Commit Graph

207 Commits (e43e0cf186c861d85bbeda4e910402bc50e411e5)

Author SHA1 Message Date
sandeep 3894d466ad version update 2023-07-28 21:43:09 +05:30
Dogan Can Bakir 163bc22281
add headless options flag (#3951)
* add headless options flag

* disable some tests for windows

* disable interactsh tests on darwin

* disable network/hex.yaml on windows

* make DisableOn func
2023-07-28 21:20:57 +05:30
Mzack9999 e5154d362a
fixing payload load (#3927)
* fixing payload load

* Added tests for load payloads edge-case + fixed error

* Added separate flags for network and file sandbox

* Fixed tests for payload loader

* Fixed integration tests locally

* readme update

---------

Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-14 19:39:32 +05:30
sandeep b64d422b67 added disclaimer 2023-07-06 15:01:35 +05:30
Keith Chason b3ccb9a6e5
Exclude Raw Request Payloads (#3710)
* Add command docs and CLI hook

* Add configurable exclusion from reports

* Register the CLI argument with exporter configuration

* Switch to inverted logic with JSONRequest flag

* Switch variable name for the -include-rr/-irr flag

* Remove flags from README

* Update call for -irr and -or

* convert -irr to no-op

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-07-05 02:07:56 +05:30
Mzack9999 2a32ed9cba
Adding random tls impersonate (#3844)
* adding random tls impersonate

* dep update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-06-21 17:17:18 +05:30
sandeep 74ab1428be Merge branch 'dev' 2023-05-28 16:58:08 +05:30
Mzack9999 dfd4d5b855
Adding interact keepalive to reduce server-side id pruning (#3680)
* adding interact keepalive + improving init logic

* dep update

* go version update

* readme update

* version bump

* fixing invalid format

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-05-21 01:56:13 +05:30
Brendan O'Leary f5632f345a
Fix updates to docs references (#3718)
Co-authored-by: Brendan O'Leary <boleary@gitlab.com>
2023-05-21 00:23:49 +05:30
Tarun Koyalwar 4a6a0185f5
Feat template update improvements (#3675)
* path modification of official templates

* fix deprecated paths counter

* add reset flag to nuclei

* bug fix: deprecated path counter

* ignore meta files

* purge empty dirs

* fix lint error
2023-05-12 05:17:19 +05:30
Pj Metz 6c79602927
Readme sj flag fix (#3579)
* fixed -sj flag description for readme.md and readme_ID.md

* misc update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-20 19:08:02 +05:30
sandeep 871e7016fc version update 2023-04-20 03:39:33 +05:30
Keith Chason 3476f4d1d6
JSONL(ine) Export (#3504) (#3505)
* Add initial hooks for JSONL export

* Add newline character after each result

* fix integration test (#3506)

* fix integration test

* fix interactsh fatal error

* fix default report-config.yaml

---------

Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-04-08 17:44:41 +05:30
mlec ed31fc4449
fix(links): Replace Master to Main in links 🩹 (#3485)
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2023-03-31 16:27:15 +05:30
Keith Chason 4d96025bec
JSON Export Handling Updates (#3466)
* Switch -json to -jsonl

* Add JSON output file

* Update docs for EN and ID

* Fix linting issue with error wrap

* Add -j flag

* Fix call for short flag

* Correct typo "Ciper" to "Cipher" (#3468)

* migrate dsl helper functions to dsl repo (#3461)

* migrate dsl pkg code to dsl repo

* fix lint error

* upgrade dsl dependency

* upgrade deps

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>

* chore(deps): bump github.com/projectdiscovery/httpx in /v2 (#3469)

Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.2.7 to 1.2.9.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.2.7...v1.2.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/weppos/publicsuffix-go in /v2 (#3472)

Bumps [github.com/weppos/publicsuffix-go](https://github.com/weppos/publicsuffix-go) from 0.20.0 to 0.30.0.
- [Release notes](https://github.com/weppos/publicsuffix-go/releases)
- [Changelog](https://github.com/weppos/publicsuffix-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-go/compare/v0.20.0...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/weppos/publicsuffix-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/wappalyzergo in /v2 (#3473)

Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.0.81 to 0.0.88.
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.0.81...v0.0.88)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3470)

Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.10 to 0.0.11.
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.10...v0.0.11)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* debug catalog path

