From 7b2a708edd731b98608568896271dcb13c7d9e53 Mon Sep 17 00:00:00 2001 From: hanghuge Date: Sun, 7 Apr 2024 00:03:24 +0800 Subject: [PATCH 01/15] chore: fix function name in comment Signed-off-by: hanghuge --- cmd/tmc/main.go | 2 +- internal/runner/lazy.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/tmc/main.go b/cmd/tmc/main.go index 4f65a8b7..cd552acf 100644 --- a/cmd/tmc/main.go +++ b/cmd/tmc/main.go @@ -231,7 +231,7 @@ func logErrMsg(path string, err error, debug bool, errFile *os.File) string { return msg } -// enhanceTemplateData enhances template data using templateman +// enhanceTemplate enhances template data using templateman // ref: https://github.com/projectdiscovery/templateman/blob/main/templateman-rest-api/README.md#enhance-api func enhanceTemplate(data string) (string, bool, error) { resp, err := retryablehttp.DefaultClient().Post(fmt.Sprintf("%s/enhance", tmBaseUrl), "application/x-yaml", strings.NewReader(data)) diff --git a/internal/runner/lazy.go b/internal/runner/lazy.go index 193b22ff..b61dd551 100644 --- a/internal/runner/lazy.go +++ b/internal/runner/lazy.go @@ -21,7 +21,7 @@ type AuthLazyFetchOptions struct { OnError func(error) } -// GetAuthTemlStore create new loader for loading auth templates +// GetAuthTmplStore create new loader for loading auth templates func GetAuthTmplStore(opts types.Options, catalog catalog.Catalog, execOpts protocols.ExecutorOptions) (*loader.Store, error) { tmpls := []string{} for _, file := range opts.SecretsFile { From 8c27ca2591890ca8d6d263d64505b249062fb586 Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Mon, 8 Apr 2024 03:29:42 +0530 Subject: [PATCH 02/15] fix(schema): generation of missing JSON schema definitions (#4995) * fix(schema): generation of missing JSON schema definitions * make headers and data to accept multi-type inputs * misc update --- cmd/docgen/docgen.go | 7 ++++ pkg/fuzz/type.go | 39 +++++++++++++++++++ pkg/model/types/userAgent/user_agent.go | 2 +- pkg/operators/extractors/extractor_types.go | 2 +- pkg/operators/matchers/matchers_types.go | 2 +- pkg/protocols/code/code.go | 10 ++--- .../common/generators/attack_types.go | 2 +- pkg/protocols/common/variables/variables.go | 2 +- pkg/protocols/dns/dns.go | 4 +- pkg/protocols/dns/dns_types.go | 2 +- pkg/protocols/headless/engine/action.go | 29 +++++++++++++- pkg/protocols/headless/engine/action_types.go | 2 +- pkg/protocols/http/http.go | 24 ++++++++++++ pkg/protocols/http/http_method_types.go | 2 +- pkg/protocols/http/signature.go | 2 +- pkg/protocols/network/network.go | 6 +-- pkg/protocols/network/network_input_types.go | 2 +- pkg/templates/types/types.go | 2 +- 18 files changed, 119 insertions(+), 22 deletions(-) diff --git a/cmd/docgen/docgen.go b/cmd/docgen/docgen.go index c589b98b..accbc2ae 100644 --- a/cmd/docgen/docgen.go +++ b/cmd/docgen/docgen.go @@ -5,6 +5,7 @@ import ( "encoding/json" "log" "os" + "reflect" "regexp" "strings" @@ -33,6 +34,12 @@ func main() { // Generate jsonschema r := &jsonschema.Reflector{} + r.Namer = func(r reflect.Type) string { + if r.Kind() == reflect.Slice { + return "" + } + return r.String() + } jsonschemaData := r.Reflect(&templates.Template{}) var buf bytes.Buffer diff --git a/pkg/fuzz/type.go b/pkg/fuzz/type.go index 6110b2cd..b8f6f3be 100644 --- a/pkg/fuzz/type.go +++ b/pkg/fuzz/type.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" + "github.com/invopop/jsonschema" mapsutil "github.com/projectdiscovery/utils/maps" "gopkg.in/yaml.v2" ) @@ -29,6 +30,44 @@ type SliceOrMapSlice struct { KV *mapsutil.OrderedMap[string, string] } +func (v SliceOrMapSlice) JSONSchemaExtend(schema *jsonschema.Schema) *jsonschema.Schema { + schema = &jsonschema.Schema{ + Title: schema.Title, + Description: schema.Description, + Type: "array", + Items: &jsonschema.Schema{ + OneOf: []*jsonschema.Schema{ + { + Type: "string", + }, + { + Type: "object", + }, + }, + }, + } + return schema +} + +func (v SliceOrMapSlice) JSONSchema() *jsonschema.Schema { + gotType := &jsonschema.Schema{ + Title: "Payloads of Fuzz Rule", + Description: "Payloads to perform fuzzing substitutions with.", + Type: "array", + Items: &jsonschema.Schema{ + OneOf: []*jsonschema.Schema{ + { + Type: "string", + }, + { + Type: "object", + }, + }, + }, + } + return gotType +} + // UnmarshalJSON implements json.Unmarshaler interface. func (v *SliceOrMapSlice) UnmarshalJSON(data []byte) error { // try to unmashal as a string and fallback to map diff --git a/pkg/model/types/userAgent/user_agent.go b/pkg/model/types/userAgent/user_agent.go index 4a187d06..4554d6b2 100644 --- a/pkg/model/types/userAgent/user_agent.go +++ b/pkg/model/types/userAgent/user_agent.go @@ -61,7 +61,7 @@ type UserAgentHolder struct { Value UserAgent `mapping:"true"` } -func (userAgentHolder UserAgentHolder) JSONSchemaType() *jsonschema.Schema { +func (userAgentHolder UserAgentHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "userAgent for the headless", diff --git a/pkg/operators/extractors/extractor_types.go b/pkg/operators/extractors/extractor_types.go index 79fa191f..34a640e1 100644 --- a/pkg/operators/extractors/extractor_types.go +++ b/pkg/operators/extractors/extractor_types.go @@ -72,7 +72,7 @@ type ExtractorTypeHolder struct { ExtractorType ExtractorType `mapping:"true"` } -func (holder ExtractorTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder ExtractorTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of the extractor", diff --git a/pkg/operators/matchers/matchers_types.go b/pkg/operators/matchers/matchers_types.go index 5bcbc676..d67ae112 100644 --- a/pkg/operators/matchers/matchers_types.go +++ b/pkg/operators/matchers/matchers_types.go @@ -82,7 +82,7 @@ func (t MatcherTypeHolder) String() string { return t.MatcherType.String() } -func (holder MatcherTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder MatcherTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of the matcher", diff --git a/pkg/protocols/code/code.go b/pkg/protocols/code/code.go index 5193344a..43c6721c 100644 --- a/pkg/protocols/code/code.go +++ b/pkg/protocols/code/code.go @@ -48,25 +48,25 @@ var ( type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` - CompiledOperators *operators.Operators `yaml:"-"` + CompiledOperators *operators.Operators `yaml:"-" json:"-"` // ID is the optional id of the request ID string `yaml:"id,omitempty" json:"id,omitempty" jsonschema:"title=id of the request,description=ID is the optional ID of the Request"` // description: | // Engine type - Engine []string `yaml:"engine,omitempty" jsonschema:"title=engine,description=Engine"` + Engine []string `yaml:"engine,omitempty" json:"engine,omitempty" jsonschema:"title=engine,description=Engine"` // description: | // PreCondition is a condition which is evaluated before sending the request. PreCondition string `yaml:"pre-condition,omitempty" json:"pre-condition,omitempty" jsonschema:"title=pre-condition for the request,description=PreCondition is a condition which is evaluated before sending the request"` // description: | // Engine Arguments - Args []string `yaml:"args,omitempty" jsonschema:"title=args,description=Args"` + Args []string `yaml:"args,omitempty" json:"args,omitempty" jsonschema:"title=args,description=Args"` // description: | // Pattern preferred for file name - Pattern string `yaml:"pattern,omitempty" jsonschema:"title=pattern,description=Pattern"` + Pattern string `yaml:"pattern,omitempty" json:"pattern,omitempty" jsonschema:"title=pattern,description=Pattern"` // description: | // Source File/Snippet - Source string `yaml:"source,omitempty" jsonschema:"title=source file/snippet,description=Source snippet"` + Source string `yaml:"source,omitempty" json:"source,omitempty" jsonschema:"title=source file/snippet,description=Source snippet"` options *protocols.ExecutorOptions `yaml:"-" json:"-"` preConditionCompiled *goja.Program `yaml:"-" json:"-"` diff --git a/pkg/protocols/common/generators/attack_types.go b/pkg/protocols/common/generators/attack_types.go index c0ad882f..6071abeb 100644 --- a/pkg/protocols/common/generators/attack_types.go +++ b/pkg/protocols/common/generators/attack_types.go @@ -61,7 +61,7 @@ type AttackTypeHolder struct { Value AttackType `mapping:"true"` } -func (holder AttackTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder AttackTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of the attack", diff --git a/pkg/protocols/common/variables/variables.go b/pkg/protocols/common/variables/variables.go index 131098f9..0ba4680e 100644 --- a/pkg/protocols/common/variables/variables.go +++ b/pkg/protocols/common/variables/variables.go @@ -21,7 +21,7 @@ type Variable struct { utils.InsertionOrderedStringMap `yaml:"-" json:"-"` } -func (variables Variable) JSONSchemaType() *jsonschema.Schema { +func (variables Variable) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "object", Title: "variables for the request", diff --git a/pkg/protocols/dns/dns.go b/pkg/protocols/dns/dns.go index 6f4f0671..80c14d23 100644 --- a/pkg/protocols/dns/dns.go +++ b/pkg/protocols/dns/dns.go @@ -60,7 +60,7 @@ type Request struct { // examples: // - name: Use a retry of 100 to 150 generally // value: 100 - TraceMaxRecursion int `yaml:"trace-max-recursion,omitempty" jsonschema:"title=trace-max-recursion level for dns request,description=TraceMaxRecursion is the number of max recursion allowed for trace operations"` + TraceMaxRecursion int `yaml:"trace-max-recursion,omitempty" json:"trace-max-recursion,omitempty" jsonschema:"title=trace-max-recursion level for dns request,description=TraceMaxRecursion is the number of max recursion allowed for trace operations"` // description: | // Attack is the type of payload combinations to perform. @@ -83,7 +83,7 @@ type Request struct { Threads int `yaml:"threads,omitempty" json:"threads,omitempty" jsonschema:"title=threads for sending requests,description=Threads specifies number of threads to use sending requests. This enables Connection Pooling"` generator *generators.PayloadGenerator - CompiledOperators *operators.Operators `yaml:"-"` + CompiledOperators *operators.Operators `yaml:"-" json:"-"` dnsClient *retryabledns.Client options *protocols.ExecutorOptions diff --git a/pkg/protocols/dns/dns_types.go b/pkg/protocols/dns/dns_types.go index 1c90c583..034f69b3 100644 --- a/pkg/protocols/dns/dns_types.go +++ b/pkg/protocols/dns/dns_types.go @@ -92,7 +92,7 @@ func (holder DNSRequestTypeHolder) String() string { return holder.DNSRequestType.String() } -func (holder DNSRequestTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder DNSRequestTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of DNS request to make", diff --git a/pkg/protocols/headless/engine/action.go b/pkg/protocols/headless/engine/action.go index 90565281..3e2ce4e0 100644 --- a/pkg/protocols/headless/engine/action.go +++ b/pkg/protocols/headless/engine/action.go @@ -1,6 +1,10 @@ package engine -import "strings" +import ( + "strings" + + "github.com/invopop/jsonschema" +) // Action is an action taken by the browser to reach a navigation // @@ -29,6 +33,29 @@ type Action struct { ActionType ActionTypeHolder `yaml:"action" json:"action" jsonschema:"title=action to perform,description=Type of actions to perform,enum=navigate,enum=script,enum=click,enum=rightclick,enum=text,enum=screenshot,enum=time,enum=select,enum=files,enum=waitload,enum=getresource,enum=extract,enum=setmethod,enum=addheader,enum=setheader,enum=deleteheader,enum=setbody,enum=waitevent,enum=keyboard,enum=debug,enum=sleep"` } +func (a Action) JSONSchemaExtend(schema *jsonschema.Schema) { + argsSchema, ok := schema.Properties.Get("args") + if !ok { + return + } + argsSchema.PatternProperties = map[string]*jsonschema.Schema{ + ".