diff --git a/.gitignore b/.gitignore index e812e00d..520e34e1 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser v2/cmd/functional-test/nuclei_dev v2/cmd/functional-test/nuclei_main -v2/cmd/functional-test/functional-test \ No newline at end of file +v2/cmd/functional-test/functional-test +v2/cmd/docgen/docgen \ No newline at end of file diff --git a/v2/Makefile b/v2/Makefile index 247e7de4..5d3e3053 100644 --- a/v2/Makefile +++ b/v2/Makefile @@ -8,6 +8,10 @@ GOGET=$(GOCMD) get all: build build: $(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go +docs: + $(GOCMD) generate pkg/templates/templates.go + $(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go + ./cmd/docgen/docgen docs.md test: $(GOTEST) -v ./... tidy: diff --git a/v2/cmd/docgen/docgen.go b/v2/cmd/docgen/docgen.go new file mode 100644 index 00000000..907fc3da --- /dev/null +++ b/v2/cmd/docgen/docgen.go @@ -0,0 +1,20 @@ +package main + +import ( + "io/ioutil" + "log" + "os" + + "github.com/projectdiscovery/nuclei/v2/pkg/templates" +) + +func main() { + data, err := templates.GetTemplateDoc().Encode() + if err != nil { + log.Fatalf("Could not encode docs: %s\n", err) + } + err = ioutil.WriteFile(os.Args[1], data, 0777) + if err != nil { + log.Fatalf("Could not write docs: %s\n", err) + } +} diff --git a/v2/go.mod b/v2/go.mod index 766add0b..658e87b4 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -38,6 +38,7 @@ require ( github.com/projectdiscovery/retryabledns v1.0.10 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d + github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a // indirect github.com/remeh/sizedwaitgroup v1.0.0 github.com/rivo/uniseg v0.2.0 // indirect github.com/rs/xid v1.2.1 diff --git a/v2/go.sum b/v2/go.sum index e5fcc17e..27ecf2b5 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -70,6 +70,11 @@ github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkb github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= +github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= +github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= +github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8= +github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -149,6 +154,7 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -286,6 +292,8 @@ github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b072 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727/go.mod h1:dx//aY9V247qHdsRf0vdWHTBZuBQ2vm6Dq5dagxrDYI= github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d h1:nlOAex7twmrEqD5i6WLnugF9uO3DQ6jDEKN9gevrTAk= github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d/go.mod h1:TVSdZC0rRQeMIbsNSiGPhbmhyRtxqqtAGA9JiiNp2r4= +github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a h1:3mQRJkqj9TQiFMm3vQZAwrxImPov4gw8LBifyfCZGsg= +github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e h1:ZT3wZ92sp/EHEE/HcFCWCsYS3ROLjHb6EqSX8qYrgXw= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e/go.mod h1:GkLsdH1RZj6RDKeI9A05NGZYmEZQ/PbQcZPnZoSZuYI= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -296,6 +304,7 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/segmentio/ksuid v1.0.3 h1:FoResxvleQwYiPAVKe1tMUlEirodZqlqglIuFsdDntY= @@ -362,6 +371,7 @@ github.com/ysmood/leakless v0.6.12/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNq github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zclconf/go-cty v1.8.2 h1:u+xZfBKgpycDnTNjPhGiTEYZS5qS/Sb5MqSfm7vzcjg= github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -377,6 +387,7 @@ go.uber.org/ratelimit v0.1.0 h1:U2AruXqeTb4Eh9sYQSTrMhH8Cb7M0Ian2ibBOnBcnAw= go.uber.org/ratelimit v0.1.0/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= +golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -418,6 +429,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -447,6 +459,7 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210521195947-fe42d452be8f h1:Si4U+UcgJzya9kpiEUJKQvjr512OLli+gL4poHrz93U= golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -469,6 +482,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -499,8 +513,10 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201113233024-12cec1faf1ba/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -556,12 +572,15 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -654,6 +673,7 @@ gopkg.in/corvus-ch/zbase32.v1 v1.0.0/go.mod h1:T3oKkPOm4AV/bNXCNFUxRmlE9RUyBz/DS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -671,6 +691,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index 571a4c83..bfa572d6 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -18,6 +18,7 @@ type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/file/file.go b/v2/pkg/protocols/file/file.go index 81643c10..ea78be11 100644 --- a/v2/pkg/protocols/file/file.go +++ b/v2/pkg/protocols/file/file.go @@ -26,6 +26,7 @@ type Request struct { // - value: '[]string{".avi", ".mov", ".mp3"}' ExtensionDenylist []string `yaml:"denylist"` + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/headless/headless.go b/v2/pkg/protocols/headless/headless.go index e33effa6..5f0856c9 100644 --- a/v2/pkg/protocols/headless/headless.go +++ b/v2/pkg/protocols/headless/headless.go @@ -9,6 +9,7 @@ import ( // Request contains a Headless protocol request to be made from a template type Request struct { + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index ff285a40..030f7cd3 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -31,7 +31,7 @@ type Request struct { // value: | // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw"` - // docgen:nodoc + // ID is the ID of the request ID string `yaml:"id"` // description: | // Name is the optional name of the request. diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 40619fca..20e3b54e 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -15,6 +15,7 @@ import ( // Request contains a Network protocol request to be made from a template type Request struct { + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index e358c1a2..60d10aee 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -1,3 +1,4 @@ +//go:generate dstdocgen -path "" -structure Template -output templates_doc.go -package templates package templates import ( diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go new file mode 100644 index 00000000..aa54452e --- /dev/null +++ b/v2/pkg/templates/templates_doc.go @@ -0,0 +1,893 