diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml new file mode 100644 index 000000000..d91c70de2 --- /dev/null +++ b/.github/workflows/publish-docs.yaml @@ -0,0 +1,49 @@ +name: Publish Docs + +on: + workflow_dispatch: + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + with: + persist-credentials: false + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: "Set up Go" + uses: actions/setup-go@v2 + with: + go-version: 1.16 + + - name: Generate YAML Syntax Documentation + id: generate-docs + run: | + if ! which dstdocgen > /dev/null; then + echo -e "Command dstdocgen not found! Installing\c" + go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen + fi + go generate pkg/templates/templates.go + go build -o "cmd/docgen/docgen" cmd/docgen/docgen.go + ./cmd/docgen/docgen syntax-reference.md + echo "::set-output name=changes::$(git status -s | wc -l)" + working-directory: v2 + + - name: Commit files + if: steps.generate-docs.outputs.changes > 0 + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add v2/syntax-reference.md + git commit -m "Auto Generate Syntax Docs [$(date)] :robot:" -a + cat v2/syntax-reference.md + + - name: Push changes + if: steps.generate-docs.outputs.changes > 0 + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: ${{ github.ref }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 11b205cb5..ed539aa9b 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ v2/cmd/integration-test/nuclei v2/cmd/functional-test/nuclei_dev v2/cmd/functional-test/nuclei_main v2/cmd/functional-test/functional-test +v2/cmd/docgen/docgen v2/pkg/protocols/common/helpers/deserialization/testdata/Deserialize.class v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class -v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser \ No newline at end of file +v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser diff --git a/README.md b/README.md index 5a1c58c24..865008d68 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,8 @@ Nuclei has had built-in support for automatic update/download templates since ve You may still use the `update-templates` flag to update the nuclei templates at any time; automatic updates happen every 24 hours. You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://nuclei.projectdiscovery.io/templating-guide/). +The YAML DSL reference syntax is available [here](v2/syntax-reference.md). + diff --git a/v2/Makefile b/v2/Makefile index 247e7de43..0682b184c 100644 --- a/v2/Makefile +++ b/v2/Makefile @@ -8,6 +8,14 @@ GOGET=$(GOCMD) get all: build build: $(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go +docs: + if ! which dstdocgen > /dev/null; then + echo -e "Command not found! Install? (y/n) \c" + go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen + fi + $(GOCMD) generate pkg/templates/templates.go + $(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go + ./cmd/docgen/docgen docs.md test: $(GOTEST) -v ./... tidy: diff --git a/v2/cmd/docgen/docgen.go b/v2/cmd/docgen/docgen.go new file mode 100644 index 000000000..907fc3da8 --- /dev/null +++ b/v2/cmd/docgen/docgen.go @@ -0,0 +1,20 @@ +package main + +import ( + "io/ioutil" + "log" + "os" + + "github.com/projectdiscovery/nuclei/v2/pkg/templates" +) + +func main() { + data, err := templates.GetTemplateDoc().Encode() + if err != nil { + log.Fatalf("Could not encode docs: %s\n", err) + } + err = ioutil.WriteFile(os.Args[1], data, 0777) + if err != nil { + log.Fatalf("Could not write docs: %s\n", err) + } +} diff --git a/v2/go.mod b/v2/go.mod index 2552e5755..6a1afbb9f 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -1,65 +1,60 @@ module github.com/projectdiscovery/nuclei/v2 -go 1.15 +go 1.16 require ( github.com/Knetic/govaluate v3.0.0+incompatible - github.com/andygrunwald/go-jira v1.13.0 + github.com/andygrunwald/go-jira v1.14.0 github.com/antchfx/htmlquery v1.2.3 github.com/apex/log v1.9.0 github.com/blang/semver v3.5.1+incompatible - github.com/bluele/gcache v0.0.2 // indirect + github.com/bluele/gcache v0.0.2 github.com/c4milo/unpackit v0.1.0 // indirect github.com/corpix/uarand v0.1.1 - github.com/fatih/structs v1.1.0 // indirect github.com/go-rod/rod v0.91.1 - github.com/golang/protobuf v1.4.3 // indirect github.com/google/go-github v17.0.0+incompatible github.com/gosuri/uilive v0.0.4 // indirect github.com/gosuri/uiprogress v0.0.1 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.6.8 // indirect - github.com/json-iterator/go v1.1.10 github.com/itchyny/gojq v0.12.4 github.com/json-iterator/go v1.1.11 github.com/julienschmidt/httprouter v1.3.0 github.com/karlseguin/ccache v2.0.3+incompatible github.com/karrick/godirwalk v1.16.1 github.com/logrusorgru/aurora v2.0.3+incompatible - github.com/mattn/go-runewidth v0.0.10 // indirect github.com/miekg/dns v1.1.43 github.com/olekukonko/tablewriter v0.0.5 - github.com/owenrumney/go-sarif v1.0.4 + github.com/owenrumney/go-sarif v1.0.11 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.8 - github.com/projectdiscovery/fastdialer v0.0.8 + github.com/projectdiscovery/fastdialer v0.0.12 github.com/projectdiscovery/goflags v0.0.7 github.com/projectdiscovery/gologger v1.1.4 - github.com/projectdiscovery/hmap v0.0.1 + github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f github.com/projectdiscovery/interactsh v0.0.4 github.com/projectdiscovery/rawhttp v0.0.7 - github.com/projectdiscovery/retryabledns v1.0.10 - github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 + github.com/projectdiscovery/retryabledns v1.0.12 github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe + github.com/projectdiscovery/yamldoc-go v1.0.2 + github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 github.com/remeh/sizedwaitgroup v1.0.0 - github.com/rivo/uniseg v0.2.0 // indirect github.com/rs/xid v1.3.0 - github.com/segmentio/ksuid v1.0.3 - github.com/shirou/gopsutil/v3 v3.21.5 + github.com/segmentio/ksuid v1.0.4 + github.com/shirou/gopsutil/v3 v3.21.7 github.com/spaolacci/murmur3 v1.1.0 - github.com/spf13/cast v1.3.1 + github.com/spf13/cast v1.4.1 github.com/stretchr/testify v1.7.0 github.com/syndtr/goleveldb v1.0.0 github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible - github.com/trivago/tgo v1.0.7 // indirect github.com/valyala/fasttemplate v1.2.1 - github.com/xanzy/go-gitlab v0.44.0 - go.uber.org/atomic v1.7.0 - go.uber.org/multierr v1.6.0 + github.com/xanzy/go-gitlab v0.50.3 + github.com/ysmood/got v0.14.1 // indirect + github.com/ysmood/gotrace v0.2.2 // indirect + github.com/ysmood/gson v0.6.4 // indirect + github.com/ysmood/leakless v0.7.0 // indirect + go.uber.org/atomic v1.9.0 + go.uber.org/multierr v1.7.0 go.uber.org/ratelimit v0.2.0 - golang.org/x/net v0.0.0-20210614182718-04defd469f4e - golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 - golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect - google.golang.org/appengine v1.6.7 // indirect + golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d + golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab gopkg.in/yaml.v2 v2.4.0 ) diff --git a/v2/go.sum b/v2/go.sum index 9ef2cc0db..b918b8899 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a h1:3i+FJ7IpSZHL+VAjtpQeZCRhrpP0odl5XfoLBY4fxJ8= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a/go.mod h1:C7hXLmFmPYPjIDGfQl1clsmQ5TMEQfmzWTrJk475bUs= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg= @@ -40,12 +42,17 @@ github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8L github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= +github.com/akrylysov/pogreb v0.10.0 h1:pVKi+uf3EzZUmiwr9bZnPk4W379KP8QsFzAa9IUuOog= +github.com/akrylysov/pogreb v0.10.0/go.mod h1:pNs6QmpQ1UlTJKDezuRWmaqkgUE2TuU0YTWyqJZ7+lI= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= -github.com/andygrunwald/go-jira v1.13.0 h1:vvIImGgX32bHfoiyUwkNo+/YrPnRczNarvhLOncP6dE= -github.com/andygrunwald/go-jira v1.13.0/go.mod h1:jYi4kFDbRPZTJdJOVJO4mpMMIwdB+rcZwSO58DzPd2I= +github.com/andygrunwald/go-jira v1.14.0 h1:7GT/3qhar2dGJ0kq8w0d63liNyHOnxZsUZ9Pe4+AKBI= +github.com/andygrunwald/go-jira v1.14.0/go.mod h1:KMo2f4DgMZA1C9FdImuLc04x4WQhn5derQpnsuBFgqE= github.com/antchfx/htmlquery v1.2.3 h1:sP3NFDneHx2stfNXCKbhHFo8XgNjCACnU/4AO5gWz6M= github.com/antchfx/htmlquery v1.2.3/go.mod h1:B0ABL+F5irhhMWg54ymEZinzMSi0Kt3I2if0BLYa3V0= github.com/antchfx/xpath v1.1.6 h1:6sVh6hB5T6phw1pFpHRQ+C4bd8sNI+O58flqtg7h0R0= @@ -56,6 +63,7 @@ github.com/apex/logs v1.0.0/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDw github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= @@ -67,6 +75,8 @@ github.com/bradfitz/iter v0.0.0-20191230175014-e8f45d346db8/go.mod h1:spo1JLcs67 github.com/c4milo/unpackit v0.1.0 h1:91pWJ6B3svZ4LOE+p3rnyucRK5fZwBdF/yQ/pcZO31I= github.com/c4milo/unpackit v0.1.0/go.mod h1:pvXCMYlSV8zwGFWMaT+PWYkAB/cvDjN2mv9r7ZRSxEo= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -75,19 +85,37 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 h1:ox2F0PSMlrAAiAdknSRMDrAr8mfxPCfSZolH+/qQnyQ= github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08/go.mod h1:pCxVEbcm3AMg7ejXyorUXi6HQCzOIBf7zEDVPtw0/U4= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY= +github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= +github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= +github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= +github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8= +github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= +github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= +github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/ristretto v0.0.3 h1:jh22xisGBjrEVnRZ1DVTpBVQm0Xndu8sMl0CWDzSIBI= +github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= +github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eggsampler/acme/v3 v3.2.1 h1:Lfsrg3M2zt00QRnizOFzdpSfsS9oDvPsGrodXS/w1KI= github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -95,20 +123,24 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI= -github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= +github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-redis/redis v6.15.5+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-rod/rod v0.91.1 h1:7xIlC/bXCXosZqZUl2x6GVB8tv4yMQ4W/ZVdGVa1qYI= github.com/go-rod/rod v0.91.1/go.mod h1:/W4lcZiCALPD603MnJGIvhtywP3R6yRB9EDfFfsHiiI= +github.com/go-rod/rod v0.101.5 h1:Dc3IDAQ0k8BUuKsF+xEg23SimHEs5uoTEiEH1zBf7W0= +github.com/go-rod/rod v0.101.5/go.mod h1:+iB8bs4SPa2DKxDUo1jy316LoQ5uEE6k58UfQdQTMhs= +github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= +github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -134,11 +166,13 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.2 h1:aeE13tS0IiQgFjYdoL8qN3K1N2bXXtI6Vi51/y7BpMw= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -148,8 +182,10 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -158,6 +194,7 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -175,23 +212,20 @@ github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY= github.com/gosuri/uilive v0.0.4/go.mod h1:V/epo5LjjlDE5RJUcqx8dbw+zc93y5Ya3yg8tfZ74VI= github.com/gosuri/uiprogress v0.0.1 h1:0kpv/XY/qTmFWl/SkaJykZXrBBzwwadmW8fRb7RJSxw= github.com/gosuri/uiprogress v0.0.1/go.mod h1:C1RTYn4Sc7iEyf6j8ft5dyoZ4212h8G1ol9QQluh5+0= +github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs= github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hooklift/assert v0.1.0 h1:UZzFxx5dSb9aBtvMHTtnPuvFnBvcEhHTPb9+0+jpEjs= github.com/hooklift/assert v0.1.0/go.mod h1:pfexfvIHnKCdjh6CkkIZv5ic6dQ6aU2jhKghBlXuwwY= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/itchyny/go-flags v1.5.0/go.mod h1:lenkYuCobuxLBAd/HGFE4LRoW8D3B6iXRQfWYJ+MNbA= github.com/itchyny/gojq v0.12.4 h1:8zgOZWMejEWCLjbF/1mWY7hY7QEARm7dtuhC6Bp4R8o= github.com/itchyny/gojq v0.12.4/go.mod h1:EQUSKgW/YaOxmXpAwGiowFDO4i2Rmtk5+9dFyeiymAg= @@ -232,23 +266,25 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8= github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg= -github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= -github.com/miekg/dns v1.1.38/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -256,19 +292,27 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4= +github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/owenrumney/go-sarif v1.0.4 h1:0LFC5eHP6amc/9ajM1jDiE52UfXFcl/oozay+X3KgV4= -github.com/owenrumney/go-sarif v1.0.4/go.mod h1:DXUGbHwQcCMvqcvZbxh8l/7diHsJVztOKZgmPt88RNI= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ= +github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= +github.com/owenrumney/go-sarif v1.0.11 h1:7k4TLSi6h3vAozSECjO0arcQoeUNDMgvA7LDac95sJo= +github.com/owenrumney/go-sarif v1.0.11/go.mod h1:hTBFbxU7GuVRUvwMx+eStp9M/Oun4xHCS3vqpPvket8= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -276,52 +320,77 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/projectdiscovery/clistats v0.0.8 h1:tjmWb15mqsPf/yrQXVHLe2ThZX/5+mgKSfZBKWWLh20= github.com/projectdiscovery/clistats v0.0.8/go.mod h1:lV6jUHAv2bYWqrQstqW8iVIydKJhWlVaLl3Xo9ioVGg= -github.com/projectdiscovery/fastdialer v0.0.8 h1:mEMc8bfXV5hc1PUEkJiUnR5imYQe6+839Zezd5jLkc0= -github.com/projectdiscovery/fastdialer v0.0.8/go.mod h1:AuaV0dzrNeBLHqjNnzpFSnTXnHGIZAlGQE+WUMmSIW4= +github.com/projectdiscovery/fastdialer v0.0.12 h1:TjvM41UfR+A7YsxQZoTvI6C5nVe1d+fvRqtcDNbSwz8= +github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0= github.com/projectdiscovery/goflags v0.0.7 h1:aykmRkrOgDyRwcvGrK3qp+9aqcjGfAMs/+LtRmtyxwk= github.com/projectdiscovery/goflags v0.0.7/go.mod h1:Jjwsf4eEBPXDSQI2Y+6fd3dBumJv/J1U0nmpM+hy2YY= +github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE= github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI= github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY= -github.com/projectdiscovery/hmap v0.0.1 h1:VAONbJw5jP+syI5smhsfkrq9XPGn4aiYy5pR6KR1wog= github.com/projectdiscovery/hmap v0.0.1/go.mod