*": { + OneOf: []*jsonschema.Schema{ + { + Type: "string", + }, + { + Type: "integer", + }, + { + Type: "boolean", + }, + }, + }, + } + argsSchema.Ref = "" +} + // String returns the string representation of an action func (a *Action) String() string { builder := &strings.Builder{} diff --git a/pkg/protocols/headless/engine/action_types.go b/pkg/protocols/headless/engine/action_types.go index 52873e45..c9cd39ad 100644 --- a/pkg/protocols/headless/engine/action_types.go +++ b/pkg/protocols/headless/engine/action_types.go @@ -171,7 +171,7 @@ type ActionTypeHolder struct { func (holder ActionTypeHolder) String() string { return holder.ActionType.String() } -func (holder ActionTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder ActionTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "action to perform", diff --git a/pkg/protocols/http/http.go b/pkg/protocols/http/http.go index 51e5a36d..a8068584 100644 --- a/pkg/protocols/http/http.go +++ b/pkg/protocols/http/http.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + "github.com/invopop/jsonschema" json "github.com/json-iterator/go" "github.com/pkg/errors" @@ -219,6 +220,29 @@ type Request struct { fuzzPreConditionOperator matchers.ConditionType `yaml:"-" json:"-"` } +func (e Request) JSONSchemaExtend(schema *jsonschema.Schema) { + headersSchema, ok := schema.Properties.Get("headers") + if !ok { + return + } + headersSchema.PatternProperties = map[string]*jsonschema.Schema{ + ".*": { + OneOf: []*jsonschema.Schema{ + { + Type: "string", + }, + { + Type: "integer", + }, + { + Type: "boolean", + }, + }, + }, + } + headersSchema.Ref = "" +} + // Options returns executer options for http request func (r *Request) Options() *protocols.ExecutorOptions { return r.options diff --git a/pkg/protocols/http/http_method_types.go b/pkg/protocols/http/http_method_types.go index 9ef78911..315a5090 100644 --- a/pkg/protocols/http/http_method_types.go +++ b/pkg/protocols/http/http_method_types.go @@ -89,7 +89,7 @@ func (holder HTTPMethodTypeHolder) String() string { return holder.MethodType.String() } -func (holder HTTPMethodTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "method is the HTTP request method", diff --git a/pkg/protocols/http/signature.go b/pkg/protocols/http/signature.go index c28ecf68..10fcf0a3 100644 --- a/pkg/protocols/http/signature.go +++ b/pkg/protocols/http/signature.go @@ -51,7 +51,7 @@ type SignatureTypeHolder struct { Value SignatureType } -func (holder SignatureTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of the signature", diff --git a/pkg/protocols/network/network.go b/pkg/protocols/network/network.go index 296770ff..70d618dc 100644 --- a/pkg/protocols/network/network.go +++ b/pkg/protocols/network/network.go @@ -61,7 +61,7 @@ type Request struct { // description: | // Port is the port to send network requests to. this acts as default port but is overriden if target/input contains // non-http(s) ports like 80,8080,8081 etc - Port string `yaml:"port,omitempty" json:"port,omitempty" jsonschema:"title=port to send requests to,description=Port to send network requests to"` + Port string `yaml:"port,omitempty" json:"port,omitempty" jsonschema:"title=port to send requests to,description=Port to send network requests to,oneof_type=string;integer"` // description: | // ExcludePorts is the list of ports to exclude from being scanned . It is intended to be used with `Port` field and contains a list of ports which are ignored/skipped @@ -91,7 +91,7 @@ type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` - CompiledOperators *operators.Operators `yaml:"-"` + CompiledOperators *operators.Operators `yaml:"-" json:"-"` generator *generators.PayloadGenerator // cache any variables that may be needed for operation. @@ -128,7 +128,7 @@ type Input struct { // examples: // - value: "\"TEST\"" // - value: "\"hex_decode('50494e47')\"" - Data string `yaml:"data,omitempty" json:"data,omitempty" jsonschema:"title=data to send as input,description=Data is the data to send as the input"` + Data string `yaml:"data,omitempty" json:"data,omitempty" jsonschema:"title=data to send as input,description=Data is the data to send as the input,oneof_type=string;integer"` // description: | // Type is the type of input specified in `data` field. // diff --git a/pkg/protocols/network/network_input_types.go b/pkg/protocols/network/network_input_types.go index e8b294ea..2c663896 100644 --- a/pkg/protocols/network/network_input_types.go +++ b/pkg/protocols/network/network_input_types.go @@ -66,7 +66,7 @@ func (holder NetworkInputTypeHolder) String() string { return holder.NetworkInputType.String() } -func (holder NetworkInputTypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder NetworkInputTypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type is the type of input data", diff --git a/pkg/templates/types/types.go b/pkg/templates/types/types.go index f1195dc7..f51c444f 100644 --- a/pkg/templates/types/types.go +++ b/pkg/templates/types/types.go @@ -92,7 +92,7 @@ type TypeHolder struct { ProtocolType ProtocolType `mapping:"true"` } -func (holder TypeHolder) JSONSchemaType() *jsonschema.Schema { +func (holder TypeHolder) JSONSchema() *jsonschema.Schema { gotType := &jsonschema.Schema{ Type: "string", Title: "type of the protocol", From ffbe5deebbac8631d3e51dfaba2c5c858e8062a9 Mon Sep 17 00:00:00 2001 From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com> Date: Mon, 8 Apr 2024 05:01:30 +0700 Subject: [PATCH 03/15] feat: added asreproastable (#4990) * feat: added asreproastable * ldap: remove FilterAccountEnabled from AsRepRoastable * run 'make jsupdate' --------- Co-authored-by: Tarun Koyalwar --- pkg/js/generated/ts/kerberos.ts | 120 ++++++++++++++++---------------- pkg/js/generated/ts/ldap.ts | 16 +++++ pkg/js/generated/ts/mysql.ts | 4 +- pkg/js/generated/ts/smb.ts | 30 ++++---- pkg/js/generated/ts/ssh.ts | 44 ++++++------ pkg/js/libs/ldap/adenum.go | 13 ++++ 6 files changed, 128 insertions(+), 99 deletions(-) diff --git a/pkg/js/generated/ts/kerberos.ts b/pkg/js/generated/ts/kerberos.ts index a142e536..8f9ce98f 100755 --- a/pkg/js/generated/ts/kerberos.ts +++ b/pkg/js/generated/ts/kerberos.ts @@ -200,9 +200,9 @@ export interface AuthorizationDataEntry { */ export interface BitString { - Bytes?: Uint8Array, - BitLength?: number, + + Bytes?: Uint8Array, } @@ -212,9 +212,9 @@ export interface BitString { */ export interface BitString { - Bytes?: Uint8Array, - BitLength?: number, + + Bytes?: Uint8Array, } @@ -236,17 +236,15 @@ export interface Config { */ export interface EncTicketPart { - RenewTill?: Date, - - CRealm?: string, - AuthTime?: Date, StartTime?: Date, EndTime?: Date, - Transited?: TransitedEncoding, + RenewTill?: Date, + + CRealm?: string, CAddr?: HostAddress, @@ -257,6 +255,8 @@ export interface EncTicketPart { Key?: EncryptionKey, CName?: PrincipalName, + + Transited?: TransitedEncoding, } @@ -266,11 +266,11 @@ export interface EncTicketPart { */ export interface EncryptedData { + KVNO?: number, + Cipher?: Uint8Array, EType?: number, - - KVNO?: number, } @@ -318,15 +318,41 @@ export interface HostAddress { */ export interface LibDefaults { + NoAddresses?: boolean, + + RealmTryDomains?: number, + + DNSLookupKDC?: boolean, + + DefaultRealm?: string, + + SafeChecksumType?: number, + + VerifyAPReqNofail?: boolean, + + AllowWeakCrypto?: boolean, + + DefaultTGSEnctypes?: string[], + + DefaultTktEnctypeIDs?: number[], + + IgnoreAcceptorHostname?: boolean, + + K5LoginAuthoritative?: boolean, + + PermittedEnctypes?: string[], + /** * time in nanoseconds */ Clockskew?: number, - KDCTimeSync?: number, + DNSCanonicalizeHostname?: boolean, - SafeChecksumType?: number, + Proxiable?: boolean, + + RDNS?: boolean, /** * time in nanoseconds @@ -334,51 +360,31 @@ export interface LibDefaults { TicketLifetime?: number, - Forwardable?: boolean, - - K5LoginAuthoritative?: boolean, - - AllowWeakCrypto?: boolean, - DefaultClientKeytabName?: string, - DefaultTktEnctypes?: string[], - - ExtraAddresses?: Uint8Array, - - K5LoginDirectory?: string, - - PreferredPreauthTypes?: number[], - - RDNS?: boolean, - - DefaultKeytabName?: string, - - DefaultRealm?: string, - - DefaultTGSEnctypeIDs?: number[], - - DNSCanonicalizeHostname?: boolean, - - PermittedEnctypes?: string[], - - VerifyAPReqNofail?: boolean, - - DNSLookupRealm?: boolean, + PermittedEnctypeIDs?: number[], UDPPreferenceLimit?: number, - Canonicalize?: boolean, + DefaultTGSEnctypeIDs?: number[], + + DefaultTktEnctypes?: string[], CCacheType?: number, - DefaultTGSEnctypes?: string[], + DNSLookupRealm?: boolean, - Proxiable?: boolean, + ExtraAddresses?: Uint8Array, - DNSLookupKDC?: boolean, + PreferredPreauthTypes?: number[], - RealmTryDomains?: number, + Canonicalize?: boolean, + + Forwardable?: boolean, + + K5LoginDirectory?: string, + + KDCTimeSync?: number, /** * time in nanoseconds @@ -386,13 +392,7 @@ export interface LibDefaults { RenewLifetime?: number, - DefaultTktEnctypeIDs?: number[], - - IgnoreAcceptorHostname?: boolean, - - NoAddresses?: boolean, - - PermittedEnctypeIDs?: number[], + DefaultKeytabName?: string, KDCDefaultOptions?: BitString, } @@ -404,9 +404,9 @@ export interface LibDefaults { */ export interface PrincipalName { - NameType?: number, - NameString?: string[], + + NameType?: number, } @@ -416,8 +416,6 @@ export interface PrincipalName { */ export interface Realm { - Realm?: string, - AdminServer?: string[], DefaultDomain?: string, @@ -427,6 +425,8 @@ export interface Realm { KPasswdServer?: string[], MasterKDC?: string[], + + Realm?: string, } @@ -450,10 +450,10 @@ export interface TGS { */ export interface Ticket { - Realm?: string, - TktVNO?: number, + Realm?: string, + SName?: PrincipalName, EncPart?: EncryptedData, diff --git a/pkg/js/generated/ts/ldap.ts b/pkg/js/generated/ts/ldap.ts index 5d25faa1..daca4f86 100755 --- a/pkg/js/generated/ts/ldap.ts +++ b/pkg/js/generated/ts/ldap.ts @@ -358,6 +358,22 @@ export class Client { } + /** + * GetADUserAsRepRoastable returns all AD users that are AsRepRoastable + * using FilterIsPerson, and FilterDontRequirePreauth filter query + * @example + * ```javascript + * const ldap = require('nuclei/ldap'); + * const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); + * const AsRepRoastable = client.GetADUserAsRepRoastable(); + * log(to_json(AsRepRoastable)); + * ``` + */ + public GetADUserAsRepRoastable(): ADObject[] { + return []; + } + + /** * GetADDomainSID returns the SID of the AD domain * @example diff --git a/pkg/js/generated/ts/mysql.ts b/pkg/js/generated/ts/mysql.ts index a8c331cd..bf5c8812 100755 --- a/pkg/js/generated/ts/mysql.ts +++ b/pkg/js/generated/ts/mysql.ts @@ -209,9 +209,9 @@ export interface MySQLOptions { */ export interface SQLResult { - Columns?: string[], - Count?: number, + + Columns?: string[], } diff --git a/pkg/js/generated/ts/smb.ts b/pkg/js/generated/ts/smb.ts index b2bcb08f..b0ca997a 100755 --- a/pkg/js/generated/ts/smb.ts +++ b/pkg/js/generated/ts/smb.ts @@ -137,10 +137,6 @@ export interface NegotiationLog { */ export interface SMBCapabilities { - DFSSupport?: boolean, - - Leasing?: boolean, - LargeMTU?: boolean, MultiChan?: boolean, @@ -150,6 +146,10 @@ export interface SMBCapabilities { DirLeasing?: boolean, Encryption?: boolean, + + DFSSupport?: boolean, + + Leasing?: boolean, } @@ -159,6 +159,8 @@ export interface SMBCapabilities { */ export interface SMBLog { + SupportV1?: boolean, + NativeOs?: string, NTLM?: string, @@ -167,15 +169,13 @@ export interface SMBLog { HasNTLM?: boolean, - SupportV1?: boolean, + Version?: SMBVersions, Capabilities?: SMBCapabilities, NegotiationLog?: NegotiationLog, SessionSetupLog?: SessionSetupLog, - - Version?: SMBVersions, } @@ -185,13 +185,13 @@ export interface SMBLog { */ export interface SMBVersions { + VerString?: string, + Major?: number, Minor?: number, Revision?: number, - - VerString?: string, } @@ -201,10 +201,6 @@ export interface SMBVersions { */ export interface ServiceSMB { - SigningEnabled?: boolean, - - SigningRequired?: boolean, - OSVersion?: string, NetBIOSComputerName?: string, @@ -216,6 +212,10 @@ export interface ServiceSMB { DNSDomainName?: string, ForestName?: string, + + SigningEnabled?: boolean, + + SigningRequired?: boolean, } @@ -225,12 +225,12 @@ export interface ServiceSMB { */ export interface SessionSetupLog { + NegotiateFlags?: number, + SetupFlags?: number, TargetName?: string, - NegotiateFlags?: number, - HeaderLog?: HeaderLog, } diff --git a/pkg/js/generated/ts/ssh.ts b/pkg/js/generated/ts/ssh.ts index 37d04ae6..21dacf40 100755 --- a/pkg/js/generated/ts/ssh.ts +++ b/pkg/js/generated/ts/ssh.ts @@ -133,9 +133,9 @@ export interface Algorithms { HostKey?: string, - W?: DirectionAlgorithms, - R?: DirectionAlgorithms, + + W?: DirectionAlgorithms, } @@ -197,34 +197,34 @@ export interface HandshakeLog { */ export interface KexInitMsg { - CiphersServerClient?: string[], - - MACsClientServer?: string[], - - MACsServerClient?: string[], - - LanguagesClientServer?: string[], - - KexAlgos?: string[], - - CiphersClientServer?: string[], - Reserved?: number, - CompressionClientServer?: string[], - - CompressionServerClient?: string[], - - LanguagesServerClient?: string[], - - FirstKexFollows?: boolean, - /** * fixed size array of length: [16] */ Cookie?: Uint8Array, + CiphersClientServer?: string[], + + MACsClientServer?: string[], + + MACsServerClient?: string[], + + CompressionServerClient?: string[], + + LanguagesClientServer?: string[], + + FirstKexFollows?: boolean, + + KexAlgos?: string[], + + CiphersServerClient?: string[], + + CompressionClientServer?: string[], + + LanguagesServerClient?: string[], + ServerHostKeyAlgos?: string[], } diff --git a/pkg/js/libs/ldap/adenum.go b/pkg/js/libs/ldap/adenum.go index 23d2a4fc..9aea98be 100644 --- a/pkg/js/libs/ldap/adenum.go +++ b/pkg/js/libs/ldap/adenum.go @@ -253,6 +253,19 @@ func (c *Client) GetADUserKerberoastable() []ADObject { return c.FindADObjects(JoinFilters(FilterIsPerson, FilterAccountEnabled, FilterHasServicePrincipalName)) } +// GetADUserAsRepRoastable returns all AD users that are AsRepRoastable +// using FilterIsPerson, and FilterDontRequirePreauth filter query +// @example +// ```javascript +// const ldap = require('nuclei/ldap'); +// const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); +// const AsRepRoastable = client.GetADUserAsRepRoastable(); +// log(to_json(AsRepRoastable)); +// ``` +func (c *Client) GetADUserAsRepRoastable() []ADObject { + return c.FindADObjects(JoinFilters(FilterIsPerson, FilterDontRequirePreauth)) +} + // GetADDomainSID returns the SID of the AD domain // @example // ```javascript From d742e55c3f7deae42ab006da09b3d810c8316cb0 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 7 Apr 2024 22:03:32 +0000 Subject: [PATCH 04/15] Auto Generate Syntax Docs + JSONSchema [Sun Apr 7 22:03:32 UTC 2024] :robot: --- nuclei-jsonschema.json | 1875 ++++++++++++++++++++++++++++++---------- 1 file changed, 1397 insertions(+), 478 deletions(-) diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index 0f4c2a8f..9e14e531 100644 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -1,77 +1,269 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://template", - "$ref": "#/$defs/Template", + "$id": "https://templates.-template", + "$ref": "#/$defs/templates.Template", "$defs": { - "AttackTypeHolder": { + "code.Request": { "properties": { - "Value": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Value" - ] - }, - "Classification": { - "properties": { - "cve-id": { - "$ref": "#/$defs/StringOrSlice", - "title": "cve ids for the template", - "description": "CVE IDs for the template" + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" }, - "cwe-id": { - "$ref": "#/$defs/StringOrSlice", - "title": "cwe ids for the template", - "description": "CWE IDs for the template" + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" }, - "cvss-metrics": { + "matchers-condition": { "type": "string", - "title": "cvss metrics for the template", - "description": "CVSS Metrics for the template", - "examples": [ - "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - ] + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" }, - "cvss-score": { - "type": "number", - "title": "cvss score for the template", - "description": "CVSS Score for the template", - "examples": [ - 9.8 - ] - }, - "epss-score": { - "type": "number", - "title": "epss score for the template", - "description": "EPSS Score for the template", - "examples": [ - 0.42509 - ] - }, - "epss-percentile": { - "type": "number", - "title": "epss percentile for the template", - "description": "EPSS Percentile for the template", - "examples": [ - 0.42509 - ] - }, - "cpe": { + "id": { "type": "string", - "title": "cpe for the template", - "description": "CPE for the template", - "examples": [ - "cpe:/a:vendor:product:version" - ] + "title": "id of the request", + "description": "ID is the optional ID of the Request" + }, + "engine": { + "items": { + "type": "string" + }, + "type": "array", + "title": "engine", + "description": "Engine" + }, + "pre-condition": { + "type": "string", + "title": "pre-condition for the request", + "description": "PreCondition is a condition which is evaluated before sending the request" + }, + "args": { + "items": { + "type": "string" + }, + "type": "array", + "title": "args", + "description": "Args" + }, + "pattern": { + "type": "string", + "title": "pattern", + "description": "Pattern" + }, + "source": { + "type": "string", + "title": "source file/snippet", + "description": "Source snippet" } }, "additionalProperties": false, "type": "object" }, - "Extractor": { + "dns.DNSRequestTypeHolder": { + "type": "string", + "enum": [ + "A", + "NS", + "DS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA", + "CAA", + "TLSA", + "ANY" + ], + "title": "type of DNS request to make", + "description": "Type is the type of DNS request to make" + }, + "dns.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the dns request", + "description": "ID is the optional ID of the DNS Request" + }, + "name": { + "type": "string", + "title": "hostname to make dns request for", + "description": "Name is the Hostname to make DNS request for" + }, + "type": { + "$ref": "#/$defs/dns.DNSRequestTypeHolder", + "title": "type of dns request to make", + "description": "Type is the type of DNS request to make" + }, + "class": { + "type": "string", + "enum": [ + "inet", + "csnet", + "chaos", + "hesiod", + "none", + "any" + ], + "title": "class of DNS request", + "description": "Class is the class of the DNS request" + }, + "retries": { + "type": "integer", + "title": "retries for dns request", + "description": "Retries is the number of retries for the DNS request" + }, + "trace": { + "type": "boolean", + "title": "trace operation", + "description": "Trace performs a trace operation for the target." + }, + "trace-max-recursion": { + "type": "integer", + "title": "trace-max-recursion level for dns request", + "description": "TraceMaxRecursion is the number of max recursion allowed for trace operations" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the network request", + "description": "Payloads contains any payloads for the current request" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "recursion": { + "type": "boolean", + "title": "recurse all servers", + "description": "Recursion determines if resolver should recurse all records to get fresh results" + }, + "resolvers": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Resolvers", + "description": "Define resolvers to use within the template" + } + }, + "additionalProperties": false, + "type": "object" + }, + "engine.Action": { + "properties": { + "args": { + "patternProperties": { + ".*": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + }, + "title": "arguments for headless action", + "description": "Args contain arguments for the headless action" + }, + "name": { + "type": "string", + "title": "name for headless action", + "description": "Name is the name assigned to the headless action" + }, + "description": { + "type": "string", + "title": "description for headless action", + "description": "Description of the headless action" + }, + "action": { + "$ref": "#/$defs/engine.ActionTypeHolder", + "title": "action to perform", + "description": "Type of actions to perform" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "action" + ] + }, + "engine.ActionTypeHolder": { + "type": "string", + "enum": [ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep", + "waitvisible" + ], + "title": "action to perform", + "description": "Type of actions to perform" + }, + "extractors.Extractor": { "properties": { "name": { "type": "string", @@ -79,7 +271,7 @@ "description": "Name of the extractor" }, "type": { - "$ref": "#/$defs/ExtractorTypeHolder" + "$ref": "#/$defs/extractors.ExtractorTypeHolder" }, "regex": { "items": { @@ -153,132 +345,627 @@ "type" ] }, - "ExtractorTypeHolder": { - "properties": { - "ExtractorType": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "ExtractorType" - ] - }, - "HTTPMethodTypeHolder": { - "properties": { - "MethodType": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "MethodType" - ] - }, - "Holder": { + "extractors.ExtractorTypeHolder": { "type": "string", "enum": [ - "info", - "low", - "medium", - "high", - "critical", - "unknown" + "regex", + "kval", + "xpath", + "json", + "dsl" ], - "title": "severity of the template", - "description": "Seriousness of the implications of the template" + "title": "type of the extractor", + "description": "Type of the extractor" }, - "Info": { + "file.Request": { "properties": { - "name": { - "type": "string", - "title": "name of the template", - "description": "Name is a short summary of what the template does", - "examples": [ - "Nagios Default Credentials Check" - ] + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" }, - "author": { - "$ref": "#/$defs/StringOrSlice", - "oneOf": [ - { - "type": "string", - "examples": [ - "pdteam" - ] - }, - { - "type": "array", - "examples": [ - "pdteam,mr.robot" - ] - } + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" ], - "title": "author of the template", - "description": "Author is the author of the template" + "title": "condition between the matchers", + "description": "Conditions between the matchers" }, - "tags": { - "$ref": "#/$defs/StringOrSlice", - "title": "tags of the template", - "description": "Any tags for the template" + "extensions": { + "items": { + "type": "string" + }, + "type": "array", + "title": "extensions to match", + "description": "List of extensions to perform matching on" }, - "description": { + "denylist": { + "items": { + "type": "string" + }, + "type": "array", + "title": "denylist", + "description": "List of files" + }, + "id": { "type": "string", - "title": "description of the template", - "description": "In-depth explanation on what the template does", - "examples": [ - "Bower is a package manager which stores package information in the bower.json file" - ] + "title": "id of the request", + "description": "ID is the optional ID for the request" }, - "impact": { + "max-size": { "type": "string", - "title": "impact of the template", - "description": "In-depth explanation on the impact of the issue found by the template", - "examples": [ - "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries" - ] + "title": "max size data to run request on", + "description": "Maximum size of the file to run request on" }, - "reference": { - "$ref": "#/$defs/StringOrSlice", - "title": "references for the template", - "description": "Links relevant to the