Ramana Reddy
c8a7df98f3
fix removing double slash prefix in raw req path ( #3960 )
...
* update utils lib
* add integration test on unsafe:false
* fix build error
---------
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2023-08-04 00:56:32 +05:30
Mzack9999
66f0dc735c
Adding jarm helper via dsl ( #3906 )
...
* Adding jarm helper via dsl
* adding test
* removing debug file
* fixing tests
---------
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-07-14 21:24:12 +05:30
Ramana Reddy
6707bc777a
fix showing multiple failure matches per template on -ms set ( #3770 )
...
* fix showing multiple failure matchers per template
add integration test
* exclude AS134029 from unit test
* Add flag for match status per request
* chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#3777 )
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.4.0...v3.5.0 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/xanzy/go-gitlab in /v2 (#3778 )
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 in /v2 (#3780 )
Bumps [github.com/spf13/cast](https://github.com/spf13/cast ) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/spf13/cast/releases )
- [Commits](https://github.com/spf13/cast/compare/v1.5.0...v1.5.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cast
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* enable no-httpx when passive scan is launched (#3789 )
* chore(deps): bump github.com/projectdiscovery/fastdialer from 0.0.26 to 0.0.28 in /v2 (#3779 )
* chore(deps): bump github.com/projectdiscovery/fastdialer in /v2
Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer ) from 0.0.26 to 0.0.28.
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases )
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.0.26...v0.0.28 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump retryabledns to 0.28
* Update the retryabledns
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
* deprecatedProtocolNameTemplates concurrent map writes (#3785 )
* deprecatedProtocolNameTemplates
* use syncLock
* fix lint error
* change version in deprecated warning msg
* comment asnmap expand unit test
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
* Issue 3339 headless fuzz (#3790 )
* Basic headless fuzzing
* Remove debug statements
* Add integration tests
* Update template
* Fix recognize payload value in matcher
* Update tempalte
* use req.SetURL()
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
* Auto Generate Syntax Docs + JSONSchema [Fri Jun 9 00:23:32 UTC 2023] 🤖
* Add headless header and status matchers (#3794 )
* add headless header and status matchers
* rename headers as header
* add integration test for header+status
* fix typo
* chore(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine (#3809 )
Bumps golang from 1.20.4-alpine to 1.20.5-alpine.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/go-playground/validator/v10 in /v2 (#3810 )
Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator ) from 10.11.2 to 10.14.1.
- [Release notes](https://github.com/go-playground/validator/releases )
- [Commits](https://github.com/go-playground/validator/compare/v10.11.2...v10.14.1 )
---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/projectdiscovery/rawhttp in /v2 (#3811 )
Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp ) from 0.1.11 to 0.1.13.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases )
- [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.11...v0.1.13 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 in /v2 (#3812 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3781 )
Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap ) from 0.0.11 to 0.0.13.
- [Release notes](https://github.com/projectdiscovery/hmap/releases )
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.11...v0.0.13 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Using safe dereferencing
* adding comment
* fixing and condition
* fixing test id
* adding integration test
* update goflags dependency
* update goflags dependency
* bump goflags v0.1.9 => v0.1.10
* handle failure matcher flags logic at executor itself
* add integration test to matcher status per request
* Adding random tls impersonate (#3844 )
* adding random tls impersonate
* dep update
---------
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Use templateman enhance api to populate CVE info (#3788 )
* use templateman enhance api to populate cve info
* rename cve-annotate => tmc
add additional flags to format, lint and enhance template using templateman apis
* minior changes
* remove duplicate code
* misc update
* Add validate and error log option
* print if updated
* print format and enhance only if updated
* make max-request optional
* fix reference unmarshal error
* fix removing self-contained tag
---------
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* fix matcher status with network protocol
* fix test
* remove -msr flag
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: 三米前有蕉皮 <kali-team@qq.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-06-30 23:32:00 +05:30
Ramana Reddy
cddae989f3
Add template option to disable merging target url path with raw request path ( #3799 )
...
* add template option to disable merging target url path with raw request path
* rename disable-merge-path -> disable-path-automerge
add integration test
2023-06-19 20:22:17 +05:30
Mzack9999
0d2d510689
Adding support for constants ( #3692 )
...
