readme update

2022-02-22 15:23:47 +05:30 · 2022-02-22 15:23:47 +05:30 · cedb1f45f7
parent 9498692046
commit cedb1f45f7
2 changed files with 48 additions and 47 deletions
--- a/README.md
+++ b/README.md
@ -98,27 +98,27 @@ TARGET:
   -resume               Resume scan using resume.cfg (clustering will be disabled)

 TEMPLATES:
-   -t, -templates string[]      template or template directory paths to include in the scan
-   -tu, -template-url string[]  URL containing list of templates to run
   -nt, -new-templates          run only new templates added in latest nuclei-templates release
-   -w, -workflows string[]      workflow or workflow directory paths to include in the scan
-   -wu, -workflow-url string[]  URL containing list of workflows to run
+   -t, -templates string[]      list of template or template directory to run (comma-separated, file)
+   -tu, -template-url string[]  list of template urls to run (comma-separated, file)
+   -w, -workflows string[]      list of workflow or workflow directory to run (comma-separated, file)
+   -wu, -workflow-url string[]  list of workflow urls to run (comma-separated, file)
   -validate                    validate the passed templates to nuclei
   -tl                          list all available templates

 FILTERING:
-   -tags string[]                    execute a subset of templates that contain the provided tags
-   -itags, -include-tags string[]    tags from the default deny list that permit executing more intrusive templates
-   -etags, -exclude-tags string[]    exclude templates with the provided tags
+   -a, -author string[]              templates to run based on authors (comma-separated, file)
+   -tags string[]                    templates to run based on tags (comma-separated, file)
+   -etags, -exclude-tags string[]    templates to exclude based on tags (comma-separated, file)
+   -itags, -include-tags string[]    tags to be executed even if they are excluded either by default or configuration
+   -id, -template-id string[]        templates to run based on template ids (comma-separated, file)
+   -eid, -exclude-id string[]        templates to exclude based on template ids (comma-separated, file)
   -it, -include-templates string[]  templates to be executed even if they are excluded either by default or configuration
-   -et, -exclude-templates string[]  template or template directory paths to exclude
-   -s, -severity value[]             Templates to run based on severity. Possible values: info, low, medium, high, critical
-   -es, -exclude-severity value[]    Templates to exclude based on severity. Possible values: info, low, medium, high, critical
-   -pt, -type value[]                protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-   -ept, -exclude-type value[]       protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
-   -a, -author string[]              execute templates that are (co-)created by the specified authors
-   -id, -template-id string[]        List of template IDs to run (comma-separated, file)
-   -eid, -exclude-id string[]        List of template IDs to exclude (comma-separated, file)
+   -et, -exclude-templates string[]  template or template directory to exclude (comma-separated, file)
+   -s, -severity value[]             templates to run based on severity. Possible values: info, low, medium, high, critical
+   -es, -exclude-severity value[]    templates to exclude based on severity. Possible values: info, low, medium, high, critical
+   -pt, -type value[]                templates to run based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
+   -ept, -exclude-type value[]       templates to exclude based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois

 OUTPUT:
   -o, -output string            output file to write found issues/vulnerabilities
@ -126,10 +126,10 @@ OUTPUT:
   -nc, -no-color                disable output content coloring (ANSI escape codes)
   -json                         write output in JSONL(ines) format
   -irr, -include-rr             include request/response pairs in the JSONL output (for findings only)
-   -nm, -no-meta                 don't display match metadata
-   -nts, -no-timestamp           don't display timestamp metadata in CLI output
-   -rdb, -report-db string       local nuclei reporting database (always use this to persist report data)
-   -ms, -matcher-status          show optional match failure status
+   -nm, -no-meta                 disable printing result metadata in cli output
+   -nts, -no-timestamp           disable printing timestamp in cli output
+   -rdb, -report-db string       nuclei reporting database (always use this to persist report data)
+   -ms, -matcher-status          display match failure status
   -me, -markdown-export string  directory to export results in markdown format
   -se, -sarif-export string     file to export results in SARIF format

@ -165,13 +165,14 @@ RATE-LIMIT:
   -hc, -headless-concurrency int  maximum number of headless templates to be executed in parallel (default 10)

