mirror of https://github.com/daffainfo/nuclei.git
Spelling (#4008)
* spelling: addresses Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: asynchronous Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: basic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: brute force Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: constant Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: engine Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: execution Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: false positives Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: from Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: further Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: highlight Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: hygiene Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignore Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: input Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: item Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: itself Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: latestxxx Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: navigation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: negative Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: occurred Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: override Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: overrides Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: payload Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: performed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: respective Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: retrieve Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scanlist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separated Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: severity Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: source Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: strategy Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: templates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: terminal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: timeout Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing slash Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: websocket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>dev
parent
90a126ca1d
commit
4c1c5301b9
|
@ -25,7 +25,7 @@ jobs:
|
||||||
- name: Check out code
|
- name: Check out code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Go Mod hygine
|
- name: Go Mod hygiene
|
||||||
run: |
|
run: |
|
||||||
go clean -modcache
|
go clean -modcache
|
||||||
go mod tidy
|
go mod tidy
|
||||||
|
|
|
@ -14,7 +14,7 @@ jobs:
|
||||||
- name: Git Checkout
|
- name: Git Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Get Github tag
|
- name: Get GitHub tag
|
||||||
id: meta
|
id: meta
|
||||||
run: |
|
run: |
|
||||||
curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
|
curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
|
||||||
|
|
|
@ -145,7 +145,7 @@ type Exporter interface {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `Gitlab` and `Jira`.
|
Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `GitLab` and `Jira`.
|
||||||
|
|
||||||
Each exporter and trackers implement their own configuration in YAML format and are very modular in nature, so adding new ones is easy.
|
Each exporter and trackers implement their own configuration in YAML format and are very modular in nature, so adding new ones is easy.
|
||||||
|
|
||||||
|
@ -484,7 +484,7 @@ $ go tool pprof -http=:8081 mem.pprof
|
||||||
- [v2/pkg/reporting/exporters/markdown](./v2/pkg/reporting/exporters/markdown) - Markdown Result Exporter
|
- [v2/pkg/reporting/exporters/markdown](./v2/pkg/reporting/exporters/markdown) - Markdown Result Exporter
|
||||||
- [v2/pkg/reporting/exporters/es](./v2/pkg/reporting/exporters/es) - Elasticsearch Result Exporter
|
- [v2/pkg/reporting/exporters/es](./v2/pkg/reporting/exporters/es) - Elasticsearch Result Exporter
|
||||||
- [v2/pkg/reporting/dedupe](./v2/pkg/reporting/dedupe) - Dedupe module for Results
|
- [v2/pkg/reporting/dedupe](./v2/pkg/reporting/dedupe) - Dedupe module for Results
|
||||||
- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - Gitlab Issue Tracker Exporter
|
- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - GitLab Issue Tracker Exporter
|
||||||
- [v2/pkg/reporting/trackers/jira](./v2/pkg/reporting/trackers/jira) - Jira Issue Tracker Exporter
|
- [v2/pkg/reporting/trackers/jira](./v2/pkg/reporting/trackers/jira) - Jira Issue Tracker Exporter
|
||||||
- [v2/pkg/reporting/trackers/github](./v2/pkg/reporting/trackers/github) - GitHub Issue Tracker Exporter
|
- [v2/pkg/reporting/trackers/github](./v2/pkg/reporting/trackers/github) - GitHub Issue Tracker Exporter
|
||||||
- [v2/pkg/reporting/format](./v2/pkg/reporting/format) - Result Formatting Functions
|
- [v2/pkg/reporting/format](./v2/pkg/reporting/format) - Result Formatting Functions
|
||||||
|
|
|
@ -358,7 +358,7 @@ Variables contains any variables for the current request.
|
||||||
</div>
|
</div>
|
||||||
<div class="dt">
|
<div class="dt">
|
||||||
|
|
||||||
Constants contains any scalar costant for the current template
|
Constants contains any scalar constant for the current template
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@ if [ $1 = "-h" ]; then
|
||||||
printf " \$ ./debug.sh http self\n\n"
|
printf " \$ ./debug.sh http self\n\n"
|
||||||
printf "3. To run all integration tests of 'x' protocol that contains 'y' in template name and pass extra args to nuclei:\n"
|
printf "3. To run all integration tests of 'x' protocol that contains 'y' in template name and pass extra args to nuclei:\n"
|
||||||
printf " \$ ./debug.sh http self -svd -debug-req\n\n"
|
printf " \$ ./debug.sh http self -svd -debug-req\n\n"
|
||||||
printf "nuclei binary is created everytime script is run but integration-test binary is not"
|
printf "nuclei binary is created every time script is run but integration-test binary is not"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -11,5 +11,5 @@ workflows:
|
||||||
- template: workflow/http-2.yaml
|
- template: workflow/http-2.yaml
|
||||||
# store cookie in native browser context
|
# store cookie in native browser context
|
||||||
- template: workflow/headless-1.yaml
|
- template: workflow/headless-1.yaml
|
||||||
# retrive 2 standard library cookies + headless cookie
|
# retrieve 2 standard library cookies + headless cookie
|
||||||
- template: workflow/http-3.yaml
|
- template: workflow/http-3.yaml
|
|
@ -1311,7 +1311,7 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"title": "payloads for the webosocket request",
|
"title": "payloads for the websocket request",
|
||||||
"description": "Payloads contains any payloads for the current request"
|
"description": "Payloads contains any payloads for the current request"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -172,7 +172,7 @@ func (h *httpInteractshStopAtFirstMatchRequest) Execute(filePath string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// polling is asyncronous, so the interactions may be retrieved after the first request
|
// polling is asynchronous, so the interactions may be retrieved after the first request
|
||||||
return expectResultsCount(results, 1)
|
return expectResultsCount(results, 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -422,11 +422,11 @@ func printTemplateVersion() {
|
||||||
if fileutil.FolderExists(cfg.CustomS3TemplatesDirectory) {
|
if fileutil.FolderExists(cfg.CustomS3TemplatesDirectory) {
|
||||||
gologger.Info().Msgf("Custom S3 templates location: %s\n", cfg.CustomS3TemplatesDirectory)
|
gologger.Info().Msgf("Custom S3 templates location: %s\n", cfg.CustomS3TemplatesDirectory)
|
||||||
}
|
}
|
||||||
if fileutil.FolderExists(cfg.CustomGithubTemplatesDirectory) {
|
if fileutil.FolderExists(cfg.CustomGitHubTemplatesDirectory) {
|
||||||
gologger.Info().Msgf("Custom Github templates location: %s ", cfg.CustomGithubTemplatesDirectory)
|
gologger.Info().Msgf("Custom GitHub templates location: %s ", cfg.CustomGitHubTemplatesDirectory)
|
||||||
}
|
}
|
||||||
if fileutil.FolderExists(cfg.CustomGitLabTemplatesDirectory) {
|
if fileutil.FolderExists(cfg.CustomGitLabTemplatesDirectory) {
|
||||||
gologger.Info().Msgf("Custom Gitlab templates location: %s ", cfg.CustomGitLabTemplatesDirectory)
|
gologger.Info().Msgf("Custom GitLab templates location: %s ", cfg.CustomGitLabTemplatesDirectory)
|
||||||
}
|
}
|
||||||
if fileutil.FolderExists(cfg.CustomAzureTemplatesDirectory) {
|
if fileutil.FolderExists(cfg.CustomAzureTemplatesDirectory) {
|
||||||
gologger.Info().Msgf("Custom Azure templates location: %s ", cfg.CustomAzureTemplatesDirectory)
|
gologger.Info().Msgf("Custom Azure templates location: %s ", cfg.CustomAzureTemplatesDirectory)
|
||||||
|
|
|
@ -90,7 +90,7 @@ type options struct {
|
||||||
func main() {
|
func main() {
|
||||||
opts := options{}
|
opts := options{}
|
||||||
flagSet := goflags.NewFlagSet()
|
flagSet := goflags.NewFlagSet()
|
||||||
flagSet.SetDescription(`TemplateMan CLI is baisc utility built on the TemplateMan API to standardize nuclei templates.`)
|
flagSet.SetDescription(`TemplateMan CLI is basic utility built on the TemplateMan API to standardize nuclei templates.`)
|
||||||
|
|
||||||
flagSet.CreateGroup("Input", "input",
|
flagSet.CreateGroup("Input", "input",
|
||||||
flagSet.StringVarP(&opts.input, "input", "i", "", "Templates to annotate"),
|
flagSet.StringVarP(&opts.input, "input", "i", "", "Templates to annotate"),
|
||||||
|
|
|
@ -17,7 +17,7 @@ LIMIT=30
|
||||||
BEFORE="30 mins ago"
|
BEFORE="30 mins ago"
|
||||||
WORKFLOW="Build Test"
|
WORKFLOW="Build Test"
|
||||||
|
|
||||||
# You can add multiple patterns seperated by |
|
# You can add multiple patterns separated by |
|
||||||
GREP_ERROR_PATTERN='Test "http/interactsh.yaml" failed'
|
GREP_ERROR_PATTERN='Test "http/interactsh.yaml" failed'
|
||||||
|
|
||||||
#Set fonts for Help.
