From 845bae5c328d7ea52e8c052d1cfde612390faf9e Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 5 Feb 2022 15:00:13 +0000 Subject: [PATCH] Auto Generate Syntax Docs + JSONSchema [Sat Feb 5 15:00:13 UTC 2022] :robot: --- SYNTAX-REFERENCE.md | 35 ++++++++++++++++++++++ nuclei-jsonschema.json | 15 ++++++++++ v2/pkg/templates/templates_doc.go | 50 ++++++++++++++++++++----------- 3 files changed, 82 insertions(+), 18 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index 0f881d65..c66a5e85 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -2092,6 +2092,8 @@ Appears in: - network.Request.attack +- headless.Request.attack + - websocket.Request.attack @@ -3136,6 +3138,39 @@ ID is the optional id of the request
+attack generators.AttackTypeHolder + +
+
+ +Attack is the type of payload combinations to perform. + +Batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ steps []engine.Action
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index 06eda52a..a964954d 100755 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -502,6 +502,21 @@ "title": "id of the request", "description": "Optional ID of the headless request" }, + "attack": { + "$ref": "#/definitions/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "patternProperties": { + ".*": { + "additionalProperties": true + } + }, + "type": "object", + "title": "payloads for the headless request", + "description": "Payloads contains any payloads for the current request" + }, "steps": { "items": { "$schema": "http://json-schema.org/draft-04/schema#", diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 2c1c7205..73bd0a76 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -879,6 +879,10 @@ func init() { TypeName: "network.Request", FieldName: "attack", }, + { + TypeName: "headless.Request", + FieldName: "attack", + }, { TypeName: "websocket.Request", FieldName: "attack", @@ -1423,33 +1427,43 @@ func init() { Value: "Headless response recieved from client (default)", }, } - HEADLESSRequestDoc.Fields = make([]encoder.Doc, 5) + HEADLESSRequestDoc.Fields = make([]encoder.Doc, 7) HEADLESSRequestDoc.Fields[0].Name = "id" HEADLESSRequestDoc.Fields[0].Type = "string" HEADLESSRequestDoc.Fields[0].Note = "" HEADLESSRequestDoc.Fields[0].Description = "ID is the optional id of the request" HEADLESSRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the optional id of the request" - HEADLESSRequestDoc.Fields[1].Name = "steps" - HEADLESSRequestDoc.Fields[1].Type = "[]engine.Action" + HEADLESSRequestDoc.Fields[1].Name = "attack" + HEADLESSRequestDoc.Fields[1].Type = "generators.AttackTypeHolder" HEADLESSRequestDoc.Fields[1].Note = "" - HEADLESSRequestDoc.Fields[1].Description = "Steps is the list of actions to run for headless request" - HEADLESSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Steps is the list of actions to run for headless request" - HEADLESSRequestDoc.Fields[2].Name = "matchers" - HEADLESSRequestDoc.Fields[2].Type = "[]matchers.Matcher" + HEADLESSRequestDoc.Fields[1].Description = "Attack is the type of payload combinations to perform.\n\nBatteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + HEADLESSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + HEADLESSRequestDoc.Fields[2].Name = "payloads" + HEADLESSRequestDoc.Fields[2].Type = "map[string]interface{}" HEADLESSRequestDoc.Fields[2].Note = "" - HEADLESSRequestDoc.Fields[2].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." - HEADLESSRequestDoc.Fields[2].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" - HEADLESSRequestDoc.Fields[3].Name = "extractors" - HEADLESSRequestDoc.Fields[3].Type = "[]extractors.Extractor" + HEADLESSRequestDoc.Fields[2].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + HEADLESSRequestDoc.Fields[2].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." + HEADLESSRequestDoc.Fields[3].Name = "steps" + HEADLESSRequestDoc.Fields[3].Type = "[]engine.Action" HEADLESSRequestDoc.Fields[3].Note = "" - HEADLESSRequestDoc.Fields[3].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." - HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" - HEADLESSRequestDoc.Fields[4].Name = "matchers-condition" - HEADLESSRequestDoc.Fields[4].Type = "string" + HEADLESSRequestDoc.Fields[3].Description = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment] = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[4].Name = "matchers" + HEADLESSRequestDoc.Fields[4].Type = "[]matchers.Matcher" HEADLESSRequestDoc.Fields[4].Note = "" - HEADLESSRequestDoc.Fields[4].Description = "MatchersCondition is the condition between the matchers. Default is OR." - HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." - HEADLESSRequestDoc.Fields[4].Values = []string{ + HEADLESSRequestDoc.Fields[4].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HEADLESSRequestDoc.Fields[5].Name = "extractors" + HEADLESSRequestDoc.Fields[5].Type = "[]extractors.Extractor" + HEADLESSRequestDoc.Fields[5].Note = "" + HEADLESSRequestDoc.Fields[5].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HEADLESSRequestDoc.Fields[5].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HEADLESSRequestDoc.Fields[6].Name = "matchers-condition" + HEADLESSRequestDoc.Fields[6].Type = "string" + HEADLESSRequestDoc.Fields[6].Note = "" + HEADLESSRequestDoc.Fields[6].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[6].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[6].Values = []string{ "and", "or", }