daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei/nuclei-jsonschema.json

951 lines
29 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://template",
"$ref": "#/$defs/Template",
"$defs": {
"AttackTypeHolder": {
"properties": {
"Value": {
"type": "integer"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"Value"
]
},
"Classification": {
"properties": {
"cve-id": {
"$ref": "#/$defs/StringOrSlice",
"title": "cve ids for the template",
"description": "CVE IDs for the template"
},
"cwe-id": {
"$ref": "#/$defs/StringOrSlice",
"title": "cwe ids for the template",
"description": "CWE IDs for the template"
},
"cvss-metrics": {
"type": "string",
"title": "cvss metrics for the template",
"description": "CVSS Metrics for the template",
"examples": [
"3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
]
},
"cvss-score": {
"type": "number",
"title": "cvss score for the template",
"description": "CVSS Score for the template",
"examples": [
9.8
]
},
"epss-score": {
"type": "number",
"title": "epss score for the template",
"description": "EPSS Score for the template",
"examples": [
0.42509
]
},
"epss-percentile": {
"type": "number",
"title": "epss percentile for the template",
"description": "EPSS Percentile for the template",
"examples": [
0.42509
]
},
"cpe": {
"type": "string",
"title": "cpe for the template",
"description": "CPE for the template",
"examples": [
"cpe:/a:vendor:product:version"
]
}
},
"additionalProperties": false,
"type": "object"
},
"Extractor": {
"properties": {
"name": {
"type": "string",
"title": "name of the extractor",
"description": "Name of the extractor"
},
"type": {
"$ref": "#/$defs/ExtractorTypeHolder"
},
"regex": {
"items": {
"type": "string"
},
"type": "array",
"title": "regex to extract from part",
"description": "Regex to extract from part"
},
"group": {
"type": "integer",
"title": "group to extract from regex",
"description": "Group to extract from regex"
},
"kval": {
"items": {
"type": "string"
},
"type": "array",
"title": "kval pairs to extract from response",
"description": "Kval pairs to extract from response"
},
"json": {
"items": {
"type": "string"
},
"type": "array",
"title": "json jq expressions to extract data",
"description": "JSON JQ expressions to evaluate from response part"
},
"xpath": {
"items": {
"type": "string"
},
"type": "array",
"title": "html xpath expressions to extract data",
"description": "XPath allows using xpath expressions to extract items from html response"
},
"attribute": {
"type": "string",
"title": "optional attribute to extract from xpath",
"description": "Optional attribute to extract from response XPath"
},
"dsl": {
"items": {
"type": "string"
},
"type": "array",
"title": "dsl expressions to extract",
"description": "Optional attribute to extract from response dsl"
},
"part": {
"type": "string",
"title": "part of response to extract data from",
"description": "Part of the request response to extract data from"
},
"internal": {
"type": "boolean",
"title": "mark extracted value for internal variable use",
"description": "Internal when set to true will allow using the value extracted in the next request for some protocols"
},
"case-insensitive": {
"type": "boolean",
"title": "use case insensitive extract",
"description": "use case insensitive extract"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"type"
]
},
"ExtractorTypeHolder": {
"properties": {
"ExtractorType": {
"type": "integer"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"ExtractorType"
]
},
"HTTPMethodTypeHolder": {
"properties": {
"MethodType": {
"type": "integer"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"MethodType"
]
},
"Holder": {
"type": "string",
"enum": [
"info",
"low",
"medium",
"high",
"critical",
"unknown"
],
"title": "severity of the template",
"description": "Seriousness of the implications of the template"
},
"Info": {
"properties": {
"name": {
"type": "string",
"title": "name of the template",
"description": "Name is a short summary of what the template does",
"examples": [
"Nagios Default Credentials Check"
]
},
"author": {
"$ref": "#/$defs/StringOrSlice",
"oneOf": [
{
"type": "string",
"examples": [
"pdteam"
]
},
{
"type": "array",
"examples": [
"pdteam,mr.robot"
]
}
],
"title": "author of the template",
"description": "Author is the author of the template"
},
"tags": {
"$ref": "#/$defs/StringOrSlice",
"title": "tags of the template",
"description": "Any tags for the template"
},
"description": {
"type": "string",
"title": "description of the template",
"description": "In-depth explanation on what the template does",
"examples": [
"Bower is a package manager which stores package information in the bower.json file"
]
},
"impact": {
"type": "string",
"title": "impact of the template",
"description": "In-depth explanation on the impact of the issue found by the template",
"examples": [
"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries"
]
},
"reference": {
"$ref": "#/$defs/StringOrSlice",
"title": "references for the template",
"description": "Links relevant to the template"
},
"severity": {
"$ref": "#/$defs/Holder"
},
"metadata": {
"type": "object",
"title": "additional metadata for the template",
"description": "Additional metadata fields for the template"
