Ice3man
7e209dad01
Added multi-protocol requests support for templates ( #2611 )
2022-09-16 23:10:39 +05:30
Sajad
5377ee3f36
add proxy support at dialer level ( #2549 )
...
* add proxy support at dailer level
* add forward dialer to proxy
2022-09-16 21:36:17 +05:30
Sami
f3eb0daa39
additional dsl functions ( #2550 )
...
* additional dsl functions
* avoid conversion at each iteration
2022-09-08 14:25:34 +05:30
Mzack9999
7ce03bcc5b
Optional use of local chrome for headless tests via tags ( #2568 )
2022-09-07 16:09:22 +05:30
forgedhallpass
fc0763641f
New dsl functions ( #2545 )
...
* Update GO version to 1.18
* Removed redundant entry from the .gitignore file
* Added new DSL functions
to_unix_time(input string, optionalLayout string) int64
hex_to_dec(input string) float64
oct_to_dec(input string|number) float64
bin_to_dec(intput string|number) float64
* Notify if debug is enabled when a proxy cannot be validated
* Documentation: Go version requirement updated to 1.18
* test fix: Timezone agnostic date expectation in the assertion
* code review: extracted the default date-time layouts into a global variable
2022-09-07 00:44:29 +05:30
sandeep
567a8c60a2
dev version update
2022-09-02 12:52:07 +05:30
Ice3man
e193e7c87e
Added tlsx integration to nuclei ( #2522 )
...
* Added tlsx integration to nuclei
* tls tests fix
* Added helper functions + upgrade tlsx to fix
* go mod update
* workflow fix to race test on windows
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-09-01 23:56:55 +05:30
James Turner
42a0732d68
Add sha512 support ( #2517 )
2022-08-31 12:36:02 +05:30
Ice3man
466176e9e8
Merge pull request #2500 from projectdiscovery/goflags-update
...
Updated goflags to latest + misc
2022-08-30 11:52:25 +05:30
M. Ángel Jimeno
62a4e0aa52
Return wrapped errors for DSL compilation problems ( #2492 )
...
This allows the DSL help information to be printed when in debug mode.
Fixes #2481
2022-08-29 13:41:32 +05:30
Myung-jong Kim
01fbb3050d
Added option to list DSL function ( #2497 )
...
* Add lds flag
* misc flag update
* readme update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-28 16:37:21 +05:30
Ice3man
8892250583
Updated goflags to latest + misc
2022-08-27 19:35:17 +05:30
sandeep
efdc57c7b2
version update
2022-08-26 14:18:32 +05:30
Sajad
011da1388d
add option to specify network interface ( #2384 )
...
* add option to specify network interface
* add source-ip flag
* fix typo
* fix err return
* readme update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-08-25 17:42:35 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering ( #2374 )
...
* Adding advanced template filtering
* fixing bug in slice
* refactoring tests
* adding test cases
* increasing error verbosity
* fixing quoted fields with spaces
* adding more test cases
* fixing merge error
* fixing lint errors
* switching to []string
* updating tag filter tests
* updating functional tests
* fixing functional test cases
* updating syntax
2022-08-25 16:52:08 +05:30
Sami
0aac36a44b
added custom config flag ( #2399 )
...
* added custom config flag
* config.yaml file in custom directory
* lint error fix
* few updates and error checks
* fix lint error
* copy config.yaml file if the dest folder does not exist
* lint error check
* added integration test
* improved test cases
* lint error fix
2022-08-25 16:10:07 +05:30
51pwn
606c361b2a
Add `substr` and `aes_cbc` DSL functions ( #2361 )
...
* 1、add DSL substr for #2304 By @hktalent
substr('xxtestxxx',2)。 testxxx
substr('xxtestxxx',2,-2) testx
substr('xxtestxxx',2,6) test
2、add DSL aes_cbc for #2243 By @hktalent
aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")
3、fixed An error occurs when running nuclei with multiple instances #2301 By @hktalent
* refactoring helpers
* removing unwanted mutex
* commenting out test
* removing aes_cbc test due to random iv
Co-authored-by: 51pwn <51pwn@51pwn.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2022-08-25 15:50:08 +05:30
Ice3man
0be596efb4
Added variable debug support with debug mode ( #2442 )
...
