Commit Graph

423 Commits (af2aaacbc93e0e9cf0b775af0eff2942c5e3a382)

Author SHA1 Message Date
Mzack9999 34976029d3
removing most go routine leaks (#3073)
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-24 19:22:14 +05:30
Sandeep Singh 96646c8f53
cloud templates targets sync (#2959)
* Add s3 bucket template provider

- Refactor the custom github template code
- add interface for template provider

* Validate if aws creds are passed if bucket flag

- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages

* Add aws s3 bucket flags documentation in README.md

- Rename the github_test.go to customTemplate_test.go

* go mod update

* Move template provider code to pkg/external/customtemplates dir

* Added initial data_source sync to cloud

* Misc

* Add pagination to scan output and scan list (#2858)

* Add pagination to scan output and scan list

* Use time based parameters instead of page numbers

* Fix linting errors

* Do not check limits at client, check at server

* Remove unused constant

* Misc update

* Removed unnecessary flags

* Misc

* Misc

* Misc endpoint additions

* Added more routes

* Typo fix

* Misc fixes

* Misc

* Misc fixes to cloud target logic + use int for IDs

* Misc

* Misc fixes

* Misc

* Misc fixes

* readme update

* Add JSON output support for list-scan option (#2876)

* Add JSON output support for list-scan option

* Fix typo in cloud JSON output description

* Following changes

- Update status(finished, running) to be lower-case by default
- Convert status to upper-case in DisplayScanList()

* Update status to be lower-case by default

* Remove additional json flag, instead use existing

* Merge conflict

* Accomodate comment changes and restructure code

Co-authored-by: Jaideep K <jaideep@one2n.in>

* Use integer IDs for scan tasks

* Added get-templates-targets endpoint + JSON + validation

* Added target count list

* misc option / description updates

* Added changes as per code review

* duplicate options + typo updates

* Added tablewriter for tabular data writing by default

* Fixed list scan endpoint

* Review changes

* workflow fix

* Added cloud tags etc based filtering (#3070)

* Added omitempty for filtering request

* go mod tidy

* misc format update

Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com>
Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com>
Co-authored-by: Jaideep K <jaideep@one2n.in>
2022-12-21 22:48:43 +05:30
xm1k3 bbb561b097
CLI variables are not accessible in SSL Protocol (#3069)
* added vars payload also in ssl

* fix on ssl.go, moved function on payloadValues creation

* added integration test

* rebase + minor changes

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2022-12-21 02:02:18 +05:30
Ice3man 3904d541be
Added http probing to clustering + add disable-clustering flag (#3019)
* Added http probing to clustering + add disable-clustering flag

* misc update

* Commented out failing test

* Fixed lint error

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-11 18:06:21 +05:30
Ice3man b95501e641 Misc 2022-12-07 22:28:45 +05:30
Ice3man ccfa249f14
Ignore .git and .github during checksum generate (#2990) 2022-12-07 14:38:29 +05:30
Tarun Koyalwar 2874a9dff7
fix -iv & minor bugs (#2951)
* fix -iv & minor bugs

* fix ipversion defaults

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-12-05 18:22:04 +05:30
xm1k3 628b96f768
added force http2 option (#2919)
* added force http2 option

* implemented http2 with transport method

* fix and added forcehttp on clientpool

* updated readme with new flag

* option update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-04 22:32:01 +05:30
Ice3man 514c6e2d1e
Added timestamp optional flag + user-agent to probing (#2962)
* Added timestamp optional flag + user-agent to probing

* fix typo

* misc update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-04 22:16:55 +05:30
Sandeep Singh 6ae9eee8d3
README + misc updates (#2961)
* readme update

* version + banner update

* misc option update

* go fmt'ed code

* misc update
2022-12-04 20:51:33 +05:30
Shubham Rasal d5a09e733a
Issue 2772 s3 provider support (#2825)
* Add s3 bucket template provider

- Refactor the custom github template code
- add interface for template provider

* Validate if aws creds are passed if bucket flag

- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages

* Add aws s3 bucket flags documentation in README.md

- Rename the github_test.go to customTemplate_test.go

* go mod update

* Move template provider code to pkg/external/customtemplates dir

* Remove github and aws update variables from flag

* Rename CustomTemplateProvider to Provider

* Update integration and function command in makefile

* Update github test case, accept token

* readme update

* go mod tidy

* Update build-test.yml

* handle empty dir in s3

* Add requested changes

- download/update s3 and github only when `-ut` is passed
- only print the missing env variable for s3
- add the custom templates path in
  ~/.config/nuclei/.template-config.json

