TemplateDoc.Fields[0].Description="ID is the unique id for the template.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`."
TemplateDoc.Fields[0].Comments[encoder.LineComment]="ID is the unique id for the template."
MODELInfoDoc.Fields[7].Description="Classification contains classification information about the template."
MODELInfoDoc.Fields[7].Comments[encoder.LineComment]="Classification contains classification information about the template."
MODELInfoDoc.Fields[8].Name="remediation"
MODELInfoDoc.Fields[8].Type="string"
MODELInfoDoc.Fields[8].Note=""
MODELInfoDoc.Fields[8].Description="Remediation steps for the template.\n\nYou can go in-depth here on how to mitigate the problem found by this template."
MODELInfoDoc.Fields[8].Comments[encoder.LineComment]="Remediation steps for the template."
MODELInfoDoc.Fields[8].AddExample("","Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties")
STRINGSLICEStringSliceDoc.Comments[encoder.LineComment]=" StringSlice represents a single (in-lined) or multiple string value(s)."
STRINGSLICEStringSliceDoc.Description="StringSlice represents a single (in-lined) or multiple string value(s).\n The unmarshaller does not automatically convert in-lined strings to []string, hence the interface{} type is required."
HTTPRequestDoc.Fields[0].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
HTTPRequestDoc.Fields[2].Description="MatchersCondition is the condition between the matchers. Default is OR."
HTTPRequestDoc.Fields[2].Comments[encoder.LineComment]="MatchersCondition is the condition between the matchers. Default is OR."
HTTPRequestDoc.Fields[2].Values=[]string{
"and",
"or",
}
HTTPRequestDoc.Fields[3].Name="path"
HTTPRequestDoc.Fields[3].Type="[]string"
HTTPRequestDoc.Fields[3].Note=""
HTTPRequestDoc.Fields[3].Description="Path contains the path/s for the HTTP requests. It supports variables\nas placeholders."
HTTPRequestDoc.Fields[3].Comments[encoder.LineComment]="Path contains the path/s for the HTTP requests. It supports variables"
HTTPRequestDoc.Fields[3].AddExample("Some example path values",[]string{"{{BaseURL}}","{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"})
HTTPRequestDoc.Fields[4].Name="raw"
HTTPRequestDoc.Fields[4].Type="[]string"
HTTPRequestDoc.Fields[4].Note=""
HTTPRequestDoc.Fields[4].Description="Raw contains HTTP Requests in Raw format."
HTTPRequestDoc.Fields[4].Comments[encoder.LineComment]="Raw contains HTTP Requests in Raw format."
HTTPRequestDoc.Fields[4].AddExample("Some example raw requests",[]string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4","POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"})
HTTPRequestDoc.Fields[6].Description="Name is the optional name of the request.\n\nIf a name is specified, all the named request in a template can be matched upon\nin a combined manner allowing multi-request based matchers."
HTTPRequestDoc.Fields[7].Description="Attack is the type of payload combinations to perform.\n\nbatteringram is same payload into all of the defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads."
HTTPRequestDoc.Fields[10].Description="Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time."
HTTPRequestDoc.Fields[10].Comments[encoder.LineComment]="Payloads contains any payloads for the current request."
HTTPRequestDoc.Fields[15].Description="PipelineRequestsPerConnection is number of requests to send per connection when pipelining."
HTTPRequestDoc.Fields[15].Comments[encoder.LineComment]="PipelineRequestsPerConnection is number of requests to send per connection when pipelining."
HTTPRequestDoc.Fields[15].AddExample("Send 100 requests per pipeline connection",100)
HTTPRequestDoc.Fields[16].Name="threads"
HTTPRequestDoc.Fields[16].Type="int"
HTTPRequestDoc.Fields[16].Note=""
HTTPRequestDoc.Fields[16].Description="Threads specifies number of threads to use sending requests. This enables Connection Pooling.\n\nConnection: Close attribute must not be used in request while using threads flag, otherwise\npooling will fail and engine will continue to close connections after requests."
HTTPRequestDoc.Fields[16].Comments[encoder.LineComment]="Threads specifies number of threads to use sending requests. This enables Connection Pooling."
HTTPRequestDoc.Fields[16].AddExample("Send requests using 10 concurrent threads",10)
HTTPRequestDoc.Fields[17].Name="max-size"
HTTPRequestDoc.Fields[17].Type="int"
HTTPRequestDoc.Fields[17].Note=""
HTTPRequestDoc.Fields[17].Description="MaxSize is the maximum size of http response body to read in bytes."
HTTPRequestDoc.Fields[17].Comments[encoder.LineComment]="MaxSize is the maximum size of http response body to read in bytes."