|
#Set fonts for Help.
|
||||||
|
@ -81,7 +81,7 @@ function retry_failed_jobs() {
|
||||||
select ( .conclusion=="failure" ) |
|
select ( .conclusion=="failure" ) |
|
||||||
select ( .updatedAt > $date) ' --arg date "$date" --arg branch "$BRANCH" --arg workflow "$WORKFLOW" | jq .databaseId)
|
select ( .updatedAt > $date) ' --arg date "$date" --arg branch "$BRANCH" --arg workflow "$WORKFLOW" | jq .databaseId)
|
||||||
|
|
||||||
# convert line seperated by space to array
|
# convert line separated by space to array
|
||||||
eval "arr=($workflowIds)"
|
eval "arr=($workflowIds)"
|
||||||
|
|
||||||
if [[ -z $arr ]]
|
if [[ -z $arr ]]
|
||||||
|
|
|
@ -186,7 +186,7 @@ func (t *TemplateManager) summarizeChanges(old, new map[string]string) *template
|
||||||
// getAbsoluteFilePath returns an absolute path where a file should be written based on given uri(i.e., files in zip)
|
// getAbsoluteFilePath returns an absolute path where a file should be written based on given uri(i.e., files in zip)
|
||||||
// if a returned path is empty, it means that file should not be written and skipped
|
// if a returned path is empty, it means that file should not be written and skipped
|
||||||
func (t *TemplateManager) getAbsoluteFilePath(templateDir, uri string, f fs.FileInfo) string {
|
func (t *TemplateManager) getAbsoluteFilePath(templateDir, uri string, f fs.FileInfo) string {
|
||||||
// overwrite .nuclei-ignore everytime nuclei-templates are downloaded
|
// overwrite .nuclei-ignore every time nuclei-templates are downloaded
|
||||||
if f.Name() == config.NucleiIgnoreFileName {
|
if f.Name() == config.NucleiIgnoreFileName {
|
||||||
return config.DefaultConfig.GetIgnoreFilePath()
|
return config.DefaultConfig.GetIgnoreFilePath()
|
||||||
}
|
}
|
||||||
|
@ -206,7 +206,7 @@ func (t *TemplateManager) getAbsoluteFilePath(templateDir, uri string, f fs.File
|
||||||
gologger.Warning().Msgf("failed to get directory name from uri: %s", uri)
|
gologger.Warning().Msgf("failed to get directory name from uri: %s", uri)
|
||||||
return filepath.Join(templateDir, uri)
|
return filepath.Join(templateDir, uri)
|
||||||
}
|
}
|
||||||
// seperator is also included in rootDir
|
// separator is also included in rootDir
|
||||||
rootDirectory := uri[:index+1]
|
rootDirectory := uri[:index+1]
|
||||||
relPath := strings.TrimPrefix(uri, rootDirectory)
|
relPath := strings.TrimPrefix(uri, rootDirectory)
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ func TestTemplateInstallation(t *testing.T) {
|
||||||
|
|
||||||
// we should have at least 1000 templates
|
// we should have at least 1000 templates
|
||||||
require.Greater(t, counter, 1000)
|
require.Greater(t, counter, 1000)
|
||||||
// everytime we install templates, it should override the ignore file with latest one
|
// every time we install templates, it should override the ignore file with latest one
|
||||||
require.FileExists(t, config.DefaultConfig.GetIgnoreFilePath())
|
require.FileExists(t, config.DefaultConfig.GetIgnoreFilePath())
|
||||||
t.Logf("Installed %d templates", counter)
|
t.Logf("Installed %d templates", counter)
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,7 @@ func GetNewTemplatesInVersions(versions ...string) []string {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
arr, err := getNewAdditionsFileFromGithub(v)
|
arr, err := getNewAdditionsFileFromGitHub(v)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gologger.Error().Msgf("failed to fetch new additions for %v got: %v", v, err)
|
gologger.Error().Msgf("failed to fetch new additions for %v got: %v", v, err)
|
||||||
continue
|
continue
|
||||||
|
@ -46,7 +46,7 @@ func GetNewTemplatesInVersions(versions ...string) []string {
|
||||||
return allTemplates
|
return allTemplates
|
||||||
}
|
}
|
||||||
|
|
||||||
func getNewAdditionsFileFromGithub(version string) ([]string, error) {
|
func getNewAdditionsFileFromGitHub(version string) ([]string, error) {
|
||||||
resp, err := retryableHttpClient.Get(fmt.Sprintf("https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/%s/.new-additions", version))
|
resp, err := retryableHttpClient.Get(fmt.Sprintf("https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/%s/.new-additions", version))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -375,8 +375,8 @@ func (r *Runner) addCloudDataSource(source string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
case "github":
|
case "github":
|
||||||
for _, repo := range r.options.GithubTemplateRepo {
|
for _, repo := range r.options.GitHubTemplateRepo {
|
||||||
if _, err := r.processDataSourceItem(repo, r.options.GithubToken, "github"); err != nil {
|
if _, err := r.processDataSourceItem(repo, r.options.GitHubToken, "github"); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,9 +80,9 @@ func ParseOptions(options *types.Options) {
|
||||||
gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)
|
gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set Github token in env variable. runner.getGHClientWithToken() reads token from env
|
// Set GitHub token in env variable. runner.getGHClientWithToken() reads token from env
|
||||||
if options.GithubToken != "" && os.Getenv("GITHUB_TOKEN") != options.GithubToken {
|
if options.GitHubToken != "" && os.Getenv("GITHUB_TOKEN") != options.GitHubToken {
|
||||||
os.Setenv("GITHUB_TOKEN", options.GithubToken)
|
os.Setenv("GITHUB_TOKEN", options.GitHubToken)
|
||||||
}
|
}
|
||||||
|
|
||||||
if options.UncoverQuery != nil {
|
if options.UncoverQuery != nil {
|
||||||
|
@ -203,7 +203,7 @@ func validateCloudOptions(options *types.Options) error {
|
||||||
case "s3":
|
case "s3":
|
||||||
missing = validateMissingS3Options(options)
|
missing = validateMissingS3Options(options)
|
||||||
case "github":
|
case "github":
|
||||||
missing = validateMissingGithubOptions(options)
|
missing = validateMissingGitHubOptions(options)
|
||||||
case "gitlab":
|
case "gitlab":
|
||||||
missing = validateMissingGitLabOptions(options)
|
missing = validateMissingGitLabOptions(options)
|
||||||
case "azure":
|
case "azure":
|
||||||
|
@ -253,12 +253,12 @@ func validateMissingAzureOptions(options *types.Options) []string {
|
||||||
return missing
|
return missing
|
||||||
}
|
}
|
||||||
|
|
||||||
func validateMissingGithubOptions(options *types.Options) []string {
|
func validateMissingGitHubOptions(options *types.Options) []string {
|
||||||
var missing []string
|
var missing []string
|
||||||
if options.GithubToken == "" {
|
if options.GitHubToken == "" {
|
||||||
missing = append(missing, "GITHUB_TOKEN")
|
missing = append(missing, "GITHUB_TOKEN")
|
||||||
}
|
}
|
||||||
if len(options.GithubTemplateRepo) == 0 {
|
if len(options.GitHubTemplateRepo) == 0 {
|
||||||
missing = append(missing, "GITHUB_TEMPLATE_REPO")
|
missing = append(missing, "GITHUB_TEMPLATE_REPO")
|
||||||
}
|
}
|
||||||
return missing
|
return missing
|
||||||
|
@ -360,10 +360,10 @@ func readEnvInputVars(options *types.Options) {
|
||||||
}
|
}
|
||||||
options.CloudAPIKey = os.Getenv("NUCLEI_CLOUD_API")
|
options.CloudAPIKey = os.Getenv("NUCLEI_CLOUD_API")
|
||||||
|
|
||||||
options.GithubToken = os.Getenv("GITHUB_TOKEN")
|
options.GitHubToken = os.Getenv("GITHUB_TOKEN")
|
||||||
repolist := os.Getenv("GITHUB_TEMPLATE_REPO")
|
repolist := os.Getenv("GITHUB_TEMPLATE_REPO")
|
||||||
if repolist != "" {
|
if repolist != "" {
|
||||||
options.GithubTemplateRepo = append(options.GithubTemplateRepo, stringsutil.SplitAny(repolist, ",")...)
