer.Replace(template)
replaced := fasttemplate.ExecuteStringStd(template, marker.ParenthesisOpen, marker.ParenthesisClose, valuesMap)
final := fasttemplate.ExecuteStringStd(replaced, marker.General, marker.General, valuesMap)
return final
}

12
v2/pkg/protocols/common/replacer/replacer_test.go Normal file
View File

@ -0,0 +1,12 @@
package replacer
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestReplacerReplace(t *testing.T) {
replaced := Replace("{{test}} §hello§ {{data}}", map[string]interface{}{"test": "random", "hello": "world"})
require.Equal(t, "random world {{data}}", replaced, "could not get correct replaced data")
}

45
v2/pkg/protocols/common/utils/vardump/dump.go Normal file
View File

@ -0,0 +1,45 @@
package vardump
import (
"strconv"
"strings"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
// DumpVariables writes the truncated dump of variables to a string
// in a formatted key-value manner.
//
// The values are truncated to return 50 characters from start and end.
func DumpVariables(data map[string]interface{}) string {
var counter int
buffer := &strings.Builder{}
buffer.Grow(len(data) * 78) // grow buffer to an approximate size
builder := &strings.Builder{}
for k, v := range data {
valueString := types.ToString(v)
counter++
if len(valueString) > 50 {
builder.Grow(56)
builder.WriteString(valueString[0:25])
builder.WriteString(" .... ")
builder.WriteString(valueString[len(valueString)-25:])
valueString = builder.String()
builder.Reset()
}
valueString = strings.ReplaceAll(strings.ReplaceAll(valueString, "\r", " "), "\n", " ")
buffer.WriteString("\t")
buffer.WriteString(strconv.Itoa(counter))
buffer.WriteString(". ")
buffer.WriteString(k)
buffer.WriteString(" => ")
buffer.WriteString(valueString)
buffer.WriteString("\n")
}
final := buffer.String()
return final
}

5
v2/pkg/protocols/dns/request.go
View File

@ -16,6 +16,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v2/pkg/utils"
"github.com/projectdiscovery/retryabledns"
@ -47,6 +48,10 @@ func (request *Request) ExecuteWithResults(input string, metadata /*TODO review
variablesMap := request.options.Variables.Evaluate(vars)
vars = generators.MergeMaps(variablesMap, vars)
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(vars))
}
// Compile each request for the template based on the URL
compiledRequest, err := request.Make(domain, vars)
if err != nil {

5
v2/pkg/protocols/file/find_test.go
View File

@ -1,7 +1,6 @@
package file
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
@ -32,7 +31,7 @@ func TestFindInputPaths(t *testing.T) {
err := request.Compile(executerOpts)
require.Nil(t, err, "could not compile file request")
tempDir, err := ioutil.TempDir("", "test-*")
tempDir, err := os.MkdirTemp("", "test-*")
require.Nil(t, err, "could not create temporary directory")
defer os.RemoveAll(tempDir)
@ -44,7 +43,7 @@ func TestFindInputPaths(t *testing.T) {
"test.js": "TEST",
}
for k, v := range files {
err = ioutil.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
err = os.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
require.Nil(t, err, "could not write temporary file")
}
expected := []string{"config.yaml", "final.yaml", "test.js"}

5
v2/pkg/protocols/file/request_test.go
View File

@ -1,7 +1,6 @@
package file
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
@ -50,7 +49,7 @@ func TestFileExecuteWithResults(t *testing.T) {
err := request.Compile(executerOpts)
require.Nil(t, err, "could not compile file request")
tempDir, err := ioutil.TempDir("", "test-*")
tempDir, err := os.MkdirTemp("", "test-*")
require.Nil(t, err, "could not create temporary directory")
defer os.RemoveAll(tempDir)
@ -58,7 +57,7 @@ func TestFileExecuteWithResults(t *testing.T) {
"config.yaml": "TEST\r\n1.1.1.1\r\n",
}
for k, v := range files {
err = ioutil.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
err = os.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
require.Nil(t, err, "could not write temporary file")
}