HTTPRequestDoc.Fields[17].AddExample("Read max 2048 bytes of the response",2048)
HTTPRequestDoc.Fields[18].Name="cookie-reuse"
HTTPRequestDoc.Fields[18].Type="bool"
HTTPRequestDoc.Fields[18].Note=""
HTTPRequestDoc.Fields[18].Description="CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section."
HTTPRequestDoc.Fields[18].Comments[encoder.LineComment]="CookieReuse is an optional setting that enables cookie reuse for"
HTTPRequestDoc.Fields[19].Name="redirects"
HTTPRequestDoc.Fields[19].Type="bool"
HTTPRequestDoc.Fields[19].Note=""
HTTPRequestDoc.Fields[19].Description="Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects."
HTTPRequestDoc.Fields[19].Comments[encoder.LineComment]="Redirects specifies whether redirects should be followed by the HTTP Client."
HTTPRequestDoc.Fields[20].Description="Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests."
HTTPRequestDoc.Fields[20].Comments[encoder.LineComment]="Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining"
HTTPRequestDoc.Fields[21].Name="unsafe"
HTTPRequestDoc.Fields[21].Type="bool"
HTTPRequestDoc.Fields[21].Note=""
HTTPRequestDoc.Fields[21].Description="Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client."
HTTPRequestDoc.Fields[21].Comments[encoder.LineComment]="Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests."
HTTPRequestDoc.Fields[22].Name="race"
HTTPRequestDoc.Fields[22].Type="bool"
HTTPRequestDoc.Fields[22].Note=""
HTTPRequestDoc.Fields[22].Description="Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field."
HTTPRequestDoc.Fields[22].Comments[encoder.LineComment]="Race determines if all the request have to be attempted at the same time (Race Condition)"
HTTPRequestDoc.Fields[23].Name="req-condition"
HTTPRequestDoc.Fields[23].Type="bool"
HTTPRequestDoc.Fields[23].Note=""
HTTPRequestDoc.Fields[23].Description="ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions."
HTTPRequestDoc.Fields[23].Comments[encoder.LineComment]="ReqCondition automatically assigns numbers to requests and preserves their history."
HTTPRequestDoc.Fields[24].Description="StopAtFirstMatch stops the execution of the requests and template as soon as a match is found."
HTTPRequestDoc.Fields[24].Comments[encoder.LineComment]="StopAtFirstMatch stops the execution of the requests and template as soon as a match is found."
MATCHERSMatcherDoc.Fields[0].Description="Type is the type of the matcher."
MATCHERSMatcherDoc.Fields[0].Comments[encoder.LineComment]="Type is the type of the matcher."
MATCHERSMatcherDoc.Fields[0].Values=[]string{
"status",
"size",
"word",
"regex",
"binary",
"dsl",
}
MATCHERSMatcherDoc.Fields[1].Name="condition"
MATCHERSMatcherDoc.Fields[1].Type="string"
MATCHERSMatcherDoc.Fields[1].Note=""
MATCHERSMatcherDoc.Fields[1].Description="Condition is the optional condition between two matcher variables. By default,\nthe condition is assumed to be OR."
MATCHERSMatcherDoc.Fields[1].Comments[encoder.LineComment]="Condition is the optional condition between two matcher variables. By default,"
MATCHERSMatcherDoc.Fields[1].Values=[]string{
"and",
"or",
}
MATCHERSMatcherDoc.Fields[2].Name="part"
MATCHERSMatcherDoc.Fields[2].Type="string"
MATCHERSMatcherDoc.Fields[2].Note=""
MATCHERSMatcherDoc.Fields[2].Description="Part is the part of the request response to match data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type."
MATCHERSMatcherDoc.Fields[2].Comments[encoder.LineComment]="Part is the part of the request response to match data from."
MATCHERSMatcherDoc.Fields[7].Description="Words contains word patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[7].Comments[encoder.LineComment]="Words contains word patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[7].AddExample("Match for outlook mail protection domain",[]string{"mail.protection.outlook.com"})
MATCHERSMatcherDoc.Fields[7].AddExample("Match for application/json in response headers",[]string{"application/json"})
MATCHERSMatcherDoc.Fields[8].Name="regex"
MATCHERSMatcherDoc.Fields[8].Type="[]string"
MATCHERSMatcherDoc.Fields[8].Note=""
MATCHERSMatcherDoc.Fields[8].Description="Regex contains Regular Expression patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[8].Comments[encoder.LineComment]="Regex contains Regular Expression patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[8].AddExample("Match for Linkerd Service via Regex",[]string{`(?mi)^Via\\s*?:.*?linkerd.*$`})
MATCHERSMatcherDoc.Fields[8].AddExample("Match for Open Redirect via Location header",[]string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`})
MATCHERSMatcherDoc.Fields[9].Name="binary"
MATCHERSMatcherDoc.Fields[9].Type="[]string"
MATCHERSMatcherDoc.Fields[9].Note=""
MATCHERSMatcherDoc.Fields[9].Description="Binary are the binary patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[9].Comments[encoder.LineComment]="Binary are the binary patterns required to be present in the response part."