},
"classification": {
"$ref": "#/$defs/Classification",
"type": "object",
"title": "classification info for the template",
"description": "Classification information for the template"
},
"remediation": {
"type": "string",
"title": "remediation steps for the template",
"description": "In-depth explanation on how to fix the issues found by the template",
"examples": [
"Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties"
]
}
},
"additionalProperties": false,
"type": "object",
"required": [
"name",
"author"
]
},
"Matcher": {
"properties": {
"type": {
"$ref": "#/$defs/MatcherTypeHolder",
"title": "type of matcher",
"description": "Type of the matcher"
},
"condition": {
"type": "string",
"enum": [
"and",
"or"
],
"title": "condition between matcher variables",
"description": "Condition between the matcher variables"
},
"part": {
"type": "string",
"title": "part of response to match",
"description": "Part of response to match data from"
},
"negative": {
"type": "boolean",
"title": "negative specifies if match reversed",
"description": "Negative specifies if the match should be reversed. It will only match if the condition is not true"
},
"name": {
"type": "string",
"title": "name of the matcher",
"description": "Name of the matcher"
},
"status": {
"items": {
"type": "integer"
},
"type": "array",
"title": "status to match",
"description": "Status to match for the response"
},
"size": {
"items": {
"type": "integer"
},
"type": "array",
"title": "acceptable size for response",
"description": "Size is the acceptable size for the response"
},
"words": {
"items": {
"type": "string"
},
"type": "array",
"title": "words to match in response",
"description": " Words contains word patterns required to be present in the response part"
},
"regex": {
"items": {
"type": "string"
},
"type": "array",
"title": "regex to match in response",
"description": "Regex contains regex patterns required to be present in the response part"
},
"binary": {
"items": {
"type": "string"
},
"type": "array",
"title": "binary patterns to match in response",
"description": "Binary are the binary patterns required to be present in the response part"
},
"dsl": {
"items": {
"type": "string"
},
"type": "array",
"title": "dsl expressions to match in response",
"description": "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules"
},
"xpath": {
"items": {
"type": "string"
},
"type": "array",
"title": "xpath queries to match in response",
"description": "xpath are the XPath queries that will be evaluated against the response part of nuclei matching rules"
},
"encoding": {
"type": "string",
"enum": [
"hex"
],
"title": "encoding for word field",
"description": "Optional encoding for the word fields"
},
"case-insensitive": {
"type": "boolean",
"title": "use case insensitive match",
"description": "use case insensitive match"
},
"match-all": {
"type": "boolean",
"title": "match all values",
"description": "match all matcher values ignoring condition"
},
"internal": {
"type": "boolean",
"title": "hide matcher from output",
"description": "hide matcher from output"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"type"
]
},
"MatcherTypeHolder": {
"properties": {
"MatcherType": {
"type": "integer"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"MatcherType"
]
},
"OrderedMap[string,string]": {
"properties": {},
"additionalProperties": false,
"type": "object"
},
"Request": {
"properties": {
"matchers": {
"items": {
"$ref": "#/$defs/Matcher"
},
"type": "array",
"title": "matchers to run on response",
"description": "Detection mechanism to identify whether the request was successful by doing pattern matching"
},
"extractors": {
"items": {
"$ref": "#/$defs/Extractor"
},
"type": "array",
"title": "extractors to run on response",
"description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response"
},
"matchers-condition": {
"type": "string",
"enum": [
"and",
"or"
],
"title": "condition between the matchers",
"description": "Conditions between the matchers"
},
"path": {
"items": {
"type": "string"
},
"type": "array",
"title": "path(s) for the http request",
"description": "Path(s) to send http requests to"
},
"raw": {
"items": {
"type": "string"
},
"type": "array",
"description": "HTTP Requests in Raw Format"
},
"id": {
"type": "string",
"title": "id for the http request",
"description": "ID for the HTTP Request"
},
"name": {
"type": "string",
"title": "name for the http request",
"description": "Optional name for the HTTP Request"
},
"attack": {
"$ref": "#/$defs/AttackTypeHolder",
"title": "attack is the payload combination",
"description": "Attack is the type of payload combinations to perform"
},
"method": {
"$ref": "#/$defs/HTTPMethodTypeHolder",
"title": "method is the http request method",
"description": "Method is the HTTP Request Method"
},
"body": {
"type": "string",
"title": "body is the http request body",
"description": "Body is an optional parameter which contains HTTP Request body"
},
"payloads": {
"type": "object",
"title": "payloads for the http request",
"description": "Payloads contains any payloads for the current request"
},
"headers": {
"additionalProperties": {
"type": "string"
},
"type": "object",