h1:VDEfgzkKQdq7iGTKz8Ooul0NuYHQ8qiDs6r8bPD1Sb0= +github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f h1:r0t4/voYErvcK/WBNZkvjZf6aQK0FOnc/sQKjlMS1AA= +github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f/go.mod h1:FH+MS/WNKTXJQtdRn+/Zg5WlKCiMN0Z1QUedUIuM5n8= github.com/projectdiscovery/interactsh v0.0.4 h1:3BtCZrrTovGYiqdFktXJ4NxKAQFvUvzcEI5pJIuShM8= github.com/projectdiscovery/interactsh v0.0.4/go.mod h1:PtJrddeBW1/LeOVgTvvnjUl3Hu/17jTkoIi8rXeEODE= +github.com/projectdiscovery/ipranger v0.0.2/go.mod h1:kcAIk/lo5rW+IzUrFkeYyXnFJ+dKwYooEOHGVPP/RWE= +github.com/projectdiscovery/iputil v0.0.0-20210414194613-4b4d2517acf0/go.mod h1:PQAqn5h5NXsQTF4ZA00ZTYLRzGCjOtcCq8llAqrsd1A= +github.com/projectdiscovery/iputil v0.0.0-20210429152401-c18a5408ca46 h1:veDjJpC3q2PLyuYPS3jNeoYgbHvHPWQhwqRPoCe6YTA= +github.com/projectdiscovery/iputil v0.0.0-20210429152401-c18a5408ca46/go.mod h1:PQAqn5h5NXsQTF4ZA00ZTYLRzGCjOtcCq8llAqrsd1A= +github.com/projectdiscovery/mapcidr v0.0.4/go.mod h1:ALOIj6ptkWujNoX8RdQwB2mZ+kAmKuLJBq9T5gR5wG0= +github.com/projectdiscovery/mapcidr v0.0.6 h1:RRIrqNakUEF/pstIXWTD6yvCMF9N6SnOb9m4ju4xavc= +github.com/projectdiscovery/mapcidr v0.0.6/go.mod h1:ZEBhMmBU3laUl3g9QGTrzJku1VJOzjdFwW01f/zVVzM= +github.com/projectdiscovery/networkpolicy v0.0.1 h1:RGRuPlxE8WLFF9tdKSjTsYiTIKHNHW20Kl0nGGiRb1I= +github.com/projectdiscovery/networkpolicy v0.0.1/go.mod h1:asvdg5wMy3LPVMGALatebKeOYH5n5fV5RCTv6DbxpIs= github.com/projectdiscovery/rawhttp v0.0.7 h1:5m4peVgjbl7gqDcRYMTVEuX+Xs/nh76ohTkkvufucLg= github.com/projectdiscovery/rawhttp v0.0.7/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0= -github.com/projectdiscovery/retryabledns v1.0.7/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ= -github.com/projectdiscovery/retryabledns v1.0.10 h1:xJZ2aKoqrNg/OZEw1+4+QIOH40V/WkZDYY1ZZc+uphE= -github.com/projectdiscovery/retryabledns v1.0.10/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryabledns v1.0.11/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryabledns v1.0.12 h1:OzCsUaipN75OwjtH62FxBIhKye1NmnfG4DxtQclOtns= +github.com/projectdiscovery/retryabledns v1.0.12/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE= github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek= github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 h1:CJHP3CLCc/eqdXQEvZy8KiiqtAk9kEsd1URtPyPAQ1s= github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727/go.mod h1:dx//aY9V247qHdsRf0vdWHTBZuBQ2vm6Dq5dagxrDYI= github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe h1:tQTgf5XLBgZbkJDPtnV3SfdP9tzz5ZWeDBwv8WhnH9Q= github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I= +github.com/projectdiscovery/yamldoc-go v1.0.1 h1:q3LyS2Sq8RTxOQEWVza3wNA811eXlmqly3b2eiaQ+as= +github.com/projectdiscovery/yamldoc-go v1.0.1/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= +github.com/projectdiscovery/yamldoc-go v1.0.2 h1:SKb7PHgSOXm27Zci05ba0FxpyQiu6bGEiVMEcjCK1rQ= +github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4= github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/segmentio/ksuid v1.0.3 h1:FoResxvleQwYiPAVKe1tMUlEirodZqlqglIuFsdDntY= github.com/segmentio/ksuid v1.0.3/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= +github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/shirou/gopsutil/v3 v3.21.5 h1:YUBf0w/KPLk7w1803AYBnH7BmA+1Z/Q5MEZxpREUaB4= -github.com/shirou/gopsutil/v3 v3.21.5/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw= +github.com/shirou/gopsutil/v3 v3.21.7 h1:PnTqQamUjwEDSgn+nBGu0qSDV/CfvyiR/gwTH3i7HTU= +github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= +github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -334,15 +403,17 @@ github.com/tj/go-buffer v1.1.0/go.mod h1:iyiJpfFcR2B9sXu7KvjbT9fpM4mOelRSDTbntVj github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= +github.com/tj/go-update v2.2.4+incompatible h1:7Rkw5ZyRSFb3QyEWM7sHCy9rCy1/r66elkOyGlfnZFc= +github.com/tj/go-update v2.2.4+incompatible/go.mod h1:waFwwyiAhGey2e+dNoYQ/iLhIcFqhCW7zL/+vDU1WLo= github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible h1:guTq1YxwB8XSILkI9q4IrOmrCOS6Hc1L3hmOhi4Swcs= github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible/go.mod h1:waFwwyiAhGey2e+dNoYQ/iLhIcFqhCW7zL/+vDU1WLo= -github.com/tklauser/go-sysconf v0.3.4 h1:HT8SVixZd3IzLdfs/xlpq0jeSfTX57g1v6wB1EuzV7M= -github.com/tklauser/go-sysconf v0.3.4/go.mod h1:Cl2c8ZRWfHD5IrfHo9VN+FX9kCFjIOyVklgXycLB6ek= -github.com/tklauser/numcpus v0.2.1 h1:ct88eFm+Q7m2ZfXJdan1xYoXKlmwsfP+k88q05KvlZc= -github.com/tklauser/numcpus v0.2.1/go.mod h1:9aU+wOc6WjUIZEwWMP62PL/41d65P+iks1gBkr4QyP8= -github.com/trivago/tgo v1.0.1/go.mod h1:w4dpD+3tzNIIiIfkWWa85w5/B77tlvdZckQ+6PkFnhc= +github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg= +github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4= +github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8= +github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8dsCw5j+E= github.com/trivago/tgo v1.0.7 h1:uaWH/XIy9aWYWpjm2CU3RpcqZXmX2ysQ9/Go+d9gyrM= github.com/trivago/tgo v1.0.7/go.mod h1:w4dpD+3tzNIIiIfkWWa85w5/B77tlvdZckQ+6PkFnhc= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= @@ -354,34 +425,47 @@ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ= github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM= -github.com/xanzy/go-gitlab v0.44.0 h1:cEiGhqu7EpFGuei2a2etAwB+x6403E5CvpLn35y+GPs= -github.com/xanzy/go-gitlab v0.44.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= +github.com/xanzy/go-gitlab v0.50.3 h1:M7ncgNhCN4jaFNyXxarJhCLa9Qi6fdmCxFFhMTQPZiY= +github.com/xanzy/go-gitlab v0.50.3/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU= +github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g= github.com/ysmood/goob v0.3.0 h1:XZ51cZJ4W3WCoCiUktixzMIQF86W7G5VFL4QQ/Q2uS0= github.com/ysmood/goob v0.3.0/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs= -github.com/ysmood/got v0.9.3 h1:qx51X49jL/WAiqZzPTkPZ0zp5pTmrWJa4zYFTYo0gHI= github.com/ysmood/got v0.9.3/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= -github.com/ysmood/gotrace v0.2.0 h1:IkTC6rJREwXSaG8yWK+NFwIJGIsxA1DjC6/gxYyQttE= +github.com/ysmood/got v0.14.1 h1:lTtBNVF2nxLs/jcV7leNUWVYO9jgjOUpClXbu3ihIPA= +github.com/ysmood/got v0.14.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= github.com/ysmood/gotrace v0.2.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= -github.com/ysmood/gson v0.6.3 h1:4cU+5oOdsyundXHy00t99H0rLXLthuseD3x6W+xmCiU= +github.com/ysmood/gotrace v0.2.2 h1:006KHGRThSRf8lwh4EyhNmuuq/l+Ygs+JqojkhEG1/E= +github.com/ysmood/gotrace v0.2.2/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= github.com/ysmood/gson v0.6.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= -github.com/ysmood/leakless v0.6.12 h1:XxtRYl97bJklfv4BZVdyGnd/y42p6w8lu1hUzfCkT4M= +github.com/ysmood/gson v0.6.4 h1:Yb6tosv6bk59HqjZu2/7o4BFherpYEMkDkXmlhgryZ4= +github.com/ysmood/gson v0.6.4/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/leakless v0.6.12/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= +github.com/ysmood/leakless v0.7.0 h1:XCGdaPExyoreoQd+H5qgxM3ReNbSPFsEXpSKwbXbwQw= +github.com/ysmood/leakless v0.7.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zclconf/go-cty v1.8.2 h1:u+xZfBKgpycDnTNjPhGiTEYZS5qS/Sb5MqSfm7vzcjg= -github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/zclconf/go-cty v1.8.4 h1:pwhhz5P+Fjxse7S7UriBrMu6AUJSZM5pKqGem1PjGAs= +github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= +go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= +go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= +golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -389,7 +473,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -420,10 +503,11 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -446,23 +530,27 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 h1:5vD4XjIc0X5+kHZjx4UecYdjA6mJo+XXNoaW0EjU5Os= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab h1:llrcWN/wOwO+6gAyfBzxb5hZ+c3mriU/0+KNgYu6adA= +golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -471,10 +559,13 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -483,10 +574,14 @@ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -503,16 +598,21 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201113233024-12cec1faf1ba/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210415045647-66c3f260301c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b h1:qh4f65QIVFjq9eBURLEYWqaEXmOyqdUyiBSgaXWccWk= +golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -523,9 +623,8 @@ golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE= -golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -561,12 +660,17 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -594,9 +698,8 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -647,8 +750,10 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -657,12 +762,14 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/corvus-ch/zbase32.v1 v1.0.0 h1:K4u1NprbDNvKPczKfHLbwdOWHTZ0zfv2ow71H1nRnFU= gopkg.in/corvus-ch/zbase32.v1 v1.0.0/go.mod h1:T3oKkPOm4AV/bNXCNFUxRmlE9RUyBz/DSo0nK9U+c0Y= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -676,6 +783,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA= +mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/v2/internal/severity/severity.go b/v2/internal/severity/severity.go index 0cd555062..c889356a8 100644 --- a/v2/internal/severity/severity.go +++ b/v2/internal/severity/severity.go @@ -53,7 +53,6 @@ func (severity Severity) String() string { } //nolint:exported,revive //prefer to be explicit about the name, and make it refactor-safe -//goland:noinspection GoNameStartsWithPackageName type SeverityHolder struct { Severity Severity } @@ -76,3 +75,7 @@ func (severityHolder *SeverityHolder) UnmarshalYAML(unmarshal func(interface{}) func (severityHolder *SeverityHolder) MarshalJSON() ([]byte, error) { return json.Marshal(severityHolder.Severity.String()) } + +func (severityHolder SeverityHolder) MarshalYAML() (interface{}, error) { + return severityHolder.Severity.String(), nil +} diff --git a/v2/internal/severity/severity_test.go b/v2/internal/severity/severity_test.go index d782cb39e..fc091a034 100644 --- a/v2/internal/severity/severity_test.go +++ b/v2/internal/severity/severity_test.go @@ -12,6 +12,14 @@ func TestYamlUnmarshal(t *testing.T) { testUnmarshal(t, yaml.Unmarshal, func(value string) string { return value }) } +func TestYamlMarshal(t *testing.T) { + severity := SeverityHolder{Severity: High} + + marshalled, err := severity.MarshalYAML() + assert.Nil(t, err, "could not marshal yaml") + assert.Equal(t, "high", marshalled, "could not marshal severity correctly") +} + func TestYamlUnmarshalFail(t *testing.T) { testUnmarshalFail(t, yaml.Unmarshal, createYAML) } diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 9c358b79f..e1bf3c43a 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -5,20 +5,69 @@ import ( "fmt" "strings" - "gopkg.in/yaml.v2" - "github.com/projectdiscovery/nuclei/v2/internal/severity" "github.com/projectdiscovery/nuclei/v2/pkg/utils" ) +// Info contains metadata information about a template type Info struct { - Name string `json:"name" yaml:"name"` - Authors StringSlice `json:"author" yaml:"author"` - Tags StringSlice `json:"tags" yaml:"tags"` - Description string `json:"description" yaml:"description"` - Reference StringSlice `json:"reference" yaml:"reference"` - SeverityHolder severity.SeverityHolder `json:"severity" yaml:"severity"` - AdditionalFields map[string]string `json:"additional-fields,omitempty" yaml:"additional-fields,omitempty"` + // description: | + // Name should be good short summary that identifies what the template does. + // + // examples: + // - value: "\"bower.json file disclosure\"" + // - value: "\"Nagios Default Credentials Check\"" + Name string `json:"name,omitempty" yaml:"name,omitempty"` + // description: | + // Author of the template. + // + // examples: + // - value: "\"\"" + Authors StringSlice `json:"author,omitempty" yaml:"author,omitempty"` + // description: | + // Any tags for the template. + // + // Multiple values can also be specified separated by commas. + // + // examples: + // - name: Example tags + // value: "\"cve,cve2019,grafana,auth-bypass,dos\"" + Tags StringSlice `json:"tags,omitempty" yaml:"tags,omitempty"` + // description: | + // Description of the template. + // + // You can go in-depth here on what the template actually does. + // + // examples: + // - value: "\"Bower is a package manager which stores packages informations in bower.json file\"" + // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" + Description string `json:"description,omitempty" yaml:"description,omitempty"` + // description: | + // References for the template. + // + // This should contain links relevant to the template. + // + // examples: + // - value: > + // []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"} + Reference StringSlice `json:"reference,omitempty" yaml:"reference,omitempty"` + // description: | + // Severity of the template. + // + // values: + // - info + // - low + // - medium + // - high + // - critical + SeverityHolder severity.SeverityHolder `json:"severity,omitempty" yaml:"severity,omitempty"` + // description: | + // AdditionalFields regarding metadata of the template. + // + // examples: + // - value: > + // map[string]string{"customField1":"customValue1"} + AdditionalFields map[string]string `json:"additional-fields,omitempty" yaml:"additional-fields,omitempty"` } // StringSlice represents a single (in-lined) or multiple string value(s). @@ -88,7 +137,7 @@ func marshalStringToSlice(unmarshal func(interface{}) error) ([]string, error) { } func (stringSlice StringSlice) MarshalYAML() (interface{}, error) { - return yaml.Marshal(stringSlice.Value) + return stringSlice.Value, nil } func (stringSlice StringSlice) MarshalJSON() ([]byte, error) { diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index 