MATCHERSMatcherDoc.Fields[9].AddExample("Match for 7zip files",[]string{"377ABCAF271C"})
MATCHERSMatcherDoc.Fields[10].Name="dsl"
MATCHERSMatcherDoc.Fields[10].Type="[]string"
MATCHERSMatcherDoc.Fields[10].Note=""
MATCHERSMatcherDoc.Fields[10].Description="DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.\nA list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/)."
MATCHERSMatcherDoc.Fields[10].Comments[encoder.LineComment]="DSL are the dsl expressions that will be evaluated as part of nuclei matching rules."
MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for missing strict transport security header",[]string{"!contains(tolower(all_headers), ''strict-transport-security'')"})
MATCHERSMatcherDoc.Fields[11].Name="encoding"
MATCHERSMatcherDoc.Fields[11].Type="string"
MATCHERSMatcherDoc.Fields[11].Note=""
MATCHERSMatcherDoc.Fields[11].Description="Encoding specifies the encoding for the words field if any."
MATCHERSMatcherDoc.Fields[11].Comments[encoder.LineComment]="Encoding specifies the encoding for the words field if any."
EXTRACTORSExtractorDoc.Fields[2].Description="Regex contains the regular expression patterns to extract from a part.\n\nGo regex engine does not support lookaheads or lookbehinds, so as a result\nthey are also not supported in nuclei."
EXTRACTORSExtractorDoc.Fields[2].Comments[encoder.LineComment]="Regex contains the regular expression patterns to extract from a part."
EXTRACTORSExtractorDoc.Fields[4].Description="description: |\n kval contains the key-value pairs present in the HTTP response header.\n kval extractor can be used to extract HTTP response header and cookie key-value pairs.\n kval extractor inputs are case-insensitive, and does not support dash (-) in input which can replaced with underscores (_)\n For example, Content-Type should be replaced with content_type\n\n A list of supported parts is available in docs for request types.\n examples:\n - name: Extract Server Header From HTTP Response\n value: >\n []string{\"server\"}\n - name: Extracting value of PHPSESSID Cookie\n value: >\n []string{\"phpsessid\"}\n - name: Extracting value of Content-Type Cookie\n value: >\n []string{\"content_type\"}"
EXTRACTORSExtractorDoc.Fields[8].Description="Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type."
EXTRACTORSExtractorDoc.Fields[8].Comments[encoder.LineComment]="Part is the part of the request response to extract data from."
EXTRACTORSExtractorDoc.Fields[9].Description="Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)."
EXTRACTORSExtractorDoc.Fields[9].Comments[encoder.LineComment]="Internal, when set to true will allow using the value extracted"
DNSRequestDoc.Fields[0].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
DNSRequestDoc.Fields[4].Description="Name is the Hostname to make DNS request for.\n\nGenerally, it is set to {{FQDN}} which is the domain we get from input."
DNSRequestDoc.Fields[4].Comments[encoder.LineComment]="Name is the Hostname to make DNS request for."
FILERequestDoc.Fields[0].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
FILERequestDoc.Fields[4].Description="ExtensionDenylist is the list of file extensions to deny during matching.\n\nBy default, it contains some non-interesting extensions that are hardcoded\nin nuclei."
FILERequestDoc.Fields[4].Comments[encoder.LineComment]="ExtensionDenylist is the list of file extensions to deny during matching."
FILERequestDoc.Fields[6].Description="MaxSize is the maximum size of the file to run request on.\n\nBy default, nuclei will process 5 MB files and not go more than that.\nIt can be set to much lower or higher depending on use."
NETWORKRequestDoc.Fields[1].Description="Host to send network requests to.\n\nUsually it's set to `{{Hostname}}`. If you want to enable TLS for\nTCP Connection, you can use `tls://{{Hostname}}`."
NETWORKRequestDoc.Fields[1].Comments[encoder.LineComment]="Host to send network requests to."
NETWORKRequestDoc.Fields[2].Description="Attack is the type of payload combinations to perform.\n\nBatteringram is same payload into all of the defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads."
NETWORKRequestDoc.Fields[3].Description="Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time."