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// DO NOT EDIT: this file is automatically generated by docgen +package templates + +import ( + "github.com/projectdiscovery/yamldoc-go/encoder" +) + +var ( + TemplateDoc encoder.Doc + HTTPRequestDoc encoder.Doc + MATCHERSMatcherDoc encoder.Doc + EXTRACTORSExtractorDoc encoder.Doc + DNSRequestDoc encoder.Doc + FILERequestDoc encoder.Doc + NETWORKRequestDoc encoder.Doc + NETWORKInputDoc encoder.Doc + HEADLESSRequestDoc encoder.Doc + ENGINEActionDoc encoder.Doc + WORKFLOWSWorkflowTemplateDoc encoder.Doc + WORKFLOWSMatcherDoc encoder.Doc +) + +func init() { + TemplateDoc.Type = "Template" + TemplateDoc.Comments[encoder.LineComment] = " Template is a YAML input file which defines the requests and" + TemplateDoc.Description = "Template is a YAML input file which defines the requests and\n others metadata for a scan template." + TemplateDoc.Fields = make([]encoder.Doc, 8) + TemplateDoc.Fields[0].Name = "id" + TemplateDoc.Fields[0].Type = "string" + TemplateDoc.Fields[0].Note = "" + TemplateDoc.Fields[0].Description = "ID is the unique id for the template. IDs must be lowercase\nand must not contain spaces in it.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." + TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template. IDs must be lowercase" + + TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") + TemplateDoc.Fields[1].Name = "info" + TemplateDoc.Fields[1].Type = "map[string]interface{}" + TemplateDoc.Fields[1].Note = "" + TemplateDoc.Fields[1].Description = "Info contains metadata information about the template. At minimum, it\nshould contain `name`, `author`, `severity`, `description`, `tags`. Optionally\nyou can also specify a list of `references` for the template." + TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template. At minimum, it" + TemplateDoc.Fields[2].Name = "requests" + TemplateDoc.Fields[2].Type = "[]http.Request" + TemplateDoc.Fields[2].Note = "" + TemplateDoc.Fields[2].Description = "Requests contains the http request to make in the template" + TemplateDoc.Fields[2].Comments[encoder.LineComment] = "Requests contains the http request to make in the template" + TemplateDoc.Fields[3].Name = "dns" + TemplateDoc.Fields[3].Type = "[]dns.Request" + TemplateDoc.Fields[3].Note = "" + TemplateDoc.Fields[3].Description = "DNS contains the dns request to make in the template" + TemplateDoc.Fields[3].Comments[encoder.LineComment] = "DNS contains the dns request to make in the template" + TemplateDoc.Fields[4].Name = "file" + TemplateDoc.Fields[4].Type = "[]file.Request" + TemplateDoc.Fields[4].Note = "" + TemplateDoc.Fields[4].Description = "File contains the file request to make in the template" + TemplateDoc.Fields[4].Comments[encoder.LineComment] = "File contains the file request to make in the template" + TemplateDoc.Fields[5].Name = "network" + TemplateDoc.Fields[5].Type = "[]network.Request" + TemplateDoc.Fields[5].Note = "" + TemplateDoc.Fields[5].Description = "Network contains the network request to make in the template" + TemplateDoc.Fields[5].Comments[encoder.LineComment] = "Network contains the network request to make in the template" + TemplateDoc.Fields[6].Name = "headless" + TemplateDoc.Fields[6].Type = "[]headless.Request" + TemplateDoc.Fields[6].Note = "" + TemplateDoc.Fields[6].Description = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[6].Comments[encoder.LineComment] = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[7].Name = "workflows" + TemplateDoc.Fields[7].Type = "[]workflows.WorkflowTemplate" + TemplateDoc.Fields[7].Note = "" + TemplateDoc.Fields[7].Description = "Workflows is a list of workflows to execute for a template." + TemplateDoc.Fields[7].Comments[encoder.LineComment] = "Workflows is a list of workflows to execute for a template." + + HTTPRequestDoc.Type = "http.Request" + HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" + HTTPRequestDoc.Description = "Request contains a http request to be made from a template" + HTTPRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "requests", + }, + } + HTTPRequestDoc.Fields = make([]encoder.Doc, 24) + HTTPRequestDoc.Fields[0].Name = "matchers" + HTTPRequestDoc.Fields[0].Type = "[]matchers.Matcher" + HTTPRequestDoc.Fields[0].Note = "" + HTTPRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HTTPRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HTTPRequestDoc.Fields[1].Name = "extractors" + HTTPRequestDoc.Fields[1].Type = "[]extractors.Extractor" + HTTPRequestDoc.Fields[1].Note = "" + HTTPRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HTTPRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HTTPRequestDoc.Fields[2].Name = "matchers-condition" + HTTPRequestDoc.Fields[2].Type = "string" + HTTPRequestDoc.Fields[2].Note = "" + HTTPRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + HTTPRequestDoc.Fields[3].Name = "path" + HTTPRequestDoc.Fields[3].Type = "[]string" + HTTPRequestDoc.Fields[3].Note = "" + HTTPRequestDoc.Fields[3].Description = "Path contains the path/s for the HTTP requests. It supports variables\nas placeholders." + HTTPRequestDoc.Fields[3].Comments[encoder.LineComment] = "Path contains the path/s for the HTTP requests. It supports variables" + + HTTPRequestDoc.Fields[3].AddExample("Some example path values", []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"}) + HTTPRequestDoc.Fields[4].Name = "raw" + HTTPRequestDoc.Fields[4].Type = "[]string" + HTTPRequestDoc.Fields[4].Note = "" + HTTPRequestDoc.Fields[4].Description = "Raw contains HTTP Requests in Raw format." + HTTPRequestDoc.Fields[4].Comments[encoder.LineComment] = "Raw contains HTTP Requests in Raw format." + + HTTPRequestDoc.Fields[4].AddExample("Some example raw requests", []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"}) + HTTPRequestDoc.Fields[5].Name = "id" + HTTPRequestDoc.Fields[5].Type = "string" + HTTPRequestDoc.Fields[5].Note = "" + HTTPRequestDoc.Fields[5].Description = "ID is the ID of the request" + HTTPRequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + HTTPRequestDoc.Fields[6].Name = "name" + HTTPRequestDoc.Fields[6].Type = "string" + HTTPRequestDoc.Fields[6].Note = "" + HTTPRequestDoc.Fields[6].Description = "Name is the optional name of the request.