template" + "archive": { + "type": "boolean", + "title": "enable archives", + "description": "Process compressed archives without unpacking" }, - "severity": { - "$ref": "#/$defs/Holder" + "mime-type": { + "type": "boolean", + "title": "enable filtering by mime-type", + "description": "Filter files by mime-type" }, - "metadata": { - "type": "object", - "title": "additional metadata for the template", - "description": "Additional metadata fields for the template" - }, - "classification": { - "$ref": "#/$defs/Classification", - "type": "object", - "title": "classification info for the template", - "description": "Classification information for the template" - }, - "remediation": { - "type": "string", - "title": "remediation steps for the template", - "description": "In-depth explanation on how to fix the issues found by the template", - "examples": [ - "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties" - ] + "no-recursive": { + "type": "boolean", + "title": "do not perform recursion", + "description": "Specifies whether to not do recursive checks if folders are provided" } }, "additionalProperties": false, - "type": "object", - "required": [ - "name", - "author" - ] + "type": "object" }, - "Matcher": { + "fuzz.Rule": { "properties": { "type": { - "$ref": "#/$defs/MatcherTypeHolder", + "type": "string", + "enum": [ + "replace", + "prefix", + "postfix", + "infix", + "replace-regex" + ], + "title": "type of rule", + "description": "Type of fuzzing rule to perform" + }, + "part": { + "type": "string", + "enum": [ + "query", + "header", + "path", + "body", + "cookie", + "request" + ], + "title": "part of rule", + "description": "Part of request rule to fuzz" + }, + "mode": { + "type": "string", + "enum": [ + "single", + "multiple" + ], + "title": "mode of rule", + "description": "Mode of request rule to fuzz" + }, + "keys": { + "items": { + "type": "string" + }, + "type": "array", + "title": "keys of parameters to fuzz", + "description": "Keys of parameters to fuzz" + }, + "keys-regex": { + "items": { + "type": "string" + }, + "type": "array", + "title": "keys regex to fuzz", + "description": "Regex of parameter keys to fuzz" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "title": "values regex to fuzz", + "description": "Regex of parameter values to fuzz" + }, + "fuzz": { + "$ref": "#/$defs/fuzz.SliceOrMapSlice", + "title": "payloads of fuzz rule", + "description": "Payloads to perform fuzzing substitutions with" + }, + "replace-regex": { + "type": "string", + "title": "replace regex of rule", + "description": "Regex for regex-replace rule type" + } + }, + "additionalProperties": false, + "type": "object" + }, + "fuzz.SliceOrMapSlice": { + "items": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array", + "title": "Payloads of Fuzz Rule", + "description": "Payloads to perform fuzzing substitutions with." + }, + "generators.AttackTypeHolder": { + "type": "string", + "enum": [ + "batteringram", + "pitchfork", + "clusterbomb" + ], + "title": "type of the attack", + "description": "Type of the attack" + }, + "headless.Request": { + "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "Optional ID of the headless request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the headless request", + "description": "Payloads contains any payloads for the current request" + }, + "steps": { + "items": { + "$ref": "#/$defs/engine.Action" + }, + "type": "array", + "title": "list of actions for headless request", + "description": "List of actions to run for headless request" + }, + "user_agent": { + "$ref": "#/$defs/userAgent.UserAgentHolder", + "title": "user agent for the headless request", + "description": "User agent for the headless request" + }, + "custom_user_agent": { + "type": "string", + "title": "custom user agent for the headless request", + "description": "Custom user agent for the headless request" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "fuzzing": { + "items": { + "$ref": "#/$defs/fuzz.Rule" + }, + "type": "array", + "title": "fuzzin rules for http fuzzing", + "description": "Fuzzing describes rule schema to fuzz headless requests" + }, + "cookie-reuse": { + "type": "boolean", + "title": "optional cookie reuse enable", + "description": "Optional setting that enables cookie reuse" + }, + "disable-cookie": { + "type": "boolean", + "title": "optional disable cookie reuse", + "description": "Optional setting that disables cookie reuse" + } + }, + "additionalProperties": false, + "type": "object" + }, + "http.HTTPMethodTypeHolder": { + "type": "string", + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH", + "PURGE", + "DEBUG" + ], + "title": "method is the HTTP request method", + "description": "Method is the HTTP Request Method" + }, + "http.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "path": { + "items": { + "type": "string" + }, + "type": "array", + "title": "path(s) for the http request", + "description": "Path(s) to send http requests to" + }, + "raw": { + "items": { + "type": "string" + }, + "type": "array", + "description": "HTTP Requests in Raw Format" + }, + "id": { + "type": "string", + "title": "id for the http request", + "description": "ID for the HTTP Request" + }, + "name": { + "type": "string", + "title": "name for the http request", + "description": "Optional name for the HTTP Request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "method": { + "$ref": "#/$defs/http.HTTPMethodTypeHolder", + "title": "method is the http request method", + "description": "Method is the HTTP Request Method" + }, + "body": { + "type": "string", + "title": "body is the http request body", + "description": "Body is an optional parameter which contains HTTP Request body" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the http request", + "description": "Payloads contains any payloads for the current request" + }, + "headers": { + "patternProperties": { + ".*": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + }, + "title": "headers to send with the http request", + "description": "Headers contains HTTP Headers to send with the request" + }, + "race_count": { + "type": "integer", + "title": "number of times to repeat request in race condition", + "description": "Number of times to send a request in Race Condition Attack" + }, + "max-redirects": { + "type": "integer", + "title": "maximum number of redirects to follow", + "description": "Maximum number of redirects that should be followed" + }, + "pipeline-concurrent-connections": { + "type": "integer", + "title": "number of pipelining connections", + "description": "Number of connections to create during pipelining" + }, + "pipeline-requests-per-connection": { + "type": "integer", + "title": "number of requests to send per pipelining connections", + "description": "Number of requests to send per connection when pipelining" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "max-size": { + "type": "integer", + "title": "maximum http response body size", + "description": "Maximum size of http response body to read in bytes" + }, + "fuzzing": { + "items": { + "$ref": "#/$defs/fuzz.Rule" + }, + "type": "array", + "title": "fuzzin rules for http fuzzing", + "description": "Fuzzing describes rule schema to fuzz http requests" + }, + "self-contained": { + "type": "boolean" + }, + "signature": { + "$ref": "#/$defs/http.SignatureTypeHolder", + "title": "signature is the http request signature method", + "description": "Signature is the HTTP Request signature Method" + }, + "cookie-reuse": { + "type": "boolean", + "title": "optional cookie reuse enable", + "description": "Optional setting that enables cookie reuse" + }, + "disable-cookie": { + "type": "boolean", + "title": "optional disable cookie reuse", + "description": "Optional setting that disables cookie reuse" + }, + "read-all": { + "type": "boolean", + "title": "force read all body", + "description": "Enables force reading of entire unsafe http request body" + }, + "redirects": { + "type": "boolean", + "title": "follow http redirects", + "description": "Specifies whether redirects should be followed by the HTTP Client" + }, + "host-redirects": { + "type": "boolean", + "title": "follow same host http redirects", + "description": "Specifies whether redirects to the same host should be followed by the HTTP Client" + }, + "pipeline": { + "type": "boolean", + "title": "perform HTTP 1.1 pipelining", + "description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + }, + "unsafe": { + "type": "boolean", + "title": "use rawhttp non-strict-rfc client", + "description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests" + }, + "race": { + "type": "boolean", + "title": "perform race-http request coordination attack", + "description": "Race determines if all the request have to be attempted at the same time (Race Condition)" + }, + "req-condition": { + "type": "boolean", + "title": "preserve request history", + "description": "Automatically assigns numbers to requests and preserves their history" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "skip-variables-check": { + "type": "boolean", + "title": "skip variable checks", + "description": "Skips the check for unresolved variables in request" + }, + "iterate-all": { + "type": "boolean", + "title": "iterate all the values", + "description": "Iterates all the values extracted from internal extractors" + }, + "digest-username": { + "type": "string", + "title": "specifies the username for digest authentication", + "description": "Optional parameter which specifies the username for digest auth" + }, + "digest-password": { + "type": "string", + "title": "specifies the password for digest authentication", + "description": "Optional parameter which specifies the password for digest auth" + }, + "disable-path-automerge": { + "type": "boolean", + "title": "disable auto merging of path", + "description": "Disable merging target url path with raw request path" + }, + "pre-condition": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "pre-condition for fuzzing/dast", + "description": "PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" + }, + "pre-condition-operator": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the filters", + "description": "Operator to use between multiple per-conditions" + } + }, + "additionalProperties": false, + "type": "object" + }, + "http.SignatureTypeHolder": { + "type": "string", + "enum": [ + "AWS" + ], + "title": "type of the signature", + "description": "Type of the signature" + }, + "javascript.