nuclei/v2/internal/runner/enumerate.go

package runner

import (
	_ "net/http/pprof"
	"strings"
	"time"

	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/internal/runner/nucleicloud"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader"
	"github.com/projectdiscovery/nuclei/v2/pkg/core"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"go.uber.org/atomic"
)

const DDMMYYYYhhmmss = "2006-01-02 15:04:05"

// runStandardEnumeration runs standard enumeration
func (r *Runner) runStandardEnumeration(executerOpts protocols.ExecuterOptions, store *loader.Store, engine *core.Engine) (*atomic.Bool, error) {
	if r.options.AutomaticScan {
		return r.executeSmartWorkflowInput(executerOpts, store, engine)
	}
	return r.executeTemplatesInput(store, engine)
}

// Get all the scan lists for a user/apikey.
func (r *Runner) getScanList() error {
	items, err := r.cloudClient.GetScans()
	loc, _ := time.LoadLocation("Local")

	for _, v := range items {
		status := "FINISHED"
		t := v.FinishedAt
		duration := t.Sub(v.CreatedAt)
		if !v.Finished {
			status = "RUNNING"
			t = time.Now().UTC()
			duration = t.Sub(v.CreatedAt)
		}

		val := v.CreatedAt.In(loc).Format(DDMMYYYYhhmmss)

		gologger.Silent().Msgf("%s [%s] [STATUS: %s] [MATCHED: %d] [TARGETS: %d] [TEMPLATES: %d] [DURATION: %s]\n", v.Id, val, status, v.Matches, v.Targets, v.Templates, duration)
	}
	return err
}

func (r *Runner) deleteScan(id string) error {
	deleted, err := r.cloudClient.DeleteScan(id)
	if !deleted.OK {
		gologger.Info().Msgf("Error in deleting the scan %s.", id)
	} else {
		gologger.Info().Msgf("Scan deleted %s.", id)
	}
	return err
}

func (r *Runner) getResults(id string) error {
	err := r.cloudClient.GetResults(id, func(re *output.ResultEvent) {
		if outputErr := r.output.Write(re); outputErr != nil {
			gologger.Warning().Msgf("Could not write output: %s", outputErr)
		}
	}, false)
	return err
}

// runCloudEnumeration runs cloud based enumeration
func (r *Runner) runCloudEnumeration(store *loader.Store, nostore bool) (*atomic.Bool, error) {
	now := time.Now()
	defer func() {
		gologger.Info().Msgf("Scan execution took %s", time.Since(now))
	}()

	results := &atomic.Bool{}

	targets := make([]string, 0, r.hmapInputProvider.Count())
	r.hmapInputProvider.Scan(func(value string) bool {
		targets = append(targets, value)
		return true
	})
	templates := make([]string, 0, len(store.Templates()))
	for _, template := range store.Templates() {
		templates = append(templates, getTemplateRelativePath(template.Path))
	}
	taskID, err := r.cloudClient.AddScan(&nucleicloud.AddScanRequest{
		RawTargets:      targets,
		PublicTemplates: templates,
		IsTemporary:     nostore,
	})
	if err != nil {
		return results, err
	}
	gologger.Info().Msgf("Created task with ID: %s", taskID)
	time.Sleep(3 * time.Second)

	err = r.cloudClient.GetResults(taskID, func(re *output.ResultEvent) {
		results.CompareAndSwap(false, true)

		if outputErr := r.output.Write(re); outputErr != nil {
			gologger.Warning().Msgf("Could not write output: %s", err)
		}
		if r.issuesClient != nil {
			if err := r.issuesClient.CreateIssue(re); err != nil {
				gologger.Warning().Msgf("Could not create issue on tracker: %s", err)
			}
		}
	}, true)
	return results, err
}

func getTemplateRelativePath(templatePath string) string {
	splitted := strings.SplitN(templatePath, "nuclei-templates", 2)
	if len(splitted) < 2 {
		return ""
	}
	return strings.TrimPrefix(splitted[1], "/")
}
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`package runner`

			`import (`
			`_ "net/http/pprof"`
			`"strings"`
			`"time"`

			`"github.com/projectdiscovery/gologger"`
			`"github.com/projectdiscovery/nuclei/v2/internal/runner/nucleicloud"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/core"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
			`"go.uber.org/atomic"`
			`)`

Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`const DDMMYYYYhhmmss = "2006-01-02 15:04:05"`

Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`// runStandardEnumeration runs standard enumeration`
			`func (r Runner) runStandardEnumeration(executerOpts protocols.ExecuterOptions, store loader.Store, engine core.Engine) (atomic.Bool, error) {`
			`if r.options.AutomaticScan {`
			`return r.executeSmartWorkflowInput(executerOpts, store, engine)`
			`}`
			`return r.executeTemplatesInput(store, engine)`
			`}`

Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`// Get all the scan lists for a user/apikey.`
			`func (r *Runner) getScanList() error {`
			`items, err := r.cloudClient.GetScans()`
			`loc, _ := time.LoadLocation("Local")`

			`for _, v := range items {`
			`status := "FINISHED"`
			`t := v.FinishedAt`
			`duration := t.Sub(v.CreatedAt)`
			`if !v.Finished {`
			`status = "RUNNING"`
			`t = time.Now().UTC()`
			`duration = t.Sub(v.CreatedAt)`
			`}`