\n\nIf a name is specified, all the named request in a template can be matched upon\nin a combined manner allowing multirequest based matchers." + HTTPRequestDoc.Fields[6].Comments[encoder.LineComment] = "Name is the optional name of the request." + HTTPRequestDoc.Fields[7].Name = "attack" + HTTPRequestDoc.Fields[7].Type = "string" + HTTPRequestDoc.Fields[7].Note = "" + HTTPRequestDoc.Fields[7].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + HTTPRequestDoc.Fields[7].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + HTTPRequestDoc.Fields[7].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + HTTPRequestDoc.Fields[8].Name = "method" + HTTPRequestDoc.Fields[8].Type = "string" + HTTPRequestDoc.Fields[8].Note = "" + HTTPRequestDoc.Fields[8].Description = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Comments[encoder.LineComment] = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Values = []string{ + "GET", + "POST", + "PUT", + "DELETE", + } + HTTPRequestDoc.Fields[9].Name = "body" + HTTPRequestDoc.Fields[9].Type = "string" + HTTPRequestDoc.Fields[9].Note = "" + HTTPRequestDoc.Fields[9].Description = "Body is an optional parameter which contains HTTP Request body." + HTTPRequestDoc.Fields[9].Comments[encoder.LineComment] = "Body is an optional parameter which contains HTTP Request body." + + HTTPRequestDoc.Fields[9].AddExample("Same Body for a Login POST request", "username=test&password=test") + HTTPRequestDoc.Fields[10].Name = "payloads" + HTTPRequestDoc.Fields[10].Type = "map[string]interface{}" + HTTPRequestDoc.Fields[10].Note = "" + HTTPRequestDoc.Fields[10].Description = "description: |\n Payloads contains any payloads for the current request.\n\n Payloads support both key-values combinations where a list\n of payloads is provided, or optionally a single file can also\n be provided as payload which will be read on run-time.\n examples:\n - name: A payload list for Tomcat Bruteforce\n value: >\n map[string]interface{}{\n \"username\": []string{\"tomcat\", \"admin\"},\n \"password\": []string{\"tomcat\", \"admin\", \"password\"},\n }\n - name: A payload example of reading from file\n value: >\n map[string]interface{}{\n \"data\": \"helpers/payloads/command-injection.txt\",\n }" + HTTPRequestDoc.Fields[10].Comments[encoder.LineComment] = " description: |" + HTTPRequestDoc.Fields[11].Name = "headers" + HTTPRequestDoc.Fields[11].Type = "map[string]string" + HTTPRequestDoc.Fields[11].Note = "" + HTTPRequestDoc.Fields[11].Description = "Headers contains HTTP Headers to send with the request." + HTTPRequestDoc.Fields[11].Comments[encoder.LineComment] = "Headers contains HTTP Headers to send with the request." + + HTTPRequestDoc.Fields[11].AddExample("", map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"}) + HTTPRequestDoc.Fields[12].Name = "race_count" + HTTPRequestDoc.Fields[12].Type = "int" + HTTPRequestDoc.Fields[12].Note = "" + HTTPRequestDoc.Fields[12].Description = "RaceCount is the number of times to send a request in Race Condition Attack." + HTTPRequestDoc.Fields[12].Comments[encoder.LineComment] = "RaceCount is the number of times to send a request in Race Condition Attack." + + HTTPRequestDoc.Fields[12].AddExample("Send a request 5 times", 5) + HTTPRequestDoc.Fields[13].Name = "max-redirects" + HTTPRequestDoc.Fields[13].Type = "int" + HTTPRequestDoc.Fields[13].Note = "" + HTTPRequestDoc.Fields[13].Description = "MaxRedirects is the maximum number of redirects that should be followed." + HTTPRequestDoc.Fields[13].Comments[encoder.LineComment] = "MaxRedirects is the maximum number of redirects that should be followed." + + HTTPRequestDoc.Fields[13].AddExample("Follow upto 5 redirects", 5) + HTTPRequestDoc.Fields[14].Name = "pipeline-concurrent-connections" + HTTPRequestDoc.Fields[14].Type = "int" + HTTPRequestDoc.Fields[14].Note = "" + HTTPRequestDoc.Fields[14].Description = "PipelineConcurrentConnections is number of connections to create during pipelining." + HTTPRequestDoc.Fields[14].Comments[encoder.LineComment] = "PipelineConcurrentConnections is number of connections to create during pipelining." + + HTTPRequestDoc.Fields[14].AddExample("Create 40 concurrent connections", 40) + HTTPRequestDoc.Fields[15].Name = "pipeline-requests-per-connection" + HTTPRequestDoc.Fields[15].Type = "int" + HTTPRequestDoc.Fields[15].Note = "" + HTTPRequestDoc.Fields[15].Description = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + HTTPRequestDoc.Fields[15].Comments[encoder.LineComment] = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + + HTTPRequestDoc.Fields[15].AddExample("Send 100 requests per pipeline connection", 100) + HTTPRequestDoc.Fields[16].Name = "threads" + HTTPRequestDoc.Fields[16].Type = "int" + HTTPRequestDoc.Fields[16].Note = "" + HTTPRequestDoc.Fields[16].Description = "Threads specifies number of threads to use sending requests. This enables Connection Pooling.\n\nConnection: Close attribute must not be used in request while using threads flag, otherwise\npooling will fail and engine will continue to close connections after requests." + HTTPRequestDoc.Fields[16].Comments[encoder.LineComment] = "Threads specifies number of threads to use sending requests. This enables Connection Pooling." + + HTTPRequestDoc.Fields[16].AddExample("Send requests using 10 concurrent threads", 10) + HTTPRequestDoc.Fields[17].Name = "max-size" + HTTPRequestDoc.Fields[17].Type = "int" + HTTPRequestDoc.Fields[17].Note = "" + HTTPRequestDoc.Fields[17].Description = "MaxSize is the maximum size of http response body to read in bytes." + HTTPRequestDoc.Fields[17].Comments[encoder.LineComment] = "MaxSize is the maximum size of http response body to read in bytes." + + HTTPRequestDoc.Fields[17].AddExample("Read max 2048 bytes of the response", 2048) + HTTPRequestDoc.Fields[18].Name = "cookie-reuse" + HTTPRequestDoc.Fields[18].Type = "bool" + HTTPRequestDoc.Fields[18].Note = "" + HTTPRequestDoc.Fields[18].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." + HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" + HTTPRequestDoc.Fields[19].Name = "redirects" + HTTPRequestDoc.Fields[19].Type = "bool" + HTTPRequestDoc.Fields[19].Note = "" + HTTPRequestDoc.Fields[19].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." + HTTPRequestDoc.Fields[20].Name = "pipeline" + HTTPRequestDoc.Fields[20].Type = "bool" + HTTPRequestDoc.Fields[20].Note = "" + HTTPRequestDoc.Fields[20].