2020-08-29 15:26:11 +02:00
|
|
|
package runner
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/karrick/godirwalk"
|
|
|
|
|
"github.com/projectdiscovery/gologger"
|
2020-12-29 15:38:14 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
|
2020-08-29 15:26:11 +02:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/templates"
|
2021-02-04 18:29:28 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/types"
|
2020-08-29 15:26:11 +02:00
|
|
|
)
|
|
|
|
|
|
2020-12-29 15:38:14 +05:30
|
|
|
// parseTemplateFile returns the parsed template file
|
|
|
|
|
func (r *Runner) parseTemplateFile(file string) (*templates.Template, error) {
|
2021-02-06 00:36:43 +05:30
|
|
|
executerOpts := protocols.ExecuterOptions{
|
2021-02-08 02:07:19 +05:30
|
|
|
Output: r.output,
|
|
|
|
|
Options: r.options,
|
|
|
|
|
Progress: r.progress,
|
2021-02-26 13:13:11 +05:30
|
|
|
Catalog: r.catalog,
|
2021-02-08 02:07:19 +05:30
|
|
|
IssuesClient: r.issuesClient,
|
|
|
|
|
RateLimiter: r.ratelimiter,
|
2021-04-16 16:56:41 +05:30
|
|
|
Interactsh: r.interactsh,
|
2021-02-08 02:07:19 +05:30
|
|
|
ProjectFile: r.projectFile,
|
2021-02-21 16:31:34 +05:30
|
|
|
Browser: r.browser,
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
2020-12-29 15:38:14 +05:30
|
|
|
template, err := templates.Parse(file, executerOpts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
2021-03-05 12:17:10 +05:30
|
|
|
if template == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2020-12-29 15:38:14 +05:30
|
|
|
return template, nil
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
|
|
|
|
|
2020-08-29 23:02:45 +02:00
|
|
|
func (r *Runner) templateLogMsg(id, name, author, severity string) string {
|
2020-08-29 15:26:11 +02:00
|
|
|
// Display the message for the template
|
|
|
|
|
message := fmt.Sprintf("[%s] %s (%s)",
|
2020-12-29 15:38:14 +05:30
|
|
|
r.colorizer.BrightBlue(id).String(),
|
|
|
|
|
r.colorizer.Bold(name).String(),
|
|
|
|
|
r.colorizer.BrightYellow("@"+author).String())
|
2020-08-29 15:26:11 +02:00
|
|
|
if severity != "" {
|
2020-12-29 15:38:14 +05:30
|
|
|
message += " [" + r.severityColors.Data[severity] + "]"
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
2020-08-29 23:02:45 +02:00
|
|
|
return message
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *Runner) logAvailableTemplate(tplPath string) {
|
|
|
|
|
t, err := r.parseTemplateFile(tplPath)
|
2020-12-29 15:38:14 +05:30
|
|
|
if err != nil {
|
|
|
|
|
gologger.Error().Msgf("Could not parse file '%s': %s\n", tplPath, err)
|
2021-01-14 13:21:21 +05:30
|
|
|
} else {
|
2021-02-04 18:29:28 +05:30
|
|
|
gologger.Print().Msgf("%s\n", r.templateLogMsg(t.ID, types.ToString(t.Info["name"]), types.ToString(t.Info["author"]), types.ToString(t.Info["severity"])))
|
2020-08-29 23:02:45 +02:00
|
|
|
}
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListAvailableTemplates prints available templates to stdout
|
2020-08-29 23:02:45 +02:00
|
|
|
func (r *Runner) listAvailableTemplates() {
|
|
|
|
|
if r.templatesConfig == nil {
|
|
|
|
|
return
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
|
|
|
|
|
2020-08-30 13:25:34 +02:00
|
|
|
if _, err := os.Stat(r.templatesConfig.TemplatesDirectory); os.IsNotExist(err) {
|
2020-12-29 15:38:14 +05:30
|
|
|
gologger.Error().Msgf("%s does not exists", r.templatesConfig.TemplatesDirectory)
|
2020-08-30 13:25:34 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-29 15:38:14 +05:30
|
|
|
gologger.Print().Msgf(
|
2020-08-30 13:25:34 +02:00
|
|
|
"\nListing available v.%s nuclei templates for %s",
|
|
|
|
|
r.templatesConfig.CurrentVersion,
|
|
|
|
|
r.templatesConfig.TemplatesDirectory,
|
|
|
|
|
)
|
2020-08-29 23:02:45 +02:00
|
|
|
err := directoryWalker(
|
|
|
|
|
r.templatesConfig.TemplatesDirectory,
|
|
|
|
|
func(path string, d *godirwalk.Dirent) error {
|
|
|
|
|
if d.IsDir() && path != r.templatesConfig.TemplatesDirectory {
|
2020-12-29 15:38:14 +05:30
|
|
|
gologger.Print().Msgf("\n%s:\n\n", r.colorizer.Bold(r.colorizer.BgBrightBlue(d.Name())).String())
|
2020-08-29 23:02:45 +02:00
|
|
|
} else if strings.HasSuffix(path, ".yaml") {
|
|
|
|
|
r.logAvailableTemplate(path)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
// directory couldn't be walked
|
|
|
|
|
if err != nil {
|
2020-12-29 15:38:14 +05:30
|
|
|
gologger.Error().Msgf("Could not find templates in directory '%s': %s\n", r.templatesConfig.TemplatesDirectory, err)
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func hasMatchingSeverity(templateSeverity string, allowedSeverities []string) bool {
|
|
|
|
|
for _, s := range allowedSeverities {
|
2021-03-14 12:37:41 +05:30
|
|
|
finalSeverities := []string{}
|
|
|
|
|
if strings.Contains(s, ",") {
|
|
|
|
|
finalSeverities = strings.Split(s, ",")
|
|
|
|
|
} else {
|
|
|
|
|
finalSeverities = append(finalSeverities, s)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, sev := range finalSeverities {
|
|
|
|
|
sev = strings.ToLower(sev)
|
|
|
|
|
if sev != "" && strings.HasPrefix(templateSeverity, sev) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2020-08-29 15:26:11 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func directoryWalker(fsPath string, callback func(fsPath string, d *godirwalk.Dirent) error) error {
|
|
|
|
|
err := godirwalk.Walk(fsPath, &godirwalk.Options{
|
|
|
|
|
Callback: callback,
|
|
|
|
|
ErrorCallback: func(fsPath string, err error) godirwalk.ErrorAction {
|
|
|
|
|
return godirwalk.SkipNode
|
|
|
|
|
},
|
|
|
|
|
Unsorted: true,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// directory couldn't be walked
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