* use paths instead of filepath for aws path

* deps update (#3477)

* deps update

* fixing gologger via callback

* Moved `json-export` flag to the other exporters

* Switch "json[-_]exporter to jsonexporter"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
2023-03-31 15:29:29 +05:30
Austin Traver 0d90a555f6
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399)
* Allow user to specify for "context deadline exceeded" errors to count toward the max host error count

* Convert flag to a string slice `--track-error`

* Minimize diff

* Add documentation for `-track-error`

* adds unit test & minor improvements

* update flag description

---------

Co-authored-by: Austin Traver <austin_traver@intuit.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-03-14 13:59:42 +05:30
Shubham Rasal 572c8eb780
Issue 2987 fuzz options (#3355)
* Add override fuzzing type and mode flags

* Update english readme

* Fix failing tests

* Add the integration tests

- validate the command line overriding type and mode for fuzzing
2023-03-06 16:56:38 +05:30
Alexandre ZANNI e3e60d0ba8
uncover: add criminalip support (#3162)
* update uncover engine options

* add criminalip support

* update criminalIP variable

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
2023-02-21 00:23:11 +05:30
galoget 7d1471fbac
Updated README.md to include Contributors Graph Section (#3299)
Adding a Contributors Graph Section is important, as it shows gratitude for all collaborations made by the Community, but it also motivates more people to join and participate in the project.

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-02-09 23:50:18 +05:30
Faheem Khan fc831bd977
Update nuclei -h output to (#3235)
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-02-07 04:57:13 +05:30
Mzack9999 6c56a20544
Adding support for nmhe (#3219)
* adding support for nmhe

* updating docs
2023-01-22 15:08:50 +05:30
André Angeluci edb4cb5495
Fixing a typo on the readme file. (#3214)
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-01-19 19:30:51 +05:30
Mzack9999 0b3992cdb8
moving examples to go file (#3187) 2023-01-12 14:57:32 +05:30
xm1k3 34120fbecc
#3046 persistent failed item status and #2065 failed items reporting error once (#3047)
* added logs for debug

* fixes

* removed logs

* using cache item

* implemented multiple tests

* fixed some unit tests

* implemented test for skipping

* added multiple tests together

* added mark failed

* fix on tests

* better test implementation + concurrent

* fix: fixes on concurrent tests

* removed parallel and 1 unit test

DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build)

* fixes on go routine

* increasing parallelism of once.Do

* bumping go to 1.19 for atomic types support

* removing redundant check + fixing test concurrency on create

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2023-01-02 13:52:06 +05:30
Jonathan Walker 8003f383e3
update golang example input (#3088) 2022-12-28 19:07:38 +05:30
Jesse Kelly 4c49a69d80
WIP chore: updated readme with install instructions (#2777)
* docker go version update

* docker fix

* chore: updated readme with install instructions

It's probably better to have the install instructions in the readme directly than to have to open a link to view install instructions

* added the reference link

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-28 02:36:47 +05:30
Sandeep Singh 96646c8f53
cloud templates targets sync (#2959)
* Add s3 bucket template provider

- Refactor the custom github template code
- add interface for template provider

* Validate if aws creds are passed if bucket flag

- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages

* Add aws s3 bucket flags documentation in README.md

- Rename the github_test.go to customTemplate_test.go

* go mod update

* Move template provider code to pkg/external/customtemplates dir

* Added initial data_source sync to cloud

* Misc

* Add pagination to scan output and scan list (#2858)

* Add pagination to scan output and scan list

* Use time based parameters instead of page numbers

* Fix linting errors

* Do not check limits at client, check at server

* Remove unused constant

* Misc update

* Removed unnecessary flags

* Misc

* Misc

* Misc endpoint additions

* Added more routes

* Typo fix

* Misc fixes

* Misc

* Misc fixes to cloud target logic + use int for IDs

* Misc

* Misc fixes

* Misc

* Misc fixes

* readme update

* Add JSON output support for list-scan option (#2876)

* Add JSON output support for list-scan option

* Fix typo in cloud JSON output description

* Following changes

- Update status(finished, running) to be lower-case by default
- Convert status to upper-case in DisplayScanList()

