Commit Graph

4881 Commits (7b72c7c1863524d3f0d3567e3fee9b9750ea0a61)

Author SHA1 Message Date
dependabot[bot] 7b72c7c186
chore(deps): bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v24.0.9)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-20 17:24:42 +00:00
dependabot[bot] 6d3fac731c
Merge pull request #4913 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/dsl-0.0.48 2024-03-19 14:40:17 +00:00
dependabot[bot] 7c5e8477ca
Merge pull request #4910 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/rawhttp-0.1.41 2024-03-18 05:56:01 +00:00
dependabot[bot] c631b82f7d
Merge pull request #4912 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/utils-0.0.84 2024-03-18 05:25:38 +00:00
dependabot[bot] 62bdee97e9
chore(deps): bump github.com/projectdiscovery/rawhttp
Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.40 to 0.1.41.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases)
- [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.40...v0.1.41)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 05:24:56 +00:00
dependabot[bot] e8f1cc3657
chore(deps): bump github.com/projectdiscovery/dsl from 0.0.46 to 0.0.48
Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.46 to 0.0.48.
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](https://github.com/projectdiscovery/dsl/compare/v0.0.46...v0.0.48)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/dsl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 05:24:52 +00:00
dependabot[bot] ec999275b2
Merge pull request #4911 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/fastdialer-0.0.63 2024-03-18 05:23:51 +00:00
dependabot[bot] 1975a1f869
Merge pull request #4909 from projectdiscovery/dependabot/go_modules/dev/github.com/projectdiscovery/retryablehttp-go-1.0.52 2024-03-18 05:23:10 +00:00
dependabot[bot] 31568a06ff
chore(deps): bump github.com/projectdiscovery/utils
Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.84-0.20240313184656-e3ec80f4dd42 to 0.0.84.
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](https://github.com/projectdiscovery/utils/commits/v0.0.84)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 05:03:50 +00:00
dependabot[bot] 269dd4c38c
chore(deps): bump github.com/projectdiscovery/fastdialer
Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.62 to 0.0.63.
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.0.62...v0.0.63)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 05:03:46 +00:00
dependabot[bot] a9d5f243ba
chore(deps): bump github.com/projectdiscovery/retryablehttp-go
Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.51 to 1.0.52.
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.51...v1.0.52)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-18 05:03:37 +00:00
sandeep 8a9dc11f36 version update 2024-03-17 16:29:50 +05:30
Tarun Koyalwar 59a624f2bd
add more nil checks and create default map (#4896)
* add more nil checks and create default map

* fix more panic in interactsh

* early exit
2024-03-17 16:25:26 +05:30
sandeep 3ee1bfa4ba version update 2024-03-15 18:53:38 +05:30
Sandeep Singh ac240cd14c
Merge pull request #4892 from alizademhdi/fix_vulnerabilities
Security upgrade alpine from 3.18.2 to 3.18.6
2024-03-15 18:52:41 +05:30
Sandeep Singh 0b70d58665
Merge pull request #4893 from projectdiscovery/js-hot-fix
js protocol: fix breaking json export issue
2024-03-15 18:50:31 +05:30
Mzack9999 7d06c97a0d
Merge pull request #4867 from projectdiscovery/maint-runner-cache
Internal Templates Loader/Parser caches refactoring
2024-03-15 14:05:12 +01:00
Tarun Koyalwar a8ec9819fc bump goja version + nuclei version 2024-03-15 18:12:57 +05:30
mzack bf2699462f lint 2024-03-15 13:40:28 +01:00
Tarun Koyalwar f3d2f394ce go mod tidy 2024-03-15 18:07:12 +05:30
Tarun Koyalwar e1fea06f2c retract nuclei v3.2.0 2024-03-15 18:06:58 +05:30
mzack 2dd8c8c5ae removing err 2024-03-15 13:36:57 +01:00
Tarun Koyalwar 94817ca300 js protocol: fix breaking json export issue 2024-03-15 18:04:08 +05:30
alizademhdi fcd5c6b111 Upgrade alpine to 3.18.6 for security fixes 2024-03-15 16:01:27 +03:30
alizademhdi d93b4a01df Reduce vulnerabilities in alpine
The following vulnerabilities are fixed with an upgrade alpine from 3.18.2.to 3.18.5:
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-5890990
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
2024-03-15 14:22:15 +03:30
Sandeep Singh aaf3cf9cb3
Merge pull request #4884 from kiokuless/fix-rate-limiter
Fix overriding the predefined ratelimiter by WithGlobalRateLimit
2024-03-15 15:26:05 +05:30
Mzack9999 df67578d98
Merge pull request #4885 from debasishbsws/go-git-version-upgrade
update go-git version from v4 to v5 fix GHSA-449p-3h89-pw88 GHSA-mw99-9chc-xw7r
2024-03-15 00:44:56 +01:00
mzack d988de45f6 merge 2024-03-15 00:01:09 +01:00
mzack e523d3872c Merge branch 'dev' into maint-runner-cache 2024-03-14 23:46:50 +01:00
Mzack9999 b7f76cfd4b
Merge pull request #4833 from projectdiscovery/maint-memory
Adding memguardian + various optimizations
2024-03-14 23:39:43 +01:00
debasishbsw 1700cdf4e2
update go-git fix CVE-2023-49569 CVE-2023-49568
Signed-off-by: debasishbsw <debasishbsws.dev@gmail.com>
2024-03-14 10:26:08 +00:00
kiokuless 3a41f752e4 Use e.rateLimiter if it's not nil 2024-03-14 10:41:23 +09:00
dependabot[bot] d292ac8698
Merge pull request #4881 from projectdiscovery/dependabot/go_modules/google.golang.org/protobuf-1.33.0 2024-03-13 22:04:02 +00:00
GitHub Action f6d0b1cd95 Auto Generate Syntax Docs + JSONSchema [Wed Mar 13 22:02:48 UTC 2024] 🤖 2024-03-13 22:02:48 +00:00
sandeep 5d0b82c6a1 Fixed xpath doc escaping example 2024-03-14 03:30:37 +05:30
dependabot[bot] d27f56fd7e
chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 21:39:42 +00:00
Ice3man fa56800fcc
Fuzzing layer enhancements + input-types support (#4477)
* feat: move fuzz package to root directory

