* added logs for debug
* fixes
* removed logs
* using cache item
* implemented multiple tests
* fixed some unit tests
* implemented test for skipping
* added multiple tests together
* added mark failed
* fix on tests
* better test implementation + concurrent
* fix: fixes on concurrent tests
* removed parallel and 1 unit test
DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build)
* fixes on go routine
* increasing parallelism of once.Do
* bumping go to 1.19 for atomic types support
* removing redundant check + fixing test concurrency on create
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
* Adding empty edge case to scan strategy
* Auto Generate Syntax Docs + JSONSchema [Thu Dec 29 10:10:55 UTC 2022] 🤖
* adding test file
* removing test file
Co-authored-by: GitHub Action <action@github.com>
* Add support to query DNS TLSA record
* fix build test
* fix ci-lint
* set expected to 0
* test domain update
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Add s3 bucket template provider
- Refactor the custom github template code
- add interface for template provider
* Validate if aws creds are passed if bucket flag
- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages
* Add aws s3 bucket flags documentation in README.md
- Rename the github_test.go to customTemplate_test.go
* go mod update
* Move template provider code to pkg/external/customtemplates dir
* Added initial data_source sync to cloud
* Misc
* Add pagination to scan output and scan list (#2858)
* Add pagination to scan output and scan list
* Use time based parameters instead of page numbers
* Fix linting errors
* Do not check limits at client, check at server
* Remove unused constant
* Misc update
* Removed unnecessary flags
* Misc
* Misc
* Misc endpoint additions
* Added more routes
* Typo fix
* Misc fixes
* Misc
* Misc fixes to cloud target logic + use int for IDs
* Misc
* Misc fixes
* Misc
* Misc fixes
* readme update
* Add JSON output support for list-scan option (#2876)
* Add JSON output support for list-scan option
* Fix typo in cloud JSON output description
* Following changes
- Update status(finished, running) to be lower-case by default
- Convert status to upper-case in DisplayScanList()
* Update status to be lower-case by default
* Remove additional json flag, instead use existing
* Merge conflict
* Accomodate comment changes and restructure code
Co-authored-by: Jaideep K <jaideep@one2n.in>
* Use integer IDs for scan tasks
* Added get-templates-targets endpoint + JSON + validation
* Added target count list
* misc option / description updates
* Added changes as per code review
* duplicate options + typo updates
* Added tablewriter for tabular data writing by default
* Fixed list scan endpoint
* Review changes
* workflow fix
* Added cloud tags etc based filtering (#3070)
* Added omitempty for filtering request
* go mod tidy
* misc format update
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com>
Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com>
Co-authored-by: Jaideep K <jaideep@one2n.in>
* added vars payload also in ssl
* fix on ssl.go, moved function on payloadValues creation
* added integration test
* rebase + minor changes
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* go mod update
* fix: Take workflow templates into account when building input helper
- when input helper is created, workflow templates aren't taken into account when deciding if http/https should be added to the inputsHTTP
- include the store.Workflows into the slice of templates that is checked for HTTP Protocol
Resolves#3048
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* used OpenFile instead of Create()
* reverted to original mode
* fixes and resume flag added
* fix on noTimestapt var
* fix on flag
* better code refactoring
* fix on debug error
* code refactoring on file management
* Fixes#2997, replace break line characters with HTML notation to avoid render the field text in a new line.
* using short helper
Co-authored-by: Víctor Zamanillo <victor.zamanillo@cifraeducacion.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* Update LICENSE.md
* removing per project COC in favor of global one (#2983)
* removing per project COC in favor of global one
* using global security info
* go mod update
* Add Splunk HEC Exporter support to Nuclei
* small refactor
Co-authored-by: Jane <5116641+JaneX8@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* added force http2 option
* implemented http2 with transport method
* fix and added forcehttp on clientpool
* updated readme with new flag
* option update
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Add s3 bucket template provider
- Refactor the custom github template code
- add interface for template provider
* Validate if aws creds are passed if bucket flag
- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages
* Add aws s3 bucket flags documentation in README.md
- Rename the github_test.go to customTemplate_test.go
* go mod update
* Move template provider code to pkg/external/customtemplates dir
* Remove github and aws update variables from flag
* Rename CustomTemplateProvider to Provider
* Update integration and function command in makefile
* Update github test case, accept token
* readme update
* go mod tidy
* Update build-test.yml
* handle empty dir in s3
* Add requested changes
- download/update s3 and github only when `-ut` is passed
- only print the missing env variable for s3
- add the custom templates path in
~/.config/nuclei/.template-config.json
* print custom paths only if exists in config file
* misc update
* tag update
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* Remove nuclei-updatecheck-api as dependency
* Run go mod tidy
* go mod tidy
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* New "td" flag, displays the highlighted template contents
New verboseTemplate method to avoid duplicate code
Grouped (and sorted) template list per directory
* Updated README about the td flag
* Going back to the previous template list format
The new one can't be pipelined
* Implicit template list on template display
Respect --no-color option to disable colors when -td is used
* misc option update
Co-authored-by: Víctor Zamanillo <victor.zamanillo@cifraeducacion.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/
- `nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/`
* Add automatic template execution using metadata
- Query uncover after the template is loaded.
