mirror of https://github.com/daffainfo/nuclei.git
commit
ece56ea39d
|
@ -251,7 +251,7 @@ The internal logics for matching and extracting for things like words, regexes,
|
|||
|
||||
### Template Execution
|
||||
|
||||
`pkg/core` provides the engine mechanism which runs the templates/workflows on inputs. It exposes an `Execute` function which does the task of execution while also doing template clustring. The clustering can also be disbled optionally by the user.
|
||||
`pkg/core` provides the engine mechanism which runs the templates/workflows on inputs. It exposes an `Execute` function which does the task of execution while also doing template clustering. The clustering can also be disabled optionally by the user.
|
||||
|
||||
An example of using the core engine is provided below.
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/utils"
|
||||
)
|
||||
|
||||
|
@ -58,7 +59,7 @@ func getRemoteTemplatesAndWorkflows(templateURLs, workflowURLs, remoteTemplateDo
|
|||
}
|
||||
|
||||
func getRemoteContent(URL string, remoteTemplateDomainList []string, remoteContentChannel chan<- RemoteContent, contentType ContentType) {
|
||||
if err := validateRemoteRemplateURL(URL, remoteTemplateDomainList); err != nil {
|
||||
if err := validateRemoteTemplateURL(URL, remoteTemplateDomainList); err != nil {
|
||||
remoteContentChannel <- RemoteContent{
|
||||
Error: err,
|
||||
}
|
||||
|
@ -94,7 +95,7 @@ func getRemoteContent(URL string, remoteTemplateDomainList []string, remoteConte
|
|||
continue
|
||||
}
|
||||
if utils.IsURL(text) {
|
||||
if err := validateRemoteRemplateURL(text, remoteTemplateDomainList); err != nil {
|
||||
if err := validateRemoteTemplateURL(text, remoteTemplateDomainList); err != nil {
|
||||
remoteContentChannel <- RemoteContent{
|
||||
Error: err,
|
||||
}
|
||||
|
@ -117,7 +118,7 @@ func getRemoteContent(URL string, remoteTemplateDomainList []string, remoteConte
|
|||
}
|
||||
}
|
||||
|
||||
func validateRemoteRemplateURL(inputURL string, remoteTemplateDomainList []string) error {
|
||||
func validateRemoteTemplateURL(inputURL string, remoteTemplateDomainList []string) error {
|
||||
parsedURL, err := url.Parse(inputURL)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -48,8 +48,8 @@ func (c *Catalog) ResolvePath(templateName, second string) (string, error) {
|
|||
var errNoValidCombination = errors.New("no valid combination found")
|
||||
|
||||
// tryResolve attempts to load locate the target by iterating across all the folders tree
|
||||
func (c *Catalog) tryResolve(fullpath string) (string, error) {
|
||||
dir, filename := filepath.Split(fullpath)
|
||||
func (c *Catalog) tryResolve(fullPath string) (string, error) {
|
||||
dir, filename := filepath.Split(fullPath)
|
||||
pathInfo, err := folderutil.NewPathInfo(dir)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
|
@ -11,7 +11,7 @@ import (
|
|||
// concurrency values per protocol executed.
|
||||
//
|
||||
// The engine does most of the heavy lifting of execution, from clustering
|
||||
// templates to leading to the final execution by the workpool, it is
|
||||
// templates to leading to the final execution by the work pool, it is
|
||||
// handled by the engine.
|
||||
type Engine struct {
|
||||
workPool *WorkPool
|
||||
|
|
|
@ -150,7 +150,7 @@ func (e *Engine) executeModelWithInput(templateType types.ProtocolType, template
|
|||
})
|
||||
wg.WaitGroup.Wait()
|
||||
|
||||
// on completition marks the template as completed
|
||||
// on completion marks the template as completed
|
||||
currentInfo.Lock()
|
||||
currentInfo.Completed = true
|
||||
currentInfo.Unlock()
|
||||
|
|
|
@ -26,7 +26,7 @@ type Request struct {
|
|||
// in nuclei.