* feat: added support for input providers like openapi,postman,etc

* feat: integration of new fuzzing logic in engine

* bugfix: use and instead of or

* fixed lint errors

* go mod tidy

* add new reqresp type + bump utils

* custom http request parser

* use new struct type RequestResponse

* introduce unified input/target provider

* abstract input formats via new inputprovider

* completed input provider refactor

* remove duplicated code

* add sdk method to load targets

* rename component url->path

* add new yaml format + remove duplicated code

* use gopkg.in/yaml.v3 for parsing

* update .gitignore

* refactor/move + docs fuzzing in http protocol

* fuzz: header + query integration test using fuzzplayground

* fix integration test runner in windows

* feat add support for filter in http fuzz

* rewrite header/query integration test with filter

* add replace regex rule

* support kv fuzzing + misc updates

* add path fuzzing example + misc improvements

* fix matchedURL + skip httpx on multi formats

* cookie fuzz integration test

* add json body + params body tests

* feat add multipart/form-data fuzzing support

* add all fuzz body integration test

* misc bug fixes + minor refactor

* add multipart form + body form unit tests

* only run fuzzing templates if -fuzz flag is given

* refactor/move fuzz playground server to pkg

* fix integration test + refactor

* add auth types and strategies

* add file auth provider

* start implementing auth logic in http

* add logic in http protocol

* static auth implemented for http

* default :80,:443 normalization

* feat: dynamic auth init

* feat: dynamic auth using templates

* validate targets count in openapi+swagger

* inputformats: add support to accept variables

* fix workflow integration test

* update lazy cred fetch logic

* fix unit test

* drop postman support

* domain related normalization

* update secrets.yaml file format + misc updates

* add auth prefetch option

* remove old secret files

* add fuzzing+auth related sdk options

* fix/support multiple mode in kv header fuzzing

* rename 'headers' -> 'header' in fuzzing rules

* fix deadlock due to merge conflict resolution

* misc update

* add bool type in parsed value

* add openapi validation+override+ new flags

* misc updates

* remove optional path parameters when unavailable

* fix swagger.yaml file

* misc updates

* update print msg

* multiple openapi validation enchancements + appMode

* add optional params in required_openapi_vars.yaml file

* improve warning/verbose msgs in format

* fix skip-format-validation not working

* use 'params/parameter' instead of 'variable' in openapi

* add retry support for falky tests

* fix nuclei loading ignored templates (#4849)

* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command

* feat: issue tracker URLs in JSON + misc fixes (#4855)

* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes

* introduce `disable-unsigned-templates` flag (#4820)

* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Purge cache on global callback set (#4840)

* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* misc update

* add application/octet-stream support

* openapi: support path specific params

* misc option + readme update

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2024-03-14 03:08:53 +05:30
mzack a751993808 rename 2024-03-13 21:46:30 +01:00
mzack e9f6febe01 caching content + merging caches 2024-03-13 21:02:36 +01:00
mzack 3685379960 Merge branch 'dev' into maint-runner-cache 2024-03-13 20:16:27 +01:00
mzack 117d4a30e2 v. bump 2024-03-13 19:48:59 +01:00
mzack 397ad04540 Merge branch 'dev' into maint-memory 2024-03-13 19:31:45 +01:00
Dogan Can Bakir 66b722faaf
bump gozero (#4877) 2024-03-13 20:36:19 +05:30
Tarun Koyalwar 49ef5cbf16
handle 1 more edgecase (#4868)
* handle 1 more edgecase

* add integration test for this edgecase

* fix multi-http-var-sharing with integration test

* add -payload-concurrency (-pc) flag

* fix missing internal:true login in multiprotocol engine

* fix/handle absolute invalid url parsing

* support -pc & -jc in go sdk

* fix missing variables in code protocol operators

* add payload count parallelhttp check
2024-03-13 20:35:19 +05:30
mzack fd14472181 . 2024-03-13 03:16:40 +01:00
mzack cd289a81c9 tmp init 2024-03-13 02:59:34 +01:00
mzack cbda987288 fixing tests 2024-03-13 02:44:45 +01:00
mzack 4aff6d7189 merging caches + removing import cycle via type any 2024-03-13 02:27:15 +01:00
mzack 4b43bd0c65 . 2024-03-12 14:56:53 +01:00
mzack a335e4962e bla 2024-03-12 14:55:43 +01:00