|
options.GitHubTemplateRepo = append(options.GitHubTemplateRepo, stringsutil.SplitAny(repolist, ",")...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GitLab options for downloading templates from a repository
|
// GitLab options for downloading templates from a repository
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
proxyutils "github.com/projectdiscovery/utils/proxy"
|
proxyutils "github.com/projectdiscovery/utils/proxy"
|
||||||
)
|
)
|
||||||
|
|
||||||
// loadProxyServers load list of proxy servers from file or comma seperated
|
// loadProxyServers load list of proxy servers from file or comma separated
|
||||||
func loadProxyServers(options *types.Options) error {
|
func loadProxyServers(options *types.Options) error {
|
||||||
if len(options.Proxy) == 0 {
|
if len(options.Proxy) == 0 {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -57,7 +57,7 @@ func (r *Runner) listAvailableStoreTemplates(store *loader.Store) {
|
||||||
path = aurora.Cyan(tpl.Path).String()
|
path = aurora.Cyan(tpl.Path).String()
|
||||||
tplBody, err = r.highlightTemplate(&tplBody)
|
tplBody, err = r.highlightTemplate(&tplBody)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gologger.Error().Msgf("Could not hihglight the template %s: %s", tpl.Path, err)
|
gologger.Error().Msgf("Could not highlight the template %s: %s", tpl.Path, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ func (r *Runner) listAvailableStoreTemplates(store *loader.Store) {
|
||||||
|
|
||||||
func (r *Runner) highlightTemplate(body *[]byte) ([]byte, error) {
|
func (r *Runner) highlightTemplate(body *[]byte) ([]byte, error) {
|
||||||
var buf bytes.Buffer
|
var buf bytes.Buffer
|
||||||
// YAML lexer, true color terminar formatter and monokai style
|
// YAML lexer, true color terminal formatter and monokai style
|
||||||
err := quick.Highlight(&buf, string(*body), "yaml", "terminal16m", "monokai")
|
err := quick.Highlight(&buf, string(*body), "yaml", "terminal16m", "monokai")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -129,7 +129,7 @@ func (c Catalog) ResolvePath(templateName, second string) (string, error) {
|
||||||
|
|
||||||
// if c second path is given, it's c folder and we join the two and check against keys
|
// if c second path is given, it's c folder and we join the two and check against keys
|
||||||
if second != "" {
|
if second != "" {
|
||||||
// Note: Do not replace `path` with `filepath` since filepath is aware of Os path seperator
|
// Note: Do not replace `path` with `filepath` since filepath is aware of Os path separator
|
||||||
// and we only see `/` in s3 paths changing it to filepath cause build fail and other errors
|
// and we only see `/` in s3 paths changing it to filepath cause build fail and other errors
|
||||||
target := path.Join(path.Dir(second), templateName)
|
target := path.Join(path.Dir(second), templateName)
|
||||||
for _, key := range keys {
|
for _, key := range keys {
|
||||||
|
|
|
@ -141,7 +141,7 @@ func TestCatalog_OpenFile(t *testing.T) {
|
||||||
false,
|
false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"non-existent key",
|
"nonexistent key",
|
||||||
"something/that-doesnt-exist.yaml",
|
"something/that-doesnt-exist.yaml",
|
||||||
true,
|
true,
|
||||||
},
|
},
|
||||||
|
|
|
@ -20,7 +20,7 @@ const (
|
||||||
Version = `v2.9.10`
|
Version = `v2.9.10`
|
||||||
// Directory Names of custom templates
|
// Directory Names of custom templates
|
||||||
CustomS3TemplatesDirName = "s3"
|
CustomS3TemplatesDirName = "s3"
|
||||||
CustomGithubTemplatesDirName = "github"
|
CustomGitHubTemplatesDirName = "github"
|
||||||
CustomAzureTemplatesDirName = "azure"
|
CustomAzureTemplatesDirName = "azure"
|
||||||
CustomGitLabTemplatesDirName = "gitlab"
|
CustomGitLabTemplatesDirName = "gitlab"
|
||||||
)
|
)
|
||||||
|
|
|
@ -23,16 +23,16 @@ type Config struct {
|
||||||
TemplatesDirectory string `json:"nuclei-templates-directory,omitempty"`
|
TemplatesDirectory string `json:"nuclei-templates-directory,omitempty"`
|
||||||
|
|
||||||
// customtemplates exists in templates directory with the name of custom-templates provider
|
// customtemplates exists in templates directory with the name of custom-templates provider
|
||||||
// below custom paths are absolute paths to respecitive custom-templates directories
|
// below custom paths are absolute paths to respective custom-templates directories
|
||||||
CustomS3TemplatesDirectory string `json:"custom-s3-templates-directory"`
|
CustomS3TemplatesDirectory string `json:"custom-s3-templates-directory"`
|
||||||
CustomGithubTemplatesDirectory string `json:"custom-github-templates-directory"`
|
CustomGitHubTemplatesDirectory string `json:"custom-github-templates-directory"`
|
||||||
CustomGitLabTemplatesDirectory string `json:"custom-gitlab-templates-directory"`
|
CustomGitLabTemplatesDirectory string `json:"custom-gitlab-templates-directory"`
|
||||||
CustomAzureTemplatesDirectory string `json:"custom-azure-templates-directory"`
|
CustomAzureTemplatesDirectory string `json:"custom-azure-templates-directory"`
|
||||||
|
|
||||||
TemplateVersion string `json:"nuclei-templates-version,omitempty"`
|
TemplateVersion string `json:"nuclei-templates-version,omitempty"`
|
||||||
NucleiIgnoreHash string `json:"nuclei-ignore-hash,omitempty"`
|
NucleiIgnoreHash string `json:"nuclei-ignore-hash,omitempty"`
|
||||||
|
|
||||||
// Latestxxx are not meant to be used directly and is used as
|
// LatestXXX are not meant to be used directly and is used as
|
||||||
// local cache of nuclei version check endpoint
|
// local cache of nuclei version check endpoint
|
||||||
// these fields are only update during nuclei version check
|
// these fields are only update during nuclei version check
|
||||||
// TODO: move these fields to a separate unexported struct as they are not meant to be used directly
|
// TODO: move these fields to a separate unexported struct as they are not meant to be used directly
|
||||||
|
@ -83,7 +83,7 @@ func (c *Config) NeedsTemplateUpdate() bool {
|
||||||
return !c.disableUpdates && (c.TemplateVersion == "" || IsOutdatedVersion(c.TemplateVersion, c.LatestNucleiTemplatesVersion) || !fileutil.FolderExists(c.TemplatesDirectory))
|
return !c.disableUpdates && (c.TemplateVersion == "" || IsOutdatedVersion(c.TemplateVersion, c.LatestNucleiTemplatesVersion) || !fileutil.FolderExists(c.TemplatesDirectory))
|
||||||
}
|
}
|
||||||
|
|
||||||
// NeedsIngoreFileUpdate returns true if Ignore file hash is different (aka ignore file is outdated)
|
// NeedsIgnoreFileUpdate returns true if Ignore file hash is different (aka ignore file is outdated)
|
||||||
func (c *Config) NeedsIgnoreFileUpdate() bool {
|
func (c *Config) NeedsIgnoreFileUpdate() bool {
|
||||||
return c.NucleiIgnoreHash == "" || c.NucleiIgnoreHash != c.LatestNucleiIgnoreHash
|
return c.NucleiIgnoreHash == "" || c.NucleiIgnoreHash != c.LatestNucleiIgnoreHash
|
||||||
}
|
}
|
||||||
|
@ -111,7 +111,7 @@ func (c *Config) GetConfigDir() string {
|
||||||
|
|
||||||
// GetAllCustomTemplateDirs returns all custom template directories
|
// GetAllCustomTemplateDirs returns all custom template directories
|
||||||
func (c *Config) GetAllCustomTemplateDirs() []string {
|
func (c *Config) GetAllCustomTemplateDirs() []string {
|
||||||
return []string{c.CustomS3TemplatesDirectory, c.CustomGithubTemplatesDirectory, c.CustomGitLabTemplatesDirectory, c.CustomAzureTemplatesDirectory}
|
return []string{c.CustomS3TemplatesDirectory, c.CustomGitHubTemplatesDirectory, c.CustomGitLabTemplatesDirectory, c.CustomAzureTemplatesDirectory}
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetReportingConfigFilePath returns the nuclei reporting config file path
|
// GetReportingConfigFilePath returns the nuclei reporting config file path
|
||||||
|
@ -188,7 +188,7 @@ func (c *Config) SetTemplatesDir(dirPath string) {
|
||||||
}
|
}
|
||||||
c.TemplatesDirectory = dirPath
|
c.TemplatesDirectory = dirPath
|
||||||
// Update the custom templates directory
|
// Update the custom templates directory
|
||||||
c.CustomGithubTemplatesDirectory = filepath.Join(dirPath, CustomGithubTemplatesDirName)
|
c.CustomGitHubTemplatesDirectory = filepath.Join(dirPath, CustomGitHubTemplatesDirName)
|
||||||
c.CustomS3TemplatesDirectory = filepath.Join(dirPath, CustomS3TemplatesDirName)
|
c.CustomS3TemplatesDirectory = filepath.Join(dirPath, CustomS3TemplatesDirName)