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID is the optional ID of the Request" + }, + "init": { + "type": "string", + "title": "init javascript code", + "description": "Init is the javascript code to execute after compiling template" + }, + "pre-condition": { + "type": "string", + "title": "pre-condition for the request", + "description": "PreCondition is a condition which is evaluated before sending the request" + }, + "args": { + "$ref": "#/$defs/map[string]interface {}" + }, + "code": { + "type": "string", + "title": "code to execute in javascript", + "description": "Executes inline javascript code for the request" + }, + "timeout": { + "type": "integer", + "title": "timeout for javascript execution", + "description": "Timeout in seconds is optional timeout for entire javascript script execution" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the webosocket request", + "description": "Payloads contains any payloads for the current request" + } + }, + "additionalProperties": false, + "type": "object" + }, + "map[string]interface {}": { + "type": "object" + }, + "map[string]string": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "matchers.Matcher": { + "properties": { + "type": { + "$ref": "#/$defs/matchers.MatcherTypeHolder", "title": "type of matcher", "description": "Type of the matcher" }, @@ -392,28 +1079,272 @@ "type" ] }, - "MatcherTypeHolder": { + "matchers.MatcherTypeHolder": { + "type": "string", + "enum": [ + "word", + "regex", + "binary", + "status", + "size", + "dsl", + "xpath" + ], + "title": "type of the matcher", + "description": "Type of the matcher" + }, + "model.Classification": { "properties": { - "MatcherType": { - "type": "integer" + "cve-id": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "cve ids for the template", + "description": "CVE IDs for the template" + }, + "cwe-id": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "cwe ids for the template", + "description": "CWE IDs for the template" + }, + "cvss-metrics": { + "type": "string", + "title": "cvss metrics for the template", + "description": "CVSS Metrics for the template", + "examples": [ + "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + ] + }, + "cvss-score": { + "type": "number", + "title": "cvss score for the template", + "description": "CVSS Score for the template", + "examples": [ + 9.8 + ] + }, + "epss-score": { + "type": "number", + "title": "epss score for the template", + "description": "EPSS Score for the template", + "examples": [ + 0.42509 + ] + }, + "epss-percentile": { + "type": "number", + "title": "epss percentile for the template", + "description": "EPSS Percentile for the template", + "examples": [ + 0.42509 + ] + }, + "cpe": { + "type": "string", + "title": "cpe for the template", + "description": "CPE for the template", + "examples": [ + "cpe:/a:vendor:product:version" + ] + } + }, + "additionalProperties": false, + "type": "object" + }, + "model.Info": { + "properties": { + "name": { + "type": "string", + "title": "name of the template", + "description": "Name is a short summary of what the template does", + "examples": [ + "Nagios Default Credentials Check" + ] + }, + "author": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "oneOf": [ + { + "type": "string", + "examples": [ + "pdteam" + ] + }, + { + "type": "array", + "examples": [ + "pdteam,mr.robot" + ] + } + ], + "title": "author of the template", + "description": "Author is the author of the template" + }, + "tags": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "tags of the template", + "description": "Any tags for the template" + }, + "description": { + "type": "string", + "title": "description of the template", + "description": "In-depth explanation on what the template does", + "examples": [ + "Bower is a package manager which stores package information in the bower.json file" + ] + }, + "impact": { + "type": "string", + "title": "impact of the template", + "description": "In-depth explanation on the impact of the issue found by the template", + "examples": [ + "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries" + ] + }, + "reference": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "references for the template", + "description": "Links relevant to the template" + }, + "severity": { + "$ref": "#/$defs/severity.Holder" + }, + "metadata": { + "$ref": "#/$defs/map[string]interface {}", + "type": "object", + "title": "additional metadata for the template", + "description": "Additional metadata fields for the template" + }, + "classification": { + "$ref": "#/$defs/model.Classification", + "type": "object", + "title": "classification info for the template", + "description": "Classification information for the template" + }, + "remediation": { + "type": "string", + "title": "remediation steps for the template", + "description": "In-depth explanation on how to fix the issues found by the template", + "examples": [ + "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties" + ] } }, "additionalProperties": false, "type": "object", "required": [ - "MatcherType" + "name", + "author" ] }, - "OrderedMap[string,string]": { - "properties": {}, + "network.Input": { + "properties": { + "data": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "data to send as input", + "description": "Data is the data to send as the input" + }, + "type": { + "$ref": "#/$defs/network.NetworkInputTypeHolder", + "title": "type is the type of input data", + "description": "Type of input specified in data field" + }, + "read": { + "type": "integer", + "title": "bytes to read from socket", + "description": "Number of bytes to read from socket" + }, + "name": { + "type": "string", + "title": "optional name for data read", + "description": "Optional name of the data read to provide matching on" + } + }, "additionalProperties": false, "type": "object" }, - "Request": { + "network.NetworkInputTypeHolder": { + "type": "string", + "enum": [ + "hex", + "text" + ], + "title": "type is the type of input data", + "description": "description=Type of input specified in data field" + }, + "network.Request": { "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "host": { + "items": { + "type": "string" + }, + "type": "array", + "title": "host to send requests to", + "description": "Host to send network requests to" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the network request", + "description": "Payloads contains any payloads for the current request" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "inputs": { + "items": { + "$ref": "#/$defs/network.Input" + }, + "type": "array", + "title": "inputs for the network request", + "description": "Inputs contains any input/output for the current request" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "port to send requests to", + "description": "Port to send network requests to" + }, + "exclude-ports": { + "type": "string", + "title": "exclude ports from being scanned", + "description": "Exclude ports from being scanned" + }, + "read-size": { + "type": "integer", + "title": "size of network response to read", + "description": "Size of response to read at the end. Default is 1024 bytes" + }, + "read-all": { + "type": "boolean", + "title": "read all response stream", + "description": "Read all response stream till the server stops sending" + }, "matchers": { "items": { - "$ref": "#/$defs/Matcher" + "$ref": "#/$defs/matchers.Matcher" }, "type": "array", "title": "matchers to run on response", @@ -421,7 +1352,51 @@ }, "extractors": { "items": { - "$ref": "#/$defs/Extractor" + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + } + }, + "additionalProperties": false, + "type": "object" + }, + "severity.Holder": { + "type": "string", + "enum": [ + "info", + "low", + "medium", + "high", + "critical", + "unknown" + ], + "title": "severity of the template", + "description": "Seriousness of the implications of the template" + }, + "ssl.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" }, "type": "array", "title": "extractors to run on response", @@ -436,307 +1411,85 @@ "title": "condition between the matchers", "description": "Conditions between the matchers" }, - "path": { - "items": { - "type": "string" - }, - "type": "array", - "title": "path(s) for the http request", - "description": "Path(s) to send http requests to" - }, - "raw": { - "items": { - "type": "string" - }, - "type": "array", - "description": "HTTP Requests in Raw Format" - }, "id": { "type": "string", - "title": "id for the http request", - "description": "ID for the HTTP Request" + "title": "id of the request", + "description": "ID of the request" }, - "name": { + "address": { "type": "string", - "title": "name for the http request", - "description": "Optional name for the HTTP Request" + "title": "address for the ssl request", + "description": "Address contains address for the request" }, - "attack": { - "$ref": "#/$defs/AttackTypeHolder", - "title": "attack is the payload combination", - "description": "Attack is the type of payload combinations to perform" - }, - "method": { - "$ref": "#/$defs/HTTPMethodTypeHolder", - "title": "method is the http request method", - "description": "Method is the HTTP Request Method" - }, - "body": { - "type": "string", - "title": "body is the http request body", - "description": "Body is an optional parameter which contains HTTP Request body" - }, - "payloads": { - "type": "object", - "title": "payloads for the http request", - "description": "Payloads contains any payloads for the current request" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "type": "object", - "title": "headers to send with the http request", - "description": "Headers contains HTTP Headers to send with the request" - }, - "race_count": { - "type": "integer", - "title": "number of times to repeat request in race condition", - "description": "Number of times to send a request in Race Condition Attack" - }, - "max-redirects": { - "type": "integer", - "title": "maximum number of redirects to follow", - "description": "Maximum number of redirects that should be followed" - }, - "pipeline-concurrent-connections": { - "type": "integer", - "title": "number of pipelining connections", - "description": "Number of connections to create during pipelining" - }, - "pipeline-requests-per-connection": { - "type": "integer", - "title": "number of requests to send per pipelining connections", - "description": "Number of requests to send per connection when pipelining" - }, - "threads": { - "type": "integer", - "title": "threads for sending requests", - "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" - }, - "max-size": { - "type": "integer", - "title": "maximum http response body size", - "description": "Maximum size of http response body to read in bytes" - }, - "fuzzing": { - "items": { - "$ref": "#/$defs/Rule" - }, - "type": "array", - "title": "fuzzin rules for http fuzzing", - "description": "Fuzzing describes rule schema to fuzz http requests" - }, - "self-contained": { - "type": "boolean" - }, - "signature": { - "$ref": "#/$defs/SignatureTypeHolder", - "title": "signature is the http request signature method", - "description": "Signature is the HTTP Request signature Method" - }, - "cookie-reuse": { - "type": "boolean", - "title": "optional cookie reuse enable", - "description": "Optional setting that enables cookie reuse" - }, - "disable-cookie": { - "type": "boolean", - "title": "optional disable cookie reuse", - "description": "Optional setting that disables cookie reuse" - }, - "read-all": { - "type": "boolean", - "title": "force read all body", - "description": "Enables force reading of entire unsafe http request body" - }, - "redirects": { - "type": "boolean", - "title": "follow http redirects", - "description": "Specifies whether redirects should be followed by the HTTP Client" - }, - "host-redirects": { - "type": "boolean", - "title": "follow same host http redirects", - "description": "Specifies whether redirects to the same host should be followed by the HTTP Client" - }, - "pipeline": { - "type": "boolean", - "title": "perform HTTP 1.1 pipelining", - "description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" - }, - "unsafe": { - "type": "boolean", - "title": "use rawhttp non-strict-rfc client", - "description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests" - }, - "race": { - "type": "boolean", - "title": "perform race-http request coordination attack", - "description": "Race determines if all the request have to be attempted at the same time (Race Condition)" - }, - "req-condition": { - "type": "boolean", - "title": "preserve request history", - "description": "Automatically assigns numbers to requests and preserves their history" - }, - "stop-at-first-match": { - "type": "boolean", - "title": "stop at first match", - "description": "Stop the execution after a match is found" - }, - "skip-variables-check": { - "type": "boolean", - "title": "skip variable checks", - "description": "Skips the check for unresolved variables in request" - }, - "iterate-all": { - "type": "boolean", - "title": "iterate