* Added variable debug support with debug mode
* Added changes as per review comments
* Fixed debug request condition
2022-08-25 15:37:03 +05:30
Ice3man
7b7936b7a5
Added show-actions flag to display headless actions ( #2456 )
...
* Added show-actions flag to display headless actions
* misc update
* readme update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-25 10:43:32 +05:30
M. Ángel Jimeno
ecb3f21076
http: prevent HTTP 'connection' header from being added twice ( #2480 )
...
* http: prevent HTTP 'connection' header from being added twice
* misc fix
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-25 00:25:02 +05:30
Ice3man
8165db2633
Fixed fatal panic in http header map read ( #2488 )
2022-08-24 23:29:22 +05:30
Ice3man
8f313629b8
Memory usage optimizations ( #2350 )
...
* Replaced strings.Replaced with fasttemplate reducing allocations
Custom template parsing logic was replaced with fasttemplate package for reducing
allocations in the replacer.Replace hotpath leading to allocation reduction which
accounted for 30% of total nuclei allocations.
$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
BenchmarkReplacer-8 837232 1422 ns/op 2112 B/op 31 allocs/op
BenchmarkReplacerNew-8 3672765 320.3 ns/op 48 B/op 4 allocs/op
* Fixed tests failing
* Use pre-compiled map of DSL expressions
* Reworked expression parsing logic to reduce memory allocations
$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions
BenchmarkEvaluate-8 31560 37769 ns/op 31731 B/op 265 allocs/op
BenchmarkEvaluateNew-8 109144 9621 ns/op 6253 B/op 116 allocs/op
2022-08-23 13:16:41 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc ( #2476 )
2022-08-23 12:45:55 +05:30
Dani Goland
8670c8b20d
Modified "xpath" extractor to support XML XPath in addition to HTML XPath ( #2471 )
...
* Modified "xpath" extractor to support XML XPath in addition to HTML XPath
* Updated function docs
2022-08-22 15:27:32 +05:30
xixijun
2ae7e58c83
Fix socks5 proxy not working on tor proxy ( #2455 )
...
* fix: socks5 proxy not working on tor proxy
* fix: socks5 proxy not working on tor proxy
* minor refactoring
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2022-08-22 15:18:45 +05:30
Sami
d14c00fc6f
added validation for headless templates ( #2423 )
...
* added validation for headless templates
* minor update in log msg
2022-08-17 17:10:27 +04:00
Ice3man
9e531727a7
Fixed a bug with numerical regex in unresolved var detection ( #2431 )
2022-08-17 03:59:51 +04:00
sandeep
3193bf8f94
version update
2022-08-13 01:26:43 -07:00
Ice3man
67d5769cd9
Added initial catalog interface implementation ( #2318 )
...
* Added initial catalog interface implementation
* Added OpenFile to Catalog + disk catalog implementation
* Fixed merge issues
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-10 11:05:58 -07:00
Ice3man
4dc98a1d95
Added support for blank Request-URI which specifies no slash suffix ( #2414 )
2022-08-10 10:15:09 -07:00
Sajad
c4ba2b4edb
Additional helpers ( #2359 )
...
* add starts_with, ends_with helper functions
* add test cases, update dsl signatures
* change split_starts_with to line_starts_with
2022-08-06 23:16:03 +05:30
sandeep
c815f53e67
interactsh test domain update
2022-08-04 19:37:33 +05:30
forgedhallpass
d24736f655
fix typo in the headless `setmethod` function #2365
2022-07-29 14:38:07 +03:00
sandeep
125588046e
version update
2022-07-28 17:05:29 +05:30
Mzack9999
b942ddc6ad
Fixing map race condition ( #2340 )
2022-07-26 18:30:15 +05:30
Sami
4da4ca5a16
missing ip in json ( #2310 )
...