|
||||||
c.CustomGitLabTemplatesDirectory = filepath.Join(dirPath, CustomGitLabTemplatesDirName)
|
c.CustomGitLabTemplatesDirectory = filepath.Join(dirPath, CustomGitLabTemplatesDirName)
|
||||||
c.CustomAzureTemplatesDirectory = filepath.Join(dirPath, CustomAzureTemplatesDirName)
|
c.CustomAzureTemplatesDirectory = filepath.Join(dirPath, CustomAzureTemplatesDirName)
|
||||||
|
|
|
@ -48,7 +48,7 @@ func (c *DiskCatalog) GetTemplatesPath(definitions []string) ([]string, map[stri
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// purge all falsepositivies
|
// purge all false positives
|
||||||
filteredTemplates := []string{}
|
filteredTemplates := []string{}
|
||||||
for _, v := range allTemplates {
|
for _, v := range allTemplates {
|
||||||
// TODO: this is a temporary fix to avoid treating these files as templates
|
// TODO: this is a temporary fix to avoid treating these files as templates
|
||||||
|
@ -129,7 +129,7 @@ func (c *DiskCatalog) convertPathToAbsolute(t string) (string, error) {
|
||||||
|
|
||||||
// findGlobPathMatches returns the matched files from a glob path
|
// findGlobPathMatches returns the matched files from a glob path
|
||||||
func (c *DiskCatalog) findGlobPathMatches(absPath string, processed map[string]struct{}) ([]string, error) {
|
func (c *DiskCatalog) findGlobPathMatches(absPath string, processed map[string]struct{}) ([]string, error) {
|
||||||
// to support globbing on old paths we use bruteforce to find matches with exit on first match
|
// to support globbing on old paths we use brute force to find matches with exit on first match
|
||||||
// trim templateDir if any
|
// trim templateDir if any
|
||||||
relPath := strings.TrimPrefix(absPath, c.templatesDirectory)
|
relPath := strings.TrimPrefix(absPath, c.templatesDirectory)
|
||||||
// trim leading slash if any
|
// trim leading slash if any
|
||||||
|
|
|
@ -89,7 +89,7 @@ func BackwardsCompatiblePaths(templateDir string, oldPath string) string {
|
||||||
// trim the template directory from the path
|
// trim the template directory from the path
|
||||||
return newPathCallback(tmp)
|
return newPathCallback(tmp)
|
||||||
case strings.Contains(oldPath, urlutil.SchemeSeparator):
|
case strings.Contains(oldPath, urlutil.SchemeSeparator):
|
||||||
// scheme seperator is used to identify the path as url
|
// scheme separator is used to identify the path as url
|
||||||
// TBD: add support for url directories ??
|
// TBD: add support for url directories ??
|
||||||
return oldPath
|
return oldPath
|
||||||
case strings.Contains(oldPath, "*"):
|
case strings.Contains(oldPath, "*"):
|
||||||
|
|
|
@ -59,7 +59,7 @@ type Store struct {
|
||||||
preprocessor templates.Preprocessor
|
preprocessor templates.Preprocessor
|
||||||
|
|
||||||
// NotFoundCallback is called for each not found template
|
// NotFoundCallback is called for each not found template
|
||||||
// This overrides error handling for not found templatesss
|
// This overrides error handling for not found templates
|
||||||
NotFoundCallback func(template string) bool
|
NotFoundCallback func(template string) bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -187,7 +187,7 @@ func (store *Store) ValidateTemplates() error {
|
||||||
if areTemplatesValid(store, filteredTemplatePaths) && areWorkflowsValid(store, filteredWorkflowPaths) {
|
if areTemplatesValid(store, filteredTemplatePaths) && areWorkflowsValid(store, filteredWorkflowPaths) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return errors.New("errors occured during template validation")
|
return errors.New("errors occurred during template validation")
|
||||||
}
|
}
|
||||||
|
|
||||||
func areWorkflowsValid(store *Store, filteredWorkflowPaths map[string]struct{}) bool {
|
func areWorkflowsValid(store *Store, filteredWorkflowPaths map[string]struct{}) bool {
|
||||||
|
|
|
@ -29,7 +29,7 @@ func (e *Engine) ExecuteWithResults(templatesList []*templates.Template, target
|
||||||
return e.ExecuteScanWithOpts(templatesList, target, false)
|
return e.ExecuteScanWithOpts(templatesList, target, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ExecuteScanWithOpts executes scan with given scanStatergy
|
// ExecuteScanWithOpts executes scan with given scanStrategy
|
||||||
func (e *Engine) ExecuteScanWithOpts(templatesList []*templates.Template, target InputProvider, noCluster bool) *atomic.Bool {
|
func (e *Engine) ExecuteScanWithOpts(templatesList []*templates.Template, target InputProvider, noCluster bool) *atomic.Bool {
|
||||||
results := &atomic.Bool{}
|
results := &atomic.Bool{}
|
||||||
selfcontainedWg := &sync.WaitGroup{}
|
selfcontainedWg := &sync.WaitGroup{}
|
||||||
|
|
|
@ -277,7 +277,7 @@ func (i *Input) setItem(metaInput *contextargs.MetaInput) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// setHostMapStream sets iteam in stream mode
|
// setHostMapStream sets item in stream mode
|
||||||
func (i *Input) setHostMapStream(data string) {
|
func (i *Input) setHostMapStream(data string) {
|
||||||
if _, err := i.hostMapStream.Merge([][]byte{[]byte(data)}); err != nil {
|
if _, err := i.hostMapStream.Merge([][]byte{[]byte(data)}); err != nil {
|
||||||
gologger.Warning().Msgf("%s\n", err)
|
gologger.Warning().Msgf("%s\n", err)
|
||||||
|
|
|
@ -17,9 +17,9 @@ import (
|
||||||
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
|
"gopkg.in/src-d/go-git.v4/plumbing/transport/http"
|
||||||
)
|
)
|
||||||
|
|
||||||
var _ Provider = &customTemplateGithubRepo{}
|
var _ Provider = &customTemplateGitHubRepo{}
|
||||||
|
|
||||||
type customTemplateGithubRepo struct {
|
type customTemplateGitHubRepo struct {
|
||||||
owner string
|
owner string
|
||||||
reponame string
|
reponame string
|
||||||
gitCloneURL string
|
gitCloneURL string
|
||||||
|
@ -27,8 +27,8 @@ type customTemplateGithubRepo struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// This function download the custom github template repository
|
// This function download the custom github template repository
|
||||||
func (customTemplate *customTemplateGithubRepo) Download(ctx context.Context) {
|
func (customTemplate *customTemplateGitHubRepo) Download(ctx context.Context) {
|
||||||
clonePath := customTemplate.getLocalRepoClonePath(config.DefaultConfig.CustomGithubTemplatesDirectory)
|
clonePath := customTemplate.getLocalRepoClonePath(config.DefaultConfig.CustomGitHubTemplatesDirectory)
|
||||||
|
|
||||||
if !fileutil.FolderExists(clonePath) {
|
if !fileutil.FolderExists(clonePath) {
|
||||||
err := customTemplate.cloneRepo(clonePath, customTemplate.githubToken)
|
err := customTemplate.cloneRepo(clonePath, customTemplate.githubToken)
|
||||||
|
@ -41,8 +41,8 @@ func (customTemplate *customTemplateGithubRepo) Download(ctx context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (customTemplate *customTemplateGithubRepo) Update(ctx context.Context) {
|
func (customTemplate *customTemplateGitHubRepo) Update(ctx context.Context) {
|
||||||
downloadPath := config.DefaultConfig.CustomGithubTemplatesDirectory
|
downloadPath := config.DefaultConfig.CustomGitHubTemplatesDirectory
|
||||||
clonePath := customTemplate.getLocalRepoClonePath(downloadPath)
|
clonePath := customTemplate.getLocalRepoClonePath(downloadPath)
|
||||||
|
|
||||||
// If folder does not exits then clone/download the repo
|
// If folder does not exits then clone/download the repo
|
||||||
|
@ -58,31 +58,31 @@ func (customTemplate *customTemplateGithubRepo) Update(ctx context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewGithubProviders returns new instance of GitHub providers for downloading custom templates
|
// NewGitHubProviders returns new instance of GitHub providers for downloading custom templates
|
||||||
func NewGithubProviders(options *types.Options) ([]*customTemplateGithubRepo, error) {
|
func NewGitHubProviders(options *types.Options) ([]*customTemplateGitHubRepo, error) {
|
||||||
providers := []*customTemplateGithubRepo{}
|
providers := []*customTemplateGitHubRepo{}
|
||||||
gitHubClient := getGHClientIncognito()
|
gitHubClient := getGHClientIncognito()
|
||||||
|
|
||||||
if options.GitHubTemplateDisableDownload {
|
if options.GitHubTemplateDisableDownload {
|
||||||
return providers, nil
|
return providers, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, repoName := range options.GithubTemplateRepo {
|