- Add the received hosts to the input provider from uncover
- Make NormalizeStoreInputValue() function public to add hosts from the
runner after uncover hosts received.
* run go mod tidy
* Remove unnecessary comments
* Resolve the requested changes
- move uncover code to protocols/common/uncover package
- Use uncover delay to create uncover rate limiter
- Use single ratelimiter object and remove not required ratelimiters
- Create Set() method for input provider interface
- Rename normalizeStoreInputValue to Set() method
* Solved the uncover running twice.
- flag StringSliceVarP adds the default value twice in the variable
- Check if provider keys exists or not
- Add uncover help block to english readme.md
* Add uncover field functionality
- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf host
- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf ip:port
* Update error messages and solve nuclei hang for wrong uncover engine
- Get uncover engine values from uncover package
* Resolve merge conflicts
* misc option update
* Update logging for templates
- remove duplicate env log printing
- Log message for template queries
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* adding host with optional port type logic
* adding comment support in test cases
* updating test cases with multiple input scenarios
* readding port condition
* Add custom template download/update support from github
- Accept the -gtr flag to accept the list of custom template
repos(public/private)
- Accept the -gt flag for github token. It internally sets os.Env
variable
- Update the flags from
- -update to -nuclei-update for nuclei self update
- -ut to -tup for template-update
- -ud to -tud for custom template location
- Add github.go file which has code related to download and update
custom templates repos.
* Reslove golint and test case error
* Take default template from community directory
- No need to give explicit community directory path.
- Update the integration test to support the change in path
* Update functional test script update template flag
* Update the path from community to nuclei-template
- Revert the code changes that were made to add community directory
* remove the comment
* Update the interactsh server url for testing
* Update race condition command
* update race condition cmd to download the templates
* Debug integration test failure
* update integration test to update templates
* Refactor downloadCustomTemplate function.
- Remove the log prining instead send the message.
* Add test case for custom template repo download
* move the download repo for loop into diff function
* refactor updateTemplate function.
* Create struct for github repos.
- Create customtemplate struct for repo.
- Add functions to customtemplate
* update readme.md file
* Refactor the downloadCustomTemplate function
- create const variables for github & community as template type
- Update gologger to INF
- Validate templateUpdate to accept only github & community value.
- Validate tempalteUpdate require githubTemplateRepo
* Resolve requested changes
* go mod update
* misc option update
* test update
* Revert back update-template flag to boolean.
- to update community templates
`nuclei -ut`
- to update custom templates
`nuclei -ut -gtr ehsandeep/mobile-nuclei-templates`
* Update readme to update flag documentation
* Update go.mod
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Added fuzzing support for query params + var dump feature
* Added query-fuzz integration test
* Fixed payloads + added keys-regex fuzz parameter
* Fixed interactsh not working + misc
* Fixed evaluation + added global variables/dsl support to payloads
* Misc fixes related to variables evaluations
* Added http variables support to fuzz
* misc
* Misc
* Added testing playground + misc renaming
* Added support for path and raw request to fuzzing
* Fixed fuzz integration test
* Fixed variable unresolved issue
* Add multiple parameter support with same name
* Added parameter value as 'value' dsl variable for parts
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* set content_length as len(body) if response ContentLength is -1
* move content-length calculation to utils
* adding basic tests
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* Add cloud flags for nuclei.
* Add flag to get output for a particular scan ID
* Add some comments to the function.
* Get timestamp and id for scan list
* Fix linting errors
* Check if type is enumeration.
* Do not show deleted scans.
* Do not use filter_result, create client once and use it everywhere with
runner.
* Fix the output of scan list to be better
* Format the nuclei scan output list.