3
v2/pkg/protocols/headless/engine/engine.go
View File

@ -2,7 +2,6 @@ package engine
import (
"fmt"
"io/ioutil"
"net/http"
"os"
"runtime"
@ -30,7 +29,7 @@ type Browser struct {
// New creates a new nuclei headless browser module
func New(options *types.Options) (*Browser, error) {
dataStore, err := ioutil.TempDir("", "nuclei-*")
dataStore, err := os.MkdirTemp("", "nuclei-*")
if err != nil {
return nil, errors.Wrap(err, "could not create temporary directory")
}

17
v2/pkg/protocols/headless/engine/http_client.go
View File

@ -3,18 +3,16 @@ package engine
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"net/http/cookiejar"
"net/url"
"time"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
"golang.org/x/net/proxy"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
@ -53,14 +51,15 @@ func newHttpClient(options *types.Options) (*http.Client, error) {
transport.Proxy = http.ProxyURL(proxyURL)
}
} else if types.ProxySocksURL != "" {
var proxyAuth *proxy.Auth
socksURL, proxyErr := url.Parse(types.ProxySocksURL)
if proxyErr == nil {
proxyAuth = &proxy.Auth{}
proxyAuth.User = socksURL.User.Username()
proxyAuth.Password, _ = socksURL.User.Password()
if proxyErr != nil {
return nil, err
}
dialer, proxyErr := proxy.SOCKS5("tcp", fmt.Sprintf("%s:%s", socksURL.Hostname(), socksURL.Port()), proxyAuth, proxy.Direct)
dialer, err := proxy.FromURL(socksURL, proxy.Direct)
if err != nil {
return nil, err
}
dc := dialer.(interface {
DialContext(ctx context.Context, network, addr string) (net.Conn, error)
})

4
v2/pkg/protocols/headless/engine/page_actions.go
View File

@ -2,9 +2,9 @@ package engine
import (
"context"
"io/ioutil"
"net"
"net/url"
"os"
"regexp"
"strconv"
"strings"
@ -348,7 +348,7 @@ func (p *Page) Screenshot(act *Action, out map[string]string) error {
if err != nil {
return errors.Wrap(err, "could not take screenshot")
}
err = ioutil.WriteFile(to+".png", data, 0540)
err = os.WriteFile(to+".png", data, 0540)
if err != nil {
return errors.Wrap(err, "could not write screenshot")
}

5
v2/pkg/protocols/headless/request.go
View File

@ -14,6 +14,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
httpProtocol "github.com/projectdiscovery/nuclei/v2/pkg/protocols/http"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
)
@ -69,6 +70,10 @@ func (request *Request) executeRequestWithPayloads(inputURL string, payloads map
}
defer instance.Close()
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloads))
}
instance.SetInteractsh(request.options.Interactsh)
parsedURL, err := url.Parse(inputURL)

19
v2/pkg/protocols/http/build_request.go
View File

@ -5,7 +5,6 @@ import (
"context"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
@ -17,15 +16,18 @@ import (
"github.com/corpix/uarand"
"github.com/pkg/errors"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/race"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/raw"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
"github.com/projectdiscovery/rawhttp"
"github.com/projectdiscovery/retryablehttp-go"
"github.com/projectdiscovery/stringsutil"
)
var (
@ -95,6 +97,9 @@ func (r *requestGenerator) Make(ctx context.Context, baseURL, data string, paylo
generators.MergeMaps(dynamicValues, GenerateVariables(parsed, trailingSlash)),
generators.BuildPayloadFromOptions(r.request.options.Options),
)
if r.options.Options.Debug || r.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(values))
}
// If data contains \n it's a raw request, process it like raw. Else
// continue with the template based request flow.
@ -112,10 +117,15 @@ func (r *requestGenerator) makeSelfContainedRequest(ctx context.Context, data st
if isRawRequest {
// Get the hostname from the URL section to build the request.
reader := bufio.NewReader(strings.NewReader(data))
read_line:
s, err := reader.ReadString('\n')
if err != nil {
return nil, fmt.Errorf("could not read request: %w", err)
}
// ignore all annotations
if stringsutil.HasPrefixAny(s, "@") {
goto read_line
}
parts := strings.Split(s, " ")
if len(parts) < 3 {
@ -262,7 +272,7 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest
// retryablehttp
var body io.ReadCloser
body = ioutil.NopCloser(strings.NewReader(rawRequestData.Data))
body = io.NopCloser(strings.NewReader(rawRequestData.Data))
if r.request.Race {
// More or less this ensures that all requests hit the endpoint at the same approximated time
// Todo: sync internally upon writing latest request byte
@ -288,8 +298,7 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest
}
if reqWithAnnotations, hasAnnotations := r.request.parseAnnotations(rawRequest, req); hasAnnotations {
req = reqWithAnnotations
request = request.WithContext(req.Context())
request.Request = reqWithAnnotations
}
return &generatedRequest{request: request, meta: generatorValues, original: r.request, dynamicValues: finalValues, interactshURLs: r.interactshURLs}, nil
@ -327,7 +336,7 @@ func (r *requestGenerator) fillRequest(req *http.Request, values map[string]inte
if err != nil {
return nil, errors.Wrap(err, evaluateHelperExpressionErrorMessage)
}
req.Body = ioutil.NopCloser(strings.NewReader(body))
req.Body = io.NopCloser(strings.NewReader(body))
}
if !r.request.Unsafe {
setHeader(req, "User-Agent", uarand.GetRandom())