for _, repoName := range options.GitHubTemplateRepo {
|
||||||
owner, repo, err := getOwnerAndRepo(repoName)
|
owner, repo, err := getOwnerAndRepo(repoName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gologger.Error().Msgf("%s", err)
|
gologger.Error().Msgf("%s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
githubRepo, err := getGithubRepo(gitHubClient, owner, repo, options.GithubToken)
|
githubRepo, err := getGitHubRepo(gitHubClient, owner, repo, options.GitHubToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
gologger.Error().Msgf("%s", err)
|
gologger.Error().Msgf("%s", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
customTemplateRepo := &customTemplateGithubRepo{
|
customTemplateRepo := &customTemplateGitHubRepo{
|
||||||
owner: owner,
|
owner: owner,
|
||||||
reponame: repo,
|
reponame: repo,
|
||||||
gitCloneURL: githubRepo.GetCloneURL(),
|
gitCloneURL: githubRepo.GetCloneURL(),
|
||||||
githubToken: options.GithubToken,
|
githubToken: options.GitHubToken,
|
||||||
}
|
}
|
||||||
providers = append(providers, customTemplateRepo)
|
providers = append(providers, customTemplateRepo)
|
||||||
}
|
}
|
||||||
|
@ -104,7 +104,7 @@ func getOwnerAndRepo(reponame string) (owner string, repo string, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// returns *github.Repository if passed github repo name
|
// returns *github.Repository if passed github repo name
|
||||||
func getGithubRepo(gitHubClient *github.Client, repoOwner, repoName, githubToken string) (*github.Repository, error) {
|
func getGitHubRepo(gitHubClient *github.Client, repoOwner, repoName, githubToken string) (*github.Repository, error) {
|
||||||
var retried bool
|
var retried bool
|
||||||
getRepo:
|
getRepo:
|
||||||
repo, _, err := gitHubClient.Repositories.Get(context.Background(), repoOwner, repoName)
|
repo, _, err := gitHubClient.Repositories.Get(context.Background(), repoOwner, repoName)
|
||||||
|
@ -123,7 +123,7 @@ getRepo:
|
||||||
}
|
}
|
||||||
|
|
||||||
// download the git repo to a given path
|
// download the git repo to a given path
|
||||||
func (ctr *customTemplateGithubRepo) cloneRepo(clonePath, githubToken string) error {
|
func (ctr *customTemplateGitHubRepo) cloneRepo(clonePath, githubToken string) error {
|
||||||
r, err := git.PlainClone(clonePath, false, &git.CloneOptions{
|
r, err := git.PlainClone(clonePath, false, &git.CloneOptions{
|
||||||
URL: ctr.gitCloneURL,
|
URL: ctr.gitCloneURL,
|
||||||
Auth: getAuth(ctr.owner, githubToken),
|
Auth: getAuth(ctr.owner, githubToken),
|
||||||
|
@ -138,7 +138,7 @@ func (ctr *customTemplateGithubRepo) cloneRepo(clonePath, githubToken string) er
|
||||||
}
|
}
|
||||||
|
|
||||||
// performs the git pull on given repo
|
// performs the git pull on given repo
|
||||||
func (ctr *customTemplateGithubRepo) pullChanges(repoPath, githubToken string) error {
|
func (ctr *customTemplateGitHubRepo) pullChanges(repoPath, githubToken string) error {
|
||||||
r, err := git.PlainOpen(repoPath)
|
r, err := git.PlainOpen(repoPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -155,7 +155,7 @@ func (ctr *customTemplateGithubRepo) pullChanges(repoPath, githubToken string) e
|
||||||
}
|
}
|
||||||
|
|
||||||
// All Custom github repos are cloned in the format of 'reponame-owner' for uniqueness
|
// All Custom github repos are cloned in the format of 'reponame-owner' for uniqueness
|
||||||
func (ctr *customTemplateGithubRepo) getLocalRepoClonePath(downloadPath string) string {
|
func (ctr *customTemplateGitHubRepo) getLocalRepoClonePath(downloadPath string) string {
|
||||||
return filepath.Join(downloadPath, ctr.reponame+"-"+ctr.owner)
|
return filepath.Join(downloadPath, ctr.reponame+"-"+ctr.owner)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,8 +22,8 @@ func TestDownloadCustomTemplatesFromGitHub(t *testing.T) {
|
||||||
config.DefaultConfig.SetTemplatesDir(templatesDirectory)
|
config.DefaultConfig.SetTemplatesDir(templatesDirectory)
|
||||||
|
|
||||||
options := testutils.DefaultOptions
|
options := testutils.DefaultOptions
|
||||||
options.GithubTemplateRepo = []string{"projectdiscovery/nuclei-templates", "ehsandeep/nuclei-templates"}
|
options.GitHubTemplateRepo = []string{"projectdiscovery/nuclei-templates", "ehsandeep/nuclei-templates"}
|
||||||
options.GithubToken = os.Getenv("GITHUB_TOKEN")
|
options.GitHubToken = os.Getenv("GITHUB_TOKEN")
|
||||||
|
|
||||||
ctm, err := NewCustomTemplatesManager(options)
|
ctm, err := NewCustomTemplatesManager(options)
|
||||||
require.Nil(t, err, "could not create custom templates manager")
|
require.Nil(t, err, "could not create custom templates manager")
|
||||||
|
|
|
@ -21,8 +21,8 @@ type customTemplateGitLabRepo struct {
|
||||||
projectIDs []int
|
projectIDs []int
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewGitlabProviders returns a new list of GitLab providers for downloading custom templates
|
// NewGitLabProviders returns a new list of GitLab providers for downloading custom templates
|
||||||
func NewGitlabProviders(options *types.Options) ([]*customTemplateGitLabRepo, error) {
|
func NewGitLabProviders(options *types.Options) ([]*customTemplateGitLabRepo, error) {
|
||||||
providers := []*customTemplateGitLabRepo{}
|
providers := []*customTemplateGitLabRepo{}
|
||||||
if options.GitLabToken != "" && !options.GitLabTemplateDisableDownload {
|
if options.GitLabToken != "" && !options.GitLabTemplateDisableDownload {
|
||||||
// Establish a connection to GitLab and build a client object with which to download templates from GitLab
|
// Establish a connection to GitLab and build a client object with which to download templates from GitLab
|
||||||
|
|
|
@ -41,7 +41,7 @@ func NewCustomTemplatesManager(options *types.Options) (*CustomTemplatesManager,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add GitHub providers
|
// Add GitHub providers
|
||||||
githubProviders, err := NewGithubProviders(options)
|
githubProviders, err := NewGitHubProviders(options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errorutil.NewWithErr(err).Msgf("could not create github providers for custom templates")
|
return nil, errorutil.NewWithErr(err).Msgf("could not create github providers for custom templates")
|
||||||
}
|
}
|
||||||
|
@ -68,7 +68,7 @@ func NewCustomTemplatesManager(options *types.Options) (*CustomTemplatesManager,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add GitLab providers
|
// Add GitLab providers
|
||||||
gitlabProviders, err := NewGitlabProviders(options)
|
gitlabProviders, err := NewGitLabProviders(options)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errorutil.NewWithErr(err).Msgf("could not create gitlab providers for custom templates")
|
return nil, errorutil.NewWithErr(err).Msgf("could not create gitlab providers for custom templates")
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ type Helper struct {
|
||||||
InputsHTTP *hybrid.HybridMap
|
InputsHTTP *hybrid.HybridMap
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHelper returns a new inpt helper instance
|
// NewHelper returns a new input helper instance
|
||||||
func NewHelper() *Helper {
|
func NewHelper() *Helper {
|
||||||
helper := &Helper{}
|
helper := &Helper{}
|
||||||
return helper
|
return helper
|
||||||
|
|
|
@ -70,7 +70,7 @@ func TestLoadTemplate(t *testing.T) {
|
||||||
expectedErr: errors.New("field 'severity' is missing"),
|
expectedErr: errors.New("field 'severity' is missing"),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "template-without-serverity-with-correct-filter-id",
|
name: "template-without-severity-with-correct-filter-id",
|
||||||
template: &templates.Template{
|
template: &templates.Template{
|
||||||
ID: "CVE-2021-27330",
|
ID: "CVE-2021-27330",
|
||||||
Info: model.Info{
|
Info: model.Info{
|
||||||
|
@ -84,7 +84,7 @@ func TestLoadTemplate(t *testing.T) {
|
||||||
filter: filter.Config{IncludeIds: []string{"CVE-2021-27330"}},
|
filter: filter.Config{IncludeIds: []string{"CVE-2021-27330"}},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "template-without-serverity-with-diff-filter-id",
|
name: "template-without-severity-with-diff-filter-id",
|
||||||
template: &templates.Template{
|
template: &templates.Template{
|
||||||
ID: "CVE-2021-27330",
|
ID: "CVE-2021-27330",
|
||||||
Info: model.Info{
|
Info: model.Info{
|
||||||
|
|
|
@ -14,5 +14,5 @@
|
||||||
// detection.