|
||||
// examples:
|
||||
// - value: '[]string{".avi", ".mov", ".mp3"}'
|
||||
DenyList []string `yaml:"denylist,omitempty" jsonschema:"title=denylist, directories and extentions to deny match,description=List of files, directories and extensions to deny during matching"`
|
||||
DenyList []string `yaml:"denylist,omitempty" jsonschema:"title=denylist, directories and extensions to deny match,description=List of files, directories and extensions to deny during matching"`
|
||||
|
||||
// ID is the optional id of the request
|
||||
ID string `yaml:"id,omitempty" jsonschema:"title=id of the request,description=ID is the optional ID for the request"`
|
||||
|
|
|
@ -53,7 +53,7 @@ var RequestPartDefinitions = map[string]string{
|
|||
"matched": "Matched is the input which was matched upon",
|
||||
"type": "Type is the type of request made",
|
||||
"req": "Headless request made from the client",
|
||||
"resp,body,data": "Headless response recieved from client (default)",
|
||||
"resp,body,data": "Headless response received from client (default)",
|
||||
}
|
||||
|
||||
// Step is a headless protocol request step.
|
||||
|
|
|
@ -186,7 +186,7 @@ var RequestPartDefinitions = map[string]string{
|
|||
"matched": "Matched is the input which was matched upon",
|
||||
"type": "Type is the type of request made",
|
||||
"request": "HTTP request made from the client",
|
||||
"response": "HTTP response recieved from server",
|
||||
"response": "HTTP response received from server",
|
||||
"status_code": "Status Code received from the Server",
|
||||
"body": "HTTP response body received from server (default)",
|
||||
"content_length": "HTTP Response content length",
|
||||
|
|
|
@ -656,7 +656,7 @@ func (request *Request) pruneSignatureInternalValues(maps ...map[string]interfac
|
|||
var signatureFieldsToSkip map[string]interface{}
|
||||
switch request.Signature.Value {
|
||||
case AWSSignature:
|
||||
signatureFieldsToSkip = signer.AwsInternaOnlyVars
|
||||
signatureFieldsToSkip = signer.AwsInternalOnlyVars
|
||||
default:
|
||||
return
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
|
||||
"github.com/alecthomas/jsonschema"
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/signer"
|
||||
)
|
||||
|
||||
|
@ -84,7 +85,7 @@ func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error) {
|
|||
return holder.Value.String(), nil
|
||||
}
|
||||
|
||||
var ErrNoIgnoreList = errors.New("uknown signature types")
|
||||
var ErrNoIgnoreList = errors.New("unknown signature types")
|
||||
|
||||
// GetVariablesNamesSkipList depending on the signature type
|
||||
func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{} {
|
||||
|
|
|
@ -139,7 +139,7 @@ var AwsDefaultVars = map[string]interface{}{
|
|||
"region": "us-east-2",
|
||||
}
|
||||
|
||||
var AwsInternaOnlyVars = map[string]interface{}{
|
||||
var AwsInternalOnlyVars = map[string]interface{}{
|
||||
"aws-id": struct{}{},
|
||||
"aws-secret": struct{}{},
|
||||
}
|
||||
|
|
|
@ -87,7 +87,7 @@ var RequestPartDefinitions = map[string]string{
|
|||
"matched": "Matched is the input which was matched upon",
|
||||
"type": "Type is the type of request made",
|
||||
"request": "Network request made from the client",
|
||||
"body,all,data": "Network response recieved from server (default)",
|
||||
"body,all,data": "Network response received from server (default)",
|
||||
"raw": "Full Network protocol data",
|
||||
}
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ var RequestPartDefinitions = map[string]string{
|
|||
"matched": "Matched is the input which was matched upon",
|
||||
"type": "Type is the type of request made",
|
||||
"request": "HTTP request made from the client",
|
||||
"response": "HTTP response recieved from server",
|
||||
"response": "HTTP response received from server",
|
||||
"status_code": "Status Code received from the Server",
|
||||
"body": "HTTP response body received from server (default)",