3
v2/pkg/protocols/http/http.go
View File

@ -237,6 +237,7 @@ func (request *Request) Compile(options *protocols.ExecuterOptions) error {
NoTimeout: false,
FollowRedirects: request.Redirects,
CookieReuse: request.CookieReuse,
Connection: &httpclientpool.ConnectionConfiguration{},
}
// If we have request level timeout, ignore http client timeouts
for _, req := range request.Raw {
@ -248,7 +249,7 @@ func (request *Request) Compile(options *protocols.ExecuterOptions) error {
// if the headers contain "Connection" we need to disable the automatic keep alive of the standard library
if _, hasConnectionHeader := request.Headers["Connection"]; hasConnectionHeader {
connectionConfiguration.Connection = &httpclientpool.ConnectionConfiguration{DisableKeepAlive: false}
connectionConfiguration.Connection.DisableKeepAlive = true
}
client, err := httpclientpool.Get(options.Options, connectionConfiguration)

17
v2/pkg/protocols/http/httpclientpool/clientpool.go
View File

@ -3,7 +3,6 @@ package httpclientpool
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"net/http/cookiejar"
@ -13,14 +12,13 @@ import (
"sync"
"time"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
"github.com/pkg/errors"
"golang.org/x/net/proxy"
"golang.org/x/net/publicsuffix"
"github.com/projectdiscovery/fastdialer/fastdialer"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
"github.com/projectdiscovery/rawhttp"
"github.com/projectdiscovery/retryablehttp-go"
@ -210,14 +208,15 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl
transport.Proxy = http.ProxyURL(proxyURL)
}
} else if types.ProxySocksURL != "" {
var proxyAuth *proxy.Auth
socksURL, proxyErr := url.Parse(types.ProxySocksURL)
if proxyErr == nil {
proxyAuth = &proxy.Auth{}
proxyAuth.User = socksURL.User.Username()
proxyAuth.Password, _ = socksURL.User.Password()
if proxyErr != nil {
return nil, proxyErr
}
dialer, proxyErr := proxy.SOCKS5("tcp", fmt.Sprintf("%s:%s", socksURL.Hostname(), socksURL.Port()), proxyAuth, proxy.Direct)
dialer, err := proxy.FromURL(socksURL, proxy.Direct)
if err != nil {
return nil, err
}
dc := dialer.(interface {
DialContext(ctx context.Context, network, addr string) (net.Conn, error)
})

2
v2/pkg/protocols/http/operators.go
View File

@ -67,7 +67,7 @@ func (request *Request) Extract(data map[string]interface{}, extractor *extracto
case extractors.KValExtractor:
return extractor.ExtractKval(data)
case extractors.XPathExtractor:
return extractor.ExtractHTML(item)
return extractor.ExtractXPath(item)
case extractors.JSONExtractor:
return extractor.ExtractJSON(item)
case extractors.DSLExtractor:

12
v2/pkg/protocols/http/request.go
View File

@ -6,7 +6,6 @@ import (
"encoding/hex"
"fmt"
"io"
"io/ioutil"
"net/http"
"net/http/httputil"
"net/url"
@ -403,7 +402,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
if parsed, parseErr := url.Parse(formedURL); parseErr == nil {
hostname = parsed.Host
}
resp, err = generatedRequest.pipelinedClient.DoRaw(generatedRequest.rawRequest.Method, reqURL, generatedRequest.rawRequest.Path, generators.ExpandMapValues(generatedRequest.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(generatedRequest.rawRequest.Data)))
resp, err = generatedRequest.pipelinedClient.DoRaw(generatedRequest.rawRequest.Method, reqURL, generatedRequest.rawRequest.Path, generators.ExpandMapValues(generatedRequest.rawRequest.Headers), io.NopCloser(strings.NewReader(generatedRequest.rawRequest.Data)))
} else if generatedRequest.request != nil {
resp, err = generatedRequest.pipelinedClient.Dor(generatedRequest.request)
}
@ -421,7 +420,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
options.CustomRawBytes = generatedRequest.rawRequest.UnsafeRawBytes
options.ForceReadAllBody = request.ForceReadAllBody
options.SNI = request.options.Options.SNI
resp, err = generatedRequest.original.rawhttpClient.DoRawWithOptions(generatedRequest.rawRequest.Method, reqURL, generatedRequest.rawRequest.Path, generators.ExpandMapValues(generatedRequest.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(generatedRequest.rawRequest.Data)), &options)
resp, err = generatedRequest.original.rawhttpClient.DoRawWithOptions(generatedRequest.rawRequest.Method, reqURL, generatedRequest.rawRequest.Path, generators.ExpandMapValues(generatedRequest.rawRequest.Headers), io.NopCloser(strings.NewReader(generatedRequest.rawRequest.Data)), &options)
} else {
hostname = generatedRequest.request.URL.Host
formedURL = generatedRequest.request.URL.String()
@ -469,7 +468,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
if err != nil {
// rawhttp doesn't support draining response bodies.
if resp != nil && resp.Body != nil && generatedRequest.rawRequest == nil && !generatedRequest.original.Pipeline {
_, _ = io.CopyN(ioutil.Discard, resp.Body, drainReqSize)
_, _ = io.CopyN(io.Discard, resp.Body, drainReqSize)
resp.Body.Close()
}
request.options.Output.Request(request.options.TemplatePath, formedURL, request.Type().String(), err)
@ -494,7 +493,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
}
defer func() {
if resp.StatusCode != http.StatusSwitchingProtocols {
_, _ = io.CopyN(ioutil.Discard, resp.Body, drainReqSize)
_, _ = io.CopyN(io.Discard, resp.Body, drainReqSize)
}
resp.Body.Close()
}()
@ -502,7 +501,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
var curlCommand string
if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil && !request.Race {
bodyBytes, _ := generatedRequest.request.BodyBytes()
resp.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
resp.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes))
command, _ := http2curl.GetCurlCommand(resp.Request)
if err == nil && command != nil {
curlCommand = command.String()
@ -599,7 +598,6 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
finalEvent[key] = v
}
}
// prune signature internal values if any
request.pruneSignatureInternalValues(generatedRequest.meta)

4
v2/pkg/protocols/http/request_annotations.go
View File

@ -102,12 +102,12 @@ func (r *Request) parseAnnotations(rawRequest string, request *http.Request) (*h
value := strings.TrimSpace(duration[1])
if parsed, err := time.ParseDuration(value); err == nil {
//nolint:govet // cancelled automatically by withTimeout
ctx, _ := context.WithTimeout(request.Context(), parsed)
ctx, _ := context.WithTimeout(context.Background(), parsed)
request = request.Clone(ctx)
}
} else {
//nolint:govet // cancelled automatically by withTimeout
ctx, _ := context.WithTimeout(request.Context(), time.Duration(r.options.Options.Timeout)*time.Second)
ctx, _ := context.WithTimeout(context.Background(), time.Duration(r.options.Options.Timeout)*time.Second)
request = request.Clone(ctx)
}
}