2cf05f990..fc5f25a7c 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -2,10 +2,11 @@ package model import ( "encoding/json" - "gopkg.in/yaml.v2" "strings" "testing" + "gopkg.in/yaml.v2" + "github.com/projectdiscovery/nuclei/v2/internal/severity" "github.com/stretchr/testify/assert" ) @@ -27,6 +28,33 @@ func TestInfoJsonMarshal(t *testing.T) { assert.Equal(t, expected, string(result)) } +func TestInfoYamlMarshal(t *testing.T) { + info := Info{ + Name: "Test Template Name", + Authors: StringSlice{[]string{"forgedhallpass", "ice3man"}}, + Description: "Test description", + SeverityHolder: severity.SeverityHolder{Severity: severity.High}, + Tags: StringSlice{[]string{"cve", "misc"}}, + Reference: StringSlice{"reference1"}, + } + + result, err := yaml.Marshal(&info) + assert.Nil(t, err) + + expected := `name: Test Template Name +author: +- forgedhallpass +- ice3man +tags: +- cve +- misc +description: Test description +reference: reference1 +severity: high +` + assert.Equal(t, expected, string(result)) +} + func TestUnmarshal(t *testing.T) { templateName := "Test Template" authors := []string{"forgedhallpass", "ice3man"} diff --git a/v2/pkg/operators/extractors/extractors.go b/v2/pkg/operators/extractors/extractors.go index e3a2f051f..c9d6ab9e2 100644 --- a/v2/pkg/operators/extractors/extractors.go +++ b/v2/pkg/operators/extractors/extractors.go @@ -8,37 +8,98 @@ import ( // Extractor is used to extract part of response using a regex. type Extractor struct { - // Name is the extractor's name + // description: | + // Name of the extractor. Name should be lowercase and must not contain + // spaces or dashes (-). + // examples: + // - value: "\"cookie-extractor\"" Name string `yaml:"name,omitempty"` - // Type is the type of the extractor + // description: | + // Type is the type of the extractor. + // values: + // - "regex" + // - "kval" Type string `yaml:"type"` // extractorType is the internal type of the extractor extractorType ExtractorType - // Regex are the regex pattern required to be present in the response - Regex []string `yaml:"regex"` - // RegexGroup specifies a group to extract from the regex - RegexGroup int `yaml:"group"` + // description: | + // Regex contains the regular expression patterns to exract from a part. + // + // Go regex engine does not supports lookaheads or lookbehinds, so as a result + // they are also not supported in nuclei. + // examples: + // - name: Braintree Access Token Regex + // value: > + // []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"} + // - name: Wordpress Author Extraction regex + // value: > + // []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"} + Regex []string `yaml:"regex,omitempty"` + // description: | + // Group specifies a numbered group to extract from the regex. + // examples: + // - name: Example Regex Group + // value: "1" + RegexGroup int `yaml:"group,omitempty"` // regexCompiled is the compiled variant regexCompiled []*regexp.Regexp - // KVal are the kval to be present in the response headers/cookies + // description: | + // kval contains the key-value pairs required in the response. + // + // Each protocol exposes a lot of different data in response. The kval + // extractor can be used to extract those key-value pairs. A list of + // supported parts is available in docs for request types. + // examples: + // - name: Extract Server Header From HTTP Response + // value: > + // []string{"Server"} + // - name: Extracting value of PHPSESSID Cookie + // value: > + // []string{"PHPSESSID"} KVal []string `yaml:"kval,omitempty"` - // XPath are the Xpath selectors for the extractor - XPath []string `yaml:"xpath"` - // Attribute is an optional attribute to extract from response XPath - Attribute string `yaml:"attribute"` - // JSON are the json pattern required to be present in the response - JSON []string `yaml:"json"` + // description: | + // JSON allows using jq-style syntax to extract items from json response + // + // examples: + // - value: > + // []string{".[] | .id"} + // - value: > + // []string{".batters | .batter | .[] | .id"} + JSON []string `yaml:"json,omitempty"` + // description: | + // XPath allows using xpath expressions to extract items from html response + // + // examples: + // - value: > + // []string{"/html/body/div/p[2]/a"} + // - value: > + // []string{".batters | .batter | .[] | .id"} + XPath []string `yaml:"xpath,omitempty"` + // description: | + // Attribute is an optional attribute to extract from response XPath. + // + // examples: + // - value: "\"href\"" + Attribute string `yaml:"attribute,omitempty"` + // jsonCompiled is the compiled variant jsonCompiled []*gojq.Code - // Part is the part of the request to match + // description: | + // Part is the part of the request response to extract data from. // - // By default, matching is performed in request body. + // Each protocol exposes a lot of different parts which are well + // documented in docs for each request type. + // examples: + // - value: "\"body\"" + // - value: "\"raw\"" Part string `yaml:"part,omitempty"` - // Internal defines if this is used internally + // description: | + // Internal, when set to true will allow using the value extracted + // in the next request for some protocols (like HTTP). Internal bool `yaml:"internal,omitempty"` } diff --git a/v2/pkg/operators/matchers/matchers.go b/v2/pkg/operators/matchers/matchers.go index 2a13b6a1e..c8484c0ca 100644 --- a/v2/pkg/operators/matchers/matchers.go +++ b/v2/pkg/operators/matchers/matchers.go @@ -8,35 +8,102 @@ import ( // Matcher is used to match a part in the output from a protocol. type Matcher struct { - // Type is the type of the matcher + // description: | + // Type is the type of the matcher. + // values: + // - "status" + // - "size" + // - "word" + // - "regex" + // - "binary" + // - "dsl" Type string `yaml:"type"` - // Condition is the optional condition between two matcher variables - // - // By default, the condition is assumed to be OR. + // description: | + // Condition is the optional condition between two matcher variables. By default, + // the condition is assumed to be OR. + // values: + // - "and" + // - "or" Condition string `yaml:"condition,omitempty"` - // Part is the part of the data to match + // description: | + // Part is the part of the request response to match data from. + // + // Each protocol exposes a lot of different parts which are well + // documented in docs for each request type. + // examples: + // - value: "\"body\"" + // - value: "\"raw\"" Part string `yaml:"part,omitempty"` - // Negative specifies if the match should be reversed - // It will only match if the condition is not true. + // description: | + // Negative specifies if the match should be reversed + // It will only match if the condition is not true. Negative bool `yaml:"negative,omitempty"` - // Name is matcher Name + // description: | + // Name of the matcher. Name should be lowercase and must not contain + // spaces or dashes (-). + // examples: + // - value: "\"cookie-matcher\"" Name string `yaml:"name,omitempty"` - // Status are the acceptable status codes for the response + // description: | + // Status are the acceptable status codes for the response. + // examples: + // - value: > + // []int{200, 302} Status []int `yaml:"status,omitempty"` - // Size is the acceptable size for the response + // description: | + // Size is the acceptable size for the response + // examples: + // - value: > + // []int{3029, 2042} Size []int `yaml:"size,omitempty"` - // Words are the words required to be present in the response + // description: | + // Words contains word patterns required to be present in the response part. + // examples: + // - name: Match for outlook mail protection domain + // value: > + // []string{"mail.protection.outlook.com"} + // - name: Match for application/json in response headers + // value: > + // []string{"application/json"} Words []string `yaml:"words,omitempty"` - // Regex are the regex pattern required to be present in the response + // description: | + // Regex contains Regular Expression patterns required to be present in the response part. + // examples: + // - name: Match for Linkerd Service via Regex + // value: > + // []string{`(?mi)^Via\\s*?:.*?linkerd.*$`} + // - name: Match for Open Redirect via Location header + // value: > + // []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`} Regex []string `yaml:"regex,omitempty"` - // Binary are the binary characters required to be present in the response + // description: | + // Binary are the binary patterns required to be present in the response part. + // examples: + // - name: Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte" + // value: > + // []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"} + // - name: Match for 7zip files + // value: > + // []string{"377ABCAF271C"} Binary []string `yaml:"binary,omitempty"` - // DSL are the dsl queries + // description: | + // DSL are the dsl expressions that will be evaluated as part of nuclei matching rules. + // A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/). + // examples: + // - name: DSL Matcher for package.json file + // value: > + // []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"} + // - name: DSL Matcher for missing strict transport security header + // value: > + // []string{"!contains(tolower(all_headers), ''strict-transport-security'')"} DSL []string `yaml:"dsl,omitempty"` - // Encoding specifies the encoding for the word content if any. + // description: | + // Encoding specifies the encoding for the words field if any. + // values: + // - "hex" Encoding string `yaml:"encoding,omitempty"` // cached data for the compiled matcher diff --git a/v2/pkg/operators/operators.go b/v2/pkg/operators/operators.go index 9093ae8fb..d37d0626d 100644 --- a/v2/pkg/operators/operators.go +++ b/v2/pkg/operators/operators.go @@ -9,14 +9,23 @@ import ( // Operators contains the operators that can be applied on protocols type Operators struct { - // Matchers contains the detection mechanism for the request to identify - // whether the request was successful + // description: | + // Matchers contains the detection mechanism for the request to identify + // whether the request was successful by doing pattern matching + // on request/responses. + // + // Multiple matchers can be combined together with `matcher-condition` flag + // which accepts either `and` or `or` as argument. Matchers []*matchers.Matcher `yaml:"matchers,omitempty"` - // Extractors contains the extraction mechanism for the request to identify - // and extract parts of the response. + // description: | + // Extractors contains the extraction mechanism for the request to identify + // and extract parts of the response. Extractors []*extractors.Extractor `yaml:"extractors,omitempty"` - // MatchersCondition is the condition of the matchers - // whether to use AND or OR. Default is OR. + // description: | + // MatchersCondition is the condition between the matchers. Default is OR. + // values: + // - "and" + // - "or" MatchersCondition string `yaml:"matchers-condition,omitempty"` // cached variables that may be used along with request. matchersCondition matchers.ConditionType diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index 0538186f9..c322883b9 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -18,18 +18,48 @@ type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` - ID string `yaml:"id"` + // ID is the ID of the request + ID string `yaml:"id,omitempty"` - // Path contains the path/s for the request - Name string `yaml:"name"` - // Type is the type of DNS request to make - Type string `yaml:"type"` - // Class is the class of the DNS request - Class string `yaml:"class"` - // Retries is the number of retries for the DNS request - Retries int `yaml:"retries"` + // description: | + // Name is the Hostname to make DNS request for. + // + // Generally, it is set to {{FQDN}} which is the domain we get from input. + // examples: + // - value: "\"{{FQDN}}\"" + Name string `yaml:"name,omitempty"` + // description: | + // Type is the type of DNS request to make. + // values: + // - "A" + // - "NS" + // - "CNAME" + // - "SOA" + // - "PTR" + // - "MX" + // - "TXT" + // - "AAAA" + Type string `yaml:"type,omitempty"` + // description: | + // Class is the class of the DNS request. + // + // Usually it's enough to just leave it as INET. + // values: + // - "INET" + // - "CSNET" + // - "CHAOS" + // - "HESIOD" + // - "NONE" + // - "ANY" + Class string `yaml:"class,omitempty"` + // description: | + // Retries is the number of retries for the DNS request + // examples: + // - name: Use a retry of 3 to 5 generally + // value: 5 + Retries int `yaml:"retries,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` dnsClient *retryabledns.Client options *protocols.ExecuterOptions @@ -37,8 +67,9 @@ type Request struct { class uint16 question uint16 - // Recursion specifies whether to recurse all the answers. - Recursion bool `yaml:"recursion"` + // description: | + // Recursion determines if resolver should recurse all records to get fresh results. + Recursion bool `yaml:"recursion,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/protocols/file/file.go b/v2/pkg/protocols/file/file.go index d5b810184..62f85eecd 100644 --- a/v2/pkg/protocols/file/file.go +++ b/v2/pkg/protocols/file/file.go @@ -12,26 +12,41 @@ import ( type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` - // Extensions is the list of extensions to perform matching on. - Extensions []string `yaml:"extensions"` - // ExtensionDenylist is the list of file extensions to deny during matching. - ExtensionDenylist []string `yaml:"denylist"` + // description: | + // Extensions is the list of extensions to perform matching on. + // examples: + // - value: '[]string{".txt", ".go", ".json"}' + Extensions []string `yaml:"extensions,omitempty"` + // description: | + // ExtensionDenylist is the list of file extensions to deny during matching. + // + // By default, it contains some non-interesting extensions that are hardcoded + // in nuclei. + // examples: + // - value: '[]string{".avi", ".mov", ".mp3"}' + ExtensionDenylist []string `yaml:"denylist,omitempty"` - ID string `yaml:"id"` + // ID is the ID of the request + ID string `yaml:"id,omitempty"` - // MaxSize is the maximum size of the file to run request on. - // By default, nuclei will process 5MB files and not go more than that. - // It can be set to much lower or higher depending on use. - MaxSize int `yaml:"max-size"` - CompiledOperators *operators.Operators + // description: | + // MaxSize is the maximum size of the file to run request on. + // + // By default, nuclei will process 5MB files and not go more than that. + // It can be set to much lower or higher depending on use. + // examples: + // - value: 2048 + MaxSize int `yaml:"max-size,omitempty"` + CompiledOperators *operators.Operators `yaml:"-"` // cache any variables that may be needed for operation. options *protocols.ExecuterOptions extensions map[string]struct{} extensionDenylist map[string]struct{} - // NoRecursive specifies whether to not do recursive checks if folders are provided. - NoRecursive bool `yaml:"no-recursive"` + // description: | + // NoRecursive specifies whether to not do recursive checks if folders are provided. + NoRecursive bool `yaml:"no-recursive,omitempty"` allExtensions bool } diff --git a/v2/pkg/protocols/headless/engine/action.go b/v2/pkg/protocols/headless/engine/action.go index 3c5296adf..6ad6973f2 100644 --- a/v2/pkg/protocols/headless/engine/action.go +++ b/v2/pkg/protocols/headless/engine/action.go @@ -109,10 +109,46 @@ var ActionToActionString = map[ActionType]string{ // are discovered on the found page. We also keep track and only // scrape new navigation from pages we haven't crawled yet. type Action struct { - Data map[string]string `yaml:"args,omitempty"` - Name string `yaml:"name,omitempty"` - Description string `yaml:"description,omitempty"` - ActionType string `yaml:"action"` + // description: + // Args contain arguments for the headless action. + // + // Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/). + Data map[string]string `yaml:"args,omitempty"` + // description: | + // Name is the name assigned to the headless action. + // + // This can be used to execute code, for instance in browser + // DOM using script action, and get the result in a variable + // which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml). + Name string `yaml:"name,omitempty"` + // description: | + // Description is the optional description of the headless action + Description string `yaml:"description,omitempty"` + // description: | + // Action is the type of the action to perform. + // values: + // - "navigate" + // - "script" + // - "click" + // - "rightclick" + // - "text" + // - "screenshot" + // - "time" + // - "select" + // - "files" + // - "waitload" + // - "getresource" + // - "extract" + // - "setmethod" + // - "addheader" + // - "setheader" + // - "deleteheader" + // - "setbody" + // - "waitevent" + // - "keyboard" + // - "debug" + // - "sleep" + ActionType string `yaml:"action"` } // String returns the string representation of an action diff --git a/v2/pkg/protocols/headless/headless.go b/v2/pkg/protocols/headless/headless.go index 77a369311..00a5af25d 100644 --- a/v2/pkg/protocols/headless/headless.go +++ b/v2/pkg/protocols/headless/headless.go @@ -9,10 +9,12 @@ import ( // Request contains a Headless protocol request to be made from a template type Request struct { - ID string `yaml:"id"` + // ID is the ID of the request + ID string `yaml:"id,omitempty"` - // Steps is the list of actions to run for headless request - Steps []*engine.Action `yaml:"steps"` + // description: | + // Steps is the list of actions to run for headless request + Steps []*engine.Action `yaml:"steps,omitempty"` // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 825e671b3..4e93753ac 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -16,39 +16,108 @@ import ( type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` - // Path contains the path/s for the request - Path []string `yaml:"path"` - // Raw contains raw requests - Raw []string `yaml:"raw"` - ID string `yaml:"id"` - // Name is the name of the request - Name string `yaml:"Name"` - // AttackType is the attack type - // Sniper, PitchFork and ClusterBomb. Default is Sniper - AttackType string `yaml:"attack"` - // Method is the request method, whether GET, POST, PUT, etc - Method string `yaml:"method"` - // Body is an optional parameter which contains the request body for POST methods, etc - Body string `yaml:"body"` - // Path contains the path/s for the request variables - Payloads map[string]interface{} `yaml:"payloads"` - // Headers contains headers to send with the request - Headers map[string]string `yaml:"headers"` - // RaceNumberRequests is the number of same request to send in race condition attack - RaceNumberRequests int `yaml:"race_count"` - // MaxRedirects is the maximum number of redirects that should be followed. - MaxRedirects int `yaml:"max-redirects"` - // PipelineConcurrentConnections is number of connections in pipelining - PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections"` - // PipelineRequestsPerConnection is number of requests in pipelining - PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection"` - // Threads specifies number of threads for sending requests - Threads int `yaml:"threads"` + // description: | + // Path contains the path/s for the HTTP requests. It supports variables + // as placeholders. + // examples: + // - name: Some example path values + // value: > + // []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"} + Path []string `yaml:"path,omitempty"` + // description: | + // Raw contains HTTP Requests in Raw format. + // examples: + // - name: Some example raw requests + // value: | + // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} + Raw []string `yaml:"raw,omitempty"` + // ID is the ID of the request + ID string `yaml:"id,omitempty"` + // description: | + // Name is the optional name of the request. + // + // If a name is specified, all the named request in a template can be matched upon + // in a combined manner allowing multirequest based matchers. + Name string `yaml:"name,omitempty"` + // description: | + // Attack is the type of payload combinations to perform. + // + // Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates + // permutations and combinations for all payloads. + // values: + // - "sniper" + // - "pitchfork" + // - "clusterbomb" + AttackType string `yaml:"attack,omitempty"` + // description: | + // Method is the HTTP Request Method. + // values: + // - "GET" + // - "POST" + // - "PUT" + // - "DELETE" + Method string `yaml:"method,omitempty"` + // description: | + // Body is an optional parameter which contains HTTP Request body. + // examples: + // - name: Same Body for a Login POST request + // value: "\"username=test&password=test\"" + Body string `yaml:"body,omitempty"` + // description: | + // Payloads contains any payloads for the current request. + // + // Payloads support both key-values combinations where a list + // of payloads is provided, or optionally a single file can also + // be provided as payload which will be read on run-time. + Payloads map[string]interface{} `yaml:"payloads,omitempty"` + // description: | + // Headers contains HTTP Headers to send with the request. + // examples: + // - value: | + // map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"} + Headers map[string]string `yaml:"headers,omitempty"` + // description: | + // RaceCount is the number of times to send a request in Race Condition Attack. + // examples: + // - name: Send a request 5 times + // value: "5" + RaceNumberRequests int `yaml:"race_count,omitempty"` + // description: | + // MaxRedirects is the maximum number of redirects that should be followed. + // examples: + // - name: Follow upto 5 redirects + // value: "5" + MaxRedirects int `yaml:"max-redirects,omitempty"` + // description: | + // PipelineConcurrentConnections is number of connections to create during pipelining. + // examples: + // - name: Create 40 concurrent connections + // value: 40 + PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections,omitempty"` + // description: | + // PipelineRequestsPerConnection is number of requests to send per connection when pipelining. + // examples: + // - name: Send 100 requests per pipeline connection + // value: 100 + PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection,omitempty"` + // description: | + // Threads specifies number of threads to use sending requests. This enables Connection Pooling. + // + // Connection: Close attribute must not be used in request while using threads flag, otherwise + // pooling will fail and engine will continue to close connections after requests. + // examples: + // - name: Send requests using 10 concurrent threads + // value: 10 + Threads int `yaml:"threads,omitempty"` - // MaxSize is the maximum size of http response body to read in bytes. - MaxSize int `yaml:"max-size"` + // description: | + // MaxSize is the maximum size of http response body to read in bytes. + // examples: + // - name: Read max 2048 bytes of the response + // value: 2048 + MaxSize int `yaml:"max-size,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` options *protocols.ExecuterOptions attackType generators.Type @@ -57,22 +126,37 @@ type Request struct { generator *generators.Generator // optional, only enabled when using payloads httpClient *retryablehttp.Client rawhttpClient *rawhttp.Client - // CookieReuse is an optional setting that makes cookies shared within requests - CookieReuse bool `yaml:"cookie-reuse"` - // Redirects specifies whether redirects should be followed. - Redirects bool `yaml:"redirects"` - // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining (race conditions/billions requests) - // All requests must be indempotent (GET/POST) - Pipeline bool `yaml:"pipeline"` - // Specify in order to skip request RFC normalization - Unsafe bool `yaml:"unsafe"` - // Race determines if all the request have to be attempted at the same time - // The minimum number of requests is determined by threads - Race bool `yaml:"race"` - // ReqCondition automatically assigns numbers to requests and preserves - // their history for being matched at the end. - // Currently only works with sequential http requests. - ReqCondition bool `yaml:"req-condition"` + + // description: | + // CookieReuse is an optional setting that enables cookie reuse for + // all requests defined in raw section. + CookieReuse bool `yaml:"cookie-reuse,omitempty"` + // description: | + // Redirects specifies whether redirects should be followed by the HTTP Client. + // + // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. + Redirects bool `yaml:"redirects,omitempty"` + // description: | + // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining + // + // All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. + Pipeline bool `yaml:"pipeline,omitempty"` + // description: | + // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. + // + // This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete + // control over the request, with no normalization performed by the client. + Unsafe bool `yaml:"unsafe,omitempty"` + // description: | + // Race determines if all the request have to be attempted at the same time (Race Condition) + // + // The actual number of requests that will be sent is determined by the `race_count` field. + Race bool `yaml:"race,omitempty"` + // description: | + // ReqCondition automatically assigns numbers to requests and preserves their history. + // + // This allows matching on them later for multi-request conditions. + ReqCondition bool `yaml:"req-condition,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/protocols/http/http_test.go b/v2/pkg/protocols/http/http_test.go index a675330cf..34df912b6 100644 --- a/v2/pkg/protocols/http/http_test.go +++ b/v2/pkg/protocols/http/http_test.go @@ -17,7 +17,6 @@ func TestHTTPCompile(t *testing.T) { testutils.Init(options) templateID := "testing-http" request := &Request{ - ID: templateID, Name: "testing", Payloads: map[string]interface{}{ "username": []string{"admin"}, diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 196fcbcde..180a5df78 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -15,26 +15,52 @@ import ( // Request contains a Network protocol request to be made from a template type Request struct { - ID string `yaml:"id"` + // ID is the ID of the request + ID string `yaml:"id,omitempty"` - // Address is the address to send requests to (host:port:tls combos generally) - Address []string `yaml:"host"` + // description: | + // Address is the address to send requests to. + // + // Usually it's set to `{{Hostname}}`. If you want to enable TLS for + // TCP Connection, you can use `tls://{{Hostname}}`. + // examples: + // - value: | + // []string{"{{Hostname}}"} + Address []string `yaml:"host,omitempty"` addresses []addressKV - // AttackType is the attack type - // Sniper, PitchFork and ClusterBomb. Default is Sniper - AttackType string `yaml:"attack"` - // Path contains the path/s for the request variables - Payloads map[string]interface{} `yaml:"payloads"` + // description: | + // Attack is the type of payload combinations to perform. + // + // Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates + // permutations and combinations for all payloads. + // values: + // - "sniper" + // - "pitchfork" + // - "clusterbomb" + AttackType string `yaml:"attack,omitempty"` + // description: | + // Payloads contains any payloads