2023-09-02 14:34:05 +05:30
|
|
|
package nuclei
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/logrusorgru/aurora"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/loader"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/core"
|
2024-03-14 03:08:53 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/input/provider"
|
2024-03-13 21:46:30 +01:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/loader/workflow"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
2023-09-02 14:34:05 +05:30
|
|
|
"github.com/projectdiscovery/ratelimit"
|
2025-08-20 05:28:23 +05:30
|
|
|
"github.com/projectdiscovery/utils/errkit"
|
2025-07-09 14:47:26 -05:00
|
|
|
"github.com/rs/xid"
|
2023-09-02 14:34:05 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// unsafeOptions are those nuclei objects/instances/types
|
|
|
|
|
// that are required to run nuclei engine but are not thread safe
|
|
|
|
|
// hence they are ephemeral and are created on every ExecuteNucleiWithOpts invocation
|
|
|
|
|
// in ThreadSafeNucleiEngine
|
|
|
|
|
type unsafeOptions struct {
|
2025-07-09 14:47:26 -05:00
|
|
|
executerOpts *protocols.ExecutorOptions
|
2023-09-02 14:34:05 +05:30
|
|
|
engine *core.Engine
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// createEphemeralObjects creates ephemeral nuclei objects/instances/types
|
2024-05-30 06:34:15 -04:00
|
|
|
func createEphemeralObjects(ctx context.Context, base *NucleiEngine, opts *types.Options) (*unsafeOptions, error) {
|
2023-09-02 14:34:05 +05:30
|
|
|
u := &unsafeOptions{}
|
2025-07-09 14:47:26 -05:00
|
|
|
u.executerOpts = &protocols.ExecutorOptions{
|
2023-09-02 14:34:05 +05:30
|
|
|
Output: base.customWriter,
|
|
|
|
|
Options: opts,
|
|
|
|
|
Progress: base.customProgress,
|
|
|
|
|
Catalog: base.catalog,
|
|
|
|
|
IssuesClient: base.rc,
|
|
|
|
|
RateLimiter: base.rateLimiter,
|
|
|
|
|
Interactsh: base.interactshClient,
|
|
|
|
|
HostErrorsCache: base.hostErrCache,
|
|
|
|
|
Colorizer: aurora.NewAurora(true),
|
|
|
|
|
ResumeCfg: types.NewResumeCfg(),
|
2024-03-13 02:27:15 +01:00
|
|
|
Parser: base.parser,
|
2024-12-17 11:08:42 +01:00
|
|
|
Browser: base.browserInstance,
|
2023-09-02 14:34:05 +05:30
|
|
|
}
|
2025-01-02 20:18:36 +08:00
|
|
|
if opts.ShouldUseHostError() && base.hostErrCache != nil {
|
|
|
|
|
u.executerOpts.HostErrorsCache = base.hostErrCache
|
|
|
|
|
}
|
2023-09-02 14:34:05 +05:30
|
|
|
if opts.RateLimitMinute > 0 {
|
2024-04-03 19:28:39 +02:00
|
|
|
opts.RateLimit = opts.RateLimitMinute
|
|
|
|
|
opts.RateLimitDuration = time.Minute
|
|
|
|
|
}
|
|
|
|
|
if opts.RateLimit > 0 && opts.RateLimitDuration == 0 {
|
|
|
|
|
opts.RateLimitDuration = time.Second
|
|
|
|
|
}
|
|
|
|
|
if opts.RateLimit == 0 && opts.RateLimitDuration == 0 {
|
2024-05-30 06:34:15 -04:00
|
|
|
u.executerOpts.RateLimiter = ratelimit.NewUnlimited(ctx)