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be indempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + HTTPRequestDoc.Fields[21].Name = "unsafe" + HTTPRequestDoc.Fields[21].Type = "bool" + HTTPRequestDoc.Fields[21].Note = "" + HTTPRequestDoc.Fields[21].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." + HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." + HTTPRequestDoc.Fields[22].Name = "race" + HTTPRequestDoc.Fields[22].Type = "bool" + HTTPRequestDoc.Fields[22].Note = "" + HTTPRequestDoc.Fields[22].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." + HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" + HTTPRequestDoc.Fields[23].Name = "req-condition" + HTTPRequestDoc.Fields[23].Type = "bool" + HTTPRequestDoc.Fields[23].Note = "" + HTTPRequestDoc.Fields[23].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." + HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." + + MATCHERSMatcherDoc.Type = "matchers.Matcher" + MATCHERSMatcherDoc.Comments[encoder.LineComment] = " Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.Description = "Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "matchers", + }, + { + TypeName: "dns.Request", + FieldName: "matchers", + }, + { + TypeName: "file.Request", + FieldName: "matchers", + }, + { + TypeName: "network.Request", + FieldName: "matchers", + }, + { + TypeName: "headless.Request", + FieldName: "matchers", + }, + } + MATCHERSMatcherDoc.Fields = make([]encoder.Doc, 12) + MATCHERSMatcherDoc.Fields[0].Name = "type" + MATCHERSMatcherDoc.Fields[0].Type = "string" + MATCHERSMatcherDoc.Fields[0].Note = "" + MATCHERSMatcherDoc.Fields[0].Description = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Values = []string{ + "status", + "size", + "word", + "regex", + "binary", + "dsl", + } + MATCHERSMatcherDoc.Fields[1].Name = "condition" + MATCHERSMatcherDoc.Fields[1].Type = "string" + MATCHERSMatcherDoc.Fields[1].Note = "" + MATCHERSMatcherDoc.Fields[1].Description = "Condition is the optional condition between two matcher variables. By default,\nthe condition is assumed to be OR." + MATCHERSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Condition is the optional condition between two matcher variables. By default," + MATCHERSMatcherDoc.Fields[1].Values = []string{ + "and", + "or", + } + MATCHERSMatcherDoc.Fields[2].Name = "part" + MATCHERSMatcherDoc.Fields[2].Type = "string" + MATCHERSMatcherDoc.Fields[2].Note = "" + MATCHERSMatcherDoc.Fields[2].Description = "Part is the part of the request response to match data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + MATCHERSMatcherDoc.Fields[2].Comments[encoder.LineComment] = "Part is the part of the request response to match data from." + + MATCHERSMatcherDoc.Fields[2].AddExample("", "body") + + MATCHERSMatcherDoc.Fields[2].AddExample("", "raw") + MATCHERSMatcherDoc.Fields[3].Name = "negative" + MATCHERSMatcherDoc.Fields[3].Type = "bool" + MATCHERSMatcherDoc.Fields[3].Note = "" + MATCHERSMatcherDoc.Fields[3].Description = "Negative specifies if the match should be reversed\nIt will only match if the condition is not true." + MATCHERSMatcherDoc.Fields[3].Comments[encoder.LineComment] = "Negative specifies if the match should be reversed" + MATCHERSMatcherDoc.Fields[4].Name = "name" + MATCHERSMatcherDoc.Fields[4].Type = "string" + MATCHERSMatcherDoc.Fields[4].Note = "" + MATCHERSMatcherDoc.Fields[4].Description = "Name of the matcher. Name should be lowercase and must not contain\nspaces or dashes (-)." + MATCHERSMatcherDoc.Fields[4].Comments[encoder.LineComment] = "Name of the matcher. Name should be lowercase and must not contain" + + MATCHERSMatcherDoc.Fields[4].AddExample("", "cookie-matcher") + MATCHERSMatcherDoc.Fields[5].Name = "status" + MATCHERSMatcherDoc.Fields[5].Type = "[]int" + MATCHERSMatcherDoc.Fields[5].Note = "" + MATCHERSMatcherDoc.Fields[5].Description = "Status are the acceptable status codes for the response." + MATCHERSMatcherDoc.Fields[5].Comments[encoder.LineComment] = "Status are the acceptable status codes for the response." + + MATCHERSMatcherDoc.Fields[5].AddExample("", []int{200, 302}) + MATCHERSMatcherDoc.Fields[6].Name = "size" + MATCHERSMatcherDoc.Fields[6].Type = "[]int" + MATCHERSMatcherDoc.Fields[6].Note = "" + MATCHERSMatcherDoc.Fields[6].Description = "Size is the acceptable size for the response" + MATCHERSMatcherDoc.Fields[6].Comments[encoder.LineComment] = "Size is the acceptable size for the response" + + MATCHERSMatcherDoc.Fields[6].AddExample("", []int{3029, 2042}) + MATCHERSMatcherDoc.Fields[7].Name = "words" + MATCHERSMatcherDoc.Fields[7].Type = "[]string" + MATCHERSMatcherDoc.Fields[7].Note = "" + MATCHERSMatcherDoc.Fields[7].Description = "Words contains word patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[7].Comments[encoder.LineComment] = "Words contains word patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for outlook mail protection domain", []string{"mail.protection.outlook.com"}) + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for application/json in response headers", []string{"application/json"}) + MATCHERSMatcherDoc.Fields[8].Name = "regex" + MATCHERSMatcherDoc.Fields[8].Type = "[]string" + MATCHERSMatcherDoc.Fields[8].Note = "" + MATCHERSMatcherDoc.Fields[8].Description = "Regex contains Regular Expression patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[8].Comments[encoder.LineComment] = "Regex contains Regular Expression patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Linkerd Service via Regex", []string{`(?mi)^Via\\s*?:.*?linkerd.*$`}) + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Open Redirect via Location header", []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`}) + MATCHERSMatcherDoc.Fields[9].Name = "binary" + MATCHERSMatcherDoc.Fields[9].Type = "[]string" + MATCHERSMatcherDoc.Fields[9].Note = "" + MATCHERSMatcherDoc.Fields[9].Description = "Binary are the binary patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[9].Comments[encoder.LineComment] = "Binary are the binary patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for Springboot Heapdump Actuator \"JAVA PROFILE\", \"HPROF\", \"Gunzip magic byte\"", []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"}) + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for 7zip files", []string{"377ABCAF271C"}) + MATCHERSMatcherDoc.Fields[10].Name = "dsl" + MATCHERSMatcherDoc.Fields[10].Type = "[]string" + MATCHERSMatcherDoc.Fields[10].Note = "" + MATCHERSMatcherDoc.Fields[10].Description = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.