* print custom paths only if exists in config file

* misc update

* tag update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-12-02 03:57:00 +05:30
Víctor 9c17284616
Display tpl contents (#2906)
* New "td" flag, displays the highlighted template contents
New verboseTemplate method to avoid duplicate code
Grouped (and sorted) template list per directory

* Updated README about the td flag

* Going back to the previous template list format

The new one can't be pipelined

* Implicit template list on template display
Respect --no-color option to disable colors when -td is used

* misc option update

Co-authored-by: Víctor Zamanillo <victor.zamanillo@cifraeducacion.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-29 17:48:44 +05:30
Mzack9999 440bfe030a Merge branch 'dev' into issue-2832-race-condition-test 2022-11-24 22:10:42 +01:00
Thibault Soubiran 67fda109b2
Fix usage typos (#2889) 2022-11-24 21:18:02 +05:30
xm1k3 2d76498692 fixes 2022-11-23 14:30:12 +01:00
xm1k3 3c978e8a46 removed some targets 2022-11-23 10:51:04 +01:00
xm1k3 632c68a996 added multiple targets on gh action 2022-11-23 10:37:30 +01:00
Ice3man e7fb40a413 Added sandboxing for payload files and requests 2022-11-16 13:49:24 +05:30
Shubham Rasal 6b142d794a
Issue 2254 uncover integration (#2786)
* nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/

- `nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/`

* Add automatic template execution using metadata

- Query uncover after the template is loaded.
- Add the received hosts to the input provider from uncover
- Make NormalizeStoreInputValue() function public to add hosts from the
  runner after uncover hosts received.

* run go mod tidy

* Remove unnecessary comments

* Resolve the requested changes

- move uncover code to protocols/common/uncover package
- Use uncover delay to create uncover rate limiter
- Use single ratelimiter object and remove not required ratelimiters
- Create Set() method for input provider interface
- Rename normalizeStoreInputValue to Set() method

* Solved the uncover running twice.

- flag StringSliceVarP adds the default value twice in the variable
- Check if provider keys exists or not
- Add uncover help block to english readme.md

* Add uncover field functionality

- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf host
- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf ip:port

* Update error messages and solve nuclei hang for wrong uncover engine

- Get uncover engine values from uncover package

* Resolve merge conflicts

* misc option update

* Update logging for templates

- remove duplicate env log printing
- Log message for template queries

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-16 11:12:39 +05:30
forgedhallpass 0c588cf9af
Fixed typo in the -stop-at-first-match instead of path (#2850) 2022-11-15 15:47:09 +05:30
forgedhallpass 0295ca19bc
Add `split` DSL function (#2838)
* Add support for showing overloaded DSL method signatures

* Add `split` DSL function #2837

* fixing lint warnings

* replacing faulty regex with strings methods

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-11-14 06:08:12 +05:30
Mzack9999 1fbbca66f9
Adding support to scan all v4/v6 IPs (#2709)
* Adding support to scan all v4/v6 IPs

* adding tests

* metainput prototype

* using new signature

* fixing nil pointer

* adding request context with metadata

* removing log instruction

* fixing merge conflicts

* adding clone helpers

* attempting to fix ipv6 square parenthesis wrap

* fixing dialed ip info

* fixing syntax

* fixing output ip selection

* adding integration tests

* disabling test due to gh ipv6 issue

* using ipv4 only due to GH limited networking

* extending metainput marshaling

* fixing hmap key

* adding test for httpx integration

* fixing lint error

* reworking marshaling/id-calculation

* adding ip version validation

* improving handling non url targets

* fixing condition check
2022-11-09 18:48:56 +05:30
Mzack9999 840028fa93
adding host with optional port type logic (#2815)
* adding host with optional port type logic

* adding comment support in test cases

* updating test cases with multiple input scenarios

* readding port condition
2022-11-08 19:49:45 +05:30
vrenzolaverace 2aaf2a2158
Use utils helpers libraries (#2809) (#2810)
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
2022-11-07 01:54:23 +05:30
Shubham Rasal 721c4964d7
Issue 2613 custom template GitHub (#2630)
* Add custom template download/update support from github

- Accept the -gtr flag to accept the list of custom template
  repos(public/private)
- Accept the -gt flag for github token. It internally sets os.Env
  variable
- Update the flags from
   - -update to -nuclei-update for nuclei self update
   - -ut to -tup for template-update
   - -ud to -tud for custom template location
- Add github.go file which has code related to download and update
  custom templates repos.