|
// detection.
|
||||||
//
|
//
|
||||||
// The logic is very simple and can be further improved to increase the coverage of
|
// The logic is very simple and can be further improved to increase the coverage of
|
||||||
// this mode of nuclei exection.
|
// this mode of nuclei execution.
|
||||||
package automaticscan
|
package automaticscan
|
||||||
|
|
|
@ -75,7 +75,7 @@ func urlsafeBase64Encode(data []byte) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateCommonsCollections40Payload generates org.apache.commons:commons-collections4:4.0
|
// generateCommonsCollections40Payload generates org.apache.commons:commons-collections4:4.0
|
||||||
// deserialization paylaod for a command.
|
// deserialization payload for a command.
|
||||||
func generateCommonsCollections40Payload(cmd string) []byte {
|
func generateCommonsCollections40Payload(cmd string) []byte {
|
||||||
buffer := &bytes.Buffer{}
|
buffer := &bytes.Buffer{}
|
||||||
|
|
||||||
|
@ -90,7 +90,7 @@ func generateCommonsCollections40Payload(cmd string) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateCommonsCollections440PPayload generates commons-collections 3.1
|
// generateCommonsCollections440PPayload generates commons-collections 3.1
|
||||||
// deserialization paylaod for a command.
|
// deserialization payload for a command.
|
||||||
func generateCommonsCollections31Payload(cmd string) []byte {
|
func generateCommonsCollections31Payload(cmd string) []byte {
|
||||||
buffer := &bytes.Buffer{}
|
buffer := &bytes.Buffer{}
|
||||||
|
|
||||||
|
@ -105,7 +105,7 @@ func generateCommonsCollections31Payload(cmd string) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateGroovy1Payload generates org.codehaus.groovy:groovy:2.3.9
|
// generateGroovy1Payload generates org.codehaus.groovy:groovy:2.3.9
|
||||||
// deserialization paylaod for a command.
|
// deserialization payload for a command.
|
||||||
func generateGroovy1Payload(cmd string) []byte {
|
func generateGroovy1Payload(cmd string) []byte {
|
||||||
buffer := &bytes.Buffer{}
|
buffer := &bytes.Buffer{}
|
||||||
|
|
||||||
|
@ -119,7 +119,7 @@ func generateGroovy1Payload(cmd string) []byte {
|
||||||
return buffer.Bytes()
|
return buffer.Bytes()
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateDNSPayload generates DNS interaction deserialization paylaod for a DNS Name.
|
// generateDNSPayload generates DNS interaction deserialization payload for a DNS Name.
|
||||||
// Taken from ysoserial DNS gadget.
|
// Taken from ysoserial DNS gadget.
|
||||||
func generateDNSPayload(URL string) []byte {
|
func generateDNSPayload(URL string) []byte {
|
||||||
parsed, err := url.Parse(URL)
|
parsed, err := url.Parse(URL)
|
||||||
|
|
|
@ -128,7 +128,7 @@ func (c *Client) poll() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// requestShouldStopAtFirstmatch checks if furthur interactions should be stopped
|
// requestShouldStopAtFirstmatch checks if further interactions should be stopped
|
||||||
// note: extra care should be taken while using this function since internalEvent is
|
// note: extra care should be taken while using this function since internalEvent is
|
||||||
// synchronized all the time and if caller functions has already acquired lock its best to explicitly specify that
|
// synchronized all the time and if caller functions has already acquired lock its best to explicitly specify that
|
||||||
// we could use `TryLock()` but that may over complicate things and need to differentiate
|
// we could use `TryLock()` but that may over complicate things and need to differentiate
|
||||||
|
|
|
@ -43,7 +43,7 @@ type Options struct {
|
||||||
DisableHttpFallback bool
|
DisableHttpFallback bool
|
||||||
// NoInteractsh disables the engine
|
// NoInteractsh disables the engine
|
||||||
NoInteractsh bool
|
NoInteractsh bool
|
||||||
// NoColor dissbles printing colors for matches
|
// NoColor disables printing colors for matches
|
||||||
NoColor bool
|
NoColor bool
|
||||||
|
|
||||||
StopAtFirstMatch bool
|
StopAtFirstMatch bool
|
||||||
|
|
|
@ -106,14 +106,14 @@ func Init(options *types.Options) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// isIpAssociatedWithInterface checks if the given IP is associated with the given interface.
|
// isIpAssociatedWithInterface checks if the given IP is associated with the given interface.