for the current request. + // + // Payloads support both key-values combinations where a list + // of payloads is provided, or optionally a single file can also + // be provided as payload which will be read on run-time. + Payloads map[string]interface{} `yaml:"payloads,omitempty"` - // Payload is the payload to send for the network request - Inputs []*Input `yaml:"inputs"` - // ReadSize is the size of response to read (1024 if not provided by default) - ReadSize int `yaml:"read-size"` + // description: | + // Inputs contains inputs for the network socket + Inputs []*Input `yaml:"inputs,omitempty"` + // description: | + // ReadSize is the size of response to read at the end + // + // Default value for read-size is 1024. + // examples: + // - value: "2048" + ReadSize int `yaml:"read-size,omitempty"` // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` generator *generators.Generator attackType generators.Type @@ -51,14 +77,38 @@ type addressKV struct { // Input is the input to send on the network type Input struct { - // Data is the data to send as the input - Data string `yaml:"data"` - // Type is the type of input - hex, text. - Type string `yaml:"type"` - // Read is the number of bytes to read from socket - Read int `yaml:"read"` - // Name is the optional name of the input to provide matching on - Name string `yaml:"name"` + // description: | + // Data is the data to send as the input. + // + // It supports DSL Helper Functions as well as normal expressions. + // examples: + // - value: "\"TEST\"" + // - value: "\"hex_decode('50494e47')\"" + Data string `yaml:"data,omitempty"` + // description: | + // Type is the type of input specified in `data` field. + // + // Default value is text, but hex can be used for hex formatted data. + // values: + // - "hex" + // - "text" + Type string `yaml:"type,omitempty"` + // description: | + // Read is the number of bytes to read from socket. + // + // This can be used for protcols which expected an immediate response. You can + // read and write responses one after another and evetually perform matching + // on every data captured with `name` attribute. + // + // The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. + // examples: + // - value: "1024" + Read int `yaml:"read,omitempty"` + // description: | + // Name is the optional name of the data read to provide matching on. + // examples: + // - value: "\"prefix\"" + Name string `yaml:"name,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 7c2829a83..2cd1e2092 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -1,3 +1,4 @@ +//go:generate dstdocgen -path "" -structure Template -output templates_doc.go -package templates package templates import ( @@ -11,24 +12,54 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/workflows" ) -// Template is a request template parsed from a yaml file +// Template is a YAML input file which defines all the requests and +// other metadata for a template. type Template struct { - // ID is the unique id for the template + // description: | + // ID is the unique id for the template. IDs must be lowercase + // and must not contain spaces in it. + // + // #### Good IDs + // + // A good ID uniquely identifies what the requests in the template + // are doing. Let's say you have a template that identifies a git-config + // file on the webservers, a good name would be `git-config-exposure`. Another + // example name is `azure-apps-nxdomain-takeover`. + // examples: + // - name: ID Example + // value: "\"cve-2021-19520\"" ID string `yaml:"id"` - // Info contains information about the template + // description: | + // Info contains metadata information about the template. + // examples: + // - value: exampleInfoStructure Info model.Info `yaml:"info"` - // RequestsHTTP contains the http request to make in the template + // description: | + // Requests contains the http request to make in the template. + // examples: + // - value: exampleNormalHTTPRequest RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests"` - // RequestsDNS contains the dns request to make in the template + // description: | + // DNS contains the dns request to make in the template + // examples: + // - value: exampleNormalDNSRequest RequestsDNS []*dns.Request `yaml:"dns,omitempty" json:"dns"` - // RequestsFile contains the file request to make in the template + // description: | + // File contains the file request to make in the template + // examples: + // - value: exampleNormalFileRequest RequestsFile []*file.Request `yaml:"file,omitempty" json:"file"` - // RequestsNetwork contains the network request to make in the template + // description: | + // Network contains the network request to make in the template + // examples: + // - value: exampleNormalNetworkRequest RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network"` - // RequestsHeadless contains the headless request to make in the template. + // description: | + // Headless contains the headless request to make in the template. RequestsHeadless []*headless.Request `yaml:"headless,omitempty" json:"headless"` - // Workflows is a yaml based workflow declaration code. + // description: | + // Workflows is a yaml based workflow declaration code. workflows.Workflow `yaml:",inline,omitempty"` CompiledWorkflow *workflows.Workflow `yaml:"-" json:"-" jsonschema:"-"` diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go new file mode 100644 index 000000000..4baa36448 --- /dev/null +++ b/v2/pkg/templates/templates_doc.go @@ -0,0 +1,1026 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// DO NOT EDIT: this file is automatically generated by docgen +package templates + +import ( + "github.com/projectdiscovery/yamldoc-go/encoder" +) + +var ( + TemplateDoc encoder.Doc + MODELInfoDoc encoder.Doc + MODELStringSliceDoc encoder.Doc + SEVERITYSeverityHolderDoc encoder.Doc + HTTPRequestDoc encoder.Doc + MATCHERSMatcherDoc encoder.Doc + EXTRACTORSExtractorDoc encoder.Doc + DNSRequestDoc encoder.Doc + FILERequestDoc encoder.Doc + NETWORKRequestDoc encoder.Doc + NETWORKInputDoc encoder.Doc + HEADLESSRequestDoc encoder.Doc + ENGINEActionDoc encoder.Doc + WORKFLOWSWorkflowTemplateDoc encoder.Doc + WORKFLOWSMatcherDoc encoder.Doc +) + +func init() { + TemplateDoc.Type = "Template" + TemplateDoc.Comments[encoder.LineComment] = " Template is a YAML input file which defines all the requests and" + TemplateDoc.Description = "Template is a YAML input file which defines all the requests and\n other metadata for a template." + TemplateDoc.Fields = make([]encoder.Doc, 8) + TemplateDoc.Fields[0].Name = "id" + TemplateDoc.Fields[0].Type = "string" + TemplateDoc.Fields[0].Note = "" + TemplateDoc.Fields[0].Description = "ID is the unique id for the template. IDs must be lowercase\nand must not contain spaces in it.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." + TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template. IDs must be lowercase" + + TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") + TemplateDoc.Fields[1].Name = "info" + TemplateDoc.Fields[1].Type = "model.Info" + TemplateDoc.Fields[1].Note = "" + TemplateDoc.Fields[1].Description = "Info contains metadata information about the template." + TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template." + + TemplateDoc.Fields[1].AddExample("", exampleInfoStructure) + TemplateDoc.Fields[2].Name = "requests" + TemplateDoc.Fields[2].Type = "[]http.Request" + TemplateDoc.Fields[2].Note = "" + TemplateDoc.Fields[2].Description = "Requests contains the http request to make in the template." + TemplateDoc.Fields[2].Comments[encoder.LineComment] = "Requests contains the http request to make in the template." + + TemplateDoc.Fields[2].AddExample("", exampleNormalHTTPRequest) + TemplateDoc.Fields[3].Name = "dns" + TemplateDoc.Fields[3].Type = "[]dns.Request" + TemplateDoc.Fields[3].Note = "" + TemplateDoc.Fields[3].Description = "DNS contains the dns request to make in the template" + TemplateDoc.Fields[3].Comments[encoder.LineComment] = "DNS contains the dns request to make in the template" + + TemplateDoc.Fields[3].AddExample("", exampleNormalDNSRequest) + TemplateDoc.Fields[4].Name = "file" + TemplateDoc.Fields[4].Type = "[]file.Request" + TemplateDoc.Fields[4].Note = "" + TemplateDoc.Fields[4].Description = "File contains the file request to make in the template" + TemplateDoc.Fields[4].Comments[encoder.LineComment] = "File contains the file request to make in the template" + + TemplateDoc.Fields[4].AddExample("", exampleNormalFileRequest) + TemplateDoc.Fields[5].Name = "network" + TemplateDoc.Fields[5].Type = "[]network.Request" + TemplateDoc.Fields[5].Note = "" + TemplateDoc.Fields[5].Description = "Network contains the network request to make in the template" + TemplateDoc.Fields[5].Comments[encoder.LineComment] = "Network contains the network request to make in the template" + + TemplateDoc.Fields[5].AddExample("", exampleNormalNetworkRequest) + TemplateDoc.Fields[6].Name = "headless" + TemplateDoc.Fields[6].Type = "[]headless.Request" + TemplateDoc.Fields[6].Note = "" + TemplateDoc.Fields[6].Description = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[6].Comments[encoder.LineComment] = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[7].Name = "workflows" + TemplateDoc.Fields[7].Type = "[]workflows.WorkflowTemplate" + TemplateDoc.Fields[7].Note = "" + TemplateDoc.Fields[7].Description = "Workflows is a list of workflows to execute for a template." + TemplateDoc.Fields[7].Comments[encoder.LineComment] = "Workflows is a list of workflows to execute for a template." + + MODELInfoDoc.Type = "model.Info" + MODELInfoDoc.Comments[encoder.LineComment] = " Info contains metadata information about a template" + MODELInfoDoc.Description = "Info contains metadata information about a template" + + MODELInfoDoc.AddExample("", exampleInfoStructure) + MODELInfoDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "info", + }, + } + MODELInfoDoc.Fields = make([]encoder.Doc, 7) + MODELInfoDoc.Fields[0].Name = "name" + MODELInfoDoc.Fields[0].Type = "string" + MODELInfoDoc.Fields[0].Note = "" + MODELInfoDoc.Fields[0].Description = "Name should be good short summary that identifies what the template does." + MODELInfoDoc.Fields[0].Comments[encoder.LineComment] = "Name should be good short summary that identifies what the template does." + + MODELInfoDoc.Fields[0].AddExample("", "bower.json file disclosure") + + MODELInfoDoc.Fields[0].AddExample("", "Nagios Default Credentials Check") + MODELInfoDoc.Fields[1].Name = "author" + MODELInfoDoc.Fields[1].Type = "StringSlice" + MODELInfoDoc.Fields[1].Note = "" + MODELInfoDoc.Fields[1].Description = "Author of the template." + MODELInfoDoc.Fields[1].Comments[encoder.LineComment] = "Author of the template." + + MODELInfoDoc.Fields[1].AddExample("", "") + MODELInfoDoc.Fields[2].Name = "tags" + MODELInfoDoc.Fields[2].Type = "StringSlice" + MODELInfoDoc.Fields[2].Note = "" + MODELInfoDoc.Fields[2].Description = "Any tags for the template.\n\nMultiple values can also be specified separated by commas." + MODELInfoDoc.Fields[2].Comments[encoder.LineComment] = "Any tags for the template." + + MODELInfoDoc.Fields[2].AddExample("Example tags", "cve,cve2019,grafana,auth-bypass,dos") + MODELInfoDoc.Fields[3].Name = "description" + MODELInfoDoc.Fields[3].Type = "string" + MODELInfoDoc.Fields[3].Note = "" + MODELInfoDoc.Fields[3].Description = "Description of the template.\n\nYou can go in-depth here on what the template actually does." + MODELInfoDoc.Fields[3].Comments[encoder.LineComment] = "Description of the template." + + MODELInfoDoc.Fields[3].AddExample("", "Bower is a package manager which stores packages informations in bower.json file") + + MODELInfoDoc.Fields[3].AddExample("", "Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations") + MODELInfoDoc.Fields[4].Name = "reference" + MODELInfoDoc.Fields[4].Type = "StringSlice" + MODELInfoDoc.Fields[4].Note = "" + MODELInfoDoc.Fields[4].Description = "References for the template.