all the values", - "description": "Iterates all the values extracted from internal extractors" - }, - "digest-username": { - "type": "string", - "title": "specifies the username for digest authentication", - "description": "Optional parameter which specifies the username for digest auth" - }, - "digest-password": { - "type": "string", - "title": "specifies the password for digest authentication", - "description": "Optional parameter which specifies the password for digest auth" - }, - "disable-path-automerge": { - "type": "boolean", - "title": "disable auto merging of path", - "description": "Disable merging target url path with raw request path" - }, - "pre-condition": { - "items": { - "$ref": "#/$defs/Matcher" - }, - "type": "array", - "title": "pre-condition for fuzzing/dast", - "description": "PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" - }, - "pre-condition-operator": { + "min_version": { "type": "string", "enum": [ - "and", - "or" + "sslv3", + "tls10", + "tls11", + "tls12", + "tls13" ], - "title": "condition between the filters", - "description": "Operator to use between multiple per-conditions" - } - }, - "additionalProperties": false, - "type": "object" - }, - "Rule": { - "properties": { - "type": { + "title": "Min. TLS version", + "description": "Minimum tls version - automatic if not specified." + }, + "max_version": { "type": "string", "enum": [ - "replace", - "prefix", - "postfix", - "infix", - "replace-regex" + "sslv3", + "tls10", + "tls11", + "tls12", + "tls13" ], - "title": "type of rule", - "description": "Type of fuzzing rule to perform" + "title": "Max. TLS version", + "description": "Max tls version - automatic if not specified." }, - "part": { - "type": "string", - "enum": [ - "query", - "header", - "path", - "body", - "cookie", - "request" - ], - "title": "part of rule", - "description": "Part of request rule to fuzz" - }, - "mode": { - "type": "string", - "enum": [ - "single", - "multiple" - ], - "title": "mode of rule", - "description": "Mode of request rule to fuzz" - }, - "keys": { - "items": { - "type": "string" - }, - "type": "array", - "title": "keys of parameters to fuzz", - "description": "Keys of parameters to fuzz" - }, - "keys-regex": { - "items": { - "type": "string" - }, - "type": "array", - "title": "keys regex to fuzz", - "description": "Regex of parameter keys to fuzz" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "title": "values regex to fuzz", - "description": "Regex of parameter values to fuzz" - }, - "fuzz": { - "$ref": "#/$defs/SliceOrMapSlice", - "title": "payloads of fuzz rule", - "description": "Payloads to perform fuzzing substitutions with" - }, - "replace-regex": { - "type": "string", - "title": "replace regex of rule", - "description": "Regex for regex-replace rule type" - } - }, - "additionalProperties": false, - "type": "object" - }, - "SignatureTypeHolder": { - "properties": { - "Value": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Value" - ] - }, - "SliceOrMapSlice": { - "properties": { - "Value": { + "cipher_suites": { "items": { "type": "string" }, "type": "array" }, - "KV": { - "$ref": "#/$defs/OrderedMap[string,string]" + "scan_mode": { + "type": "string", + "enum": [ + "ctls", + "ztls", + "auto" + ], + "title": "Scan Mode", + "description": "Scan Mode - auto if not specified." + }, + "tls_version_enum": { + "type": "boolean", + "title": "Enumerate Versions", + "description": "Enumerate Version - false if not specified" + }, + "tls_cipher_enum": { + "type": "boolean", + "title": "Enumerate Ciphers", + "description": "Enumerate Ciphers - false if not specified" + }, + "tls_cipher_types": { + "items": { + "type": "string", + "enum": [ + "weak", + "secure", + "insecure", + "all" + ] + }, + "type": "array", + "title": "TLS Cipher Types", + "description": "TLS Cipher Types to enumerate" } }, "additionalProperties": false, - "type": "object", - "required": [ - "Value", - "KV" - ] + "type": "object" }, - "StringOrSlice": { + "stringslice.StringOrSlice": { "oneOf": [ { "type": "string" @@ -746,7 +1499,7 @@ } ] }, - "Template": { + "templates.Template": { "properties": { "id": { "type": "string", @@ -758,7 +1511,7 @@ ] }, "info": { - "$ref": "#/$defs/Info", + "$ref": "#/$defs/model.Info", "type": "object", "title": "info for the template", "description": "Info contains metadata for the template" @@ -773,7 +1526,7 @@ }, "requests": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/http.Request" }, "type": "array", "title": "http requests to make", @@ -781,7 +1534,7 @@ }, "http": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/http.Request" }, "type": "array", "title": "http requests to make", @@ -789,7 +1542,7 @@ }, "dns": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/dns.Request" }, "type": "array", "title": "dns requests to make", @@ -797,7 +1550,7 @@ }, "file": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/file.Request" }, "type": "array", "title": "file requests to make", @@ -805,7 +1558,7 @@ }, "network": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/network.Request" }, "type": "array", "title": "network requests to make", @@ -813,7 +1566,7 @@ }, "tcp": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/network.Request" }, "type": "array", "title": "network(tcp) requests to make", @@ -821,7 +1574,7 @@ }, "headless": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/headless.Request" }, "type": "array", "title": "headless requests to make", @@ -829,7 +1582,7 @@ }, "ssl": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/ssl.Request" }, "type": "array", "title": "ssl requests to make", @@ -837,7 +1590,7 @@ }, "websocket": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/websocket.Request" }, "type": "array", "title": "websocket requests to make", @@ -845,7 +1598,7 @@ }, "whois": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/whois.Request" }, "type": "array", "title": "whois requests to make", @@ -853,7 +1606,7 @@ }, "code": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/code.Request" }, "type": "array", "title": "code snippets to make", @@ -861,7 +1614,7 @@ }, "javascript": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/javascript.Request" }, "type": "array", "title": "javascript requests to make", @@ -869,7 +1622,7 @@ }, "workflows": { "items": { - "$ref": "#/$defs/WorkflowTemplate" + "$ref": "#/$defs/workflows.WorkflowTemplate" }, "type": "array", "title": "list of workflows to execute", @@ -886,17 +1639,18 @@ "description": "Stop at first match for the template" }, "signature": { - "$ref": "#/$defs/SignatureTypeHolder", + "$ref": "#/$defs/http.SignatureTypeHolder", "title": "signature is the http request signature method", "description": "Signature is the HTTP Request signature Method" }, "variables": { - "$ref": "#/$defs/Variable", + "$ref": "#/$defs/variables.Variable", "type": "object", "title": "variables for the http request", "description": "Variables contains any variables for the current request" }, "constants": { + "$ref": "#/$defs/map[string]interface {}", "type": "object", "title": "constant for the template", "description": "constants contains any constant for the template" @@ -909,12 +1663,177 @@ "info" ] }, - "Variable": { - "properties": {}, + "userAgent.UserAgentHolder": { + "type": "string", + "enum": [ + "off", + "default", + "custom" + ], + "title": "userAgent for the headless", + "description": "userAgent for the headless http request" + }, + "variables.Variable": { + "additionalProperties": true, + "type": "object", + "title": "variables for the request", + "description": "Additional variables for the request" + }, + "websocket.Input": { + "properties": { + "data": { + "type": "string", + "title": "data to send as input", + "description": "Data is the data to send as the input" + }, + "name": { + "type": "string", + "title": "optional name for data read", + "description": "Optional name of the data read to provide matching on" + } + }, "additionalProperties": false, "type": "object" }, - "WorkflowTemplate": { + "websocket.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "address": { + "type": "string", + "title": "address for the websocket request", + "description": "Address contains address for the request" + }, + "inputs": { + "items": { + "$ref": "#/$defs/websocket.Input" + }, + "type": "array", + "title": "inputs for the websocket request", + "description": "Inputs contains any input/output for the current request" + }, + "headers": { + "$ref": "#/$defs/map[string]string", + "title": "headers contains the request headers", + "description": "Headers contains headers for the request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the websocket request", + "description": "Payloads contains any payloads for the current request" + } + }, + "additionalProperties": false, + "type": "object" + }, + "whois.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "query": { + "type": "string", + "title": "query for the WHOIS request", + "description": "Query contains query for the request" + }, + "server": { + "type": "string", + "title": "server url to execute the WHOIS request on", + "description": "Server contains the server url to execute the WHOIS request on" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.Matcher": { + "properties": { + "name": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "name of items to match", + "description": "Name of items to match" + }, + "condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between names", + "description": "Condition between the names" + }, + "subtemplates": { + "items": { + "$ref": "#/$defs/workflows.WorkflowTemplate" + }, + "type": "array", + "title": "templates to run after match", + "description": "Templates to run after match" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.WorkflowTemplate": { "properties": { "template": { "type": "string", @@ -922,13 +1841,13 @@ "description": "Template or directory to execute as part of workflow" }, "tags": { - "$ref": "#/$defs/StringOrSlice", + "$ref": "#/$defs/stringslice.StringOrSlice", "title": "tags to execute", "description": "Tags to run template based on" }, "matchers": { "items": { - "$ref": "#/$defs/Matcher" + "$ref": "#/$defs/workflows.Matcher" }, "type": "array", "title": "name based template result matchers", @@ -936,7 +1855,7 @@ }, "subtemplates": { "items": { - "$ref": "#/$defs/WorkflowTemplate" + "$ref": "#/$defs/workflows.WorkflowTemplate" }, "type": "array", "title": "subtemplate based result matchers", From a4f6667eb4e862626a007d4d92458e7b40d8d3b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 05:56:54 +0000 Subject: [PATCH 05/15] chore(deps): bump github.com/projectdiscovery/rawhttp Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.41 to 0.1.44. - [Release notes](https://github.com/projectdiscovery/rawhttp/releases) - [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.41...v0.1.44) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/rawhttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 7eeaf573..8f3717d2 100644 --- a/go.mod +++ b/go.mod @@ -20,10 +20,10 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.0.64 + github.com/projectdiscovery/fastdialer v0.0.65 github.com/projectdiscovery/hmap v0.0.41 github.com/projectdiscovery/interactsh v1.1.9 - github.com/projectdiscovery/rawhttp v0.1.41 + github.com/projectdiscovery/rawhttp v0.1.44 github.com/projectdiscovery/retryabledns v1.0.58 github.com/projectdiscovery/retryablehttp-go v1.0.54 github.com/projectdiscovery/yamldoc-go v1.0.4 diff --git a/go.sum b/go.sum index cefd9ae4..fb46d0dd 100644 --- a/go.sum +++ b/go.sum @@ -831,8 +831,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.0.50 h1:4SuAwTS9l6o1tqlIC/79+EcUwTM6CjaU7MpY/nDlFaM= github.com/projectdiscovery/dsl