* missing ip in json
* using GetDNSData in place of GetDialedIP
* updated go mod
* bumping rawhttp test version
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-07-26 17:08:53 +05:30
sandeep
3052d8a7f6
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into dev
2022-07-24 15:00:44 +05:30
sandeep
ee9f8b7651
version update
2022-07-24 15:00:36 +05:30
Sajad
005b92217f
return on parse template error unconditionally ( #2327 )
2022-07-24 14:56:06 +05:30
Ice3man
7d7314e3f3
Added global variables support to SSL protocol ( #2325 )
2022-07-22 01:35:21 +05:30
Ice3man
2873e6ebc8
Added timeout context cancellation to http requests ( #2319 )
2022-07-21 21:29:34 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface ( #2291 )
...
* expose hosterrorscache as an interface, change signature to capture the error reason
* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation
Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
2022-07-19 02:05:53 +05:30
Ice3man
07d5beb73a
Fixed race condition with raw http options ( #2306 )
2022-07-19 01:08:30 +05:30
Mzack9999
cf1039f49c
Adding prototype of request flow override annotations ( #2161 )
...
* Adding prototype of request flow override annotations
* reworking iteration engine
* adding directory to .gitignore
2022-07-18 14:16:03 +05:30
sandeep
4ae458df98
readme update
2022-07-18 13:11:28 +05:30
dependabot[bot]
85ca247d26
chore(deps): bump github.com/go-rod/rod from 0.107.3 to 0.108.1 in /v2 ( #2272 )
...
* chore(deps): bump github.com/go-rod/rod from 0.107.3 to 0.108.1 in /v2
Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod ) from 0.107.3 to 0.108.1.
- [Release notes](https://github.com/go-rod/rod/releases )
- [Commits](https://github.com/go-rod/rod/compare/v0.107.3...v0.108.1 )
---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* increasing page timeout
* further increasing timeout
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-07-14 03:14:13 +05:30
invist
db727db006
Optionally disable templates syntax strict check ( #2266 )
...
* nuclei::templates|define strict option (default)
* renaming flag and internal variable
* misc flag update
Co-authored-by: c-f <you@example.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-07-13 17:00:11 +05:30
Sami
6c2fdd3387
Issue 2227 ntv flag run new templates added in specific version ( #2275 )
...
* ntv flag to run templates added in specified version
* added missing arguments
* misc update
* added functional test and err check
* updated the min version
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-07-13 16:49:06 +05:30
Sajad
be73fde0db
use go-homedir instead of standard os.userhomedir ( #2262 )
...
* use go-homedir instead of standard os.userhomedir
* set r.templatesConfig before write attempt to avoid panic
2022-07-13 13:33:13 +05:30
Mzack9999
1c332bb85b
Improving RFC request/response passive parsing ( #2192 )
...
* Improving RFC request/response passive parsing
* adding test
2022-07-11 22:43:10 +05:30
Mzack9999
3c945f6ae9
Adding stricter check on offline templates list ( #2213 )
2022-07-11 22:38:07 +05:30
Ice3man
5b3c2861c2
Added interact-url placeholder support to variables in http requests ( #2237 )
...
* Added interact-url placeholder support to variables in http requests
* Fixed variable errors
* Fixed issue with interactsh in req
2022-07-11 22:18:13 +05:30
anykno
73a0043f2d
fix: socks5 proxy not working on https target ( #2228 )
...
* fix: socks5 proxy not working on https target
* small name refactor
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-07-01 15:31:00 +05:30
Mzack9999
476773ff8c
Replacing hasstdin with helper library ( #2191 )
...
* Replacing hasstdin with helper library
* adding timeout reader on stdin
* adding large input read timeout
* reducing stdin timeout + nostdin flag
* go mod update
* readme update
* go mod tidy
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-06-30 17:51:54 +05:30
Mzack9999
3838d06aeb
Adding prototype for unexpected fields validation in matchers ( #2171 )
...
* Adding unexpected fields validation
* using expected fields
* adding missing expected field
* using reflect
2022-06-30 16:50:54 +05:30
Ice3man
f3de611b49
Added enhancements for http variables support ( #2223 )
2022-06-28 20:20:18 +05:30
Ice3man
8040b66370
Added http request timeout support with annotations ( #2233 )
...
* Added http request timeout support with annotations
* Added nolint statements for lostcontext
* misc
* misc
2022-06-27 18:36:46 +05:30
Ice3man
ffe6ab04b3
Added include-templates force-loading for templates ( #2232 )
...