\n\nThis should contain links relevant to the template." + MODELInfoDoc.Fields[4].Comments[encoder.LineComment] = "References for the template." + + MODELInfoDoc.Fields[4].AddExample("", []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}) + MODELInfoDoc.Fields[5].Name = "severity" + MODELInfoDoc.Fields[5].Type = "severity.SeverityHolder" + MODELInfoDoc.Fields[5].Note = "" + MODELInfoDoc.Fields[5].Description = "Severity of the template." + MODELInfoDoc.Fields[5].Comments[encoder.LineComment] = "Severity of the template." + MODELInfoDoc.Fields[5].Values = []string{ + "info", + "low", + "medium", + "high", + "critical", + } + MODELInfoDoc.Fields[6].Name = "additional-fields" + MODELInfoDoc.Fields[6].Type = "map[string]string" + MODELInfoDoc.Fields[6].Note = "" + MODELInfoDoc.Fields[6].Description = "AdditionalFields regarding metadata of the template." + MODELInfoDoc.Fields[6].Comments[encoder.LineComment] = "AdditionalFields regarding metadata of the template." + + MODELInfoDoc.Fields[6].AddExample("", map[string]string{"customField1": "customValue1"}) + + MODELStringSliceDoc.Type = "model.StringSlice" + MODELStringSliceDoc.Comments[encoder.LineComment] = "" + MODELStringSliceDoc.Description = "" + MODELStringSliceDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "tags", + }, + } + MODELStringSliceDoc.Fields = make([]encoder.Doc, 0) + + SEVERITYSeverityHolderDoc.Type = "severity.SeverityHolder" + SEVERITYSeverityHolderDoc.Comments[encoder.LineComment] = "" + SEVERITYSeverityHolderDoc.Description = "" + SEVERITYSeverityHolderDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "model.Info", + FieldName: "severity", + }, + } + SEVERITYSeverityHolderDoc.Fields = make([]encoder.Doc, 0) + + HTTPRequestDoc.Type = "http.Request" + HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" + HTTPRequestDoc.Description = "Request contains a http request to be made from a template" + + HTTPRequestDoc.AddExample("", exampleNormalHTTPRequest) + HTTPRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "requests", + }, + } + HTTPRequestDoc.Fields = make([]encoder.Doc, 24) + HTTPRequestDoc.Fields[0].Name = "matchers" + HTTPRequestDoc.Fields[0].Type = "[]matchers.Matcher" + HTTPRequestDoc.Fields[0].Note = "" + HTTPRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HTTPRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HTTPRequestDoc.Fields[1].Name = "extractors" + HTTPRequestDoc.Fields[1].Type = "[]extractors.Extractor" + HTTPRequestDoc.Fields[1].Note = "" + HTTPRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HTTPRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HTTPRequestDoc.Fields[2].Name = "matchers-condition" + HTTPRequestDoc.Fields[2].Type = "string" + HTTPRequestDoc.Fields[2].Note = "" + HTTPRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + HTTPRequestDoc.Fields[3].Name = "path" + HTTPRequestDoc.Fields[3].Type = "[]string" + HTTPRequestDoc.Fields[3].Note = "" + HTTPRequestDoc.Fields[3].Description = "Path contains the path/s for the HTTP requests. It supports variables\nas placeholders." + HTTPRequestDoc.Fields[3].Comments[encoder.LineComment] = "Path contains the path/s for the HTTP requests. It supports variables" + + HTTPRequestDoc.Fields[3].AddExample("Some example path values", []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"}) + HTTPRequestDoc.Fields[4].Name = "raw" + HTTPRequestDoc.Fields[4].Type = "[]string" + HTTPRequestDoc.Fields[4].Note = "" + HTTPRequestDoc.Fields[4].Description = "Raw contains HTTP Requests in Raw format." + HTTPRequestDoc.Fields[4].Comments[encoder.LineComment] = "Raw contains HTTP Requests in Raw format." + + HTTPRequestDoc.Fields[4].AddExample("Some example raw requests", []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"}) + HTTPRequestDoc.Fields[5].Name = "id" + HTTPRequestDoc.Fields[5].Type = "string" + HTTPRequestDoc.Fields[5].Note = "" + HTTPRequestDoc.Fields[5].Description = "ID is the ID of the request" + HTTPRequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + HTTPRequestDoc.Fields[6].Name = "name" + HTTPRequestDoc.Fields[6].Type = "string" + HTTPRequestDoc.Fields[6].Note = "" + HTTPRequestDoc.Fields[6].Description = "Name is the optional name of the request.\n\nIf a name is specified, all the named request in a template can be matched upon\nin a combined manner allowing multirequest based matchers." + HTTPRequestDoc.Fields[6].Comments[encoder.LineComment] = "Name is the optional name of the request." + HTTPRequestDoc.Fields[7].Name = "attack" + HTTPRequestDoc.Fields[7].Type = "string" + HTTPRequestDoc.Fields[7].Note = "" + HTTPRequestDoc.Fields[7].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + HTTPRequestDoc.Fields[7].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + HTTPRequestDoc.Fields[7].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + HTTPRequestDoc.Fields[8].Name = "method" + HTTPRequestDoc.Fields[8].Type = "string" + HTTPRequestDoc.Fields[8].Note = "" + HTTPRequestDoc.Fields[8].Description = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Comments[encoder.LineComment] = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Values = []string{ + "GET", + "POST", + "PUT", + "DELETE", + } + HTTPRequestDoc.Fields[9].Name = "body" + HTTPRequestDoc.Fields[9].Type = "string" + HTTPRequestDoc.Fields[9].Note = "" + HTTPRequestDoc.Fields[9].Description = "Body is an optional parameter which contains HTTP Request body." + HTTPRequestDoc.Fields[9].Comments[encoder.LineComment] = "Body is an optional parameter which contains HTTP Request body." + + HTTPRequestDoc.Fields[9].AddExample("Same Body for a Login POST request", "username=test&password=test") + HTTPRequestDoc.Fields[10].Name = "payloads" + HTTPRequestDoc.Fields[10].Type = "map[string]interface{}" + HTTPRequestDoc.Fields[10].Note = "" + HTTPRequestDoc.Fields[10].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + HTTPRequestDoc.Fields[10].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." + HTTPRequestDoc.Fields[11].Name = "headers" + HTTPRequestDoc.Fields[11].Type = "map[string]string" + HTTPRequestDoc.Fields[11].Note = "" + HTTPRequestDoc.Fields[11].Description = "Headers contains HTTP Headers to send with the request." + HTTPRequestDoc.Fields[11].Comments[encoder.LineComment] = "Headers contains HTTP Headers to send with the request." + + HTTPRequestDoc.Fields[11].AddExample("", map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"}) + HTTPRequestDoc.Fields[12].Name = "race_count" + HTTPRequestDoc.Fields[12].Type = "int" + HTTPRequestDoc.Fields[12].Note = "" + HTTPRequestDoc.Fields[12].Description = "RaceCount is the number of times to send a request in Race Condition Attack." + HTTPRequestDoc.Fields[12].Comments[encoder.LineComment] = "RaceCount is the number of times to send a request in Race Condition Attack." + + HTTPRequestDoc.Fields[12].AddExample("Send a request 5 times", 5) + HTTPRequestDoc.Fields[13].Name = "max-redirects" + HTTPRequestDoc.Fields[13].Type = "int" + HTTPRequestDoc.Fields[13].Note = "" + HTTPRequestDoc.Fields[13].Description = "MaxRedirects is the maximum number of redirects that should be followed." + HTTPRequestDoc.Fields[13].Comments[encoder.LineComment] = "MaxRedirects is the maximum number of redirects that should be followed." + + HTTPRequestDoc.Fields[13].AddExample("Follow upto 5 redirects", 5) + HTTPRequestDoc.Fields[14].Name = "pipeline-concurrent-connections" + HTTPRequestDoc.Fields[14].Type = "int" + HTTPRequestDoc.Fields[14].Note = "" + HTTPRequestDoc.Fields[14].Description = "PipelineConcurrentConnections is number of connections to create during pipelining." + HTTPRequestDoc.Fields[14].Comments[encoder.LineComment] = "PipelineConcurrentConnections is number of connections to create during pipelining." + + HTTPRequestDoc.Fields[14].AddExample("Create 40 concurrent connections", 40) + HTTPRequestDoc.Fields[15].Name = "pipeline-requests-per-connection" + HTTPRequestDoc.Fields[15].Type = "int" + HTTPRequestDoc.Fields[15].Note = "" + HTTPRequestDoc.Fields[15].Description = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + HTTPRequestDoc.Fields[15].Comments[encoder.LineComment] = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + + HTTPRequestDoc.Fields[15].AddExample("Send 100 requests per pipeline connection", 100) + HTTPRequestDoc.Fields[16].Name = "threads" + HTTPRequestDoc.Fields[16].Type = "int" + HTTPRequestDoc.Fields[16].Note = "" + HTTPRequestDoc.Fields[16].Description = "Threads specifies number of threads to use sending requests. This enables Connection Pooling.\n\nConnection: Close attribute must not be used in request while using threads flag, otherwise\npooling will fail and engine will continue to close connections after requests." + HTTPRequestDoc.Fields[16].Comments[encoder.LineComment] = "Threads specifies number of threads to use sending requests. This enables Connection Pooling." + + HTTPRequestDoc.Fields[16].AddExample("Send requests using 10 concurrent threads", 10) + HTTPRequestDoc.Fields[17].Name = "max-size" + HTTPRequestDoc.Fields[17].Type = "int" + HTTPRequestDoc.Fields[17].Note = "" + HTTPRequestDoc.Fields[17].Description = "MaxSize is the maximum size of http response body to read in bytes." + HTTPRequestDoc.Fields[17].Comments[encoder.LineComment] = "MaxSize is the maximum size of http response body to read in bytes." + + HTTPRequestDoc.Fields[17].AddExample("Read max 2048 bytes of the response", 2048) + HTTPRequestDoc.Fields[18].Name = "cookie-reuse" + HTTPRequestDoc.Fields[18].Type = "bool" + HTTPRequestDoc.Fields[18].Note = "" + HTTPRequestDoc.Fields[18].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." + HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" + HTTPRequestDoc.Fields[19].Name = "redirects" + HTTPRequestDoc.Fields[19].Type = "bool" + HTTPRequestDoc.Fields[19].Note = "" + HTTPRequestDoc.Fields[19].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." + HTTPRequestDoc.Fields[20].Name = "pipeline" + HTTPRequestDoc.Fields[20].Type = "bool" + HTTPRequestDoc.Fields[20].Note = "" + HTTPRequestDoc.Fields[20].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be indempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + HTTPRequestDoc.Fields[21].Name = "unsafe" + HTTPRequestDoc.Fields[21].Type = "bool" + HTTPRequestDoc.Fields[21].Note = "" + HTTPRequestDoc.Fields[21].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." + HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." + HTTPRequestDoc.Fields[22].Name = "race" + HTTPRequestDoc.Fields[22].Type = "bool" + HTTPRequestDoc.Fields[22].Note = "" + HTTPRequestDoc.Fields[22].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." + HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" + HTTPRequestDoc.Fields[23].Name = "req-condition" + HTTPRequestDoc.Fields[23].Type = "bool" + HTTPRequestDoc.Fields[23].Note = "" + HTTPRequestDoc.Fields[23].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." + HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." + + MATCHERSMatcherDoc.Type = "matchers.Matcher" + MATCHERSMatcherDoc.Comments[encoder.LineComment] = " Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.Description = "Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "matchers", + }, + { + TypeName: "dns.Request", + FieldName: "matchers", + }, + { + TypeName: "file.Request", + FieldName: "matchers", + }, + { + TypeName: "network.Request", + FieldName: "matchers", + }, + { + TypeName: "headless.Request", + FieldName: "matchers", + }, + } + MATCHERSMatcherDoc.Fields = make([]encoder.Doc, 12) + MATCHERSMatcherDoc.Fields[0].Name = "type" + MATCHERSMatcherDoc.Fields[0].Type = "string" + MATCHERSMatcherDoc.Fields[0].Note = "" + MATCHERSMatcherDoc.Fields[0].Description = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Values = []string{ + "status", + "size", + "word", + "regex", + "binary", + "dsl", + } + MATCHERSMatcherDoc.Fields[1].Name = "condition" + MATCHERSMatcherDoc.Fields[1].Type = "string" + MATCHERSMatcherDoc.Fields[1].Note = "" + MATCHERSMatcherDoc.Fields[1].Description = "Condition is the optional condition between two matcher variables. By default,\nthe condition is assumed to be OR." + MATCHERSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Condition is the optional condition between two matcher variables. By default," + MATCHERSMatcherDoc.Fields[1].Values = []string{ + "and", + "or", + } + MATCHERSMatcherDoc.Fields[2].Name = "part" + MATCHERSMatcherDoc.Fields[2].Type = "string" + MATCHERSMatcherDoc.Fields[2].Note = "" + MATCHERSMatcherDoc.Fields[2].Description = "Part is the part of the request response to match data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + MATCHERSMatcherDoc.Fields[2].Comments[encoder.LineComment] = "Part is the part of the request response to match data from." + + MATCHERSMatcherDoc.Fields[2].AddExample("", "body") + + MATCHERSMatcherDoc.Fields[2].AddExample("", "raw") + MATCHERSMatcherDoc.Fields[3].Name = "negative" + MATCHERSMatcherDoc.Fields[3].Type = "bool" + MATCHERSMatcherDoc.Fields[3].Note = "" + MATCHERSMatcherDoc.Fields[3].Description = "Negative specifies if the match should be reversed\nIt will only match if the condition is not true." + MATCHERSMatcherDoc.Fields[3].Comments[encoder.LineComment] = "Negative specifies if the match should be reversed" + MATCHERSMatcherDoc.Fields[4].Name = "name" + MATCHERSMatcherDoc.Fields[4].Type = "string" + MATCHERSMatcherDoc.Fields[4].Note = "" + MATCHERSMatcherDoc.Fields[4].Description = "Name of the matcher. Name should be lowercase and must not contain\nspaces or dashes (-)." + MATCHERSMatcherDoc.Fields[4].Comments[encoder.LineComment] = "Name of the matcher. Name should be lowercase and must not contain" + + MATCHERSMatcherDoc.Fields[4].AddExample("", "cookie-matcher") + MATCHERSMatcherDoc.Fields[5].Name = "status" + MATCHERSMatcherDoc.Fields[5].Type = "[]int" + MATCHERSMatcherDoc.Fields[5].Note = "" + MATCHERSMatcherDoc.Fields[5].Description = "Status are the acceptable status codes for the response." + MATCHERSMatcherDoc.Fields[5].Comments[encoder.LineComment] = "Status are the acceptable status codes for the response." + + MATCHERSMatcherDoc.Fields[5].AddExample("", []int{200, 302}) + MATCHERSMatcherDoc.Fields[6].Name = "size" + MATCHERSMatcherDoc.Fields[6].Type = "[]int" + MATCHERSMatcherDoc.Fields[6].Note = "" + MATCHERSMatcherDoc.Fields[6].Description = "Size is the acceptable size for the response" + MATCHERSMatcherDoc.Fields[6].Comments[encoder.LineComment] = "Size is the acceptable size for the response" + + MATCHERSMatcherDoc.Fields[6].AddExample("", []int{3029, 2042}) + MATCHERSMatcherDoc.Fields[7].Name = "words" + MATCHERSMatcherDoc.Fields[7].Type = "[]string" + MATCHERSMatcherDoc.Fields[7].Note = "" + MATCHERSMatcherDoc.Fields[7].Description = "Words contains word patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[7].Comments[encoder.LineComment] = "Words contains word patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for outlook mail protection domain", []string{"mail.protection.outlook.com"}) + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for application/json in response headers", []string{"application/json"}) + MATCHERSMatcherDoc.Fields[8].Name = "regex" + MATCHERSMatcherDoc.Fields[8].Type = "[]string" + MATCHERSMatcherDoc.Fields[8].Note = "" + MATCHERSMatcherDoc.Fields[8].Description = "Regex contains Regular Expression patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[8].Comments[encoder.LineComment] = "Regex contains Regular Expression patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Linkerd Service via Regex", []string{`(?mi)^Via\\s*?:.*?linkerd.