45
v2/pkg/protocols/http/request_annotations_test.go Normal file
View File

@ -0,0 +1,45 @@
package http
import (
"context"
"net/http"
"testing"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/httpclientpool"
"github.com/stretchr/testify/require"
)
func TestRequestParseAnnotationsTimeout(t *testing.T) {
t.Run("positive", func(t *testing.T) {
request := &Request{
connConfiguration: &httpclientpool.Configuration{NoTimeout: true},
}
rawRequest := `@timeout: 2s
GET / HTTP/1.1
Host: {{Hostname}}`
httpReq, err := http.NewRequest(http.MethodGet, "https://example.com", nil)
require.Nil(t, err, "could not create http request")
newRequest, modified := request.parseAnnotations(rawRequest, httpReq)
require.True(t, modified, "could not get correct modified value")
_, deadlined := newRequest.Context().Deadline()
require.True(t, deadlined, "could not get set request deadline")
})
t.Run("negative", func(t *testing.T) {
request := &Request{
connConfiguration: &httpclientpool.Configuration{},
}
rawRequest := `GET / HTTP/1.1
Host: {{Hostname}}`
httpReq, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "https://example.com", nil)
require.Nil(t, err, "could not create http request")
newRequest, modified := request.parseAnnotations(rawRequest, httpReq)
require.False(t, modified, "could not get correct modified value")
_, deadlined := newRequest.Context().Deadline()
require.False(t, deadlined, "could not get set request deadline")
})
}

26
v2/pkg/protocols/http/utils.go
View File

@ -4,8 +4,8 @@ import (
"bytes"
"compress/gzip"
"compress/zlib"
"context"
"io"
"io/ioutil"
"net/http"
"net/http/httputil"
"strings"
@ -115,35 +115,29 @@ func normalizeResponseBody(resp *http.Response, response *redirectedResponse) er
// dump creates a dump of the http request in form of a byte slice
func dump(req *generatedRequest, reqURL string) ([]byte, error) {
if req.request != nil {
cloned := req.request.Clone(context.Background())
// Create a copy on the fly of the request body - ignore errors
bodyBytes, _ := req.request.BodyBytes()
var dumpBody bool
if len(bodyBytes) > 0 {
dumpBody = true
req.request.Request.ContentLength = int64(len(bodyBytes))
req.request.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
cloned.ContentLength = int64(len(bodyBytes))
cloned.Body = io.NopCloser(bytes.NewReader(bodyBytes))
} else {
req.request.Request.ContentLength = 0
req.request.Request.Body = nil
delete(req.request.Request.Header, "Content-length")
cloned.ContentLength = 0
cloned.Body = nil
delete(cloned.Header, "Content-length")
}
dumpBytes, err := httputil.DumpRequestOut(req.request.Request, dumpBody)
dumpBytes, err := httputil.DumpRequestOut(cloned, dumpBody)
if err != nil {
return nil, err
}
// The original req.Body gets modified indirectly by httputil.DumpRequestOut so we set it again to nil if it was empty
// Otherwise redirects like 307/308 would fail (as they require the body to be sent along)
if len(bodyBytes) == 0 {
req.request.Request.ContentLength = 0
req.request.Request.Body = nil
}
return dumpBytes, nil
}
rawHttpOptions := &rawhttp.Options{CustomHeaders: req.rawRequest.UnsafeHeaders, CustomRawBytes: req.rawRequest.UnsafeRawBytes}
return rawhttp.DumpRequestRaw(req.rawRequest.Method, reqURL, req.rawRequest.Path, generators.ExpandMapValues(req.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(req.rawRequest.Data)), rawHttpOptions)
return rawhttp.DumpRequestRaw(req.rawRequest.Method, reqURL, req.rawRequest.Path, generators.ExpandMapValues(req.rawRequest.Headers), io.NopCloser(strings.NewReader(req.rawRequest.Data)), rawHttpOptions)
}
// handleDecompression if the user specified a custom encoding (as golang transport doesn't do this automatically)

