Support for environment variables with .env file

v2/cmd/nuclei/main.go

@@ -162,6 +162,10 @@ on extensive configurability, massive extensibility and ease of use.`)
 		flagSet.IntVar(&options.MetricsPort, "metrics-port", 9092, "port to expose nuclei metrics on"),
 	)
 
+	createGroup(flagSet, "env", "DotEnv",
+		flagSet.StringVar(&options.DotEnvPath, "env", ".env", "path of .env file to use"),
+	)
+
 	_ = flagSet.Parse()
 
 	if cfgFile != "" {

v2/go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/gosuri/uiprogress v0.0.1 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.6.8 // indirect
+	github.com/joho/godotenv v1.3.0 // indirect
 	github.com/json-iterator/go v1.1.10
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/karlseguin/ccache v2.0.3+incompatible

v2/go.sum

@@ -183,6 +183,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/jasonlvhit/gocron v0.0.1 h1:qTt5qF3b3srDjeOIR4Le1LfeyvoYzJlYpqvG7tJX5YU=
 github.com/jasonlvhit/gocron v0.0.1/go.mod h1:k9a3TV8VcU73XZxfVHCHWMWF9SOqgoku0/QlY2yvlA4=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0=
 github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=

v2/internal/runner/options.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/joho/godotenv"
 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/gologger/formatter"
 	"github.com/projectdiscovery/gologger/levels"
@@ -59,6 +60,13 @@ func ParseOptions(options *types.Options) {
 	if err != nil {
 		gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)
 	}
+
+	if len(options.DotEnvPath) > 0 {
+		err := godotenv.Load(options.DotEnvPath)
+		if err != nil {
+			gologger.Warning().Msgf("Failed loading .env file: %s\n", err)
+		}
+	}
 }
 
 // hasStdin returns true if we have stdin input

v2/pkg/protocols/http/build_request.go

@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -129,6 +130,19 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest
 	// request values.
 	finalValues := generators.MergeMaps(generatorValues, values)
 
+	// read env variables
+	envVars := strings.Split(strings.Trim(r.request.EnvVars, " "), ",")
+	if len(envVars) > 0 {
+		envVarValues := make(map[string]interface{})
+		for _, envVar := range envVars {
+			envVarValue := os.Getenv(envVar)
+			if len(envVarValue) > 0 {
+				envVarValues[envVar] = envVarValue
+			}
+		}
+		finalValues = generators.MergeMaps(finalValues, envVarValues)
+	}
+
 	// Evaulate the expressions for raw request if any.
 	var err error
 	rawRequest, err = expressions.Evaluate(rawRequest, finalValues)

v2/pkg/protocols/http/http.go

@@ -73,6 +73,8 @@ type Request struct {
 	// their history for being matched at the end.
 	// Currently only works with sequential http requests.
 	ReqCondition bool `yaml:"req-condition"`
+	// Dynamic ENV Variables
+	EnvVars string `yaml:"env-vars"`
 }
 
 // GetID returns the unique ID of the request if any.

v2/pkg/types/types.go

@@ -143,4 +143,6 @@ type Options struct {
 	UpdateNuclei bool
 	// NoUpdateTemplates disables checking for nuclei templates updates
 	NoUpdateTemplates bool
+	// .env file path
+	DotEnvPath string
 }