*$`}) + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Open Redirect via Location header", []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`}) + MATCHERSMatcherDoc.Fields[9].Name = "binary" + MATCHERSMatcherDoc.Fields[9].Type = "[]string" + MATCHERSMatcherDoc.Fields[9].Note = "" + MATCHERSMatcherDoc.Fields[9].Description = "Binary are the binary patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[9].Comments[encoder.LineComment] = "Binary are the binary patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for Springboot Heapdump Actuator \"JAVA PROFILE\", \"HPROF\", \"Gunzip magic byte\"", []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"}) + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for 7zip files", []string{"377ABCAF271C"}) + MATCHERSMatcherDoc.Fields[10].Name = "dsl" + MATCHERSMatcherDoc.Fields[10].Type = "[]string" + MATCHERSMatcherDoc.Fields[10].Note = "" + MATCHERSMatcherDoc.Fields[10].Description = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.\nA list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/)." + MATCHERSMatcherDoc.Fields[10].Comments[encoder.LineComment] = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules." + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for package.json file", []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"}) + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for missing strict transport security header", []string{"!contains(tolower(all_headers), ''strict-transport-security'')"}) + MATCHERSMatcherDoc.Fields[11].Name = "encoding" + MATCHERSMatcherDoc.Fields[11].Type = "string" + MATCHERSMatcherDoc.Fields[11].Note = "" + MATCHERSMatcherDoc.Fields[11].Description = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Comments[encoder.LineComment] = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Values = []string{ + "hex", + } + + EXTRACTORSExtractorDoc.Type = "extractors.Extractor" + EXTRACTORSExtractorDoc.Comments[encoder.LineComment] = " Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.Description = "Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "extractors", + }, + { + TypeName: "dns.Request", + FieldName: "extractors", + }, + { + TypeName: "file.Request", + FieldName: "extractors", + }, + { + TypeName: "network.Request", + FieldName: "extractors", + }, + { + TypeName: "headless.Request", + FieldName: "extractors", + }, + } + EXTRACTORSExtractorDoc.Fields = make([]encoder.Doc, 10) + EXTRACTORSExtractorDoc.Fields[0].Name = "name" + EXTRACTORSExtractorDoc.Fields[0].Type = "string" + EXTRACTORSExtractorDoc.Fields[0].Note = "" + EXTRACTORSExtractorDoc.Fields[0].Description = "Name of the extractor. Name should be lowercase and must not contain\nspaces or dashes (-)." + EXTRACTORSExtractorDoc.Fields[0].Comments[encoder.LineComment] = "Name of the extractor. Name should be lowercase and must not contain" + + EXTRACTORSExtractorDoc.Fields[0].AddExample("", "cookie-extractor") + EXTRACTORSExtractorDoc.Fields[1].Name = "type" + EXTRACTORSExtractorDoc.Fields[1].Type = "string" + EXTRACTORSExtractorDoc.Fields[1].Note = "" + EXTRACTORSExtractorDoc.Fields[1].Description = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Values = []string{ + "regex", + "kval", + } + EXTRACTORSExtractorDoc.Fields[2].Name = "regex" + EXTRACTORSExtractorDoc.Fields[2].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[2].Note = "" + EXTRACTORSExtractorDoc.Fields[2].Description = "Regex contains the regular expression patterns to exract from a part.\n\nGo regex engine does not supports lookaheads or lookbehinds, so as a result\nthey are also not supported in nuclei." + EXTRACTORSExtractorDoc.Fields[2].Comments[encoder.LineComment] = "Regex contains the regular expression patterns to exract from a part." + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Braintree Access Token Regex", []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"}) + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Wordpress Author Extraction regex", []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"}) + EXTRACTORSExtractorDoc.Fields[3].Name = "group" + EXTRACTORSExtractorDoc.Fields[3].Type = "int" + EXTRACTORSExtractorDoc.Fields[3].Note = "" + EXTRACTORSExtractorDoc.Fields[3].Description = "Group specifies a numbered group to extract from the regex." + EXTRACTORSExtractorDoc.Fields[3].Comments[encoder.LineComment] = "Group specifies a numbered group to extract from the regex." + + EXTRACTORSExtractorDoc.Fields[3].AddExample("Example Regex Group", 1) + EXTRACTORSExtractorDoc.Fields[4].Name = "kval" + EXTRACTORSExtractorDoc.Fields[4].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[4].Note = "" + EXTRACTORSExtractorDoc.Fields[4].Description = "kval contains the key-value pairs required in the response.\n\nEach protocol exposes a lot of different data in response. The kval\nextractor can be used to extract those key-value pairs. A list of\nsupported parts is available in docs for request types." + EXTRACTORSExtractorDoc.Fields[4].Comments[encoder.LineComment] = "kval contains the key-value pairs required in the response." + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extract Server Header From HTTP Response", []string{"Server"}) + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extracting value of PHPSESSID Cookie", []string{"PHPSESSID"}) + EXTRACTORSExtractorDoc.Fields[5].Name = "json" + EXTRACTORSExtractorDoc.Fields[5].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[5].Note = "" + EXTRACTORSExtractorDoc.Fields[5].Description = "JSON allows using jq-style syntax to extract items from json response" + EXTRACTORSExtractorDoc.Fields[5].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", []string{".[] | .id"}) + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", []string{".batters | .batter | .[] | .id"}) + EXTRACTORSExtractorDoc.Fields[6].Name = "xpath" + EXTRACTORSExtractorDoc.Fields[6].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[6].Note = "" + EXTRACTORSExtractorDoc.Fields[6].Description = "XPath allows using xpath expressions to extract items from html response" + EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "XPath allows using xpath expressions to extract items from html response" + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{"/html/body/div/p[2]/a"}) + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".batters | .batter | .[] | .id"}) + EXTRACTORSExtractorDoc.Fields[7].Name = "attribute" + EXTRACTORSExtractorDoc.Fields[7].Type = "string" + EXTRACTORSExtractorDoc.Fields[7].Note = "" + EXTRACTORSExtractorDoc.Fields[7].Description = "Attribute is an optional attribute to extract from response XPath." + EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "Attribute is an optional attribute to extract from response XPath." + + EXTRACTORSExtractorDoc.Fields[7].AddExample("", "href") + EXTRACTORSExtractorDoc.Fields[8].Name = "part" + EXTRACTORSExtractorDoc.Fields[8].Type = "string" + EXTRACTORSExtractorDoc.Fields[8].Note = "" + EXTRACTORSExtractorDoc.Fields[8].Description = "Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + EXTRACTORSExtractorDoc.Fields[8].Comments[encoder.LineComment] = "Part is the part of the request response to extract data from." + + EXTRACTORSExtractorDoc.Fields[8].AddExample("", "body") + + EXTRACTORSExtractorDoc.Fields[8].AddExample("", "raw") + EXTRACTORSExtractorDoc.Fields[9].Name = "internal" + EXTRACTORSExtractorDoc.Fields[9].Type = "bool" + EXTRACTORSExtractorDoc.Fields[9].Note = "" + EXTRACTORSExtractorDoc.Fields[9].Description = "Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)." + EXTRACTORSExtractorDoc.Fields[9].Comments[encoder.LineComment] = "Internal, when set to true will allow using the value extracted" + + DNSRequestDoc.Type = "dns.Request" + DNSRequestDoc.Comments[encoder.LineComment] = " Request contains a DNS protocol request to be made from a template" + DNSRequestDoc.Description = "Request contains a DNS protocol request to be made from a template" + + DNSRequestDoc.AddExample("", exampleNormalDNSRequest) + DNSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "dns", + }, + } + DNSRequestDoc.Fields = make([]encoder.Doc, 9) + DNSRequestDoc.Fields[0].Name = "matchers" + DNSRequestDoc.Fields[0].Type = "[]matchers.Matcher" + DNSRequestDoc.Fields[0].Note = "" + DNSRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + DNSRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + DNSRequestDoc.Fields[1].Name = "extractors" + DNSRequestDoc.Fields[1].Type = "[]extractors.Extractor" + DNSRequestDoc.Fields[1].Note = "" + DNSRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + DNSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + DNSRequestDoc.Fields[2].Name = "matchers-condition" + DNSRequestDoc.Fields[2].Type = "string" + DNSRequestDoc.Fields[2].Note = "" + DNSRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + DNSRequestDoc.Fields[3].Name = "id" + DNSRequestDoc.Fields[3].Type = "string" + DNSRequestDoc.Fields[3].Note = "" + DNSRequestDoc.Fields[3].Description = "ID is the ID of the request" + DNSRequestDoc.Fields[3].Comments[encoder.LineComment] = " ID is the ID of the request" + DNSRequestDoc.Fields[4].Name = "name" + DNSRequestDoc.Fields[4].Type = "string" + DNSRequestDoc.Fields[4].Note = "" + DNSRequestDoc.Fields[4].Description = "Name is the Hostname to make DNS request for.\n\nGenerally, it is set to {{FQDN}} which is the domain we get from input." + DNSRequestDoc.Fields[4].Comments[encoder.LineComment] = "Name is the Hostname to make DNS request for." + + DNSRequestDoc.Fields[4].AddExample("", "{{FQDN}}") + DNSRequestDoc.Fields[5].Name = "type" + DNSRequestDoc.Fields[5].Type = "string" + DNSRequestDoc.Fields[5].Note = "" + DNSRequestDoc.Fields[5].Description = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Comments[encoder.LineComment] = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Values = []string{ + "A", + "NS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA", + } + DNSRequestDoc.Fields[6].Name = "class" + DNSRequestDoc.Fields[6].Type = "string" + DNSRequestDoc.Fields[6].Note = "" + DNSRequestDoc.Fields[6].Description = "Class is the class of the DNS request.\n\nUsually it's enough to just leave it as INET." + DNSRequestDoc.Fields[6].Comments[encoder.LineComment] = "Class is the class of the DNS request." + DNSRequestDoc.Fields[6].Values = []string{ + "INET", + "CSNET", + "CHAOS", + "HESIOD", + "NONE", + "ANY", + } + DNSRequestDoc.Fields[7].Name = "retries" + DNSRequestDoc.Fields[7].Type = "int" + DNSRequestDoc.Fields[7].Note = "" + DNSRequestDoc.Fields[7].Description = "Retries is the number of retries for the DNS request" + DNSRequestDoc.Fields[7].Comments[encoder.LineComment] = "Retries is the number of retries for the DNS request" + + DNSRequestDoc.Fields[7].AddExample("Use a retry of 3 to 5 generally", 5) + DNSRequestDoc.Fields[8].Name = "recursion" + DNSRequestDoc.Fields[8].Type = "bool" + DNSRequestDoc.Fields[8].Note = "" + DNSRequestDoc.Fields[8].Description = "Recursion determines if resolver should recurse all records to get fresh results." + DNSRequestDoc.Fields[8].Comments[encoder.LineComment] = "Recursion determines if resolver should recurse all records to get fresh results." + + FILERequestDoc.Type = "file.Request" + FILERequestDoc.Comments[encoder.LineComment] = " Request contains a File matching mechanism for local disk operations." + FILERequestDoc.Description = "Request contains a File matching mechanism for local disk operations." + + FILERequestDoc.AddExample("", exampleNormalFileRequest) + FILERequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "file", + }, + } + FILERequestDoc.Fields = make([]encoder.Doc, 8) + FILERequestDoc.Fields[0].Name = "matchers" + FILERequestDoc.Fields[0].Type = "[]matchers.Matcher" + FILERequestDoc.Fields[0].Note = "" + FILERequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + FILERequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + FILERequestDoc.Fields[1].Name = "extractors" + FILERequestDoc.Fields[1].Type = "[]extractors.Extractor" + FILERequestDoc.Fields[1].Note = "" + FILERequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + FILERequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + FILERequestDoc.Fields[2].Name = "matchers-condition" + FILERequestDoc.Fields[2].Type = "string" + FILERequestDoc.Fields[2].Note = "" + FILERequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + FILERequestDoc.Fields[3].Name = "extensions" + FILERequestDoc.Fields[3].Type = "[]string" + FILERequestDoc.Fields[3].Note = "" + FILERequestDoc.Fields[3].Description = "Extensions is the list of extensions to perform matching on." + FILERequestDoc.Fields[3].Comments[encoder.LineComment] = "Extensions is the list of extensions to perform matching on." + + FILERequestDoc.Fields[3].AddExample("", []string{".txt", ".go", ".json"}) + FILERequestDoc.Fields[4].Name = "denylist" + FILERequestDoc.Fields[4].Type = "[]string" + FILERequestDoc.Fields[4].Note = "" + FILERequestDoc.Fields[4].Description = "ExtensionDenylist is the list of file extensions to deny during matching.\n\nBy default, it contains some non-interesting extensions that are hardcoded\nin nuclei." + FILERequestDoc.Fields[4].Comments[encoder.LineComment] = "ExtensionDenylist is the list of file extensions to deny during matching." + + FILERequestDoc.Fields[4].AddExample("", []string{".avi", ".mov", ".mp3"}) + FILERequestDoc.Fields[5].Name = "id" + FILERequestDoc.Fields[5].Type = "string" + FILERequestDoc.Fields[5].Note = "" + FILERequestDoc.Fields[5].Description = "ID is the ID of the request" + FILERequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + FILERequestDoc.Fields[6].Name = "max-size" + FILERequestDoc.Fields[6].Type = "int" + FILERequestDoc.Fields[6].Note = "" + FILERequestDoc.Fields[6].Description = "MaxSize is the maximum size of the file to run request on.\n\nBy default, nuclei will process 5MB files and not go more than that.