* add default get method
* remove residual payload logic from old implementation
* fuzz: clone current state of component
* fuzz: bug fix stacking of payloads in multiple mode
* improve stdout template loading stats
* stdout: force display warnings if no templates are loaded
* update flags in README.md
* quote non-ascii chars in extractor output
* aws request signature can only be used in signed & verified tmpls
* deprecate request signature
* remove logic related to deprecated fuzzing input
* update test to use ordered params
* fix interactsh-url lazy eval: #4946
* output: skip unnecessary updates when unescaping
* updates as per requested changes
* feat: move fuzz package to root directory
* feat: added support for input providers like openapi,postman,etc
* feat: integration of new fuzzing logic in engine
* bugfix: use and instead of or
* fixed lint errors
* go mod tidy
* add new reqresp type + bump utils
* custom http request parser
* use new struct type RequestResponse
* introduce unified input/target provider
* abstract input formats via new inputprovider
* completed input provider refactor
* remove duplicated code
* add sdk method to load targets
* rename component url->path
* add new yaml format + remove duplicated code
* use gopkg.in/yaml.v3 for parsing
* update .gitignore
* refactor/move + docs fuzzing in http protocol
* fuzz: header + query integration test using fuzzplayground
* fix integration test runner in windows
* feat add support for filter in http fuzz
* rewrite header/query integration test with filter
* add replace regex rule
* support kv fuzzing + misc updates
* add path fuzzing example + misc improvements
* fix matchedURL + skip httpx on multi formats
* cookie fuzz integration test
* add json body + params body tests
* feat add multipart/form-data fuzzing support
* add all fuzz body integration test
* misc bug fixes + minor refactor
* add multipart form + body form unit tests
* only run fuzzing templates if -fuzz flag is given
* refactor/move fuzz playground server to pkg
* fix integration test + refactor
* add auth types and strategies
* add file auth provider
* start implementing auth logic in http
* add logic in http protocol
* static auth implemented for http
* default :80,:443 normalization
* feat: dynamic auth init
* feat: dynamic auth using templates
* validate targets count in openapi+swagger
* inputformats: add support to accept variables
* fix workflow integration test
* update lazy cred fetch logic
* fix unit test
* drop postman support
* domain related normalization
* update secrets.yaml file format + misc updates
* add auth prefetch option
* remove old secret files
* add fuzzing+auth related sdk options
* fix/support multiple mode in kv header fuzzing
* rename 'headers' -> 'header' in fuzzing rules
* fix deadlock due to merge conflict resolution
* misc update
* add bool type in parsed value
* add openapi validation+override+ new flags
* misc updates
* remove optional path parameters when unavailable
* fix swagger.yaml file
* misc updates
* update print msg
* multiple openapi validation enchancements + appMode
* add optional params in required_openapi_vars.yaml file
* improve warning/verbose msgs in format
* fix skip-format-validation not working
* use 'params/parameter' instead of 'variable' in openapi
* add retry support for falky tests
* fix nuclei loading ignored templates (#4849)
* fix tag include logic
* fix unit test
* remove quoting in extractor output
* remove quote in debug code command
* feat: issue tracker URLs in JSON + misc fixes (#4855)
* feat: issue tracker URLs in JSON + misc fixes
* misc changes
* feat: status update support for issues
* feat: report metadata generation hook support
* feat: added CLI summary of tickets created
* misc changes
* introduce `disable-unsigned-templates` flag (#4820)
* introduce `disable-unsigned-templates` flag
* minor
* skip instead of exit
* remove duplicate imports
* use stats package + misc enhancements
* force display warning + adjust skipped stats in unsigned count
* include unsigned skipped templates without -dut flag
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
* Purge cache on global callback set (#4840)
* purge cache on global callback set
* lint
* purging cache
* purge cache in runner after loading templates
* include internal cache from parsers + add global cache register/purge via config
* remove disable cache purge option
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
* misc update
* add application/octet-stream support
* openapi: support path specific params
* misc option + readme update
---------
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* introduce `template-encoded` field
* remove IsCustomTemplate func
* refactor and move encoding to `MakeResultEventItem` func
* encode template in case of no results were found
* commit to last commit
* don't encode templates when`-ms` is used
* store and generate signer keys
* fix trailing newline in code_response
* fix formatting and update error string
* fix integration test
* fix rsaSigned code integration test
* bug fixes , docs and more
* bump go -> 1.21
* use 'response' as default part in code templates
* disable sourcemaps for all js runtimes
* disable eval function
* rewrite file validation in sandbox mode
* sandbox file read improvements + minor refactor
* refactor sign and verify logic
* fix panic and missing id in code protocol
* disable re-signing code protocol templates
* fix code resigning in tests