* adding support for constants
* fixing typo
* adding integration test
* fixing lint issues
* fixing template syntax
2023-05-25 22:02:35 +05:30
Shubham Rasal
449afc0c5c
Issue 3564 var override ( #3599 )
...
* Check if the variables are override by other means
- you can override the template variable value using command line flags
* Update lazy eval logic
- previously, we were checking any function/expression in variable
- now, update the logic, lazy eval only if variable contains any
protocol variable(global)
* add integration tests
* Add test to check the dsl function working in variable
* gather all generate variables logic in utils
* go mod update
* Refactor the generate variables function
* go mod update+ fix typo
---------
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-05-02 23:49:56 +05:30
Shubham Rasal
6ebb8e98f4
Fix wrong template loading in dev branch ( #3629 )
...
* Templates wrong loading
* Add tests to cover following scenarios
- check optional fields only if template loaded
- it should return warning only if template is loaded
2023-05-02 15:12:55 +05:30
Tarun Koyalwar
7f5e4e2336
aws signer: fix missing x-content-sha256 header ( #3601 )
...
* fix missing x-content-sha256 header
* fix variable priority in self-contained templates
* remove debug statement
* adds generic raw request parser for self-contained req
* more integration tests
* bug fix: 10x faster race requests
* fix failing integration test
2023-05-01 12:15:35 +05:30
Tarun Koyalwar
4e6ef4490e
duplicated params in self contained requests ( #3608 )
...
* fix duplicated params in self-contained+ export extracted values to file
* add integration tests + fix percentage overflow in pb
* fix integration test template id
* integration test: validate if file exists
2023-04-26 12:35:07 +05:30
Mzack9999
6f4b1ae48a
Replacing ccache with generic gcache ( #3523 )
...
* Replacing ccache with generic gcache
* fixing lint issues
* removing unecessary hashing + using errorutils
* making test more tolerant
* removing dead code + refactor
* removing redundant code
* removing race
* maint
* moving code
* adding more iterations
* note + typo
* temporary fixing stop-at-first-match with interact
* wrapping internal map with mux
* sort before running integration test
* fix deadlock in requestShouldStopAtFirstMatch
* add timeout to integration_test workflow
* attempting to remove outer lock
* adds interactsh protocol tests in integration_test
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-04-16 23:19:35 +05:30
Shubham Rasal
45cc676f96
Evaluate payload variables ( #3503 )
...
* Evaluate payload variables
* Add variables evaluation
* Extend variables test
- to check evaluation of global variables in variables
- to check evaluation of golbal variables in payload
* Add default and cli variables to websocket, whois and dns proto
- use url.Parse with urlutil.Parse
2023-04-12 01:50:58 +05:30
Ramana Reddy
c9634fae72
Issue 3350 matcher condition or not work ( #3397 )
...
* fix or condition match even interactsh includes as matcher-part (#3350 )
* add integration test
* add new template to integration test
* matcher-condtion: test case for both conditions
* fix lint errors
* upgrade dependencies
---------
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-03-15 20:45:44 +05:30
Shubham Rasal
572c8eb780
Issue 2987 fuzz options ( #3355 )
...
* Add override fuzzing type and mode flags
* Update english readme
* Fix failing tests
* Add the integration tests
- validate the command line overriding type and mode for fuzzing
2023-03-06 16:56:38 +05:30
Tarun Koyalwar
d9e953acfa
fix file input in custom vars for self contained http template ( #3385 )
...
* fix file input in variables(-V)
* fix lint error
* fix nuclei-ignore file failures
2023-03-04 04:57:27 +05:30
xm1k3
f26e01551e
resolve() helper function ( #3321 )
...
* started the implementation of resolve helper function
* fixes go mod and sum
* fixes and use makeDslWithOptionalArgsFunction signature
* added tests
* added more dnsTypes based on dnsx docs
* used dns client pool
* dsl functions
* fixes on dnsclientpool, added init()
* go mod tidy
* go mod tidy
* dsl signature makeMultiSignatureDslFunction
* error on len
* managed mx
* fix on mx record
* dns types managed with FirstNonZero func
* error handling
* utils to stable version
* version bump
* fixing var name
---------
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2023-03-04 04:21:24 +05:30
Tarun Koyalwar
21b03a2e8a
bug fix in url path and adds integration tests ( #3331 )
...