 OPTIMIZATIONS:
-   -timeout int               time to wait in seconds before timeout (default 5)
-   -retries int               number of times to retry a failed request (default 1)
-   -mhe, -max-host-error int  max errors for a host before skipping from scan (default 30)
-   -project                   use a project folder to avoid sending same request multiple times
-   -project-path string       set a specific project path
-   -spm, -stop-at-first-path  stop processing HTTP requests after the first match (may break template/workflow logic)
-   -stream                    Stream mode - start elaborating without sorting the input
+   -timeout int                time to wait in seconds before timeout (default 5)
+   -retries int                number of times to retry a failed request (default 1)
+   -ldp, -leave-default-ports  leave default HTTP/HTTPS ports (eg. host:80,host:443
+   -mhe, -max-host-error int   max errors for a host before skipping from scan (default 30)
+   -project                    use a project folder to avoid sending same request multiple times
+   -project-path string        set a specific project path
+   -spm, -stop-at-first-path   stop processing HTTP requests after the first match (may break template/workflow logic)
+   -stream                     stream mode - start elaborating without sorting the input

 HEADLESS:
   -headless            enable templates that require headless browser support (root user on linux will disable sandbox)
--- a/v2/cmd/nuclei/main.go
+++ b/v2/cmd/nuclei/main.go
@ -88,29 +88,29 @@ on extensive configurability, massive extensibility and ease of use.`)
 	)

 	createGroup(flagSet, "templates", "Templates",
-		flagSet.FileNormalizedStringSliceVarP(&options.Templates, "templates", "t", []string{}, "template or template directory paths to include in the scan"),
-		flagSet.FileNormalizedStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "URL containing list of templates to run"),
 		flagSet.BoolVarP(&options.NewTemplates, "new-templates", "nt", false, "run only new templates added in latest nuclei-templates release"),
-		flagSet.FileNormalizedStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "workflow or workflow directory paths to include in the scan"),
-		flagSet.FileNormalizedStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "URL containing list of workflows to run"),
+		flagSet.FileNormalizedStringSliceVarP(&options.Templates, "templates", "t", []string{}, "list of template or template directory to run (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "list of template urls to run (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "list of workflow or workflow directory to run (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "list of workflow urls to run (comma-separated, file)"),
 		flagSet.BoolVar(&options.Validate, "validate", false, "validate the passed templates to nuclei"),
 		flagSet.BoolVar(&options.TemplateList, "tl", false, "list all available templates"),
 		flagSet.StringSliceVarConfigOnly(&options.RemoteTemplateDomainList, "remote-template-domain", []string{"api.nuclei.sh"}, "allowed domain list to load remote templates from"),
 	)

 	createGroup(flagSet, "filters", "Filtering",
-		flagSet.FileNormalizedStringSliceVar(&options.Tags, "tags", []string{}, "execute a subset of templates that contain the provided tags"),
-		flagSet.FileNormalizedStringSliceVarP(&options.IncludeTags, "include-tags", "itags", []string{}, "tags from the default deny list that permit executing more intrusive templates"), // TODO show default deny list
-		flagSet.FileNormalizedStringSliceVarP(&options.ExcludeTags, "exclude-tags", "etags", []string{}, "exclude templates with the provided tags"),
+		flagSet.FileNormalizedStringSliceVarP(&options.Authors, "author", "a", []string{}, "templates to run based on authors (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVar(&options.Tags, "tags", []string{}, "templates to run based on tags (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.ExcludeTags, "exclude-tags", "etags", []string{}, "templates to exclude based on tags (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.IncludeTags, "include-tags", "itags", []string{}, "tags to be executed even if they are excluded either by default or configuration"), // TODO show default deny list
+		flagSet.FileNormalizedStringSliceVarP(&options.IncludeIds, "template-id", "id", []string{}, "templates to run based on template ids (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.ExcludeIds, "exclude-id", "eid", []string{}, "templates to exclude based on template ids (comma-separated, file)"),
 		flagSet.FileNormalizedStringSliceVarP(&options.IncludeTemplates, "include-templates", "it", []string{}, "templates to be executed even if they are excluded either by default or configuration"),
-		flagSet.FileNormalizedStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory paths to exclude"),
-		flagSet.VarP(&options.Severities, "severity", "s", fmt.Sprintf("Templates to run based on severity. Possible values: %s", severity.GetSupportedSeverities().String())),
-		flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("Templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())),
-		flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("protocol types to be executed. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
-		flagSet.VarP(&options.ExcludeProtocols, "exclude-type", "ept", fmt.Sprintf("protocol types to not be executed. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
-		flagSet.FileNormalizedStringSliceVarP(&options.Authors, "author", "a", []string{}, "execute templates that are (co-)created by the specified authors"),
-		flagSet.FileNormalizedStringSliceVarP(&options.IncludeIds, "template-id", "id", []string{}, "List of template IDs to run (comma-separated, file)"),
-		flagSet.FileNormalizedStringSliceVarP(&options.ExcludeIds, "exclude-id", "eid", []string{}, "List of template IDs to exclude (comma-separated, file)"),
+		flagSet.FileNormalizedStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory to exclude (comma-separated, file)"),
+		flagSet.VarP(&options.Severities, "severity", "s", fmt.Sprintf("templates to run based on severity. Possible values: %s", severity.GetSupportedSeverities().String())),
+		flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())),
+		flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("templates to run based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
+		flagSet.VarP(&options.ExcludeProtocols, "exclude-type", "ept", fmt.Sprintf("templates to exclude based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())),
 	)