"title": "headers to send with the http request",
"description": "Headers contains HTTP Headers to send with the request"
},
"race_count": {
"type": "integer",
"title": "number of times to repeat request in race condition",
"description": "Number of times to send a request in Race Condition Attack"
},
"max-redirects": {
"type": "integer",
"title": "maximum number of redirects to follow",
"description": "Maximum number of redirects that should be followed"
},
"pipeline-concurrent-connections": {
"type": "integer",
"title": "number of pipelining connections",
"description": "Number of connections to create during pipelining"
},
"pipeline-requests-per-connection": {
"type": "integer",
"title": "number of requests to send per pipelining connections",
"description": "Number of requests to send per connection when pipelining"
},
"threads": {
"type": "integer",
"title": "threads for sending requests",
"description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling"
},
"max-size": {
"type": "integer",
"title": "maximum http response body size",
"description": "Maximum size of http response body to read in bytes"
},
"fuzzing": {
"items": {
"$ref": "#/$defs/Rule"
},
"type": "array",
"title": "fuzzin rules for http fuzzing",
"description": "Fuzzing describes rule schema to fuzz http requests"
},
"self-contained": {
"type": "boolean"
},
"signature": {
"$ref": "#/$defs/SignatureTypeHolder",
"title": "signature is the http request signature method",
"description": "Signature is the HTTP Request signature Method"
},
"cookie-reuse": {
"type": "boolean",
"title": "optional cookie reuse enable",
"description": "Optional setting that enables cookie reuse"
},
"disable-cookie": {
"type": "boolean",
"title": "optional disable cookie reuse",
"description": "Optional setting that disables cookie reuse"
},
"read-all": {
"type": "boolean",
"title": "force read all body",
"description": "Enables force reading of entire unsafe http request body"
},
"redirects": {
"type": "boolean",
"title": "follow http redirects",
"description": "Specifies whether redirects should be followed by the HTTP Client"
},
"host-redirects": {
"type": "boolean",
"title": "follow same host http redirects",
"description": "Specifies whether redirects to the same host should be followed by the HTTP Client"
},
"pipeline": {
"type": "boolean",
"title": "perform HTTP 1.1 pipelining",
"description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining"
},
"unsafe": {
"type": "boolean",
"title": "use rawhttp non-strict-rfc client",
"description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests"
},
"race": {
"type": "boolean",
"title": "perform race-http request coordination attack",
"description": "Race determines if all the request have to be attempted at the same time (Race Condition)"
},
"req-condition": {
"type": "boolean",
"title": "preserve request history",
"description": "Automatically assigns numbers to requests and preserves their history"
},
"stop-at-first-match": {
"type": "boolean",
"title": "stop at first match",
"description": "Stop the execution after a match is found"
},
"skip-variables-check": {
"type": "boolean",
"title": "skip variable checks",
"description": "Skips the check for unresolved variables in request"
},
"iterate-all": {
"type": "boolean",
"title": "iterate all the values",
"description": "Iterates all the values extracted from internal extractors"
},
"digest-username": {
"type": "string",
"title": "specifies the username for digest authentication",
"description": "Optional parameter which specifies the username for digest auth"
},
"digest-password": {
"type": "string",
"title": "specifies the password for digest authentication",
"description": "Optional parameter which specifies the password for digest auth"
},
"disable-path-automerge": {
"type": "boolean",
"title": "disable auto merging of path",
"description": "Disable merging target url path with raw request path"
},
"pre-condition": {
"items": {
"$ref": "#/$defs/Matcher"
},
"type": "array",
"title": "pre-condition for fuzzing/dast",
"description": "PreCondition is matcher-like field to check if fuzzing should be performed on this request or not"
},
"pre-condition-operator": {
"type": "string",
"enum": [
"and",
"or"
],
"title": "condition between the filters",
"description": "Operator to use between multiple per-conditions"
}
},
"additionalProperties": false,
"type": "object"
},
"Rule": {
"properties": {
"type": {
"type": "string",
"enum": [
"replace",
"prefix",
"postfix",
"infix",
"replace-regex"
],
"title": "type of rule",
"description": "Type of fuzzing rule to perform"
},
"part": {
"type": "string",
"enum": [
"query",
"header",
"path",
"body",
"cookie",
"request"
],
"title": "part of rule",
"description": "Part of request rule to fuzz"
},
"mode": {
"type": "string",
"enum": [
"single",
"multiple"
],
"title": "mode of rule",
"description": "Mode of request rule to fuzz"
},
"keys": {
"items": {
"type": "string"
},
"type": "array",
"title": "keys of parameters to fuzz",
"description": "Keys of parameters to fuzz"
},
"keys-regex": {
"items": {
"type": "string"
},
"type": "array",
"title": "keys regex to fuzz",
"description": "Regex of parameter keys to fuzz"
},
"values": {
"items": {
"type": "string"