* fix unsafe edgecases+ adds integration test
* bug fixes and more url testcases
* upgrade cfssl
* fix template id in integration test
2023-02-20 22:26:04 +05:30
xm1k3
cc2f796d2f
Helper function for IP Formats ( #3286 )
...
* implemented ip_format helper function
* added tests on ip_format() helper
* fixes on logic
* fixes related to mapcidr docs
* better error value
* fixes + unit test to check index 11
* added call for integration tests
* fixes on dsl-functions number
---------
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2023-02-17 01:47:40 +05:30
Mzack9999
d956275e98
Adding content length edge cases ( #3147 )
...
* adding content length edge cases
* fixing CL behavior
* suppressing -1 error
* fixing path
2023-01-07 18:06:44 +05:30
Tarun Koyalwar
e66ed30cec
fix missing trailing slash ( #3127 )
...
* raw: fix missing trailing slash
* adds rawpath integration test
* rename trailing slash test
2023-01-03 23:45:34 +05:30
Mzack9999
a4ce231983
Replacing unstable interactsh with scanme.sh ( #3107 )
2022-12-30 20:13:07 +05:30
forgedhallpass
0295ca19bc
Add `split` DSL function ( #2838 )
...
* Add support for showing overloaded DSL method signatures
* Add `split` DSL function #2837
* fixing lint warnings
* replacing faulty regex with strings methods
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2022-11-14 06:08:12 +05:30
Mzack9999
1fbbca66f9
Adding support to scan all v4/v6 IPs ( #2709 )
...
* Adding support to scan all v4/v6 IPs
* adding tests
* metainput prototype
* using new signature
* fixing nil pointer
* adding request context with metadata
* removing log instruction
* fixing merge conflicts
* adding clone helpers
* attempting to fix ipv6 square parenthesis wrap
* fixing dialed ip info
* fixing syntax
* fixing output ip selection
* adding integration tests
* disabling test due to gh ipv6 issue
* using ipv4 only due to GH limited networking
* extending metainput marshaling
* fixing hmap key
* adding test for httpx integration
* fixing lint error
* reworking marshaling/id-calculation
* adding ip version validation
* improving handling non url targets
* fixing condition check
2022-11-09 18:48:56 +05:30
Ice3man
b9472cf7e1
Added fuzzing support for query params + var dump feature ( #2679 )
...
* Added fuzzing support for query params + var dump feature
* Added query-fuzz integration test
* Fixed payloads + added keys-regex fuzz parameter
* Fixed interactsh not working + misc
* Fixed evaluation + added global variables/dsl support to payloads
* Misc fixes related to variables evaluations
* Added http variables support to fuzz
* misc
* Misc
* Added testing playground + misc renaming
* Added support for path and raw request to fuzzing
* Fixed fuzz integration test
* Fixed variable unresolved issue
* Add multiple parameter support with same name
* Added parameter value as 'value' dsl variable for parts
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-11-01 20:28:50 +05:30
Ice3man
d956f08cb9
Added attack-type option to override template attack-type ( #2724 )
...
* Added attack-type option to override template attack-type
* Added docs + integration tests
2022-10-19 03:51:45 +05:30
Mzack9999
9493dfdb20
Adding automatic request condition detection ( #2707 )
...
* Adding automatic request condition detection
* adding missing checks on part
* test update as per latest change
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-10-15 15:19:04 +05:30
Mzack9999
18f14b631c
Adding same host redirect support ( #2655 )
...
* simplifying test syntax
* adding same host redirect + refactoring redirect handling
* adding missing file
* adding support for template syntax
* adding integration test
* updating options
* fixing issue on same host redirect
2022-09-29 04:11:28 +05:30
Myung-jong Kim
9eea441b0e
Add `sort(list)`, `sort(string)`, `uniq(list)`, `uniq(string)` helper functions ( #2372 )
...
* Add feature in join() to sort a single string slice
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
* Add sort helper function and related tests
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
* Add uniq helper function and related tests
Signed-off-by: mjkim610 <mjkim610@gmail.com>
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
Signed-off-by: mjkim610 <mjkim610@gmail.com>
2022-09-27 02:59:13 +05:30
Sami
f3eb0daa39
additional dsl functions ( #2550 )
...