 	createGroup(flagSet, "output", "Output",
@ -119,10 +119,10 @@ on extensive configurability, massive extensibility and ease of use.`)
 		flagSet.BoolVarP(&options.NoColor, "no-color", "nc", false, "disable output content coloring (ANSI escape codes)"),
 		flagSet.BoolVar(&options.JSON, "json", false, "write output in JSONL(ines) format"),
 		flagSet.BoolVarP(&options.JSONRequests, "include-rr", "irr", false, "include request/response pairs in the JSONL output (for findings only)"),
-		flagSet.BoolVarP(&options.NoMeta, "no-meta", "nm", false, "don't display match metadata"),
-		flagSet.BoolVarP(&options.NoTimestamp, "no-timestamp", "nts", false, "don't display timestamp metadata in CLI output"),
-		flagSet.StringVarP(&options.ReportingDB, "report-db", "rdb", "", "local nuclei reporting database (always use this to persist report data)"),
-		flagSet.BoolVarP(&options.MatcherStatus, "matcher-status", "ms", false, "show optional match failure status"),
+		flagSet.BoolVarP(&options.NoMeta, "no-meta", "nm", false, "disable printing result metadata in cli output"),
+		flagSet.BoolVarP(&options.NoTimestamp, "no-timestamp", "nts", false, "disable printing timestamp in cli output"),
+		flagSet.StringVarP(&options.ReportingDB, "report-db", "rdb", "", "nuclei reporting database (always use this to persist report data)"),
+		flagSet.BoolVarP(&options.MatcherStatus, "matcher-status", "ms", false, "display match failure status"),
 		flagSet.StringVarP(&options.MarkdownExportDirectory, "markdown-export", "me", "", "directory to export results in markdown format"),
 		flagSet.StringVarP(&options.SarifExport, "sarif-export", "se", "", "file to export results in SARIF format"),
 	)
@ -164,12 +164,12 @@ on extensive configurability, massive extensibility and ease of use.`)
 	createGroup(flagSet, "optimization", "Optimizations",
 		flagSet.IntVar(&options.Timeout, "timeout", 5, "time to wait in seconds before timeout"),
 		flagSet.IntVar(&options.Retries, "retries", 1, "number of times to retry a failed request"),
-		flagSet.BoolVarP(&options.LeaveDefaultPorts, "leave-default-ports", "ldp", false, "Leave default HTTP/HTTPS ports (eg. host:80,host:443"),
+		flagSet.BoolVarP(&options.LeaveDefaultPorts, "leave-default-ports", "ldp", false, "leave default HTTP/HTTPS ports (eg. host:80,host:443"),
 		flagSet.IntVarP(&options.MaxHostError, "max-host-error", "mhe", 30, "max errors for a host before skipping from scan"),
 		flagSet.BoolVar(&options.Project, "project", false, "use a project folder to avoid sending same request multiple times"),
 		flagSet.StringVar(&options.ProjectPath, "project-path", os.TempDir(), "set a specific project path"),
 		flagSet.BoolVarP(&options.StopAtFirstMatch, "stop-at-first-path", "spm", false, "stop processing HTTP requests after the first match (may break template/workflow logic)"),
-		flagSet.BoolVar(&options.Stream, "stream", false, "Stream mode - start elaborating without sorting the input"),
+		flagSet.BoolVar(&options.Stream, "stream", false, "stream mode - start elaborating without sorting the input"),
 	)

 	createGroup(flagSet, "headless", "Headless",