daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/input/formats
History
Ice3man fa56800fcc
Fuzzing layer enhancements + input-types support (#4477) 
* feat: move fuzz package to root directory

* feat: added support for input providers like openapi,postman,etc

* feat: integration of new fuzzing logic in engine

* bugfix: use and instead of or

* fixed lint errors

* go mod tidy

* add new reqresp type + bump utils

* custom http request parser

* use new struct type RequestResponse

* introduce unified input/target provider

* abstract input formats via new inputprovider

* completed input provider refactor

* remove duplicated code

* add sdk method to load targets

* rename component url->path

* add new yaml format + remove duplicated code

* use gopkg.in/yaml.v3 for parsing

* update .gitignore

* refactor/move + docs fuzzing in http protocol

* fuzz: header + query integration test using fuzzplayground

* fix integration test runner in windows

* feat add support for filter in http fuzz

* rewrite header/query integration test with filter

* add replace regex rule

* support kv fuzzing + misc updates

* add path fuzzing example + misc improvements

* fix matchedURL + skip httpx on multi formats

* cookie fuzz integration test

* add json body + params body tests

* feat add multipart/form-data fuzzing support

* add all fuzz body integration test

* misc bug fixes + minor refactor

* add multipart form + body form unit tests

* only run fuzzing templates if -fuzz flag is given

* refactor/move fuzz playground server to pkg

* fix integration test + refactor

* add auth types and strategies

* add file auth provider

* start implementing auth logic in http

* add logic in http protocol

* static auth implemented for http

* default :80,:443 normalization

* feat: dynamic auth init

* feat: dynamic auth using templates

* validate targets count in openapi+swagger

* inputformats: add support to accept variables

* fix workflow integration test

* update lazy cred fetch logic

* fix unit test

* drop postman support

* domain related normalization

* update secrets.yaml file format + misc updates

* add auth prefetch option

* remove old secret files

* add fuzzing+auth related sdk options

* fix/support multiple mode in kv header fuzzing

* rename 'headers' -> 'header' in fuzzing rules

* fix deadlock due to merge conflict resolution

* misc update

* add bool type in parsed value

* add openapi validation+override+ new flags

* misc updates

* remove optional path parameters when unavailable

* fix swagger.yaml file

* misc updates

* update print msg

* multiple openapi validation enchancements + appMode

* add optional params in required_openapi_vars.yaml file

* improve warning/verbose msgs in format

* fix skip-format-validation not working

* use 'params/parameter' instead of 'variable' in openapi

* add retry support for falky tests

* fix nuclei loading ignored templates (#4849)

* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command

* feat: issue tracker URLs in JSON + misc fixes (#4855)

* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes

* introduce `disable-unsigned-templates` flag (#4820)

* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Purge cache on global callback set (#4840)

* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* misc update

* add application/octet-stream support

* openapi: support path specific params

* misc option + readme update

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 		2024-03-14 03:08:53 +05:30
..
burp Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
json Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
openapi Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
swagger Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
testdata Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
yaml Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
README.md Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30
formats.go Fuzzing layer enhancements + input-types support (#4477) 2024-03-14 03:08:53 +05:30

README.md

formats

Formats implements support for passing a number of request source as input providers to nuclei to be tested for fuzzing related issues.

Currently the following formats are implemented -

  • Burp Suite XML Request/Response file
  • Proxify JSONL output file
  • OpenAPI Specification file
  • Postman Collection file
  • Swagger Specification file

Each implementation implements either the entire or a subset of the features of the specifications. These can be increased further to add support as new things or requirements are identified.

Refer to the specific code for each implementation to understand supported features of the specs.

OpenAPI Specification File

It is designed to generate HTTP requests based on an OpenAPI 3.0 Schema. Here is how these schema components are processed:

Servers

The module supports multiple server URLs defined in the Servers section of the OpenAPI document. It will send requests to all the server URLs defined in the schema.

Paths and Operations

The module supports all HTTP methods defined under each path in the Paths section. For each operation on a path, HTTP requests are generated and sent to the defined server URL. If the operation cannot generate a valid request, a warning will be logged.

Parameters

The module recognizes parameters defined in the query, header, path, and cookie categories. When generating requests, if the requiredOnly flag is true, only the required parameters are included. Otherwise, all parameters, regardless of their required status, are used.

The generateExampleFromSchema function is used to generate suitable example data for each parameter from their respective schema definitions.

RequestBody

The module also comprehends request bodies and supports various media types defined in the Content field. Currently, the following content-types are supported:

  • application/json: The module creates application-specific JSON from the defined example schema.

  • application/xml: The example schema is converted into xml format using mxj library.

  • application/x-www-form-urlencoded: The example schema is converted into URL-encoded form data.

  • multipart/form-data: The module supports multipart form-data and differentiates between fields and files using the binary format under the property schema.

  • text/plain: Converts the example schema into string format and send as plain text.

For unsupported media types, no appropriate content type is found for the body. After setting up the body of the request, the module dumps the request and sends it to the defined server URL.

Example Request Generation

This module converts each operation into one or more example HTTP requests. Each request is dumped into a string format, accompanied by its method, URL, headers, and body. These are send as a callback for further processing.

Please note: This document does not cover other features of OpenAPI specification like responses, security schemes, links, callbacks, etc. as these are not currently handled by the module.

Postman Collection file

This module parser Postman Collection JSON files.

1. Request Parsing:

Able to parse requests detailed in the Postman package. The parser is capable of interpreting the HTTP method, URL, and Body of each request present in the collection.

2. Header Parsing:

All HTTP headers set in the collection's request are parsed and set in the request.

3. Auth Type Parsing:

Able to parse and set the Authentication options provided in the postman collection in the request headers. Supported types of authentiction:

  1. API Key: In header
  2. Basic: Setting basic auth through username, password.
  3. Bearer Token: Involves setting bearer auth using tokens.
  4. No Auth: No authentication is set.

Note: Not all parts of the Postman Collection specification are supported. This parser does not currently support Postman variables or collection level variables and items. It also does not support more authentication types than detailed above.

Limitations:

  • Does not support Postman variables
  • Does not support Collection level variables and items
  • Limited Authentication types supported

Swagger Specification file

Swagger specification file is converted from OpenAPI 2.0 format to OpenAPI 3.0 format. After this, the OpenAPI parser from above is used.

Burp XML / Proxify JSONL

These modules are generic and parse raw requests from these respective tools.