21
v2/pkg/protocols/network/request.go
View File

@ -23,6 +23,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
)
@ -128,6 +129,10 @@ func (request *Request) executeRequestWithPayloads(variables map[string]interfac
interimValues := generators.MergeMaps(variables, payloads)
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(interimValues))
}
inputEvents := make(map[string]interface{})
for _, input := range request.Inputs {
var data []byte
@ -190,14 +195,14 @@ func (request *Request) executeRequestWithPayloads(variables map[string]interfac
}
request.options.Progress.IncrementRequests()
if request.options.Options.Debug || request.options.Options.DebugRequests || request.options.Options.StoreResponse{
if request.options.Options.Debug || request.options.Options.DebugRequests || request.options.Options.StoreResponse {
requestBytes := []byte(reqBuilder.String())
msg := fmt.Sprintf("[%s] Dumped Network request for %s\n%s", request.options.TemplateID, actualAddress, hex.Dump(requestBytes))
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Info().Str("address", actualAddress).Msg(msg)
gologger.Info().Str("address", actualAddress).Msg(msg)
}
if request.options.Options.StoreResponse{
request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), msg)
if request.options.Options.StoreResponse {
request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), msg)
}
if request.options.Options.VerboseVerbose {
gologger.Print().Msgf("\nCompact HEX view:\n%s", hex.EncodeToString(requestBytes))
@ -300,15 +305,15 @@ func (request *Request) executeRequestWithPayloads(variables map[string]interfac
func dumpResponse(event *output.InternalWrappedEvent, request *Request, response string, actualAddress, address string) {
cliOptions := request.options.Options
if cliOptions.Debug || cliOptions.DebugResponse || cliOptions.StoreResponse{
if cliOptions.Debug || cliOptions.DebugResponse || cliOptions.StoreResponse {
requestBytes := []byte(response)
highlightedResponse := responsehighlighter.Highlight(event.OperatorsResult, hex.Dump(requestBytes), cliOptions.NoColor, true)
msg := fmt.Sprintf("[%s] Dumped Network response for %s\n\n", request.options.TemplateID, actualAddress)
if cliOptions.Debug || cliOptions.DebugResponse {
gologger.Debug().Msg(fmt.Sprintf("%s%s", msg, highlightedResponse))
gologger.Debug().Msg(fmt.Sprintf("%s%s", msg, highlightedResponse))
}
if cliOptions.StoreResponse{
request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s%s", msg, hex.Dump(requestBytes)))
if cliOptions.StoreResponse {
request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s%s", msg, hex.Dump(requestBytes)))
}
if cliOptions.VerboseVerbose {
displayCompactHexView(event, response, cliOptions.NoColor)

5
v2/pkg/protocols/offlinehttp/find_test.go
View File

@ -1,7 +1,6 @@
package offlinehttp
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
@ -28,7 +27,7 @@ func TestFindResponses(t *testing.T) {
err := request.Compile(executerOpts)
require.Nil(t, err, "could not compile file request")
tempDir, err := ioutil.TempDir("", "test-*")
tempDir, err := os.MkdirTemp("", "test-*")
require.Nil(t, err, "could not create temporary directory")
defer os.RemoveAll(tempDir)
@ -40,7 +39,7 @@ func TestFindResponses(t *testing.T) {
"test.txt": "TEST",
}
for k, v := range files {
err = ioutil.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
err = os.WriteFile(filepath.Join(tempDir, k), []byte(v), os.ModePerm)
require.Nil(t, err, "could not write temporary file")
}
expected := []string{"config.txt", "final.txt", "test.txt"}

2
v2/pkg/protocols/protocols.go
View File

@ -163,7 +163,7 @@ func MakeDefaultExtractFunc(data map[string]interface{}, extractor *extractors.E
case extractors.JSONExtractor:
return extractor.ExtractJSON(itemStr)
case extractors.XPathExtractor:
return extractor.ExtractHTML(itemStr)
return extractor.ExtractXPath(itemStr)
case extractors.DSLExtractor:
return extractor.ExtractDSL(data)
}

5
v2/pkg/protocols/ssl/ssl.go
View File

@ -24,6 +24,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
@ -130,6 +131,10 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous
variablesMap := request.options.Variables.Evaluate(values)
payloadValues = generators.MergeMaps(variablesMap, payloadValues)
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloadValues))
}
finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)
if dataErr != nil {
requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), dataErr)

5
v2/pkg/protocols/websocket/websocket.go
View File

@ -27,6 +27,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
@ -207,6 +208,10 @@ func (request *Request) executeRequestWithPayloads(input, hostname string, dynam
TLSConfig: tlsConfig,
}
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloadValues))
}
finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)
if dataErr != nil {
requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), dataErr)

6
v2/pkg/protocols/whois/whois.go
View File

@ -18,6 +18,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
)
@ -88,6 +89,11 @@ func (request *Request) GetID() string {
func (request *Request) ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
// generate variables
variables := generateVariables(input)
if request.options.Options.Debug || request.options.Options.DebugRequests {
gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(variables))
}
// and replace placeholders
query := replacer.Replace(request.Query, variables)
// build an rdap request