* Update status to be lower-case by default

* Remove additional json flag, instead use existing

* Merge conflict

* Accomodate comment changes and restructure code

Co-authored-by: Jaideep K <jaideep@one2n.in>

* Use integer IDs for scan tasks

* Added get-templates-targets endpoint + JSON + validation

* Added target count list

* misc option / description updates

* Added changes as per code review

* duplicate options + typo updates

* Added tablewriter for tabular data writing by default

* Fixed list scan endpoint

* Review changes

* workflow fix

* Added cloud tags etc based filtering (#3070)

* Added omitempty for filtering request

* go mod tidy

* misc format update

Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com>
Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com>
Co-authored-by: Jaideep K <jaideep@one2n.in>
2022-12-21 22:48:43 +05:30
sandeep da52ad81d4 readme update 2022-12-11 18:15:59 +05:30
sandeep 35af8191b3 Merge branch 'master' of https://github.com/projectdiscovery/nuclei into dev 2022-12-05 18:52:23 +05:30
xm1k3 628b96f768
added force http2 option (#2919)
* added force http2 option

* implemented http2 with transport method

* fix and added forcehttp on clientpool

* updated readme with new flag

* option update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-04 22:32:01 +05:30
Ice3man 514c6e2d1e
Added timestamp optional flag + user-agent to probing (#2962)
* Added timestamp optional flag + user-agent to probing

* fix typo

* misc update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-04 22:16:55 +05:30
Sandeep Singh 6ae9eee8d3
README + misc updates (#2961)
* readme update

* version + banner update

* misc option update

* go fmt'ed code

* misc update
2022-12-04 20:51:33 +05:30
Shubham Rasal d5a09e733a
Issue 2772 s3 provider support (#2825)
* Add s3 bucket template provider

- Refactor the custom github template code
- add interface for template provider

* Validate if aws creds are passed if bucket flag

- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages

* Add aws s3 bucket flags documentation in README.md

- Rename the github_test.go to customTemplate_test.go

* go mod update

* Move template provider code to pkg/external/customtemplates dir

* Remove github and aws update variables from flag

* Rename CustomTemplateProvider to Provider

* Update integration and function command in makefile

* Update github test case, accept token

* readme update

* go mod tidy

* Update build-test.yml

* handle empty dir in s3

* Add requested changes

- download/update s3 and github only when `-ut` is passed
- only print the missing env variable for s3
- add the custom templates path in
  ~/.config/nuclei/.template-config.json

* print custom paths only if exists in config file

* misc update

* tag update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-12-02 03:57:00 +05:30
Víctor 9c17284616
Display tpl contents (#2906)
* New "td" flag, displays the highlighted template contents
New verboseTemplate method to avoid duplicate code
Grouped (and sorted) template list per directory

* Updated README about the td flag

* Going back to the previous template list format

The new one can't be pipelined

* Implicit template list on template display
Respect --no-color option to disable colors when -td is used

* misc option update

Co-authored-by: Víctor Zamanillo <victor.zamanillo@cifraeducacion.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-29 17:48:44 +05:30
Sandeep Singh 8fbdb8db89
Moving using as code from design document to readme (#2912) 2022-11-26 20:09:24 +05:30
Dwi Siswanto b45e2d28f2
docs: Indonesia translation README (#2896)
* docs: Indonesia translation README

* docs: Add ID hyperlink for README
2022-11-25 22:42:33 +05:30
Ice3man 291a0fea94
Merge pull request #2856 from projectdiscovery/sandbox-pr
Added sandboxing for payload files and requests
2022-11-24 14:07:33 +05:30
Ice3man 694a2a7ec5 Added sandbox details to README 2022-11-24 14:02:58 +05:30
Parth Malhotra 3014b40ac6
Fixes #2885 (#2886)
* docker go version update

* docker fix

* version update

* update chinese readme and typo fixes. (#2862)

* Fixes #2885

Fixes #2885

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>
2022-11-23 18:21:22 +05:30
Xc1Ym 05d607642a
update chinese readme and typo fixes. (#2862) 2022-11-17 15:59:05 +05:30
Shubham Rasal 6b142d794a
Issue 2254 uncover integration (#2786)
* nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/

- `nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/`

* Add automatic template execution using metadata

- Query uncover after the template is loaded.
- Add the received hosts to the input provider from uncover
- Make NormalizeStoreInputValue() function public to add hosts from the
  runner after uncover hosts received.