* Reslove golint and test case error

* Take default template from community directory

- No need to give explicit community directory path.
- Update the integration test to support the change in path

* Update functional test script update template flag

* Update the path from community to nuclei-template

- Revert the code changes that were made to add community directory

* remove the comment

* Update the interactsh server url for testing

* Update race condition command

* update race condition cmd to download the templates

* Debug integration test failure

* update integration test to update templates

* Refactor downloadCustomTemplate function.

- Remove the log prining instead send the message.

* Add test case for custom template repo download

* move the download repo for loop into diff function

* refactor updateTemplate function.

* Create struct for github repos.

- Create customtemplate struct for repo.
- Add functions to customtemplate

* update readme.md file

* Refactor the downloadCustomTemplate function

- create const variables for github & community as template type
- Update gologger to INF
- Validate templateUpdate to accept only github & community value.
- Validate tempalteUpdate require githubTemplateRepo

* Resolve requested changes

* go mod update

* misc option update

* test update

* Revert back update-template flag to boolean.

- to update community templates
  `nuclei -ut`
- to update custom templates
  `nuclei -ut -gtr ehsandeep/mobile-nuclei-templates`

* Update readme to update flag documentation

* Update go.mod

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-03 20:27:18 +05:30
Ice3man b9472cf7e1
Added fuzzing support for query params + var dump feature (#2679)
* Added fuzzing support for query params + var dump feature

* Added query-fuzz integration test

* Fixed payloads + added keys-regex fuzz parameter

* Fixed interactsh not working + misc

* Fixed evaluation + added global variables/dsl support to payloads

* Misc fixes related to variables evaluations

* Added http variables support to fuzz

* misc

* Misc

* Added testing playground + misc renaming

* Added support for path and raw request to fuzzing

* Fixed fuzz integration test

* Fixed variable unresolved issue

* Add multiple parameter support with same name

* Added parameter value as 'value' dsl variable for parts

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-11-01 20:28:50 +05:30
Ice3man 74bd89dec6
Added templates-checksum + custom input support (#2744)
* Added templates-checksum + custom input support

* Fixed template name not passed for private
2022-10-29 04:21:43 +02:00
dependabot[bot] 1783207803
chore(deps): bump github.com/projectdiscovery/stringsutil from 0.0.1 to 0.0.2 in /v2 (#2751)
* chore(deps): bump github.com/projectdiscovery/stringsutil in /v2

Bumps [github.com/projectdiscovery/stringsutil](https://github.com/projectdiscovery/stringsutil) from 0.0.1 to 0.0.2.
- [Release notes](https://github.com/projectdiscovery/stringsutil/releases)
- [Commits](https://github.com/projectdiscovery/stringsutil/compare/v0.0.1...v0.0.2)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/stringsutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* updating function name

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2022-10-25 09:32:35 +02:00
Jaideep Khandelwal 4cfde111f4
Feature 18 cloud flags (#2708)
* Add cloud flags for nuclei.

* Add flag to get output for a particular scan ID

* Add some comments to the function.

* Get timestamp and id for scan list

* Fix linting errors

* Check if type is enumeration.

* Do not show deleted scans.

* Do not use filter_result, create client once and use it everywhere with
runner.

* Fix the output of scan list to be better

* Format the nuclei scan output list.