|
2024-04-03 19:28:39 +02:00
|
|
|
} else {
|
2024-05-30 06:34:15 -04:00
|
|
|
u.executerOpts.RateLimiter = ratelimit.New(ctx, uint(opts.RateLimit), opts.RateLimitDuration)
|
2023-09-02 14:34:05 +05:30
|
|
|
}
|
|
|
|
|
u.engine = core.New(opts)
|
|
|
|
|
u.engine.SetExecuterOptions(u.executerOpts)
|
|
|
|
|
return u, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-01 00:28:11 +05:30
|
|
|
// closeEphemeralObjects closes all resources used by ephemeral nuclei objects/instances/types
|
|
|
|
|
func closeEphemeralObjects(u *unsafeOptions) {
|
|
|
|
|
if u.executerOpts.RateLimiter != nil {
|
|
|
|
|
u.executerOpts.RateLimiter.Stop()
|
|
|
|
|
}
|
|
|
|
|
// dereference all objects that were inherited from base nuclei engine
|
|
|
|
|
// since these are meant to be closed globally by base nuclei engine
|
|
|
|
|
u.executerOpts.Output = nil
|
|
|
|
|
u.executerOpts.IssuesClient = nil
|
|
|
|
|
u.executerOpts.Interactsh = nil
|
|
|
|
|
u.executerOpts.HostErrorsCache = nil
|
|
|
|
|
u.executerOpts.Progress = nil
|
|
|
|
|
u.executerOpts.Catalog = nil
|
|
|
|
|
u.executerOpts.Parser = nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-02 14:34:05 +05:30
|
|
|
// ThreadSafeNucleiEngine is a tweaked version of nuclei.Engine whose methods are thread-safe
|
|
|
|
|
// and can be used concurrently. Non-thread-safe methods start with Global prefix
|
|
|
|
|
type ThreadSafeNucleiEngine struct {
|
|
|
|
|
eng *NucleiEngine
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewThreadSafeNucleiEngine creates a new nuclei engine with given options
|
|
|
|
|
// whose methods are thread-safe and can be used concurrently
|
|
|
|
|
// Note: Non-thread-safe methods start with Global prefix
|
2024-05-30 06:34:15 -04:00
|
|
|
func NewThreadSafeNucleiEngineCtx(ctx context.Context, opts ...NucleiSDKOptions) (*ThreadSafeNucleiEngine, error) {
|
2025-07-09 14:47:26 -05:00
|
|
|
defaultOptions := types.DefaultOptions()
|
|
|
|
|
defaultOptions.ExecutionId = xid.New().String()
|
2023-09-02 14:34:05 +05:30
|
|
|
// default options
|
|
|
|
|
e := &NucleiEngine{
|
2025-07-09 14:47:26 -05:00
|
|
|
opts: defaultOptions,
|
2023-09-02 14:34:05 +05:30
|
|
|
mode: threadSafe,
|
|
|
|
|
}
|
|
|
|
|
for _, option := range opts {
|
|
|
|
|
if err := option(e); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-05-30 06:34:15 -04:00
|
|
|
if err := e.init(ctx); err != nil {
|
2023-09-02 14:34:05 +05:30
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &ThreadSafeNucleiEngine{eng: e}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-30 06:34:15 -04:00
|
|
|
// Deprecated: use NewThreadSafeNucleiEngineCtx instead
|
|
|
|
|
func NewThreadSafeNucleiEngine(opts ...NucleiSDKOptions) (*ThreadSafeNucleiEngine, error) {
|
|
|
|
|
return NewThreadSafeNucleiEngineCtx(context.Background(), opts...)