* Added include-templates force-loading for templates
* Fixed loader case with include-templates
* Added integration test for excluded-template in loader
2022-06-27 18:09:29 +05:30
Ice3man
7875b06fc8
Added exclude-matchers support for template & matchers ( #2218 )
...
* Added exclude-matchers support for template & matchers
* Fixed panics due to typo
* Added support for only template ID + misc cleanup
2022-06-24 23:09:27 +05:30
Ice3man
9073b753ca
Added aes_gcm implementation for DSL function ( #2196 )
...
* Added aes_gcm implementation for DSL function
* Added integration test for dsl-functions.yaml
2022-06-23 16:16:24 +05:30
sandeep
7f28c048a6
version update
2022-06-22 00:45:08 +05:30
Mzack9999
0b351e83f3
Add self diagnostic functionality ( #2178 )
...
* Adding Self-Diagnostic
* adding comment
2022-06-22 00:40:10 +05:30
dependabot[bot]
1047047790
chore(deps): bump github.com/go-rod/rod from 0.106.8 to 0.107.1 in /v2 ( #2114 )
...
* chore(deps): bump github.com/go-rod/rod from 0.106.8 to 0.107.1 in /v2
Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod ) from 0.106.8 to 0.107.1.
- [Release notes](https://github.com/go-rod/rod/releases )
- [Commits](https://github.com/go-rod/rod/compare/v0.106.8...v0.107.1 )
---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* fixing function call
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-06-22 00:31:08 +05:30
Mzack9999
112762f024
Adding http request validation at compile time ( #2193 )
...
* Adding http request validation at compile time
* misc update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-06-22 00:26:06 +05:30
Ice3man
50d21c0464
Fixed a issue with random invalid matches in DSL ( #2195 )
2022-06-21 21:58:43 +05:30
M. Ángel Jimeno
af4854f90d
output: fix WriteStoreDebugData file permissions ( #2187 )
...
Fixes #2180
2022-06-20 17:10:22 +05:30
Sajad
644c951449
use formedURL instead reqURL in http request dump message ( #2174 )
2022-06-16 17:24:21 +05:30
Sajad
b715a601e8
Adding nil operator check on clustering ( #2173 )
...
* add nil operator check
* move nil pointer check
2022-06-16 14:41:05 +05:30
Mzack9999
a4cdba0691
Improving literals detection in expression engine ( #2148 )
...
* Improving literals detection in expression engine
* fixing lint errors
* re-add accidentally deleted test
2022-06-13 13:55:06 +05:30
Sajad
e7591ec8b3
use request numbering as per template definition in req-condition ( #2135 )
...
* use original request number instead of current iteration in request-condition
* add previousEvent tracking back for request condition
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-06-11 14:29:05 +05:30
tanimdiucse123
e575f53be7
Empty string test can be improved ( #2115 )
...
It is not recommended to use len for empty string test.
A string can be tested for its emptiness either by treating it as a slice and calculating the length of the slice, or by treating it as a string and directly comparing the value. While both produce identical code when compiled, it makes more sense to treat a string as itself, than a slice, for the sake of comparison of values.
Examples
Bad practice
len(s) == 0
Recommended
s == ""
The recommended practice is considered more idiomatic in Go.
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-06-11 14:11:43 +05:30
Sandeep Singh
5281d342c0
Merge pull request #2138 from mikerott/dev
...
protect against multiple unnecessary Init calls
2022-06-10 18:12:31 +05:30
Mike Rheinheimer
22a8d72c65
protect against multiple unnecessary Init calls
2022-06-09 17:18:49 -05:00
forgedhallpass
9fd9892f49
test: extra DSL function test cases
2022-06-08 20:58:46 +03:00
forgedhallpass
04e7e053de
refactor: replace date, time, time_format, time_to_string DSL functions to date_time
2022-06-08 20:41:32 +03:00
forgedhallpass
ef20e0711b
refactor: replace date, time, time_format, time_to_string DSL functions to date_time
2022-06-08 20:33:55 +03:00
forgedhallpass
a10d58c6d2
refactor: rename concat_ws DSL function to join
2022-06-08 16:31:33 +03:00
forgedhallpass
145bdaabe5
refactor: extract duplicated hashing logic
2022-06-08 16:11:15 +03:00
forgedhallpass
6d8908c352
refactor: replace hmac_sha1 and hmac_sha256 DSL functions with hmac
2022-06-08 16:00:14 +03:00
James Turner
9d37bd6c0c
Add two new DSL helper functions
...
hmac_sha1 and concat_ws (with seperator) this are helpful in
signing API requests.