* run go mod tidy

* Remove unnecessary comments

* Resolve the requested changes

- move uncover code to protocols/common/uncover package
- Use uncover delay to create uncover rate limiter
- Use single ratelimiter object and remove not required ratelimiters
- Create Set() method for input provider interface
- Rename normalizeStoreInputValue to Set() method

* Solved the uncover running twice.

- flag StringSliceVarP adds the default value twice in the variable
- Check if provider keys exists or not
- Add uncover help block to english readme.md

* Add uncover field functionality

- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf host
- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf ip:port

* Update error messages and solve nuclei hang for wrong uncover engine

- Get uncover engine values from uncover package

* Resolve merge conflicts

* misc option update

* Update logging for templates

- remove duplicate env log printing
- Log message for template queries

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-16 11:12:39 +05:30
forgedhallpass 0c588cf9af
Fixed typo in the -stop-at-first-match instead of path (#2850) 2022-11-15 15:47:09 +05:30
Shubham Rasal 721c4964d7
Issue 2613 custom template GitHub (#2630)
* Add custom template download/update support from github

- Accept the -gtr flag to accept the list of custom template
  repos(public/private)
- Accept the -gt flag for github token. It internally sets os.Env
  variable
- Update the flags from
   - -update to -nuclei-update for nuclei self update
   - -ut to -tup for template-update
   - -ud to -tud for custom template location
- Add github.go file which has code related to download and update
  custom templates repos.

* Reslove golint and test case error

* Take default template from community directory

- No need to give explicit community directory path.
- Update the integration test to support the change in path

* Update functional test script update template flag

* Update the path from community to nuclei-template

- Revert the code changes that were made to add community directory

* remove the comment

* Update the interactsh server url for testing

* Update race condition command

* update race condition cmd to download the templates

* Debug integration test failure

* update integration test to update templates

* Refactor downloadCustomTemplate function.

- Remove the log prining instead send the message.

* Add test case for custom template repo download

* move the download repo for loop into diff function

* refactor updateTemplate function.

* Create struct for github repos.

- Create customtemplate struct for repo.
- Add functions to customtemplate

* update readme.md file

* Refactor the downloadCustomTemplate function

- create const variables for github & community as template type
- Update gologger to INF
- Validate templateUpdate to accept only github & community value.
- Validate tempalteUpdate require githubTemplateRepo

* Resolve requested changes

* go mod update

* misc option update

* test update

* Revert back update-template flag to boolean.

- to update community templates
  `nuclei -ut`
- to update custom templates
  `nuclei -ut -gtr ehsandeep/mobile-nuclei-templates`

* Update readme to update flag documentation

* Update go.mod

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-11-03 20:27:18 +05:30
Ice3man d956f08cb9
Added attack-type option to override template attack-type (#2724)
* Added attack-type option to override template attack-type

* Added docs + integration tests
2022-10-19 03:51:45 +05:30
sandeep c694fd82e5 readme update 2022-10-08 00:33:40 +05:30
forgedhallpass fc0763641f
New dsl functions (#2545)
* Update GO version to 1.18

* Removed redundant entry from the .gitignore file

* Added new DSL functions

to_unix_time(input string, optionalLayout string) int64
hex_to_dec(input string) float64
oct_to_dec(input string|number) float64
bin_to_dec(intput string|number) float64

* Notify if debug is enabled when a proxy cannot be validated

* Documentation: Go version requirement updated to 1.18

* test fix: Timezone agnostic date expectation in the assertion

* code review: extracted the default date-time layouts into a global variable
2022-09-07 00:44:29 +05:30
Myung-jong Kim 01fbb3050d
Added option to list DSL function (#2497)
* Add lds flag

* misc flag update

* readme update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-28 16:37:21 +05:30
sandeep 8f8ab429ff readme update 2022-08-26 14:20:18 +05:30
Sajad 011da1388d
add option to specify network interface (#2384)
* add option to specify network interface

* add source-ip flag

* fix typo

* fix err return

* readme update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-08-25 17:42:35 +05:30
Ice3man 7b7936b7a5
Added show-actions flag to display headless actions (#2456)
* Added show-actions flag to display headless actions

* misc update

* readme update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-08-25 10:43:32 +05:30