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-02 14:34:05 +05:30
|
|
|
// GlobalLoadAllTemplates loads all templates from nuclei-templates repo
|
|
|
|
|
// This method will load all templates based on filters given at the time of nuclei engine creation in opts
|
|
|
|
|
func (e *ThreadSafeNucleiEngine) GlobalLoadAllTemplates() error {
|
|
|
|
|
return e.eng.LoadAllTemplates()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GlobalResultCallback sets a callback function which will be called for each result
|
|
|
|
|
func (e *ThreadSafeNucleiEngine) GlobalResultCallback(callback func(event *output.ResultEvent)) {
|
|
|
|
|
e.eng.resultCallbacks = []func(*output.ResultEvent){callback}
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-07 01:31:33 +05:30
|
|
|
// ExecuteNucleiWithOptsCtx executes templates on targets and calls callback on each result(only if results are found)
|
2024-02-22 02:18:02 +03:00
|
|
|
// This method can be called concurrently and it will use some global resources but can be runned parallelly
|
2023-09-02 14:34:05 +05:30
|
|
|
// by invoking this method with different options and targets
|
|
|
|
|
// Note: Not all options are thread-safe. this method will throw error if you try to use non-thread-safe options
|
2024-05-07 01:31:33 +05:30
|
|
|
func (e *ThreadSafeNucleiEngine) ExecuteNucleiWithOptsCtx(ctx context.Context, targets []string, opts ...NucleiSDKOptions) error {
|
2025-07-09 14:47:26 -05:00
|
|
|
baseOpts := e.eng.opts.Copy()
|
|
|
|
|
tmpEngine := &NucleiEngine{opts: baseOpts, mode: threadSafe}
|
2023-09-02 14:34:05 +05:30
|
|
|
for _, option := range opts {
|
|
|
|
|
if err := option(tmpEngine); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-13 17:24:07 +02:00
|
|
|
|
2023-09-02 14:34:05 +05:30
|
|
|
// create ephemeral nuclei objects/instances/types using base nuclei engine
|
2024-05-30 06:34:15 -04:00
|
|
|
unsafeOpts, err := createEphemeralObjects(ctx, e.eng, tmpEngine.opts)
|
2023-09-02 14:34:05 +05:30
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-05-01 00:28:11 +05:30
|
|
|
// cleanup and stop all resources
|
|
|
|
|
defer closeEphemeralObjects(unsafeOpts)
|
2023-09-02 14:34:05 +05:30
|
|
|
|
|
|
|
|
// load templates
|
2025-07-09 14:47:26 -05:00
|
|
|
workflowLoader, err := workflow.NewLoader(unsafeOpts.executerOpts)
|
2023-09-02 14:34:05 +05:30
|
|
|
if err != nil {
|
2025-08-25 15:06:58 +07:00
|
|
|
return errkit.Wrapf(err, "Could not create workflow loader: %s", err)
|
2023-09-02 14:34:05 +05:30
|
|
|
}
|
|
|
|
|
unsafeOpts.executerOpts.WorkflowLoader = workflowLoader
|
|
|
|
|
|
|
|
|
|
store, err := loader.New(loader.NewConfig(tmpEngine.opts, e.eng.catalog, unsafeOpts.executerOpts))
|
|
|
|
|
if err != nil {
|
2025-08-25 15:06:58 +07:00
|
|
|
return errkit.Wrapf(err, "Could not create loader client: %s", err)
|
2023-09-02 14:34:05 +05:30
|
|
|
}
|
|
|
|
|
store.Load()
|
|
|
|
|
|
2025-07-09 14:47:26 -05:00
|
|
|
inputProvider := provider.NewSimpleInputProviderWithUrls(e.eng.opts.ExecutionId, targets...)
|
2023-09-02 14:34:05 +05:30
|
|
|
|
|
|
|
|
if len(store.Templates()) == 0 && len(store.Workflows()) == 0 {
|
|
|
|
|
return ErrNoTemplatesAvailable
|
|
|
|
|
}
|
|
|
|
|
if inputProvider.Count() == 0 {
|
|
|
|
|
return ErrNoTargetsAvailable
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
engine := core.New(tmpEngine.opts)
|
|
|
|
|
engine.SetExecuterOptions(unsafeOpts.executerOpts)
|
|
|
|
|
|
2024-05-30 06:34:15 -04:00
|
|
|
_ = engine.ExecuteScanWithOpts(ctx, store.Templates(), inputProvider, false)
|
2023-09-02 14:34:05 +05:30
|
|
|
|
|
|
|
|
engine.WorkPool().Wait()
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-07 01:31:33 +05:30
|
|
|
// ExecuteNucleiWithOpts is same as ExecuteNucleiWithOptsCtx but with default context
|
|
|
|
|
// This is a placeholder and will be deprecated in future major release
|
|
|
|
|
func (e *ThreadSafeNucleiEngine) ExecuteNucleiWithOpts(targets []string, opts ...NucleiSDKOptions) error {
|
|
|
|
|
return e.ExecuteNucleiWithOptsCtx(context.Background(), targets, opts...)
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-02 14:34:05 +05:30
|
|
|
// Close all resources used by nuclei engine
|
|
|
|
|
func (e *ThreadSafeNucleiEngine) Close() {
|
|
|
|
|
e.eng.Close()
|
|
|
|
|
}
|