\nA list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/)." + MATCHERSMatcherDoc.Fields[10].Comments[encoder.LineComment] = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules." + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for package.json file", []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"}) + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for missing strict transport security header", []string{"!contains(tolower(all_headers), ''strict-transport-security'')"}) + MATCHERSMatcherDoc.Fields[11].Name = "encoding" + MATCHERSMatcherDoc.Fields[11].Type = "string" + MATCHERSMatcherDoc.Fields[11].Note = "" + MATCHERSMatcherDoc.Fields[11].Description = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Comments[encoder.LineComment] = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Values = []string{ + "hex", + } + + EXTRACTORSExtractorDoc.Type = "extractors.Extractor" + EXTRACTORSExtractorDoc.Comments[encoder.LineComment] = " Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.Description = "Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "extractors", + }, + { + TypeName: "dns.Request", + FieldName: "extractors", + }, + { + TypeName: "file.Request", + FieldName: "extractors", + }, + { + TypeName: "network.Request", + FieldName: "extractors", + }, + { + TypeName: "headless.Request", + FieldName: "extractors", + }, + } + EXTRACTORSExtractorDoc.Fields = make([]encoder.Doc, 8) + EXTRACTORSExtractorDoc.Fields[0].Name = "name" + EXTRACTORSExtractorDoc.Fields[0].Type = "string" + EXTRACTORSExtractorDoc.Fields[0].Note = "" + EXTRACTORSExtractorDoc.Fields[0].Description = "Name of the extractor. Name should be lowercase and must not contain\nspaces or dashes (-)." + EXTRACTORSExtractorDoc.Fields[0].Comments[encoder.LineComment] = "Name of the extractor. Name should be lowercase and must not contain" + + EXTRACTORSExtractorDoc.Fields[0].AddExample("", "cookie-extractor") + EXTRACTORSExtractorDoc.Fields[1].Name = "type" + EXTRACTORSExtractorDoc.Fields[1].Type = "string" + EXTRACTORSExtractorDoc.Fields[1].Note = "" + EXTRACTORSExtractorDoc.Fields[1].Description = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Values = []string{ + "regex", + "kval", + } + EXTRACTORSExtractorDoc.Fields[2].Name = "regex" + EXTRACTORSExtractorDoc.Fields[2].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[2].Note = "" + EXTRACTORSExtractorDoc.Fields[2].Description = "Regex contains the regular expression patterns to exract from a part.\n\nGo regex engine does not supports lookaheads or lookbehinds, so as a result\nthey are also not supported in nuclei." + EXTRACTORSExtractorDoc.Fields[2].Comments[encoder.LineComment] = "Regex contains the regular expression patterns to exract from a part." + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Braintree Access Token Regex", []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"}) + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Wordpress Author Extraction regex", []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"}) + EXTRACTORSExtractorDoc.Fields[3].Name = "group" + EXTRACTORSExtractorDoc.Fields[3].Type = "int" + EXTRACTORSExtractorDoc.Fields[3].Note = "" + EXTRACTORSExtractorDoc.Fields[3].Description = "Group specifies a numbered group to extract from the regex." + EXTRACTORSExtractorDoc.Fields[3].Comments[encoder.LineComment] = "Group specifies a numbered group to extract from the regex." + + EXTRACTORSExtractorDoc.Fields[3].AddExample("", 1) + EXTRACTORSExtractorDoc.Fields[4].Name = "kval" + EXTRACTORSExtractorDoc.Fields[4].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[4].Note = "" + EXTRACTORSExtractorDoc.Fields[4].Description = "kval contains the key-value pairs required in the response.\n\nEach protocol exposes a lot of different data in response. The kval\nextractor can be used to extract those key-value pairs. A list of\nsupported parts is available in docs for request types." + EXTRACTORSExtractorDoc.Fields[4].Comments[encoder.LineComment] = "kval contains the key-value pairs required in the response." + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extract Server Header From HTTP Response", []string{"Server"}) + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extracting value of PHPSESSID Cookie", []string{"PHPSESSID"}) + EXTRACTORSExtractorDoc.Fields[5].Name = "part" + EXTRACTORSExtractorDoc.Fields[5].Type = "string" + EXTRACTORSExtractorDoc.Fields[5].Note = "" + EXTRACTORSExtractorDoc.Fields[5].Description = "Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + EXTRACTORSExtractorDoc.Fields[5].Comments[encoder.LineComment] = "Part is the part of the request response to extract data from." + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", "body") + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", "raw") + EXTRACTORSExtractorDoc.Fields[6].Name = "json" + EXTRACTORSExtractorDoc.Fields[6].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[6].Note = "" + EXTRACTORSExtractorDoc.Fields[6].Description = "JSON allows using jq-style syntax to extract items from json response" + EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".[] | .id") + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".batters | .batter | .[] | .id") + EXTRACTORSExtractorDoc.Fields[7].Name = "internal" + EXTRACTORSExtractorDoc.Fields[7].Type = "bool" + EXTRACTORSExtractorDoc.Fields[7].Note = "" + EXTRACTORSExtractorDoc.Fields[7].Description = "Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)." + EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "Internal, when set to true will allow using the value extracted" + + DNSRequestDoc.Type = "dns.Request" + DNSRequestDoc.Comments[encoder.LineComment] = " Request contains a DNS protocol request to be made from a template" + DNSRequestDoc.Description = "Request contains a DNS protocol request to be made from a template" + DNSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "dns", + }, + } + DNSRequestDoc.Fields = make([]encoder.Doc, 9) + DNSRequestDoc.Fields[0].Name = "matchers" + DNSRequestDoc.Fields[0].Type = "[]matchers.Matcher" + DNSRequestDoc.Fields[0].Note = "" + DNSRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + DNSRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + DNSRequestDoc.Fields[1].Name = "extractors" + DNSRequestDoc.Fields[1].Type = "[]extractors.Extractor" + DNSRequestDoc.Fields[1].Note = "" + DNSRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + DNSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + DNSRequestDoc.Fields[2].Name = "matchers-condition" + DNSRequestDoc.Fields[2].Type = "string" + DNSRequestDoc.Fields[2].Note = "" + DNSRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + DNSRequestDoc.Fields[3].Name = "id" + DNSRequestDoc.Fields[3].Type = "string" + DNSRequestDoc.Fields[3].Note = "" + DNSRequestDoc.Fields[3].Description = "ID is the ID of the request" + DNSRequestDoc.Fields[3].Comments[encoder.LineComment] = " ID is the ID of the request" + DNSRequestDoc.Fields[4].Name = "name" + DNSRequestDoc.Fields[4].Type = "string" + DNSRequestDoc.Fields[4].Note = "" + DNSRequestDoc.Fields[4].Description = "Name is the Hostname to make DNS request for.