|
||||
"content_length": "HTTP Response content length",
|
||||
|
|
|
@ -365,7 +365,7 @@ var RequestPartDefinitions = map[string]string{
|
|||
"type": "Type is the type of request made",
|
||||
"success": "Success specifies whether websocket connection was successful",
|
||||
"request": "Websocket request made to the server",
|
||||
"response": "Websocket response recieved from the server",
|
||||
"response": "Websocket response received from the server",
|
||||
"host": "Host is the input to the template",
|
||||
"matched": "Matched is the input which was matched upon",
|
||||
}
|
||||
|
|
|
@ -3,9 +3,10 @@ package gitlab
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/xanzy/go-gitlab"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/output"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/reporting/format"
|
||||
"github.com/xanzy/go-gitlab"
|
||||
)
|
||||
|
||||
// Integration is a client for an issue tracker integration
|
||||
|
@ -62,12 +63,12 @@ func (i *Integration) CreateIssue(event *output.ResultEvent) error {
|
|||
labels = append(labels, label)
|
||||
}
|
||||
customLabels := gitlab.Labels(labels)
|
||||
assigneIDs := []int{i.userID}
|
||||
assigneeIDs := []int{i.userID}
|
||||
_, _, err := i.client.Issues.CreateIssue(i.options.ProjectName, &gitlab.CreateIssueOptions{
|
||||
Title: &summary,
|
||||
Description: &description,
|
||||
Labels: &customLabels,
|
||||
AssigneeIDs: &assigneIDs,
|
||||
AssigneeIDs: &assigneeIDs,
|
||||
})
|
||||
|
||||
return err
|
||||
|
|
|
@ -59,7 +59,7 @@ func Cluster(list map[string]*Template) [][]*Template {
|
|||
return final
|
||||
}
|
||||
|
||||
// ClusterID transforms clusterization into a matemathical hash repetible across executions with the same templates
|
||||
// ClusterID transforms clusterization into a mathematical hash repeatable across executions with the same templates
|
||||
func ClusterID(templates []*Template) string {
|
||||
allIDS := make([]string, len(templates))
|
||||
for tplIndex, tpl := range templates {
|
||||
|
|
|
@ -353,7 +353,7 @@ func init() {
|
|||
},
|
||||
{
|
||||
Key: "response",
|
||||
Value: "HTTP response recieved from server",
|
||||
Value: "HTTP response received from server",
|
||||
},
|
||||
{
|
||||
Key: "status_code",
|
||||
|
@ -1252,7 +1252,7 @@ func init() {
|
|||
},
|
||||
{
|
||||
Key: "body,all,data",
|
||||
Value: "Network response recieved from server (default)",
|
||||
Value: "Network response received from server (default)",
|
||||
},
|
||||
{
|
||||
Key: "raw",
|
||||
|
@ -1424,7 +1424,7 @@ func init() {
|
|||
},
|
||||
{
|
||||
Key: "resp,body,data",
|
||||
Value: "Headless response recieved from client (default)",
|
||||
Value: "Headless response received from client (default)",
|
||||
},
|
||||
}
|
||||
HEADLESSRequestDoc.Fields = make([]encoder.Doc, 7)
|
||||
|
@ -1649,7 +1649,7 @@ func init() {
|
|||
},
|
||||
{
|
||||
Key: "response",
|
||||
Value: "Websocket response recieved from the server",
|
||||
Value: "Websocket response received from the server",
|
||||
},
|
||||
{
|
||||
Key: "host",
|
||||
|
|
|
@ -30,7 +30,7 @@ type ResumeInfo struct {
|
|||
Completed bool `json:"completed"`
|
||||
InFlight map[uint32]struct{} `json:"inFlight"`
|
||||
SkipUnder uint32 `json:"-"`
|
||||
Repaet map[uint32]struct{} `json:"-"`
|
||||
Repeat map[uint32]struct{} `json:"-"`
|
||||
DoAbove uint32 `json:"-"`
|
||||
}
|
||||
|
||||
|
@ -70,9 +70,9 @@ func (resumeCfg *ResumeCfg) Compile() {
|
|||
}
|
||||
}
|
||||
// maybe redundant but ensures we track the indexes to be repeated
|
||||
resumeInfo.Repaet = map[uint32]struct{}{}
|
||||
resumeInfo.Repeat = map[uint32]struct{}{}
|
||||
for index := range resumeInfo.InFlight {
|
||||
resumeInfo.Repaet[index] = struct{}{}
|
||||
resumeInfo.Repeat[index] = struct{}{}
|
||||
}
|
||||
resumeInfo.SkipUnder = min
|
||||
resumeInfo.DoAbove = max
|
||||
|
|
Loading…
Reference in New Issue