* Remove unused constant
* misc option update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
* Adding automatic request condition detection
* adding missing checks on part
* test update as per latest change
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* Add AS input support
- Integrate mapcidr asn function to handle ASN number input support
- Check if input is ASN number or not. If yes then query for cidrs
- issue #2706
* Remove \r coz of failing test cases in windows os
* Replace newline char for windows
* remove extra line
* rename goldenfile dir to tests
* fixing folder name
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
* Add CIDR input support
- Add expandCIDRInputValue function which accepts the cidr,
and stores the IPs into hmap. It uses mapcidr to get the expanded IPs
- Add test case to test expandCIDRInputValue and isCIDR function
- Update dsl_test.go which had typo. coz of failing test
* Resolve the requested changes
* Forcing conns to be gc-ed with keep-alive
* removing redundant code
keep-alive are disabled by default
* fixing merge conflict
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* Add feature in join() to sort a single string slice
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
* Add sort helper function and related tests
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
* Add uniq helper function and related tests
Signed-off-by: mjkim610 <mjkim610@gmail.com>
Signed-off-by: Myung-jong Kim <mjkim610@gmail.com>
Signed-off-by: mjkim610 <mjkim610@gmail.com>
* Update GO version to 1.18
* Removed redundant entry from the .gitignore file
* Added new DSL functions
to_unix_time(input string, optionalLayout string) int64
hex_to_dec(input string) float64
oct_to_dec(input string|number) float64
bin_to_dec(intput string|number) float64
* Notify if debug is enabled when a proxy cannot be validated
* Documentation: Go version requirement updated to 1.18
* test fix: Timezone agnostic date expectation in the assertion
* code review: extracted the default date-time layouts into a global variable
* Added tlsx integration to nuclei
* tls tests fix
* Added helper functions + upgrade tlsx to fix
* go mod update
* workflow fix to race test on windows
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
* added custom config flag
* config.yaml file in custom directory
* lint error fix
* few updates and error checks
* fix lint error
* copy config.yaml file if the dest folder does not exist
* lint error check
* added integration test
* improved test cases
* lint error fix
* 1、add DSL substr for #2304 By @hktalent
substr('xxtestxxx',2)。 testxxx
substr('xxtestxxx',2,-2) testx
substr('xxtestxxx',2,6) test
2、add DSL aes_cbc for #2243 By @hktalent
aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")
3、fixed An error occurs when running nuclei with multiple instances #2301 By @hktalent
* refactoring helpers
* removing unwanted mutex
* commenting out test
* removing aes_cbc test due to random iv
Co-authored-by: 51pwn <51pwn@51pwn.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* fix: socks5 proxy not working on tor proxy
* fix: socks5 proxy not working on tor proxy
* minor refactoring
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* missing ip in json
* using GetDNSData in place of GetDialedIP
* updated go mod
* bumping rawhttp test version
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
* expose hosterrorscache as an interface, change signature to capture the error reason
* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation
Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
* ntv flag to run templates added in specified version
* added missing arguments
* misc update
* added functional test and err check
* updated the min version
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
* Replacing hasstdin with helper library
* adding timeout reader on stdin
* adding large input read timeout
* reducing stdin timeout + nostdin flag
* go mod update
* readme update
* go mod tidy
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
* Added include-templates force-loading for templates
* Fixed loader case with include-templates
* Added integration test for excluded-template in loader
* use original request number instead of current iteration in request-condition
* add previousEvent tracking back for request condition
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
It is not recommended to use len for empty string test.
A string can be tested for its emptiness either by treating it as a slice and calculating the length of the slice, or by treating it as a string and directly comparing the value. While both produce identical code when compiled, it makes more sense to treat a string as itself, than a slice, for the sake of comparison of values.
Examples
Bad practice
len(s) == 0
Recommended
s == ""
The recommended practice is considered more idiomatic in Go.
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* Add decimal to hexadecimal auxiliary functions
* Fixed unit test
* Modify the helper function name and check the unit test.
* dsl function update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
* Add optional line number for file templates by default
* updating docs
* misc flag update
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
* Added hang monitor for goroutine dumping
* misc
* Made hang monitor optional with flag
* Added stack comparison for monitoring + misc
* Removed debug statements
* misc update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
* sonar category: String literals should not be duplicated
* lint error fix
* better naming conventions for constants
* improved naming conventions and methods
Tarun Koyalwar
shubhamrasal
Sandeep Singh
sandeep
xm1k3
Mzack9999
Taufik Mulyana
Owen Rumney
Víctor
Víctor Zamanillo
Chris Mandich
Ice3man
GitHub Action
51pwn
dependabot[bot]
Parth Malhotra
forgedhallpass
vrenzolaverace
Sajad
mzack
Jaideep Khandelwal
LuitelSamikshya
Bertold Kolics
aprp
Myung-jong Kim
Sami
James Turner
M. Ángel Jimeno
Dani Goland
xixijun
Mike Rheinheimer
invist
anykno
tanimdiucse123
Mike Rheinheimer
M4rtin Hsu
Rahmat
Rahmat
Owen Rumney