|
||||||
func isIpAssociatedWithInterface(souceIP, interfaceName string) (bool, error) {
|
func isIpAssociatedWithInterface(sourceIP, interfaceName string) (bool, error) {
|
||||||
addrs, err := interfaceAddresses(interfaceName)
|
addrs, err := interfaceAddresses(interfaceName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
for _, addr := range addrs {
|
for _, addr := range addrs {
|
||||||
if ipnet, ok := addr.(*net.IPNet); ok {
|
if ipnet, ok := addr.(*net.IPNet); ok {
|
||||||
if ipnet.IP.String() == souceIP {
|
if ipnet.IP.String() == sourceIP {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,7 +45,7 @@ func TestGetRandomIp(t *testing.T) {
|
||||||
valid: true,
|
valid: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Negativ CIDR length",
|
name: "Negative CIDR length",
|
||||||
cidr: []string{"10.11.12.13/-1"},
|
cidr: []string{"10.11.12.13/-1"},
|
||||||
valid: false,
|
valid: false,
|
||||||
errorMsg: "10.11.12.13/-1 is not a valid CIDR",
|
errorMsg: "10.11.12.13/-1 is not a valid CIDR",
|
||||||
|
|
|
@ -53,7 +53,7 @@ func GetTargetsFromUncover(ctx context.Context, outputFormat string, opts *uncov
|
||||||
return outputChan, nil
|
return outputChan, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// processUncoverOutput returns output strign depending on uncover field
|
// processUncoverOutput returns output string depending on uncover field
|
||||||
func processUncoverOutput(result sources.Result, outputFormat string) string {
|
func processUncoverOutput(result sources.Result, outputFormat string) string {
|
||||||
if (result.IP == "" || result.Port == 0) && stringsutil.ContainsAny(outputFormat, "ip", "port") {
|
if (result.IP == "" || result.Port == 0) && stringsutil.ContainsAny(outputFormat, "ip", "port") {
|
||||||
// if ip or port is not present, fallback to using host
|
// if ip or port is not present, fallback to using host
|
||||||
|
|
|
@ -22,6 +22,6 @@ package variables
|
||||||
// Non-Linear Sources (need to re-evaluate)
|
// Non-Linear Sources (need to re-evaluate)
|
||||||
// 1. VariablesMap
|
// 1. VariablesMap
|
||||||
// 2. PayloadsMap
|
// 2. PayloadsMap
|
||||||
// Everytime Linear Sources are updated , Non-Linear Sources need to be re-evaluated
|
// Every time Linear Sources are updated , Non-Linear Sources need to be re-evaluated
|
||||||
|
|
||||||
// Constants (no need to re-evaluate, should contain only scalars)
|
// Constants (no need to re-evaluate, should contain only scalars)
|
||||||
|
|
|
@ -227,7 +227,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, payloads
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// getLastNaviationURL returns last successfully navigated URL
|
// getLastNavigationURL returns last successfully navigated URL
|
||||||
func (request *Request) getLastNavigationURLWithLog(reqLog map[string]string) string {
|
func (request *Request) getLastNavigationURLWithLog(reqLog map[string]string) string {
|
||||||
for i := len(request.Steps) - 1; i >= 0; i-- {
|
for i := len(request.Steps) - 1; i >= 0; i-- {
|
||||||
if request.Steps[i].ActionType.ActionType == engine.ActionNavigate {
|
if request.Steps[i].ActionType.ActionType == engine.ActionNavigate {
|
||||||
|
|
|
@ -253,7 +253,7 @@ func (r *requestGenerator) generateHttpRequest(ctx context.Context, urlx *urluti
|
||||||
return &generatedRequest{request: request, meta: generatorValues, original: r.request, dynamicValues: finalVars, interactshURLs: r.interactshURLs}, nil
|
return &generatedRequest{request: request, meta: generatorValues, original: r.request, dynamicValues: finalVars, interactshURLs: r.interactshURLs}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateRawRequest generates Raw Request from from request data from template and variables
|
// generateRawRequest generates Raw Request from request data from template and variables
|
||||||
// finalVars = contains all variables including generator and protocol specific variables
|
// finalVars = contains all variables including generator and protocol specific variables
|
||||||
// generatorValues = contains variables used in fuzzing or other generator specific values
|
// generatorValues = contains variables used in fuzzing or other generator specific values
|
||||||
func (r *requestGenerator) generateRawRequest(ctx context.Context, rawRequest string, baseURL *urlutil.URL, finalVars, generatorValues map[string]interface{}) (*generatedRequest, error) {
|
func (r *requestGenerator) generateRawRequest(ctx context.Context, rawRequest string, baseURL *urlutil.URL, finalVars, generatorValues map[string]interface{}) (*generatedRequest, error) {
|
||||||
|
|
|
@ -53,7 +53,7 @@ func Parse(request string, inputURL *urlutil.URL, unsafe, disablePathAutomerge b
|
||||||
return nil, errorutil.NewWithTag("raw", "could not automergepath for template path %v", urlx.GetRelativePath()).Wrap(parseErr)
|
return nil, errorutil.NewWithTag("raw", "could not automergepath for template path %v", urlx.GetRelativePath()).Wrap(parseErr)
|
||||||
}
|
}
|
||||||
rawrequest.Path = cloned.GetRelativePath()
|
rawrequest.Path = cloned.GetRelativePath()
|
||||||
// If unsafe changes must be made in raw request string iteself
|
// If unsafe changes must be made in raw request string itself
|
||||||
case unsafe:
|
case unsafe:
|
||||||
prevPath := rawrequest.Path
|
prevPath := rawrequest.Path
|
||||||
cloned := inputURL.Clone()
|
cloned := inputURL.Clone()
|
||||||
|
|
|
@ -19,9 +19,9 @@ var (
|
||||||
// @tls-sni:target overrides the input target with the annotated one
|
// @tls-sni:target overrides the input target with the annotated one
|
||||||
// special values:
|
// special values:
|
||||||
// request.host: takes the value from the host header
|
// request.host: takes the value from the host header
|
||||||
// target: overiddes with the specific value
|
// target: overrides with the specific value
|
||||||
reSniAnnotation = regexp.MustCompile(`(?m)^@tls-sni:\s*(.+)\s*$`)
|
reSniAnnotation = regexp.MustCompile(`(?m)^@tls-sni:\s*(.+)\s*$`)
|
||||||
// @timeout:duration overrides the input timout with a custom duration
|
// @timeout:duration overrides the input timeout with a custom duration
|
||||||
reTimeoutAnnotation = regexp.MustCompile(`(?m)^@timeout:\s*(.+)\s*$`)
|
reTimeoutAnnotation = regexp.MustCompile(`(?m)^@timeout:\s*(.+)\s*$`)
|
||||||
// @once sets the request to be executed only once for a specific URL
|
// @once sets the request to be executed only once for a specific URL
|
||||||
reOnceAnnotation = regexp.MustCompile(`(?m)^@once\s*$`)
|
reOnceAnnotation = regexp.MustCompile(`(?m)^@once\s*$`)
|
||||||
|
@ -36,15 +36,15 @@ const (
|
||||||
// parseFlowAnnotations and override requests flow
|
// parseFlowAnnotations and override requests flow
|
||||||
func parseFlowAnnotations(rawRequest string) (flowMark, bool) {
|
func parseFlowAnnotations(rawRequest string) (flowMark, bool) {
|
||||||
var fm flowMark
|
var fm flowMark
|
||||||
// parse request for known ovverride annotations
|
// parse request for known override annotations
|
||||||
var hasFlowOveride bool
|
var hasFlowOverride bool
|
||||||
// @once
|
// @once
|
||||||
if reOnceAnnotation.MatchString(rawRequest) {
|
if reOnceAnnotation.MatchString(rawRequest) {
|
||||||
fm = Once
|
fm = Once
|
||||||
hasFlowOveride = true
|
hasFlowOverride = true
|
||||||
}
|
}
|
||||||
|
|
||||||
return fm, hasFlowOveride
|
return fm, hasFlowOverride
|
||||||
}
|
}
|
||||||
|
|
||||||
type annotationOverrides struct {
|
type annotationOverrides struct {
|
||||||
|
@ -55,7 +55,7 @@ type annotationOverrides struct {
|
||||||
|
|
||||||
// parseAnnotations and override requests settings
|
// parseAnnotations and override requests settings
|
||||||
func (r *Request) parseAnnotations(rawRequest string, request *retryablehttp.Request) (overrides annotationOverrides, modified bool) {
|
func (r *Request) parseAnnotations(rawRequest string, request *retryablehttp.Request) (overrides annotationOverrides, modified bool) {
|
||||||
// parse request for known ovverride annotations
|
// parse request for known override annotations
|
||||||
|
|
||||||
// @Host:target
|
// @Host:target
|
||||||
if hosts := reHostAnnotation.FindStringSubmatch(rawRequest); len(hosts) > 0 {
|
if hosts := reHostAnnotation.FindStringSubmatch(rawRequest); len(hosts) > 0 {
|
||||||
|
|
|
@ -58,15 +58,15 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata,
|
||||||
variablesMap := request.options.Variables.Evaluate(variables)
|
variablesMap := request.options.Variables.Evaluate(variables)
|
||||||
variables = generators.MergeMaps(variablesMap, variables, request.options.Constants)
|
variables = generators.MergeMaps(variablesMap, variables, request.options.Constants)
|
||||||
|
|
||||||
visitedAddressess := make(mapsutil.Map[string, struct{}])
|
visitedAddresses := make(mapsutil.Map[string, struct{}])
|
||||||
|
|
||||||
for _, kv := range request.addresses {
|
for _, kv := range request.addresses {
|
||||||
actualAddress := replacer.Replace(kv.address, variables)
|
actualAddress := replacer.Replace(kv.address, variables)
|
||||||
|
|
||||||
if visitedAddressess.Has(actualAddress) && !request.options.Options.DisableClustering {
|
if visitedAddresses.Has(actualAddress) && !request.options.Options.DisableClustering {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
visitedAddressess.Set(actualAddress, struct{}{})
|
visitedAddresses.Set(actualAddress, struct{}{})
|
||||||
|
|
||||||
if err := request.executeAddress(variables, actualAddress, address, input.MetaInput.Input, kv.tls, previous, callback); err != nil {
|
if err := request.executeAddress(variables, actualAddress, address, input.MetaInput.Input, kv.tls, previous, callback); err != nil {
|
||||||
outputEvent := request.responseToDSLMap("", "", "", address, "")
|
outputEvent := request.responseToDSLMap("", "", "", address, "")
|
||||||
|
|
|
@ -11,7 +11,7 @@ import (
|
||||||
var (
|
var (
|
||||||
// TODO: adapt regex for cases where port is updated
|
// TODO: adapt regex for cases where port is updated
|
||||||
urlWithPortRegex = regexp.MustCompile(`^{{(BaseURL|RootURL)}}:(\d+)`)
|
urlWithPortRegex = regexp.MustCompile(`^{{(BaseURL|RootURL)}}:(\d+)`)
|
||||||
// regex to detect traling slash in path (not applicable to raw requests)
|
// regex to detect trailing slash in path (not applicable to raw requests)
|
||||||
trailingSlashregex = regexp.MustCompile(`^\Q{{\E[a-zA-Z]+\Q}}/\E`)
|
trailingSlashregex = regexp.MustCompile(`^\Q{{\E[a-zA-Z]+\Q}}/\E`)
|
||||||
// ErrNoMoreRequests is internal error to
|
// ErrNoMoreRequests is internal error to
|
||||||
)
|
)
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
func TestHTTPVariables(t *testing.T) {
|
func TestHTTPVariables(t *testing.T) {
|
||||||
baseURL := "http://localhost:9001/test/123"
|
baseURL := "http://localhost:9001/test/123"
|
||||||
parsed, _ := urlutil.Parse(baseURL)
|
parsed, _ := urlutil.Parse(baseURL)
|
||||||
// trailingslash is only true when both target/inputURL and payload {{BaseURL}}/xyz both have slash
|
// trailing slash is only true when both target/inputURL and payload {{BaseURL}}/xyz both have slash
|
||||||
values := GenerateVariables(parsed, false, nil)
|
values := GenerateVariables(parsed, false, nil)
|
||||||
|
|
||||||
require.Equal(t, values["BaseURL"], parsed.String(), "incorrect baseurl")
|
require.Equal(t, values["BaseURL"], parsed.String(), "incorrect baseurl")
|
||||||
|
|
|
@ -64,7 +64,7 @@ type Request struct {
|
||||||
// Payloads support both key-values combinations where a list
|
// Payloads support both key-values combinations where a list
|
||||||
// of payloads is provided, or optionally a single file can also
|
// of payloads is provided, or optionally a single file can also
|
||||||
// be provided as payload which will be read on run-time.
