Add support for template exclusions

2020-08-02 15:48:10 +02:00 · 2020-08-02 15:48:10 +02:00 · 4a355f0fc0
parent c6df7fbd43
commit 4a355f0fc0
2 changed files with 23 additions and 3 deletions
--- a/v2/internal/runner/options.go
+++ b/v2/internal/runner/options.go
@ -13,6 +13,7 @@ import (
 type Options struct {
 	Debug              bool                   // Debug mode allows debugging request/responses for the engine
 	Templates          multiStringFlag        // Signature specifies the template/templates to use
+	ExcludedTemplates  multiStringFlag        // Signature specifies the template/templates to exclude
 	Target             string                 // Target is a single URL/Domain to scan usng a template
 	Targets            string                 // Targets specifies the targets to scan using templates.
 	Threads            int                    // Thread controls the number of concurrent requests to make.
@ -51,7 +52,8 @@ func ParseOptions() *Options {
 	options := &Options{}

 	flag.StringVar(&options.Target, "target", "", "Target is a single target to scan using template")
-	flag.Var(&options.Templates, "t", "Template input file/files to run on host. Can be used multiple times.")
+	flag.Var(&options.Templates, "t", "Template input dir/file/files to run on host. Can be used multiple times. Supports globbing.")
+	flag.Var(&options.ExcludedTemplates, "exclude", "Template input dir/file/files to exclude. Can be used multiple times. Supports globbing.")
 	flag.StringVar(&options.Targets, "l", "", "List of URLs to run templates on")
 	flag.StringVar(&options.Output, "o", "", "File to write output to (optional)")
 	flag.StringVar(&options.ProxyURL, "proxy-url", "", "URL of the proxy server")
--- a/v2/internal/runner/runner.go
+++ b/v2/internal/runner/runner.go
@ -298,8 +298,26 @@ func (r *Runner) getTemplatesFor(definitions []string) []string {
 // RunEnumeration sets up the input layer for giving input nuclei.
 // binary and runs the actual enumeration
 func (r *Runner) RunEnumeration() {
-	// resolves input templates
-	allTemplates := r.getTemplatesFor(r.options.Templates)
+	// resolves input templates definitions and any optional exclusion
+	includedTemplates := r.getTemplatesFor(r.options.Templates)
+	excludedTemplates := r.getTemplatesFor(r.options.ExcludedTemplates)
+	// defaults to all templates
+	allTemplates := includedTemplates
+	if len(excludedTemplates) > 0 {
+		excludedMap := make(map[string]struct{}, len(excludedTemplates))
+		for _, excl := range excludedTemplates {
+			excludedMap[excl] = struct{}{}
+		}
+		// rebuild list with only non-excluded templates
+		allTemplates = []string{}
+		for _, incl := range includedTemplates {
+			if _, found := excludedMap[incl]; !found {
+				allTemplates = append(allTemplates, incl)
+			} else {
+				gologger.Warningf("Excluding '%s'", incl)
+			}
+		}
+	}

 	// 0 matches means no templates were found in directory
 	if len(allTemplates) == 0 {