\n\nGenerally, it is set to {{FQDN}} which is the domain we get from input." + DNSRequestDoc.Fields[4].Comments[encoder.LineComment] = "Name is the Hostname to make DNS request for." + + DNSRequestDoc.Fields[4].AddExample("", "{{FQDN}}") + DNSRequestDoc.Fields[5].Name = "type" + DNSRequestDoc.Fields[5].Type = "string" + DNSRequestDoc.Fields[5].Note = "" + DNSRequestDoc.Fields[5].Description = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Comments[encoder.LineComment] = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Values = []string{ + "A", + "NS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA", + } + DNSRequestDoc.Fields[6].Name = "class" + DNSRequestDoc.Fields[6].Type = "string" + DNSRequestDoc.Fields[6].Note = "" + DNSRequestDoc.Fields[6].Description = "Class is the class of the DNS request.\n\nUsually it's enough to just leave it as INET." + DNSRequestDoc.Fields[6].Comments[encoder.LineComment] = "Class is the class of the DNS request." + DNSRequestDoc.Fields[6].Values = []string{ + "INET", + "CSNET", + "CHAOS", + "HESIOD", + "NONE", + "ANY", + } + DNSRequestDoc.Fields[7].Name = "retries" + DNSRequestDoc.Fields[7].Type = "int" + DNSRequestDoc.Fields[7].Note = "" + DNSRequestDoc.Fields[7].Description = "Retries is the number of retries for the DNS request" + DNSRequestDoc.Fields[7].Comments[encoder.LineComment] = "Retries is the number of retries for the DNS request" + + DNSRequestDoc.Fields[7].AddExample("Use a retry of 3 to 5 generally", 5) + DNSRequestDoc.Fields[8].Name = "recursion" + DNSRequestDoc.Fields[8].Type = "bool" + DNSRequestDoc.Fields[8].Note = "" + DNSRequestDoc.Fields[8].Description = "Recursion determines if resolver should recurse all records to get fresh results." + DNSRequestDoc.Fields[8].Comments[encoder.LineComment] = "Recursion determines if resolver should recurse all records to get fresh results." + + FILERequestDoc.Type = "file.Request" + FILERequestDoc.Comments[encoder.LineComment] = " Request contains a File matching mechanism for local disk operations." + FILERequestDoc.Description = "Request contains a File matching mechanism for local disk operations." + FILERequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "file", + }, + } + FILERequestDoc.Fields = make([]encoder.Doc, 8) + FILERequestDoc.Fields[0].Name = "matchers" + FILERequestDoc.Fields[0].Type = "[]matchers.Matcher" + FILERequestDoc.Fields[0].Note = "" + FILERequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + FILERequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + FILERequestDoc.Fields[1].Name = "extractors" + FILERequestDoc.Fields[1].Type = "[]extractors.Extractor" + FILERequestDoc.Fields[1].Note = "" + FILERequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + FILERequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + FILERequestDoc.Fields[2].Name = "matchers-condition" + FILERequestDoc.Fields[2].Type = "string" + FILERequestDoc.Fields[2].Note = "" + FILERequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + FILERequestDoc.Fields[3].Name = "extensions" + FILERequestDoc.Fields[3].Type = "[]string" + FILERequestDoc.Fields[3].Note = "" + FILERequestDoc.Fields[3].Description = "Extensions is the list of extensions to perform matching on." + FILERequestDoc.Fields[3].Comments[encoder.LineComment] = "Extensions is the list of extensions to perform matching on." + + FILERequestDoc.Fields[3].AddExample("", []string{".txt", ".go", ".json"}) + FILERequestDoc.Fields[4].Name = "denylist" + FILERequestDoc.Fields[4].Type = "[]string" + FILERequestDoc.Fields[4].Note = "" + FILERequestDoc.Fields[4].Description = "ExtensionDenylist is the list of file extensions to deny during matching.\n\nBy default, it contains some non-interesting extensions that are hardcoded\nin nuclei." + FILERequestDoc.Fields[4].Comments[encoder.LineComment] = "ExtensionDenylist is the list of file extensions to deny during matching." + + FILERequestDoc.Fields[4].AddExample("", []string{".avi", ".mov", ".mp3"}) + FILERequestDoc.Fields[5].Name = "id" + FILERequestDoc.Fields[5].Type = "string" + FILERequestDoc.Fields[5].Note = "" + FILERequestDoc.Fields[5].Description = "ID is the ID of the request" + FILERequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + FILERequestDoc.Fields[6].Name = "max-size" + FILERequestDoc.Fields[6].Type = "int" + FILERequestDoc.Fields[6].Note = "" + FILERequestDoc.Fields[6].Description = "MaxSize is the maximum size of the file to run request on.\n\nBy default, nuclei will process 5MB files and not go more than that.\nIt can be set to much lower or higher depending on use." + FILERequestDoc.Fields[6].Comments[encoder.LineComment] = "MaxSize is the maximum size of the file to run request on." + + FILERequestDoc.Fields[6].AddExample("", 2048) + FILERequestDoc.Fields[7].Name = "no-recursive" + FILERequestDoc.Fields[7].Type = "bool" + FILERequestDoc.Fields[7].Note = "" + FILERequestDoc.Fields[7].Description = "NoRecursive specifies whether to not do recursive checks if folders are provided." + FILERequestDoc.Fields[7].Comments[encoder.LineComment] = "NoRecursive specifies whether to not do recursive checks if folders are provided." + + NETWORKRequestDoc.Type = "network.Request" + NETWORKRequestDoc.Comments[encoder.LineComment] = " Request contains a Network protocol request to be made from a template" + NETWORKRequestDoc.Description = "Request contains a Network protocol request to be made from a template" + NETWORKRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "network", + }, + } + NETWORKRequestDoc.Fields = make([]encoder.Doc, 9) + NETWORKRequestDoc.Fields[0].Name = "id" + NETWORKRequestDoc.Fields[0].Type = "string" + NETWORKRequestDoc.Fields[0].Note = "" + NETWORKRequestDoc.Fields[0].Description = "ID is the ID of the request" + NETWORKRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + NETWORKRequestDoc.Fields[1].Name = "host" + NETWORKRequestDoc.Fields[1].Type = "[]string" + NETWORKRequestDoc.Fields[1].Note = "" + NETWORKRequestDoc.Fields[1].Description = "Address is the address to send requests to.