3
v2/pkg/reporting/dedupe/dedupe.go
View File

@ -6,7 +6,6 @@ package dedupe
import (
"crypto/sha1"
"io/ioutil"
"os"
"reflect"
"unsafe"
@ -30,7 +29,7 @@ func New(dbPath string) (*Storage, error) {
var err error
if dbPath == "" {
dbPath, err = ioutil.TempDir("", "nuclei-report-*")
dbPath, err = os.MkdirTemp("", "nuclei-report-*")
storage.temporary = dbPath
}
if err != nil {

3
v2/pkg/reporting/dedupe/dedupe_test.go
View File

@ -1,7 +1,6 @@
package dedupe
import (
"io/ioutil"
"os"
"testing"
@ -11,7 +10,7 @@ import (
)
func TestDedupeDuplicates(t *testing.T) {
tempDir, err := ioutil.TempDir("", "nuclei")
tempDir, err := os.MkdirTemp("", "nuclei")
require.Nil(t, err, "could not create temporary storage")
defer os.RemoveAll(tempDir)

3
v2/pkg/reporting/exporters/es/elasticsearch.go
View File

@ -7,7 +7,6 @@ import (
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/http"
"time"
@ -111,7 +110,7 @@ func (exporter *Exporter) Export(event *output.ResultEvent) error {
if err != nil {
return err
}
req.Body = ioutil.NopCloser(bytes.NewReader(b))
req.Body = io.NopCloser(bytes.NewReader(b))
res, err := exporter.elasticsearch.Do(req)
if err != nil {

3
v2/pkg/reporting/exporters/markdown/markdown.go
View File

@ -2,7 +2,6 @@ package markdown
import (
"bytes"
"io/ioutil"
"os"
"path/filepath"
"strings"
@ -67,7 +66,7 @@ func (exporter *Exporter) Export(event *output.ResultEvent) error {
dataBuilder.WriteString(description)
data := dataBuilder.Bytes()
return ioutil.WriteFile(filepath.Join(exporter.directory, finalFilename), data, 0644)
return os.WriteFile(filepath.Join(exporter.directory, finalFilename), data, 0644)
}
// Close closes the exporter after operation

10
v2/pkg/types/types.go
View File

@ -143,6 +143,8 @@ type Options struct {
UseInstalledChrome bool
// SystemResolvers enables override of nuclei's DNS client opting to use system resolver stack.
SystemResolvers bool
// ShowActions displays a list of all headless actions
ShowActions bool
// Metrics enables display of metrics via an http endpoint
Metrics bool
// Debug mode allows debugging request/responses for the engine
@ -228,12 +230,20 @@ type Options struct {
DisableRedirects bool
// SNI custom hostname
SNI string
// Interface to use for network scan
Interface string
// SourceIP sets custom source IP address for network requests
SourceIP string
// Health Check
HealthCheck bool
// Time to wait between each input read operation before closing the stream
InputReadTimeout time.Duration
// Disable stdin for input processing
DisableStdin bool
// IncludeConditions is the list of conditions templates should match
IncludeConditions goflags.FileStringSlice
// Custom Config Directory
CustomConfigDir string
}
func (options *Options) AddVarPayload(key string, value interface{}) {

3
v2/pkg/utils/monitor/monitor.go
View File

@ -7,7 +7,6 @@ import (
"bytes"
"context"
"fmt"
"io/ioutil"
"os"
"runtime"
"strings"
@ -80,7 +79,7 @@ func (s *Agent) monitorWorker() {
s.cancel()
stackTraceFile := fmt.Sprintf("nuclei-stacktrace-%s.dump", xid.New().String())
gologger.Error().Msgf("Detected hanging goroutine (count=%d/%d) = %s\n", current, s.goroutineCount, stackTraceFile)
if err := ioutil.WriteFile(stackTraceFile, currentStack, os.ModePerm); err != nil {
if err := os.WriteFile(stackTraceFile, currentStack, os.ModePerm); err != nil {
gologger.Error().Msgf("Could not write stack trace for goroutines: %s\n", err)
}
os.Exit(1) // exit forcefully if we've been stuck