NETWORKRequestDoc.Fields[3].Comments[encoder.LineComment]="Payloads contains any payloads for the current request."
NETWORKRequestDoc.Fields[6].Description="ReadAll determines if the data stream should be read till the end regardless of the size\n\nDefault value for read-all is false."
NETWORKRequestDoc.Fields[6].Comments[encoder.LineComment]="ReadAll determines if the data stream should be read till the end regardless of the size"
NETWORKRequestDoc.Fields[7].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
NETWORKRequestDoc.Fields[7].Comments[encoder.LineComment]="Matchers contains the detection mechanism for the request to identify"
NETWORKInputDoc.Fields[1].Description="Type is the type of input specified in `data` field.\n\nDefault value is text, but hex can be used for hex formatted data."
NETWORKInputDoc.Fields[1].Comments[encoder.LineComment]="Type is the type of input specified in `data` field."
NETWORKInputDoc.Fields[2].Description="Read is the number of bytes to read from socket.\n\nThis can be used for protocols which expect an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this."
HEADLESSRequestDoc.Fields[2].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
HEADLESSRequestDoc.Fields[3].Description="Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response."
HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment]="Extractors contains the extraction mechanism for the request to identify"
HEADLESSRequestDoc.Fields[4].Description="MatchersCondition is the condition between the matchers. Default is OR."
HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment]="MatchersCondition is the condition between the matchers. Default is OR."
HEADLESSRequestDoc.Fields[4].Values=[]string{
"and",
"or",
}
ENGINEActionDoc.Type="engine.Action"
ENGINEActionDoc.Comments[encoder.LineComment]=" Action is an action taken by the browser to reach a navigation"
ENGINEActionDoc.Description="Action is an action taken by the browser to reach a navigation\n\n Each step that the browser executes is an action. Most navigations\n usually start from the ActionLoadURL event, and further navigations\n are discovered on the found page. We also keep track and only\n scrape new navigation from pages we haven't crawled yet."
ENGINEActionDoc.Fields[0].Description="Args contain arguments for the headless action.\nPer action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/)."
ENGINEActionDoc.Fields[0].Comments[encoder.LineComment]="Args contain arguments for the headless action."
ENGINEActionDoc.Fields[1].Name="name"
ENGINEActionDoc.Fields[1].Type="string"
ENGINEActionDoc.Fields[1].Note=""
ENGINEActionDoc.Fields[1].Description="Name is the name assigned to the headless action.\n\nThis can be used to execute code, for instance in browser\nDOM using script action, and get the result in a variable\nwhich can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml)."
ENGINEActionDoc.Fields[1].Comments[encoder.LineComment]="Name is the name assigned to the headless action."
ENGINEActionDoc.Fields[2].Name="description"
ENGINEActionDoc.Fields[2].Type="string"
ENGINEActionDoc.Fields[2].Note=""
ENGINEActionDoc.Fields[2].Description="Description is the optional description of the headless action"
ENGINEActionDoc.Fields[2].Comments[encoder.LineComment]="Description is the optional description of the headless action"
SSLRequestDoc.Comments[encoder.LineComment]=" Request is a request for the SSL protocol"
SSLRequestDoc.Description="Request is a request for the SSL protocol"
SSLRequestDoc.AppearsIn=[]encoder.Appearance{
{
TypeName:"Template",
FieldName:"ssl",
},
}
SSLRequestDoc.Fields=make([]encoder.Doc,4)
SSLRequestDoc.Fields[0].Name="matchers"
SSLRequestDoc.Fields[0].Type="[]matchers.Matcher"
SSLRequestDoc.Fields[0].Note=""
SSLRequestDoc.Fields[0].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
SSLRequestDoc.Fields[0].Comments[encoder.LineComment]="Matchers contains the detection mechanism for the request to identify"
WEBSOCKETRequestDoc.Fields[0].Description="Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument."
WEBSOCKETRequestDoc.Fields[0].Comments[encoder.LineComment]="Matchers contains the detection mechanism for the request to identify"
WEBSOCKETRequestDoc.Fields[1].Description="Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response."
WEBSOCKETRequestDoc.Fields[1].Comments[encoder.LineComment]="Extractors contains the extraction mechanism for the request to identify"
WEBSOCKETRequestDoc.Fields[6].Description="Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads."
WEBSOCKETRequestDoc.Fields[6].Comments[encoder.LineComment]="Attack is the type of payload combinations to perform."
WEBSOCKETRequestDoc.Fields[7].Description="Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time."
WEBSOCKETRequestDoc.Fields[7].Comments[encoder.LineComment]="Payloads contains any payloads for the current request."