* allow -lfa in test for signing templates
* start index from 1 in flow and multiproto
* remove testfiles
* add python in integration test
* update code protocol docs
* add python engine in template
* rework template signer
* fix integration test and more
* reworked template signer
* fix lint error
* display signature stats
* update docs
* add user fragment to signature
* use md5 to generate fragment
* update docs with code re-sign
* misc updates
* public crt update
* remove workflow info statement
* fix printing issues
* refactor preprocessor logic
* remove debug statement
* fix failing example test
* go mod tidy
---------
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* add headless options flag
* disable some tests for windows
* disable interactsh tests on darwin
* disable network/hex.yaml on windows
* make DisableOn func
* Add command docs and CLI hook
* Add configurable exclusion from reports
* Register the CLI argument with exporter configuration
* Switch to inverted logic with JSONRequest flag
* Switch variable name for the -include-rr/-irr flag
* Remove flags from README
* Update call for -irr and -or
* convert -irr to no-op
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
* Allow user to specify for "context deadline exceeded" errors to count toward the max host error count
* Convert flag to a string slice `--track-error`
* Minimize diff
* Add documentation for `-track-error`
* adds unit test & minor improvements
* update flag description
---------
Co-authored-by: Austin Traver <austin_traver@intuit.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
* Add override fuzzing type and mode flags
* Update english readme
* Fix failing tests
* Add the integration tests
- validate the command line overriding type and mode for fuzzing
Adding a Contributors Graph Section is important, as it shows gratitude for all collaborations made by the Community, but it also motivates more people to join and participate in the project.
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* added logs for debug
* fixes
* removed logs
* using cache item
* implemented multiple tests
* fixed some unit tests
* implemented test for skipping
* added multiple tests together
* added mark failed
* fix on tests
* better test implementation + concurrent
* fix: fixes on concurrent tests
* removed parallel and 1 unit test
DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build)
* fixes on go routine
* increasing parallelism of once.Do
* bumping go to 1.19 for atomic types support
* removing redundant check + fixing test concurrency on create
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
* docker go version update
* docker fix
* chore: updated readme with install instructions
It's probably better to have the install instructions in the readme directly than to have to open a link to view install instructions
* added the reference link
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Add s3 bucket template provider
- Refactor the custom github template code
- add interface for template provider
* Validate if aws creds are passed if bucket flag
- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages
* Add aws s3 bucket flags documentation in README.md
- Rename the github_test.go to customTemplate_test.go
* go mod update
* Move template provider code to pkg/external/customtemplates dir
* Added initial data_source sync to cloud
* Misc
* Add pagination to scan output and scan list (#2858)
* Add pagination to scan output and scan list
* Use time based parameters instead of page numbers
* Fix linting errors
* Do not check limits at client, check at server
* Remove unused constant
* Misc update
* Removed unnecessary flags
* Misc
* Misc
* Misc endpoint additions
* Added more routes
* Typo fix
* Misc fixes
* Misc
* Misc fixes to cloud target logic + use int for IDs
* Misc
* Misc fixes
* Misc
* Misc fixes
* readme update
* Add JSON output support for list-scan option (#2876)
* Add JSON output support for list-scan option
* Fix typo in cloud JSON output description
* Following changes
- Update status(finished, running) to be lower-case by default
- Convert status to upper-case in DisplayScanList()
* Update status to be lower-case by default
* Remove additional json flag, instead use existing
* Merge conflict
* Accomodate comment changes and restructure code
Co-authored-by: Jaideep K <jaideep@one2n.in>
* Use integer IDs for scan tasks
* Added get-templates-targets endpoint + JSON + validation
* Added target count list
* misc option / description updates
* Added changes as per code review
* duplicate options + typo updates
* Added tablewriter for tabular data writing by default
* Fixed list scan endpoint
* Review changes
* workflow fix
* Added cloud tags etc based filtering (#3070)
* Added omitempty for filtering request
* go mod tidy
* misc format update
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com>
Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com>
Co-authored-by: Jaideep K <jaideep@one2n.in>
* added force http2 option
* implemented http2 with transport method
* fix and added forcehttp on clientpool
* updated readme with new flag
* option update
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Tarun Koyalwar
Ice3man
fail-open
Brendan O'Leary
Jean Rougé
Dogan Can Bakir
Mzack9999
Tarun Koyalwar
sandeep
Keith Chason
Pj Metz
mlec
Austin Traver
Shubham Rasal
Alexandre ZANNI
galoget
Faheem Khan
André Angeluci
xm1k3
Jonathan Walker
Jesse Kelly
Sandeep Singh