v0.0.50/go.mod h1:6g740l4tH4d2j9UYtIchtxudb0Dphkq4o+VatpR4M6g= -github.com/projectdiscovery/fastdialer v0.0.64 h1:xivkA4g14nwQElOVsxPkGMWsdcYPcp7DPhVjvI6yQkw= -github.com/projectdiscovery/fastdialer v0.0.64/go.mod h1:S/7PAQRmVDYRaU7u4xXD0qA5a48NAZq2JcpcVoEVrlo= +github.com/projectdiscovery/fastdialer v0.0.65 h1:msvKVJyILtP04CXSgSEWv4rUVsk0CCd3xhauo+H82IU= +github.com/projectdiscovery/fastdialer v0.0.65/go.mod h1:wIE10NL7oa/zBCJfr1xAduv3q73aeuGbhfZ1Z8o4NUo= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= @@ -865,8 +865,8 @@ github.com/projectdiscovery/networkpolicy v0.0.8 h1:XvfBaBwSDNTesSfNQP9VLk3HX9I7 github.com/projectdiscovery/networkpolicy v0.0.8/go.mod h1:xnjNqhemxUPxU+UD5Jgsc3+K8IVmcqT1SJeo6UzMtkI= github.com/projectdiscovery/ratelimit v0.0.35 h1:epEzFATOcXZ4tssV4Hax5Op9lrbUnQMEGMV5PoUpTKc= github.com/projectdiscovery/ratelimit v0.0.35/go.mod h1:mPqa8UpV5I7eAN5/ZcsjLiXMhjtVvZRrHtpBRsTPuyA= -github.com/projectdiscovery/rawhttp v0.1.41 h1:0n6CohOf0Aq7dsXv+ozznhlYr4ANDKLwvPmdzTet3qU= -github.com/projectdiscovery/rawhttp v0.1.41/go.mod h1:TyVfCwNbAsQSwrMOKu8o1g80AO3t1OnlJx+flgSV/CQ= +github.com/projectdiscovery/rawhttp v0.1.44 h1:mkXTTUR65TTNisQGpLo5y5PRYRgNwZLW15KZNhNpsO8= +github.com/projectdiscovery/rawhttp v0.1.44/go.mod h1:jaldbYYP0QihgQKk6Ar9ym9NPLAz5QkXp5TPET0sjYM= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gBVSorSzvmm0bFa7gDV4QNSOWPL/fgZ4kTXBxk= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/retryabledns v1.0.58 h1:ut1FSB9+GZ6zQIlKJFLqIz2RZs81EmkbsHTuIrWfYLE= From 95fc24a1c84c5495a7635b35df97de420340ca25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 06:21:01 +0000 Subject: [PATCH 06/15] chore(deps): bump github.com/projectdiscovery/dsl from 0.0.50 to 0.0.51 Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.50 to 0.0.51. - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.0.50...v0.0.51) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/dsl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8f3717d2..3a26b9a9 100644 --- a/go.mod +++ b/go.mod @@ -78,7 +78,7 @@ require ( github.com/mholt/archiver v3.1.1+incompatible github.com/ory/dockertest/v3 v3.10.0 github.com/praetorian-inc/fingerprintx v1.1.9 - github.com/projectdiscovery/dsl v0.0.50 + github.com/projectdiscovery/dsl v0.0.51 github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.46 diff --git a/go.sum b/go.sum index fb46d0dd..5459b6b5 100644 --- a/go.sum +++ b/go.sum @@ -829,8 +829,8 @@ github.com/projectdiscovery/cdncheck v1.0.9 h1:BS15gzj9gb5AVSKqTDzPamfSgStu7nJQO github.com/projectdiscovery/cdncheck v1.0.9/go.mod h1:18SSl1w7rMj53CGeRIZTbDoa286a6xZIxGbaiEo4Fxs= github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPooH+DGMgoWq4= github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= -github.com/projectdiscovery/dsl v0.0.50 h1:4SuAwTS9l6o1tqlIC/79+EcUwTM6CjaU7MpY/nDlFaM= -github.com/projectdiscovery/dsl v0.0.50/go.mod h1:6g740l4tH4d2j9UYtIchtxudb0Dphkq4o+VatpR4M6g= +github.com/projectdiscovery/dsl v0.0.51 h1:7OQPumOrrUCFnCA7Y0nchhPvRo3IJGMIJ2Oy4DVTQsc= +github.com/projectdiscovery/dsl v0.0.51/go.mod h1:GYhusn+T9EL7t+iJ8zN/GXlp8ohLGU+Yv/nevAPlJZg= github.com/projectdiscovery/fastdialer v0.0.65 h1:msvKVJyILtP04CXSgSEWv4rUVsk0CCd3xhauo+H82IU= github.com/projectdiscovery/fastdialer v0.0.65/go.mod h1:wIE10NL7oa/zBCJfr1xAduv3q73aeuGbhfZ1Z8o4NUo= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= From 64a783223bbc56fafa6a35ae187677d85243ba49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 06:21:10 +0000 Subject: [PATCH 07/15] chore(deps): bump github.com/projectdiscovery/retryablehttp-go Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.54 to 1.0.55. - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.54...v1.0.55) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8f3717d2..d570e270 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/projectdiscovery/interactsh v1.1.9 github.com/projectdiscovery/rawhttp v0.1.44 github.com/projectdiscovery/retryabledns v1.0.58 - github.com/projectdiscovery/retryablehttp-go v1.0.54 + github.com/projectdiscovery/retryablehttp-go v1.0.55 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 github.com/rs/xid v1.5.0 diff --git a/go.sum b/go.sum index fb46d0dd..32e806d5 100644 --- a/go.sum +++ b/go.sum @@ -871,8 +871,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/retryabledns v1.0.58 h1:ut1FSB9+GZ6zQIlKJFLqIz2RZs81EmkbsHTuIrWfYLE= github.com/projectdiscovery/retryabledns v1.0.58/go.mod h1:RobmKoNBgngAVE4H9REQtaLP1pa4TCyypHy1MWHT1mY= -github.com/projectdiscovery/retryablehttp-go v1.0.54 h1:lUmQA3obq3Ya3xU1vouKf+hVjbLFKzJCK6FcNKPZ8vQ= -github.com/projectdiscovery/retryablehttp-go v1.0.54/go.mod h1:J+pg00bYLEgWOZJISi16icHUDbsnkjnA1PmSa2kSMYs= +github.com/projectdiscovery/retryablehttp-go v1.0.55 h1:ADgugnl9jKkNXn5m/Zd8TGPq1P7GplYlqUNKm/qTmls= +github.com/projectdiscovery/retryablehttp-go v1.0.55/go.mod h1:Kpvh4ruFPOEPYaYxgbFmlvBJr4lJKqpcbGvx1j0r/Ng= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ= github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZAja8BH3LqqJXMA= From 9730de0f76d7303214b4262fe8e9f3af57ebb9f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 06:46:36 +0000 Subject: [PATCH 08/15] chore(deps): bump github.com/projectdiscovery/utils Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.87 to 0.0.88. - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.0.87...v0.0.88) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0cd8bdda..640ac59d 100644 --- a/go.mod +++ b/go.mod @@ -94,7 +94,7 @@ require ( github.com/projectdiscovery/tlsx v1.1.6 github.com/projectdiscovery/uncover v1.0.7 github.com/projectdiscovery/useragent v0.0.40 - github.com/projectdiscovery/utils v0.0.87 + github.com/projectdiscovery/utils v0.0.88 github.com/projectdiscovery/wappalyzergo v0.0.116 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 diff --git a/go.sum b/go.sum index 45b8d6fd..a9761c56 100644 --- a/go.sum +++ b/go.sum @@ -883,8 +883,8 @@ github.com/projectdiscovery/uncover v1.0.7 h1:ut+2lTuvmftmveqF5RTjMWAgyLj8ltPQC7 github.com/projectdiscovery/uncover v1.0.7/go.mod h1:HFXgm1sRPuoN0D4oATljPIdmbo/EEh1wVuxQqo/dwFE= github.com/projectdiscovery/useragent v0.0.40 h1:1LUhReSGPkhqsM5n40OOC9dIoNqMGs1dyGFJcOmg2Fo= github.com/projectdiscovery/useragent v0.0.40/go.mod h1:EvK1x3s948Gtqb/XOahXcauyejCL/rSgy5d1IAvsKT4= -github.com/projectdiscovery/utils v0.0.87 h1:9+RiTEhpUB/vk6XJUVpysNWJ2aCTD7WuyoyAcNnbIzk= -github.com/projectdiscovery/utils v0.0.87/go.mod h1:jGK450sL9AVDTjaPwEs9za8NVeEC9xE97IWNoK138kI= +github.com/projectdiscovery/utils v0.0.88 h1:oYfCXM+8VHNLyH/H6cOibkuDUwHUAOBAMRNPFX6NPrs= +github.com/projectdiscovery/utils v0.0.88/go.mod h1:lAWzFdGXtJRPKdhUu1Z46d8B8JbASTk1Z69WY6H/3kA= github.com/projectdiscovery/wappalyzergo v0.0.116 h1:xy+mBpwbYo/0PSzmJOQ/RXHomEh0D3nDBcbCxsW69m8= github.com/projectdiscovery/wappalyzergo v0.0.116/go.mod h1:hc/o+fgM8KtdpFesjfBTmHTwsR+yBd+4kYZW/DGy/x8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= From 2b7967c5ec03f57cd5884e49ec3587c284013229 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 06:46:57 +0000 Subject: [PATCH 09/15] chore(deps): bump github.com/projectdiscovery/fastdialer Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.64 to 0.0.66. - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.0.64...v0.0.66) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0cd8bdda..6a052b10 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.0.65 + github.com/projectdiscovery/fastdialer v0.0.66 github.com/projectdiscovery/hmap v0.0.41 github.com/projectdiscovery/interactsh v1.1.9 github.com/projectdiscovery/rawhttp v0.1.44 diff --git a/go.sum b/go.sum index 45b8d6fd..9a638fca 100644 --- a/go.sum +++ b/go.sum @@ -831,8 +831,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.0.51 h1:7OQPumOrrUCFnCA7Y0nchhPvRo3IJGMIJ2Oy4DVTQsc= github.com/projectdiscovery/dsl v0.0.51/go.mod h1:GYhusn+T9EL7t+iJ8zN/GXlp8ohLGU+Yv/nevAPlJZg= -github.com/projectdiscovery/fastdialer v0.0.65 h1:msvKVJyILtP04CXSgSEWv4rUVsk0CCd3xhauo+H82IU= -github.com/projectdiscovery/fastdialer v0.0.65/go.mod h1:wIE10NL7oa/zBCJfr1xAduv3q73aeuGbhfZ1Z8o4NUo= +github.com/projectdiscovery/fastdialer v0.0.66 h1:DRpmok9TArLyQKaSjRWSzikt2N2Qyzx/z0BmTmDyJvI= +github.com/projectdiscovery/fastdialer v0.0.66/go.mod h1:7uPrwFsIBhtUBkXd72K4VSo9lvcwqOzOGXIZ9UZXFYw= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= From b86fcb55465a92050dffd9465d62eef216c97bfb Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Mon, 8 Apr 2024 14:11:32 +0530 Subject: [PATCH 10/15] fix index out of range error (#4998) --- pkg/fuzz/dataformat/form.go | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/pkg/fuzz/dataformat/form.go b/pkg/fuzz/dataformat/form.go index ab335299..a8e59c0b 100644 --- a/pkg/fuzz/dataformat/form.go +++ b/pkg/fuzz/dataformat/form.go @@ -94,18 +94,33 @@ func (f *Form) Encode(data KV) (string, error) { } } } - data := make([]string, maxIndex+1) // Ensure the slice is large enough - for key, value := range v { - matches := reNormalized.FindStringSubmatch(key) - if len(matches) == 2 { - dataIdx, _ := strconv.Atoi(matches[1]) // Error already checked above - data[dataIdx-1] = value // Use dataIdx-1 since slice is 0-indexed + if maxIndex >= 0 { // Ensure the slice is only created if maxIndex is valid + data := make([]string, maxIndex+1) // Ensure the slice is large enough + for key, value := range v { + matches := reNormalized.FindStringSubmatch(key) + if len(matches) == 2 { + dataIdx, err := strconv.Atoi(matches[1]) // Error already checked above + if err != nil { + gologger.Verbose().Msgf("error converting data index to integer: %v", err) + continue + } + // Validate dataIdx to avoid index out of range errors + if dataIdx > 0 && dataIdx <= len(data) { + data[dataIdx-1] = value // Use dataIdx-1 since slice is 0-indexed + } else { + gologger.Verbose().Msgf("data index out of range: %d", dataIdx) + } + } + } + if len(params.Get(k)) > 0 { + data[maxIndex] = fmt.Sprint(params.Get(k)) // Use maxIndex which is the last index + } + // remove existing + params.Del(k) + if len(data) > 0 { + params.Add(k, data...) } } - data[maxIndex] = fmt.Sprint(params.Get(k)) // Use maxIndex which is the last index - // remove existing - params.Del(k) - params.Add(k, data...) } } From a844e6f7abf153bf46a48c86fa01217f767671a0 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Mon, 8 Apr 2024 16:04:57 +0530 Subject: [PATCH 11/15] feat: fixed bug due to parallel auto setting in http (#4992) * feat: fixed bug due to parallel auto setting in http * increased threshold --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> --- pkg/protocols/http/http.