\n\nUsually it's set to `{{Hostname}}`. If you want to enable TLS for\nTCP Connection, you can use `tls://{{Hostname}}`." + NETWORKRequestDoc.Fields[1].Comments[encoder.LineComment] = "Address is the address to send requests to." + + NETWORKRequestDoc.Fields[1].AddExample("", []string{"{{Hostname}}"}) + NETWORKRequestDoc.Fields[2].Name = "attack" + NETWORKRequestDoc.Fields[2].Type = "string" + NETWORKRequestDoc.Fields[2].Note = "" + NETWORKRequestDoc.Fields[2].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + NETWORKRequestDoc.Fields[2].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + NETWORKRequestDoc.Fields[2].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + NETWORKRequestDoc.Fields[3].Name = "payloads" + NETWORKRequestDoc.Fields[3].Type = "map[string]interface{}" + NETWORKRequestDoc.Fields[3].Note = "" + NETWORKRequestDoc.Fields[3].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + NETWORKRequestDoc.Fields[3].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." + NETWORKRequestDoc.Fields[4].Name = "inputs" + NETWORKRequestDoc.Fields[4].Type = "[]network.Input" + NETWORKRequestDoc.Fields[4].Note = "" + NETWORKRequestDoc.Fields[4].Description = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[4].Comments[encoder.LineComment] = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[5].Name = "read-size" + NETWORKRequestDoc.Fields[5].Type = "int" + NETWORKRequestDoc.Fields[5].Note = "" + NETWORKRequestDoc.Fields[5].Description = "ReadSize is the size of response to read at the end\n\nDefault value for read-size is 1024." + NETWORKRequestDoc.Fields[5].Comments[encoder.LineComment] = "ReadSize is the size of response to read at the end" + + NETWORKRequestDoc.Fields[5].AddExample("", 2048) + NETWORKRequestDoc.Fields[6].Name = "matchers" + NETWORKRequestDoc.Fields[6].Type = "[]matchers.Matcher" + NETWORKRequestDoc.Fields[6].Note = "" + NETWORKRequestDoc.Fields[6].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + NETWORKRequestDoc.Fields[6].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + NETWORKRequestDoc.Fields[7].Name = "extractors" + NETWORKRequestDoc.Fields[7].Type = "[]extractors.Extractor" + NETWORKRequestDoc.Fields[7].Note = "" + NETWORKRequestDoc.Fields[7].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + NETWORKRequestDoc.Fields[7].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + NETWORKRequestDoc.Fields[8].Name = "matchers-condition" + NETWORKRequestDoc.Fields[8].Type = "string" + NETWORKRequestDoc.Fields[8].Note = "" + NETWORKRequestDoc.Fields[8].Description = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Values = []string{ + "and", + "or", + } + + NETWORKInputDoc.Type = "network.Input" + NETWORKInputDoc.Comments[encoder.LineComment] = "" + NETWORKInputDoc.Description = "" + NETWORKInputDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "network.Request", + FieldName: "inputs", + }, + } + NETWORKInputDoc.Fields = make([]encoder.Doc, 4) + NETWORKInputDoc.Fields[0].Name = "data" + NETWORKInputDoc.Fields[0].Type = "string" + NETWORKInputDoc.Fields[0].Note = "" + NETWORKInputDoc.Fields[0].Description = "Data is the data to send as the input.\n\nIt supports DSL Helper Functions as well as normal expressions." + NETWORKInputDoc.Fields[0].Comments[encoder.LineComment] = "Data is the data to send as the input." + + NETWORKInputDoc.Fields[0].AddExample("", "TEST") + + NETWORKInputDoc.Fields[0].AddExample("", "hex_decode('50494e47')") + NETWORKInputDoc.Fields[1].Name = "type" + NETWORKInputDoc.Fields[1].Type = "string" + NETWORKInputDoc.Fields[1].Note = "" + NETWORKInputDoc.Fields[1].Description = "Type is the type of input specified in `data` field.\n\nDefault value is text, but hex can be used for hex formatted data." + NETWORKInputDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of input specified in `data` field." + NETWORKInputDoc.Fields[1].Values = []string{ + "hex", + "text", + } + NETWORKInputDoc.Fields[2].Name = "read" + NETWORKInputDoc.Fields[2].Type = "int" + NETWORKInputDoc.Fields[2].Note = "" + NETWORKInputDoc.Fields[2].Description = "Read is the number of bytes to read from socket.\n\nThis can be used for protcols which expected an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this." + NETWORKInputDoc.Fields[2].Comments[encoder.LineComment] = "Read is the number of bytes to read from socket." + + NETWORKInputDoc.Fields[2].AddExample("", 1024) + NETWORKInputDoc.Fields[3].Name = "name" + NETWORKInputDoc.Fields[3].Type = "string" + NETWORKInputDoc.Fields[3].Note = "" + NETWORKInputDoc.Fields[3].Description = "Name is the optional name of the data read to provide matching on." + NETWORKInputDoc.Fields[3].Comments[encoder.LineComment] = "Name is the optional name of the data read to provide matching on." + + NETWORKInputDoc.Fields[3].AddExample("", "prefix") + + HEADLESSRequestDoc.Type = "headless.Request" + HEADLESSRequestDoc.Comments[encoder.LineComment] = " Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.Description = "Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "headless", + }, + } + HEADLESSRequestDoc.Fields = make([]encoder.Doc, 5) + HEADLESSRequestDoc.Fields[0].Name = "id" + HEADLESSRequestDoc.Fields[0].Type = "string" + HEADLESSRequestDoc.Fields[0].Note = "" + HEADLESSRequestDoc.Fields[0].Description = "ID is the ID of the request" + HEADLESSRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + HEADLESSRequestDoc.Fields[1].Name = "steps" + HEADLESSRequestDoc.Fields[1].Type = "[]engine.Action" + HEADLESSRequestDoc.Fields[1].Note = "" + HEADLESSRequestDoc.Fields[1].Description = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[2].Name = "matchers" + HEADLESSRequestDoc.Fields[2].Type = "[]matchers.Matcher" + HEADLESSRequestDoc.Fields[2].Note = "" + HEADLESSRequestDoc.Fields[2].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HEADLESSRequestDoc.Fields[2].