			`val := v.CreatedAt.In(loc).Format(DDMMYYYYhhmmss)`

			`gologger.Silent().Msgf("%s [%s] [STATUS: %s] [MATCHED: %d] [TARGETS: %d] [TEMPLATES: %d] [DURATION: %s]\n", v.Id, val, status, v.Matches, v.Targets, v.Templates, duration)`
			`}`
			`return err`
			`}`

			`func (r *Runner) deleteScan(id string) error {`
			`deleted, err := r.cloudClient.DeleteScan(id)`
			`if !deleted.OK {`
			`gologger.Info().Msgf("Error in deleting the scan %s.", id)`
			`} else {`
			`gologger.Info().Msgf("Scan deleted %s.", id)`
			`}`
			`return err`
			`}`

			`func (r *Runner) getResults(id string) error {`
			`err := r.cloudClient.GetResults(id, func(re *output.ResultEvent) {`
			`if outputErr := r.output.Write(re); outputErr != nil {`
			`gologger.Warning().Msgf("Could not write output: %s", outputErr)`
			`}`
			`}, false)`
			`return err`
			`}`

Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`// runCloudEnumeration runs cloud based enumeration`
Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`func (r Runner) runCloudEnumeration(store loader.Store, nostore bool) (*atomic.Bool, error) {`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`now := time.Now()`
			`defer func() {`
			`gologger.Info().Msgf("Scan execution took %s", time.Since(now))`
			`}()`

			`results := &atomic.Bool{}`

			`targets := make([]string, 0, r.hmapInputProvider.Count())`
Added probing for URL + input based on protocol (#2614) * Added workflow names based condition * Added conditional filtering to workflow executor * Replaced names with single name stringslice * Added probing for URL + input based on protocol * Remove debug comments * Fixed typo * Fixed failing tests * Fixed workflow matcher condition + tests * Fixed workflow item name * Switch to if-else * Fixed review comment strict * Increase bulk size * Added default port for SSL protocol + misc changes * Fixed failing tests * Fixed misc changes to executer * Fixed failing self-contained and offlinehttp tests * Fixed atomic increment operation * misc update * Fixed failing builds Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2022-10-20 17:23:00 +05:30			`r.hmapInputProvider.Scan(func(value string) bool {`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`targets = append(targets, value)`
Added probing for URL + input based on protocol (#2614) * Added workflow names based condition * Added conditional filtering to workflow executor * Replaced names with single name stringslice * Added probing for URL + input based on protocol * Remove debug comments * Fixed typo * Fixed failing tests * Fixed workflow matcher condition + tests * Fixed workflow item name * Switch to if-else * Fixed review comment strict * Increase bulk size * Added default port for SSL protocol + misc changes * Fixed failing tests * Fixed misc changes to executer * Fixed failing self-contained and offlinehttp tests * Fixed atomic increment operation * misc update * Fixed failing builds Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2022-10-20 17:23:00 +05:30			`return true`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`})`
			`templates := make([]string, 0, len(store.Templates()))`
			`for _, template := range store.Templates() {`
			`templates = append(templates, getTemplateRelativePath(template.Path))`
			`}`
Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`taskID, err := r.cloudClient.AddScan(&nucleicloud.AddScanRequest{`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`RawTargets: targets,`
			`PublicTemplates: templates,`
Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`IsTemporary: nostore,`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`})`
			`if err != nil {`
			`return results, err`
			`}`
			`gologger.Info().Msgf("Created task with ID: %s", taskID)`
			`time.Sleep(3 * time.Second)`

Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`err = r.cloudClient.GetResults(taskID, func(re *output.ResultEvent) {`
fixing lint errors 2022-09-19 08:38:52 +02:00			`results.CompareAndSwap(false, true)`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30
			`if outputErr := r.output.Write(re); outputErr != nil {`
			`gologger.Warning().Msgf("Could not write output: %s", err)`
			`}`
			`if r.issuesClient != nil {`
			`if err := r.issuesClient.CreateIssue(re); err != nil {`
			`gologger.Warning().Msgf("Could not create issue on tracker: %s", err)`
			`}`
			`}`
Feature 18 cloud flags (#2708) * Add cloud flags for nuclei. * Add flag to get output for a particular scan ID * Add some comments to the function. * Get timestamp and id for scan list * Fix linting errors * Check if type is enumeration. * Do not show deleted scans. * Do not use filter_result, create client once and use it everywhere with runner. * Fix the output of scan list to be better * Format the nuclei scan output list. * Remove unused constant * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-10-22 04:06:52 +05:30			`}, true)`
Added custom json-unmarshaller + misc updates (#2556) * Added custom json-unmarshaller + misc updates * Added support for nuclei-cloud based scan execution * Removed unnecessary files * Misc * Changes as per review comments * misc option update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-09-19 01:13:59 +05:30			`return results, err`
			`}`

			`func getTemplateRelativePath(templatePath string) string {`
			`splitted := strings.SplitN(templatePath, "nuclei-templates", 2)`
			`if len(splitted) < 2 {`
			`return ""`
			`}`
			`return strings.TrimPrefix(splitted[1], "/")`
			`}`