* Remove unused constant

* misc option update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-10-22 04:06:52 +05:30
Ice3man 363ffb75db
Added probing for URL + input based on protocol (#2614)
* Added workflow names based condition

* Added conditional filtering to workflow executor

* Replaced names with single name stringslice

* Added probing for URL + input based on protocol

* Remove debug comments

* Fixed typo

* Fixed failing tests

* Fixed workflow matcher condition + tests

* Fixed workflow item name

* Switch to if-else

* Fixed review comment strict

* Increase bulk size

* Added default port for SSL protocol + misc changes

* Fixed failing tests

* Fixed misc changes to executer

* Fixed failing self-contained and offlinehttp tests

* Fixed atomic increment operation

* misc update

* Fixed failing builds

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-10-20 17:23:00 +05:30
Ice3man d956f08cb9
Added attack-type option to override template attack-type (#2724)
* Added attack-type option to override template attack-type

* Added docs + integration tests
2022-10-19 03:51:45 +05:30
Mzack9999 a9f5d2defd
reordering unsafe test in the map (#2721) 2022-10-15 01:38:32 +05:30
Mzack9999 a71f5d5460
Merge pull request #2717 from projectdiscovery/issue-2657
updates to execute func in integration-test.go
2022-10-14 15:35:37 +02:00
LuitelSamikshya 909aa4cd79 updates to execute func in integration-test.go 2022-10-13 11:05:10 -05:00
LuitelSamikshya cb0da81a14 ratelimit library 2022-10-12 22:04:37 -05:00
sandeep c694fd82e5 readme update 2022-10-08 00:33:40 +05:30
Ice3man 6c93d99745 Fixed failing lint tests 2022-10-08 00:10:32 +05:30
Ice3man 9944f5e94e
Added response truncation support with flags (#2688)
* Added response truncation support with flags

* Fixed failing tests for no size
2022-10-07 20:10:00 +05:30
Mzack9999 781e4e6105
Shared Execution Context Prototype (#2576)
* renaming var

* Introducing shared execution context prototype

* fixing field name

* adding shared values propagation

* adding shared context lock

* add slice values normalization

* adding integration tests

* adding metadata support for dns

* adding multi-protocol context sharing test

* removing debug test files

* moving contextargs around

* adding comments

* refactoring code

- getter/setter for complex types
- using pointers to avoid heap allocations
2022-10-03 15:42:20 +05:30
Mzack9999 18f14b631c
Adding same host redirect support (#2655)
* simplifying test syntax

* adding same host redirect + refactoring redirect handling

* adding missing file

* adding support for template syntax

* adding integration test

* updating options

* fixing issue on same host redirect
2022-09-29 04:11:28 +05:30
Myung-jong Kim 9eea441b0e
Add `sort(list)`, `sort(string)`, `uniq(list)`, `uniq(string)` helper functions (#2372)
* Add feature in join() to sort a single string slice

Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>

* Add sort helper function and related tests

Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>

* Add uniq helper function and related tests

Signed-off-by: mjkim610 <mjkim610@gmail.com>

Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
Signed-off-by: mjkim610 <mjkim610@gmail.com>
2022-09-27 02:59:13 +05:30
Ice3man fc27fc94a5
Added default config generation for reporting options (#2605) 2022-09-27 02:40:34 +05:30
Mzack9999 99c14f4c9c
implementation of rate limiter with bucket refill and unrestricted token burst (#2536)
* implementation of rate limiter with interval burst

* fixing import path

* fixing syntax

* adding tests

* fixing lint errors

* adding support for context

* moving rate limiter earlier to avoid hitting timeout
2022-09-19 17:09:28 +05:30
Ice3man 04b47b0309
Added custom json-unmarshaller + misc updates (#2556)
* Added custom json-unmarshaller + misc updates

* Added support for nuclei-cloud based scan execution

* Removed unnecessary files

* Misc

* Changes as per review comments

* misc option update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-09-19 01:13:59 +05:30
Sami f3eb0daa39
additional dsl functions (#2550)
* additional dsl functions

* avoid conversion at each iteration
2022-09-08 14:25:34 +05:30
James Turner 42a0732d68
Add sha512 support (#2517) 2022-08-31 12:36:02 +05:30
sullo 69709326d8
Add secunia to bad site list (#2516) 2022-08-30 12:29:30 +05:30
Ice3man 466176e9e8
Merge pull request #2500 from projectdiscovery/goflags-update
Updated goflags to latest + misc
2022-08-30 11:52:25 +05:30
mzack e53614de0e correcting option type 2022-08-29 06:44:51 +02:00
Myung-jong Kim 01fbb3050d
Added option to list DSL function (#2497)
* Add lds flag

* misc flag update

* readme update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-28 16:37:21 +05:30