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pkg/protocols/http/http.go b/pkg/protocols/http/http.go index a8068584..261d3b56 100644 --- a/pkg/protocols/http/http.go +++ b/pkg/protocols/http/http.go @@ -20,6 +20,7 @@ import ( httputil "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils/http" "github.com/projectdiscovery/rawhttp" "github.com/projectdiscovery/retryablehttp-go" + "github.com/projectdiscovery/utils/env" fileutil "github.com/projectdiscovery/utils/file" ) @@ -440,7 +441,11 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error { request.Threads = protocolstate.GuardThreadsOrDefault(request.Threads) } // if we have payloads, adjust threads if none specified - request.Threads = options.GetThreadsForNPayloadRequests(request.Requests(), request.Threads) + // We only do this in case we have more payload requests than the + // specified concurrency threshold. + if request.generator.NewIterator().Total() > PayloadAutoConcurrencyThreshold { + request.Threads = options.GetThreadsForNPayloadRequests(request.Requests(), request.Threads) + } } return nil @@ -467,3 +472,11 @@ func (request *Request) Requests() int { } return len(request.Path) } + +// PayloadAutoConcurrencyThreshold is the threshold for auto adjusting concurrency +// for payloads in a template. +var PayloadAutoConcurrencyThreshold int + +func init() { + PayloadAutoConcurrencyThreshold = env.GetEnvOrDefault[int]("NUCLEI_PAYLOAD_AUTO_CONCURRENCY_THRESHOLD", 100) +} From f159e8fa665c5cf0793718b9e8a4bcda8d8b7256 Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Mon, 8 Apr 2024 22:21:26 +0530 Subject: [PATCH 12/15] fix dynamic extractor + payloads edgecase by sending req sequentially (#5016) * explicitly handle edgecase #4993 instead of hot fix * fix typo --- pkg/protocols/http/http.go | 42 +++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/pkg/protocols/http/http.go b/pkg/protocols/http/http.go index 261d3b56..b98fd917 100644 --- a/pkg/protocols/http/http.go +++ b/pkg/protocols/http/http.go @@ -9,6 +9,7 @@ import ( json "github.com/json-iterator/go" "github.com/pkg/errors" + "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/fuzz" "github.com/projectdiscovery/nuclei/v3/pkg/operators" "github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers" @@ -20,7 +21,6 @@ import ( httputil "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils/http" "github.com/projectdiscovery/rawhttp" "github.com/projectdiscovery/retryablehttp-go" - "github.com/projectdiscovery/utils/env" fileutil "github.com/projectdiscovery/utils/file" ) @@ -436,14 +436,32 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error { } } if len(request.Payloads) > 0 { - // specifically for http requests high concurrency and and threads will lead to memory exausthion, hence reduce the maximum parallelism - if protocolstate.IsLowOnMemory() { - request.Threads = protocolstate.GuardThreadsOrDefault(request.Threads) + // Due to a known issue (https://github.com/projectdiscovery/nuclei/issues/5015), + // dynamic extractors cannot be used with payloads. To address this, + // execution is handled by the standard engine without concurrency, + // achieved by setting the thread count to 0. + + // this limitation will be removed once we have a better way to handle dynamic extractors with payloads + hasMultipleRequests := false + if len(request.Raw)+len(request.Path) > 1 { + hasMultipleRequests = true } - // if we have payloads, adjust threads if none specified - // We only do this in case we have more payload requests than the - // specified concurrency threshold. - if request.generator.NewIterator().Total() > PayloadAutoConcurrencyThreshold { + // look for dynamic extractor ( internal: true with named extractor) + hasNamedInternalExtractor := false + for _, extractor := range request.Extractors { + if extractor.Internal && extractor.Name != "" { + hasNamedInternalExtractor = true + break + } + } + if hasNamedInternalExtractor && hasMultipleRequests { + gologger.Warning().Label(options.TemplateID).Msgf("Setting thread count to 0 because dynamic extractors are not supported with payloads yet") + request.Threads = 0 + } else { + // specifically for http requests high concurrency and and threads will lead to memory exausthion, hence reduce the maximum parallelism + if protocolstate.IsLowOnMemory() { + request.Threads = protocolstate.GuardThreadsOrDefault(request.Threads) + } request.Threads = options.GetThreadsForNPayloadRequests(request.Requests(), request.Threads) } } @@ -472,11 +490,3 @@ func (request *Request) Requests() int { } return len(request.Path) } - -// PayloadAutoConcurrencyThreshold is the threshold for auto adjusting concurrency -// for payloads in a template. -var PayloadAutoConcurrencyThreshold int - -func init() { - PayloadAutoConcurrencyThreshold = env.GetEnvOrDefault[int]("NUCLEI_PAYLOAD_AUTO_CONCURRENCY_THRESHOLD", 100) -} From 74dee426ed2f5c00c1d06003f05ee481aa96082f Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Tue, 9 Apr 2024 00:58:35 +0530 Subject: [PATCH 13/15] fuzz: fix missing expression evaluation before use (#5019) --- pkg/fuzz/execute.go | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go index 6e1a7a6a..c8054bf8 100644 --- a/pkg/fuzz/execute.go +++ b/pkg/fuzz/execute.go @@ -11,6 +11,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/retryablehttp-go" errorutil "github.com/projectdiscovery/utils/errors" @@ -100,8 +101,11 @@ func (rule *Rule) Execute(input *ExecuteRuleInput) (err error) { baseValues := input.Values if rule.generator == nil { for _, component := range finalComponentList { + // get vars from variables while replacing interactsh urls evaluatedValues, interactURLs := rule.options.Variables.EvaluateWithInteractsh(baseValues, rule.options.Interactsh) - input.Values = generators.MergeMaps(evaluatedValues, baseValues, rule.options.Constants) + input.Values = generators.MergeMaps(evaluatedValues, baseValues, rule.options.Options.Vars.AsMap(), rule.options.Constants) + // evaluate all vars with interactsh + input.Values, interactURLs = rule.evaluateVarsWithInteractsh(input.Values, interactURLs) input.InteractURLs = interactURLs err := rule.executeRuleValues(input, component) if err != nil { @@ -118,9 +122,12 @@ mainLoop: if !next { continue mainLoop } + // get vars from variables while replacing interactsh urls evaluatedValues, interactURLs := rule.options.Variables.EvaluateWithInteractsh(generators.MergeMaps(values, baseValues), rule.options.Interactsh) + input.Values = generators.MergeMaps(values, evaluatedValues, baseValues, rule.options.Options.Vars.AsMap(), rule.options.Constants) + // evaluate all vars with interactsh + input.Values, interactURLs = rule.evaluateVarsWithInteractsh(input.Values, interactURLs) input.InteractURLs = interactURLs - input.Values = generators.MergeMaps(values, evaluatedValues, baseValues, rule.options.Constants) if err := rule.executeRuleValues(input, component); err != nil { if err == io.EOF { @@ -134,6 +141,33 @@ mainLoop: return nil } +// evaluateVarsWithInteractsh evaluates the variables with Interactsh URLs and updates them accordingly. +func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, interactshUrls []string) (map[string]interface{}, []string) { + // Check if Interactsh options are configured + if rule.options.Interactsh != nil { + // Iterate through the data to replace and evaluate variables with Interactsh URLs + for k, v := range data { + // Replace variables with Interactsh URLs and collect new URLs + got, oastUrls := rule.options.Interactsh.Replace(fmt.Sprint(v), interactshUrls) + + // Append new OAST URLs if any + if len(oastUrls) > 0 { + interactshUrls = append(interactshUrls, oastUrls...) + } + // Evaluate the replaced data + evaluatedData, err := expressions.Evaluate(got, data) + if err == nil { + // Update the data if there is a change after evaluation + if evaluatedData != got { + data[k] = evaluatedData + } + } + } + } + // Return the updated data and Interactsh URLs without any error + return data, interactshUrls +} + // isInputURLValid returns true if url is valid after parsing it func (rule *Rule) isInputURLValid(input *contextargs.Context) bool { if input == nil || input.MetaInput == nil || input.MetaInput.Input == "" { From 1ed3213565c53b06419116890e66f9d6ec8fc80d Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Tue, 9 Apr 2024 01:02:11 +0530 Subject: [PATCH 14/15] version update --- pkg/catalog/config/constants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/catalog/config/constants.go b/pkg/catalog/config/constants.go index 9c1bacdc..3dca0be6 100644 --- a/pkg/catalog/config/constants.go +++ b/pkg/catalog/config/constants.go @@ -31,7 +31,7 @@ const ( CLIConfigFileName = "config.yaml" ReportingConfigFilename = "reporting-config.yaml" // Version is the current version of nuclei - Version = `v3.2.3` + Version = `v3.2.4` // Directory Names of custom templates CustomS3TemplatesDirName = "s3" CustomGitHubTemplatesDirName = "github" From 375d1ddcde85d79eaf25097a4d23ae0306cd1d3f Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Tue, 9 Apr 2024 02:09:44 +0530 Subject: [PATCH 15/15] fix missing port in javascript result (#5023) * add ip support in js output * js: if dialed ip is missing resolve and get first ip * ssl: fix incorrect port in output --- pkg/protocols/common/protocolstate/state.go | 3 ++ pkg/protocols/javascript/js.go | 42 +++++++++++++++++++++ pkg/protocols/ssl/ssl.go | 4 ++ 3 files changed, 49 insertions(+) diff --git a/pkg/protocols/common/protocolstate/state.go b/pkg/protocols/common/protocolstate/state.go index 09d1a66e..e6bacb49 100644 --- a/pkg/protocols/common/protocolstate/state.go +++ b/pkg/protocols/common/protocolstate/state.go @@ -132,6 +132,9 @@ func Init(options *types.Options) error { opts.WithDialerHistory = true opts.SNIName = options.SNI + // this instance is used in javascript protocol libraries and + // dial history is required to get dialed ip of a host + opts.WithDialerHistory = true // fastdialer now by default fallbacks to ztls when there are tls related errors dialer, err := fastdialer.NewDialer(opts) diff --git a/pkg/protocols/javascript/js.go b/pkg/protocols/javascript/js.go index fc324869..dee3ff35 100644 --- a/pkg/protocols/javascript/js.go +++ b/pkg/protocols/javascript/js.go @@ -27,11 +27,13 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/eventcreator" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils" templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types" "github.com/projectdiscovery/nuclei/v3/pkg/types" errorutil "github.com/projectdiscovery/utils/errors" + iputil "github.com/projectdiscovery/utils/ip" urlutil "github.com/projectdiscovery/utils/url" "github.com/remeh/sizedwaitgroup" ) @@ -520,6 +522,46 @@ func (request *Request) executeRequestWithPayloads(hostPort string, input *conte data["stop-at-first-match"] = true } + // add ip address to data + if input.MetaInput.CustomIP != "" { + data["ip"] = input.MetaInput.CustomIP + } else { + // context: https://github.com/projectdiscovery/nuclei/issues/5021 + hostname := input.MetaInput.Input + if strings.Contains(hostname, ":") { + host, _, err := net.SplitHostPort(hostname) + if err == nil { + hostname = host + } else { + // naive way + if !strings.Contains(hostname, "]") { + hostname = hostname[:strings.LastIndex(hostname, ":")] + } + } + } + data["ip"] = protocolstate.Dialer.GetDialedIP(hostname) + // if input itself was an ip, use it + if iputil.IsIP(hostname) { + data["ip"] = hostname + } + + // if ip is not found,this is because ssh and other protocols do not use fastdialer + // although its not perfect due to its use case dial and get ip + dnsData, err := protocolstate.Dialer.GetDNSData(hostname) + if err == nil { + for _, v := range dnsData.A { + data["ip"] = v + break + } + if data["ip"] == "" { + for _, v := range dnsData.AAAA { + data["ip"] = v + break + } + } + } + } + // add and get values from templatectx request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), data) data = generators.MergeMaps(data, request.options.GetTemplateCtx(input.MetaInput).GetAll()) diff --git a/pkg/protocols/ssl/ssl.go b/pkg/protocols/ssl/ssl.go index 9b185a4f..49d612b8 100644 --- a/pkg/protocols/ssl/ssl.go +++ b/pkg/protocols/ssl/ssl.go @@ -282,6 +282,7 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicVa } else { data["ip"] = request.dialer.GetDialedIP(hostname) } + data["Port"] = port data["template-path"] = requestOptions.TemplatePath data["template-id"] = requestOptions.TemplateID data["template-info"] = requestOptions.TemplateInfo @@ -405,6 +406,9 @@ func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent if fields.Port == "80" { fields.Port = "443" } + if types.ToString(wrapped.InternalEvent["Port"]) != "" { + fields.Port = types.ToString(wrapped.InternalEvent["Port"]) + } data := &output.ResultEvent{ TemplateID: types.ToString(wrapped.InternalEvent["template-id"]), TemplatePath: types.ToString(wrapped.InternalEvent["template-path"]),