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HEADLESSRequestDoc.Fields[3].Name = "extractors" + HEADLESSRequestDoc.Fields[3].Type = "[]extractors.Extractor" + HEADLESSRequestDoc.Fields[3].Note = "" + HEADLESSRequestDoc.Fields[3].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HEADLESSRequestDoc.Fields[4].Name = "matchers-condition" + HEADLESSRequestDoc.Fields[4].Type = "string" + HEADLESSRequestDoc.Fields[4].Note = "" + HEADLESSRequestDoc.Fields[4].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Values = []string{ + "and", + "or", + } + + ENGINEActionDoc.Type = "engine.Action" + ENGINEActionDoc.Comments[encoder.LineComment] = " Action is an action taken by the browser to reach a navigation" + ENGINEActionDoc.Description = "Action is an action taken by the browser to reach a navigation\n\n Each step that the browser executes is an action. Most navigations\n usually start from the ActionLoadURL event, and further navigations\n are discovered on the found page. We also keep track and only\n scrape new navigation from pages we haven't crawled yet." + ENGINEActionDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "headless.Request", + FieldName: "steps", + }, + } + ENGINEActionDoc.Fields = make([]encoder.Doc, 4) + ENGINEActionDoc.Fields[0].Name = "args" + ENGINEActionDoc.Fields[0].Type = "map[string]string" + ENGINEActionDoc.Fields[0].Note = "" + ENGINEActionDoc.Fields[0].Description = "Args contain arguments for the headless action.\nPer action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/)." + ENGINEActionDoc.Fields[0].Comments[encoder.LineComment] = "Args contain arguments for the headless action." + ENGINEActionDoc.Fields[1].Name = "name" + ENGINEActionDoc.Fields[1].Type = "string" + ENGINEActionDoc.Fields[1].Note = "" + ENGINEActionDoc.Fields[1].Description = "Name is the name assigned to the headless action.\n\nThis can be used to execute code, for instance in browser\nDOM using script action, and get the result in a variable\nwhich can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml)." + ENGINEActionDoc.Fields[1].Comments[encoder.LineComment] = "Name is the name assigned to the headless action." + ENGINEActionDoc.Fields[2].Name = "description" + ENGINEActionDoc.Fields[2].Type = "string" + ENGINEActionDoc.Fields[2].Note = "" + ENGINEActionDoc.Fields[2].Description = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[2].Comments[encoder.LineComment] = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[3].Name = "action" + ENGINEActionDoc.Fields[3].Type = "string" + ENGINEActionDoc.Fields[3].Note = "" + ENGINEActionDoc.Fields[3].Description = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Comments[encoder.LineComment] = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Values = []string{ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep", + } + + WORKFLOWSWorkflowTemplateDoc.Type = "workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Comments[encoder.LineComment] = "" + WORKFLOWSWorkflowTemplateDoc.Description = "" + WORKFLOWSWorkflowTemplateDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "workflows", + }, + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "subtemplates", + }, + { + TypeName: "workflows.Matcher", + FieldName: "subtemplates", + }, + } + WORKFLOWSWorkflowTemplateDoc.Fields = make([]encoder.Doc, 4) + WORKFLOWSWorkflowTemplateDoc.Fields[0].Name = "template" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Description = "Template is a single template or directory to execute as part of workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[0].Comments[encoder.LineComment] = "Template is a single template or directory to execute as part of workflow." + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A single template", "dns/worksites-detection.yaml") + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A template directory", "misconfigurations/aem") + WORKFLOWSWorkflowTemplateDoc.Fields[1].Name = "tags" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Description = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[1].Comments[encoder.LineComment] = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Name = "matchers" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Type = "[]workflows.Matcher" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Description = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Comments[encoder.LineComment] = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Name = "subtemplates" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Description = "Subtemplates are ran if the `template` field Template matches." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Comments[encoder.LineComment] = "Subtemplates are ran if the `template` field Template matches." + + WORKFLOWSMatcherDoc.Type = "workflows.Matcher" + WORKFLOWSMatcherDoc.Comments[encoder.LineComment] = "" + WORKFLOWSMatcherDoc.Description = "" + WORKFLOWSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "matchers", + }, + } + WORKFLOWSMatcherDoc.Fields = make([]encoder.Doc, 2) + WORKFLOWSMatcherDoc.Fields[0].Name = "name" + WORKFLOWSMatcherDoc.Fields[0].Type = "string" + WORKFLOWSMatcherDoc.Fields[0].Note = "" + WORKFLOWSMatcherDoc.Fields[0].Description = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[1].Name = "subtemplates" + WORKFLOWSMatcherDoc.Fields[1].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSMatcherDoc.Fields[1].Note = "" + WORKFLOWSMatcherDoc.Fields[1].Description = "Subtemplates are ran if the name of matcher matches." + WORKFLOWSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Subtemplates are ran if the name of matcher matches." +} + +// GetTemplateDoc returns documentation for the file templates_doc.go. +func GetTemplateDoc() *encoder.FileDoc { + return &encoder.FileDoc{ + Name: "Template", + Description: "", + Structs: []*encoder.Doc{ + &TemplateDoc, + &HTTPRequestDoc, + &MATCHERSMatcherDoc, + &EXTRACTORSExtractorDoc, + &DNSRequestDoc, + &FILERequestDoc, + &NETWORKRequestDoc, + &NETWORKInputDoc, + &HEADLESSRequestDoc, + &ENGINEActionDoc, + &WORKFLOWSWorkflowTemplateDoc, + &WORKFLOWSMatcherDoc, + }, + } +} diff --git a/v2/pkg/templates/templates_test.go b/v2/pkg/templates/templates_test.go new file mode 100644 index 00000000..dac8432f --- /dev/null +++ b/v2/pkg/templates/templates_test.go @@ -0,0 +1 @@ +package templates