},
"type": "array",
"title": "values regex to fuzz",
"description": "Regex of parameter values to fuzz"
},
"fuzz": {
"$ref": "#/$defs/SliceOrMapSlice",
"title": "payloads of fuzz rule",
"description": "Payloads to perform fuzzing substitutions with"
},
"replace-regex": {
"type": "string",
"title": "replace regex of rule",
"description": "Regex for regex-replace rule type"
}
},
"additionalProperties": false,
"type": "object"
},
"SignatureTypeHolder": {
"properties": {
"Value": {
"type": "integer"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"Value"
]
},
"SliceOrMapSlice": {
"properties": {
"Value": {
"items": {
"type": "string"
},
"type": "array"
},
"KV": {
"$ref": "#/$defs/OrderedMap[string,string]"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"Value",
"KV"
]
},
"StringOrSlice": {
"oneOf": [
{
"type": "string"
},
{
"type": "array"
}
]
},
"Template": {
"properties": {
"id": {
"type": "string",
"pattern": "^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$",
"title": "id of the template",
"description": "The Unique ID for the template",
"examples": [
"cve-2021-19520"
]
},
"info": {
"$ref": "#/$defs/Info",
"type": "object",
"title": "info for the template",
"description": "Info contains metadata for the template"
},
"flow": {
"type": "string",
"title": "template execution flow in js",
"description": "Flow contains js code which defines how the template should be executed",
"examples": [
"'flow: http(0) \u0026\u0026 http(1)'"
]
},
"requests": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "http requests to make",
"description": "HTTP requests to make for the template"
},
"http": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "http requests to make",
"description": "HTTP requests to make for the template"
},
"dns": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "dns requests to make",
"description": "DNS requests to make for the template"
},
"file": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "file requests to make",
"description": "File requests to make for the template"
},
"network": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "network requests to make",
"description": "Network requests to make for the template"
},
"tcp": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "network(tcp) requests to make",
"description": "Network requests to make for the template"
},
"headless": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "headless requests to make",
"description": "Headless requests to make for the template"
},
"ssl": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "ssl requests to make",
"description": "SSL requests to make for the template"
},
"websocket": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "websocket requests to make",
"description": "Websocket requests to make for the template"
},
"whois": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "whois requests to make",
"description": "WHOIS requests to make for the template"
},
"code": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "code snippets to make",
"description": "Code snippets"
},
"javascript": {
"items": {
"$ref": "#/$defs/Request"
},
"type": "array",
"title": "javascript requests to make",
"description": "Javascript requests to make for the template"
},
"workflows": {
"items": {
"$ref": "#/$defs/WorkflowTemplate"
},
"type": "array",
"title": "list of workflows to execute",
"description": "List of workflows to execute for template"
},
"self-contained": {
"type": "boolean",
"title": "mark requests as self-contained",
"description": "Mark Requests for the template as self-contained"
},
"stop-at-first-match": {
"type": "boolean",
"title": "stop at first match",
"description": "Stop at first match for the template"
},
"signature": {
"$ref": "#/$defs/SignatureTypeHolder",
"title": "signature is the http request signature method",
"description": "Signature is the HTTP Request signature Method"
},
"variables": {
"$ref": "#/$defs/Variable",
"type": "object",
"title": "variables for the http request",
"description": "Variables contains any variables for the current request"
},
"constants": {
"type": "object",
"title": "constant for the template",
"description": "constants contains any constant for the template"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"id",
"info"
]
},
"Variable": {
"properties": {},
"additionalProperties": false,
"type": "object"
},
"WorkflowTemplate": {
"properties": {
"template": {
"type": "string",
"title": "template/directory to execute",
"description": "Template or directory to execute as part of workflow"
},
"tags": {
"$ref": "#/$defs/StringOrSlice",
"title": "tags to execute",
"description": "Tags to run template based on"
},
"matchers": {
"items": {
"$ref": "#/$defs/Matcher"
},
"type": "array",
"title": "name based template result matchers",
"description": "Matchers perform name based matching to run subtemplates for a workflow"
},
"subtemplates": {
"items": {
"$ref": "#/$defs/WorkflowTemplate"
},
"type": "array",
"title": "subtemplate based result matchers",
"description": "Subtemplates are ran if the template field Template matches"
}
},
"additionalProperties": false,
"type": "object"
}
}
}
Reference in New Issue View Git Blame Copy Permalink