2022-06-07 18:26:22 +03:00
forgedhallpass
f3514e9b92
Merge branch 'dev' into new_dsl_functions
2022-06-07 17:26:10 +03:00
Sajad
7170cc2828
dsl matcher separate ignorable(No parameter) errors from others ( #2127 )
2022-06-07 18:23:07 +05:30
Mzack9999
cc37382519
Adding Client TLS1.0 ( #2091 )
...
* Adding Client TLS1.0
* bumping fastdialer version
2022-06-04 17:45:16 +05:30
Sajad
b79817e0a9
change dsl evaluate warning messages to error ( #2096 )
...
* change dsl evaluate warning messages to error
* add template-id to dsl match error logs
2022-06-03 13:41:36 +05:30
Sami
fa369b728e
ssl protocol with ms flag crash ( #2101 )
...
* crash with ssl protocol when used with ms flag fix
* added missing template info in case of failure
2022-06-03 13:32:45 +05:30
sandeep
900addc43f
version update
2022-06-03 03:02:11 +05:30
M4rtin Hsu
aebd32b198
Add decimal to hexadecimal helper function ( #2076 )
...
* Add decimal to hexadecimal auxiliary functions
* Fixed unit test
* Modify the helper function name and check the unit test.
* dsl function update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-06-03 02:17:35 +05:30
Ice3man
2b631e8e95
Add optional line number for file templates by default ( #1966 )
...
* Add optional line number for file templates by default
* updating docs
* misc flag update
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-06-02 17:06:50 +05:30
Mzack9999
4bcb94e4df
Increasing timeout and fixed error msg ( #2092 )
...
* Increasing timeout and fixed error msg
* increasing timeout
2022-06-02 00:00:18 +05:30
Sajad
9f600d2829
keep the original extactor var for multiple results while preparing data for matchers ( #1948 )
2022-05-31 02:46:51 +05:30
Ice3man
be5f1a7623
Added redirected matched URL + stop-at-first-match for redirect chains ( #2050 )
...
* Added redirected matched URL + stop-at-first-match for redirect chains
* Pleasing go-linter
2022-05-30 15:19:09 +05:30
Ice3man
8723a1fd70
Added header as DSL part value ( #2052 )
...
* Added header as DSL part value
* Fixed failing DSL part test cases
2022-05-30 15:16:27 +05:30
Ice3man
34ed4e531a
Added hang monitor for goroutine dumping ( #1949 )
...
* Added hang monitor for goroutine dumping
* misc
* Made hang monitor optional with flag
* Added stack comparison for monitoring + misc
* Removed debug statements
* misc update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-05-30 14:41:24 +05:30
Mzack9999
dd3b0a3cfc
Increasing buffer size on AND condition ( #2030 )
...
* Increasing buffer size on AND condition
* adding integration tests
* fixing tests data path
2022-05-30 13:45:28 +05:30
Ice3man
f53f360c74
Fixed websocket status-101 response reading for http ( #2081 )
2022-05-27 22:36:42 +05:30
Mzack9999
16a05d0aa2
Adding CLI SNI support to unsafe http ( #2077 )
...
* Adding CLI SNI support to unsafe http
* adding http unsafe sni test
2022-05-27 21:53:07 +05:30
Mzack9999
02eaf91e6a
Adding variables support for headless templates ( #2064 )
2022-05-27 21:31:56 +05:30
Ice3man
3648c47e35
Fixed template validation edge cases ( #2051 )
2022-05-25 11:26:05 +05:30
forgedhallpass
096f34e4e3
refactor: DSL date/time functions
2022-05-24 13:38:26 +03:00
forgedhallpass
346db4cf15
refactor: timetostring DSL to time_to_string
2022-05-24 13:11:55 +03:00