|
// be provided as payload which will be read on run-time.
|
||||||
Payloads map[string]interface{} `yaml:"payloads,omitempty" json:"payloads,omitempty" jsonschema:"title=payloads for the webosocket request,description=Payloads contains any payloads for the current request"`
|
Payloads map[string]interface{} `yaml:"payloads,omitempty" json:"payloads,omitempty" jsonschema:"title=payloads for the websocket request,description=Payloads contains any payloads for the current request"`
|
||||||
|
|
||||||
generator *generators.PayloadGenerator
|
generator *generators.PayloadGenerator
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ import (
|
||||||
// to the first individual request is compared for equality.
|
// to the first individual request is compared for equality.
|
||||||
// The equality check is performed as described below -
|
// The equality check is performed as described below -
|
||||||
//
|
//
|
||||||
// Cases where clustering is not perfomed (request is considered different)
|
// Cases where clustering is not performed (request is considered different)
|
||||||
// - If request contains payloads,raw,body,unsafe,req-condition,name attributes
|
// - If request contains payloads,raw,body,unsafe,req-condition,name attributes
|
||||||
// - If request methods,max-redirects,cookie-reuse,redirects are not equal
|
// - If request methods,max-redirects,cookie-reuse,redirects are not equal
|
||||||
// - If request paths aren't identical.
|
// - If request paths aren't identical.
|
||||||
|
|
|
@ -114,7 +114,7 @@ type Template struct {
|
||||||
Variables variables.Variable `yaml:"variables,omitempty" json:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"`
|
Variables variables.Variable `yaml:"variables,omitempty" json:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"`
|
||||||
|
|
||||||
// description: |
|
// description: |
|
||||||
// Constants contains any scalar costant for the current template
|
// Constants contains any scalar constant for the current template
|
||||||
Constants map[string]interface{} `yaml:"constants,omitempty" json:"constants,omitempty" jsonschema:"title=constant for the template,description=constants contains any constant for the template"`
|
Constants map[string]interface{} `yaml:"constants,omitempty" json:"constants,omitempty" jsonschema:"title=constant for the template,description=constants contains any constant for the template"`
|
||||||
|
|
||||||
// TotalRequests is the total number of requests for the template.
|
// TotalRequests is the total number of requests for the template.
|
||||||
|
|
|
@ -141,8 +141,8 @@ func init() {
|
||||||
TemplateDoc.Fields[16].Name = "constants"
|
TemplateDoc.Fields[16].Name = "constants"
|
||||||
TemplateDoc.Fields[16].Type = "map[string]interface{}"
|
TemplateDoc.Fields[16].Type = "map[string]interface{}"
|
||||||
TemplateDoc.Fields[16].Note = ""
|
TemplateDoc.Fields[16].Note = ""
|
||||||
TemplateDoc.Fields[16].Description = "Constants contains any scalar costant for the current template"
|
TemplateDoc.Fields[16].Description = "Constants contains any scalar constant for the current template"
|
||||||
TemplateDoc.Fields[16].Comments[encoder.LineComment] = "Constants contains any scalar costant for the current template"
|
TemplateDoc.Fields[16].Comments[encoder.LineComment] = "Constants contains any scalar constant for the current template"
|
||||||
|
|
||||||
MODELInfoDoc.Type = "model.Info"
|
MODELInfoDoc.Type = "model.Info"
|
||||||
MODELInfoDoc.Comments[encoder.LineComment] = " Info contains metadata information about a template"
|
MODELInfoDoc.Comments[encoder.LineComment] = " Info contains metadata information about a template"
|
||||||
|
|
|
@ -64,8 +64,8 @@ var DefaultOptions = &types.Options{
|
||||||
InteractionsEviction: 60,
|
InteractionsEviction: 60,
|
||||||
InteractionsCoolDownPeriod: 5,
|
InteractionsCoolDownPeriod: 5,
|
||||||
InteractionsPollDuration: 5,
|
InteractionsPollDuration: 5,
|
||||||
GithubTemplateRepo: []string{},
|
GitHubTemplateRepo: []string{},
|
||||||
GithubToken: "",
|
GitHubToken: "",
|
||||||
}
|
}
|
||||||
|
|
||||||
// TemplateInfo contains info for a mock executed template.
|
// TemplateInfo contains info for a mock executed template.
|
||||||
|
|
|
@ -102,7 +102,7 @@ type Options struct {
|
||||||
CloudURL string
|
CloudURL string
|
||||||
// CloudAPIKey is the api-key for the nuclei cloud endpoint
|
// CloudAPIKey is the api-key for the nuclei cloud endpoint
|
||||||
CloudAPIKey string
|
CloudAPIKey string
|
||||||
// Scanlist feature to get all the scan ids for a user
|
// ScanList feature to get all the scan ids for a user
|
||||||
ScanList bool
|
ScanList bool
|
||||||
// ListDatasources enables listing of datasources for user
|
// ListDatasources enables listing of datasources for user
|
||||||
ListDatasources bool
|
ListDatasources bool
|
||||||
|
@ -326,7 +326,7 @@ type Options struct {
|
||||||
IncludeConditions goflags.StringSlice
|
IncludeConditions goflags.StringSlice
|
||||||
// Custom Config Directory
|
// Custom Config Directory
|
||||||
CustomConfigDir string
|
CustomConfigDir string
|
||||||
// Enable uncover egine
|
// Enable uncover engine
|
||||||
Uncover bool
|
Uncover bool
|
||||||
// Uncover search query
|
// Uncover search query
|
||||||
UncoverQuery goflags.StringSlice
|
UncoverQuery goflags.StringSlice
|
||||||
|
@ -345,9 +345,9 @@ type Options struct {
|
||||||
// PublicTemplateDisableDownload disables downloading templates from the nuclei-templates public repository
|
// PublicTemplateDisableDownload disables downloading templates from the nuclei-templates public repository
|
||||||
PublicTemplateDisableDownload bool
|
PublicTemplateDisableDownload bool
|
||||||
// GitHub token used to clone/pull from private repos for custom templates
|
// GitHub token used to clone/pull from private repos for custom templates
|
||||||
GithubToken string
|
GitHubToken string
|
||||||
// GithubTemplateRepo is the list of custom public/private templates GitHub repos
|
// GitHubTemplateRepo is the list of custom public/private templates GitHub repos
|
||||||
GithubTemplateRepo []string
|
GitHubTemplateRepo []string
|
||||||
// GitHubTemplateDisableDownload disables downloading templates from custom GitHub repositories
|
// GitHubTemplateDisableDownload disables downloading templates from custom GitHub repositories
|
||||||
GitHubTemplateDisableDownload bool
|
GitHubTemplateDisableDownload bool
|
||||||
// GitLabServerURL is the gitlab server to use for custom templates
|
// GitLabServerURL is the gitlab server to use for custom templates
|
||||||
|
|
Loading…
Reference in New Issue