* additional dsl functions
* avoid conversion at each iteration
2022-09-08 14:25:34 +05:30
James Turner
42a0732d68
Add sha512 support ( #2517 )
2022-08-31 12:36:02 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc ( #2476 )
2022-08-23 12:45:55 +05:30
Sajad
c4ba2b4edb
Additional helpers ( #2359 )
...
* add starts_with, ends_with helper functions
* add test cases, update dsl signatures
* change split_starts_with to line_starts_with
2022-08-06 23:16:03 +05:30
Ice3man
9073b753ca
Added aes_gcm implementation for DSL function ( #2196 )
...
* Added aes_gcm implementation for DSL function
* Added integration test for dsl-functions.yaml
2022-06-23 16:16:24 +05:30
forgedhallpass
cadba90a5a
test: extended the DSL helper integration test cases
2022-06-10 15:58:54 +03:00
forgedhallpass
179cf908a8
Revert "test: extended the DSL helper integration test cases"
...
This reverts commit ea0b6eae64
.
2022-06-10 13:48:34 +03:00
forgedhallpass
ea0b6eae64
test: extended the DSL helper integration test cases
2022-06-10 13:33:16 +03:00
forgedhallpass
9fd9892f49
test: extra DSL function test cases
2022-06-08 20:58:46 +03:00
Ice3man
be5f1a7623
Added redirected matched URL + stop-at-first-match for redirect chains ( #2050 )
...
* Added redirected matched URL + stop-at-first-match for redirect chains
* Pleasing go-linter
2022-05-30 15:19:09 +05:30
Mzack9999
16a05d0aa2
Adding CLI SNI support to unsafe http ( #2077 )
...
* Adding CLI SNI support to unsafe http
* adding http unsafe sni test
2022-05-27 21:53:07 +05:30
Mzack9999
39c7317ec3
Adding SNI override via request annotations ( #1970 )
...
* Adding SNI override via request annotations
* adding cli flag priority
2022-05-12 16:43:56 +05:30
Mzack9999
2f1330345f
Adding global SNI support for HTTP protocol via CLI ( #1964 )
...
* Adding global SNI support via CLI
* adding integration test
* adding cli option to docs
* reverting deleted test
2022-05-11 16:00:39 +05:30
LuitelSamikshya
3ccbfe4626
disable redirects flag
2022-04-27 11:19:44 -05:00
Ice3man
b91bad813b
Misc changes to PR
2022-04-20 15:36:02 +05:30
Ice3man
d0d65f8d6b
Added integration tests for variables + misc changes
2022-04-02 02:14:00 +05:30
Xavier Stevens
4a65097194
Squashed commit of the following:
...
commit b590de2de14923e4cb35dd19845e12833a4ccbfa
Author: Xavier Stevens <xstevens@users.noreply.github.com>
Date: Wed Mar 23 08:29:37 2022 -0700
Updated rand_ip to use variadic args
commit ea883be8c0aa56174a1301252129289334659f3f
Author: Xavier Stevens <xstevens@users.noreply.github.com>
Date: Tue Mar 22 16:59:19 2022 -0700
Updated rand_ip function to handle multiple CIDRs
2022-03-23 08:37:05 -07:00
skhalsa-sigsci
63eccc85ba
random ip helper function
2022-03-21 17:39:10 -07:00
mzack
3807e648c7
Fixing exit at first match with extractors
2022-02-01 11:25:29 +01:00
Sandeep Singh
59762ae266
Merge pull request #1503 from projectdiscovery/dsl_concat
...
DSL concat function
2022-01-18 21:34:21 +05:30
mzack
aec007e1b4
adding integration tests for single/multiple race conditions requests
2022-01-18 14:15:15 +01:00
forgedhallpass
286e27510d
test: introduce 'concat' DSL function
...
* correct order and number of expected results
2022-01-17 13:50:42 +02:00
forgedhallpass
d4a015fb47
test: introduce 'concat' DSL function
...
* fixed typo in test
2022-01-17 13:45:16 +02:00