\nIt can be set to much lower or higher depending on use." + FILERequestDoc.Fields[6].Comments[encoder.LineComment] = "MaxSize is the maximum size of the file to run request on." + + FILERequestDoc.Fields[6].AddExample("", 2048) + FILERequestDoc.Fields[7].Name = "no-recursive" + FILERequestDoc.Fields[7].Type = "bool" + FILERequestDoc.Fields[7].Note = "" + FILERequestDoc.Fields[7].Description = "NoRecursive specifies whether to not do recursive checks if folders are provided." + FILERequestDoc.Fields[7].Comments[encoder.LineComment] = "NoRecursive specifies whether to not do recursive checks if folders are provided." + + NETWORKRequestDoc.Type = "network.Request" + NETWORKRequestDoc.Comments[encoder.LineComment] = " Request contains a Network protocol request to be made from a template" + NETWORKRequestDoc.Description = "Request contains a Network protocol request to be made from a template" + + NETWORKRequestDoc.AddExample("", exampleNormalNetworkRequest) + NETWORKRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "network", + }, + } + NETWORKRequestDoc.Fields = make([]encoder.Doc, 9) + NETWORKRequestDoc.Fields[0].Name = "id" + NETWORKRequestDoc.Fields[0].Type = "string" + NETWORKRequestDoc.Fields[0].Note = "" + NETWORKRequestDoc.Fields[0].Description = "ID is the ID of the request" + NETWORKRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + NETWORKRequestDoc.Fields[1].Name = "host" + NETWORKRequestDoc.Fields[1].Type = "[]string" + NETWORKRequestDoc.Fields[1].Note = "" + NETWORKRequestDoc.Fields[1].Description = "Address is the address to send requests to.\n\nUsually it's set to `{{Hostname}}`. If you want to enable TLS for\nTCP Connection, you can use `tls://{{Hostname}}`." + NETWORKRequestDoc.Fields[1].Comments[encoder.LineComment] = "Address is the address to send requests to." + + NETWORKRequestDoc.Fields[1].AddExample("", []string{"{{Hostname}}"}) + NETWORKRequestDoc.Fields[2].Name = "attack" + NETWORKRequestDoc.Fields[2].Type = "string" + NETWORKRequestDoc.Fields[2].Note = "" + NETWORKRequestDoc.Fields[2].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + NETWORKRequestDoc.Fields[2].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + NETWORKRequestDoc.Fields[2].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + NETWORKRequestDoc.Fields[3].Name = "payloads" + NETWORKRequestDoc.Fields[3].Type = "map[string]interface{}" + NETWORKRequestDoc.Fields[3].Note = "" + NETWORKRequestDoc.Fields[3].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + NETWORKRequestDoc.Fields[3].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." + NETWORKRequestDoc.Fields[4].Name = "inputs" + NETWORKRequestDoc.Fields[4].Type = "[]network.Input" + NETWORKRequestDoc.Fields[4].Note = "" + NETWORKRequestDoc.Fields[4].Description = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[4].Comments[encoder.LineComment] = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[5].Name = "read-size" + NETWORKRequestDoc.Fields[5].Type = "int" + NETWORKRequestDoc.Fields[5].Note = "" + NETWORKRequestDoc.Fields[5].Description = "ReadSize is the size of response to read at the end\n\nDefault value for read-size is 1024." + NETWORKRequestDoc.Fields[5].Comments[encoder.LineComment] = "ReadSize is the size of response to read at the end" + + NETWORKRequestDoc.Fields[5].AddExample("", 2048) + NETWORKRequestDoc.Fields[6].Name = "matchers" + NETWORKRequestDoc.Fields[6].Type = "[]matchers.Matcher" + NETWORKRequestDoc.Fields[6].Note = "" + NETWORKRequestDoc.Fields[6].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + NETWORKRequestDoc.Fields[6].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + NETWORKRequestDoc.Fields[7].Name = "extractors" + NETWORKRequestDoc.Fields[7].Type = "[]extractors.Extractor" + NETWORKRequestDoc.Fields[7].Note = "" + NETWORKRequestDoc.Fields[7].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + NETWORKRequestDoc.Fields[7].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + NETWORKRequestDoc.Fields[8].Name = "matchers-condition" + NETWORKRequestDoc.Fields[8].Type = "string" + NETWORKRequestDoc.Fields[8].Note = "" + NETWORKRequestDoc.Fields[8].Description = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Values = []string{ + "and", + "or", + } + + NETWORKInputDoc.Type = "network.Input" + NETWORKInputDoc.Comments[encoder.LineComment] = "" + NETWORKInputDoc.Description = "" + NETWORKInputDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "network.Request", + FieldName: "inputs", + }, + } + NETWORKInputDoc.Fields = make([]encoder.Doc, 4) + NETWORKInputDoc.Fields[0].Name = "data" + NETWORKInputDoc.Fields[0].Type = "string" + NETWORKInputDoc.Fields[0].Note = "" + NETWORKInputDoc.Fields[0].Description = "Data is the data to send as the input.\n\nIt supports DSL Helper Functions as well as normal expressions." + NETWORKInputDoc.Fields[0].Comments[encoder.LineComment] = "Data is the data to send as the input." + + NETWORKInputDoc.Fields[0].AddExample("", "TEST") + + NETWORKInputDoc.Fields[0].AddExample("", "hex_decode('50494e47')") + NETWORKInputDoc.Fields[1].Name = "type" + NETWORKInputDoc.Fields[1].Type = "string" + NETWORKInputDoc.Fields[1].Note = "" + NETWORKInputDoc.Fields[1].Description = "Type is the type of input specified in `data` field.\n\nDefault value is text, but hex can be used for hex formatted data." + NETWORKInputDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of input specified in `data` field." + NETWORKInputDoc.Fields[1].Values = []string{ + "hex", + "text", + } + NETWORKInputDoc.Fields[2].Name = "read" + NETWORKInputDoc.Fields[2].Type = "int" + NETWORKInputDoc.Fields[2].Note = "" + NETWORKInputDoc.Fields[2].Description = "Read is the number of bytes to read from socket.\n\nThis can be used for protcols which expected an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this." + NETWORKInputDoc.Fields[2].Comments[encoder.LineComment] = "Read is the number of bytes to read from socket." + + NETWORKInputDoc.Fields[2].AddExample("", 1024) + NETWORKInputDoc.Fields[3].Name = "name" + NETWORKInputDoc.Fields[3].Type = "string" + NETWORKInputDoc.Fields[3].Note = "" + NETWORKInputDoc.Fields[3].Description = "Name is the optional name of the data read to provide matching on." + NETWORKInputDoc.Fields[3].Comments[encoder.LineComment] = "Name is the optional name of the data read to provide matching on." + + NETWORKInputDoc.Fields[3].AddExample("", "prefix") + + HEADLESSRequestDoc.Type = "headless.Request" + HEADLESSRequestDoc.Comments[encoder.LineComment] = " Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.Description = "Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "headless", + }, + } + HEADLESSRequestDoc.Fields = make([]encoder.Doc, 5) + HEADLESSRequestDoc.Fields[0].Name = "id" + HEADLESSRequestDoc.Fields[0].Type = "string" + HEADLESSRequestDoc.Fields[0].Note = "" + HEADLESSRequestDoc.Fields[0].Description = "ID is the ID of the request" + HEADLESSRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + HEADLESSRequestDoc.Fields[1].Name = "steps" + HEADLESSRequestDoc.Fields[1].Type = "[]engine.Action" + HEADLESSRequestDoc.Fields[1].Note = "" + HEADLESSRequestDoc.Fields[1].Description = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[2].Name = "matchers" + HEADLESSRequestDoc.Fields[2].Type = "[]matchers.Matcher" + HEADLESSRequestDoc.Fields[2].Note = "" + HEADLESSRequestDoc.Fields[2].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HEADLESSRequestDoc.Fields[2].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HEADLESSRequestDoc.Fields[3].Name = "extractors" + HEADLESSRequestDoc.Fields[3].Type = "[]extractors.Extractor" + HEADLESSRequestDoc.Fields[3].Note = "" + HEADLESSRequestDoc.Fields[3].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HEADLESSRequestDoc.Fields[4].Name = "matchers-condition" + HEADLESSRequestDoc.Fields[4].Type = "string" + HEADLESSRequestDoc.Fields[4].Note = "" + HEADLESSRequestDoc.Fields[4].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Values = []string{ + "and", + "or", + } + + ENGINEActionDoc.Type = "engine.Action" + ENGINEActionDoc.Comments[encoder.LineComment] = " Action is an action taken by the browser to reach a navigation" + ENGINEActionDoc.Description = "Action is an action taken by the browser to reach a navigation\n\n Each step that the browser executes is an action. Most navigations\n usually start from the ActionLoadURL event, and further navigations\n are discovered on the found page. We also keep track and only\n scrape new navigation from pages we haven't crawled yet." + ENGINEActionDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "headless.Request", + FieldName: "steps", + }, + } + ENGINEActionDoc.Fields = make([]encoder.Doc, 4) + ENGINEActionDoc.Fields[0].Name = "args" + ENGINEActionDoc.Fields[0].Type = "map[string]string" + ENGINEActionDoc.Fields[0].Note = "" + ENGINEActionDoc.Fields[0].Description = "Args contain arguments for the headless action.\nPer action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/)." + ENGINEActionDoc.Fields[0].Comments[encoder.LineComment] = "Args contain arguments for the headless action." + ENGINEActionDoc.Fields[1].Name = "name" + ENGINEActionDoc.Fields[1].Type = "string" + ENGINEActionDoc.Fields[1].Note = "" + ENGINEActionDoc.Fields[1].Description = "Name is the name assigned to the headless action.\n\nThis can be used to execute code, for instance in browser\nDOM using script action, and get the result in a variable\nwhich can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml)." + ENGINEActionDoc.Fields[1].Comments[encoder.LineComment] = "Name is the name assigned to the headless action." + ENGINEActionDoc.Fields[2].Name = "description" + ENGINEActionDoc.Fields[2].Type = "string" + ENGINEActionDoc.Fields[2].Note = "" + ENGINEActionDoc.Fields[2].Description = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[2].Comments[encoder.LineComment] = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[3].Name = "action" + ENGINEActionDoc.Fields[3].Type = "string" + ENGINEActionDoc.Fields[3].Note = "" + ENGINEActionDoc.Fields[3].Description = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Comments[encoder.LineComment] = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Values = []string{ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep", + } + + WORKFLOWSWorkflowTemplateDoc.Type = "workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Comments[encoder.LineComment] = "" + WORKFLOWSWorkflowTemplateDoc.Description = "" + WORKFLOWSWorkflowTemplateDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "workflows", + }, + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "subtemplates", + }, + { + TypeName: "workflows.Matcher", + FieldName: "subtemplates", + }, + } + WORKFLOWSWorkflowTemplateDoc.Fields = make([]encoder.Doc, 4) + WORKFLOWSWorkflowTemplateDoc.Fields[0].Name = "template" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Description = "Template is a single template or directory to execute as part of workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[0].Comments[encoder.LineComment] = "Template is a single template or directory to execute as part of workflow." + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A single template", "dns/worksites-detection.yaml") + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A template directory", "misconfigurations/aem") + WORKFLOWSWorkflowTemplateDoc.Fields[1].Name = "tags" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Type = "model.StringSlice" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Description = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[1].Comments[encoder.LineComment] = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Name = "matchers" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Type = "[]workflows.Matcher" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Description = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Comments[encoder.LineComment] = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Name = "subtemplates" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Description = "Subtemplates are ran if the `template` field Template matches." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Comments[encoder.LineComment] = "Subtemplates are ran if the `template` field Template matches." + + WORKFLOWSMatcherDoc.Type = "workflows.Matcher" + WORKFLOWSMatcherDoc.Comments[encoder.LineComment] = "" + WORKFLOWSMatcherDoc.Description = "" + WORKFLOWSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "matchers", + }, + } + WORKFLOWSMatcherDoc.Fields = make([]encoder.Doc, 2) + WORKFLOWSMatcherDoc.Fields[0].Name = "name" + WORKFLOWSMatcherDoc.Fields[0].Type = "string" + WORKFLOWSMatcherDoc.Fields[0].Note = "" + WORKFLOWSMatcherDoc.Fields[0].Description = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[1].Name = "subtemplates" + WORKFLOWSMatcherDoc.Fields[1].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSMatcherDoc.Fields[1].Note = "" + WORKFLOWSMatcherDoc.Fields[1].Description = "Subtemplates are ran if the name of matcher matches." + WORKFLOWSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Subtemplates are ran if the name of matcher matches." +} + +// GetTemplateDoc returns documentation for the file templates_doc.go. +func GetTemplateDoc() *encoder.FileDoc { + return &encoder.FileDoc{ + Name: "Template", + Description: "", + Structs: []*encoder.Doc{ + &TemplateDoc, + &MODELInfoDoc, + &MODELStringSliceDoc, + &SEVERITYSeverityHolderDoc, + &HTTPRequestDoc, + &MATCHERSMatcherDoc, + &EXTRACTORSExtractorDoc, + &DNSRequestDoc, + &FILERequestDoc, + &NETWORKRequestDoc, + &NETWORKInputDoc, + &HEADLESSRequestDoc, + &ENGINEActionDoc, + &WORKFLOWSWorkflowTemplateDoc, + &WORKFLOWSMatcherDoc, + }, + } +} diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go new file mode 100644 index 000000000..61d0a2a32 --- /dev/null +++ b/v2/pkg/templates/templates_doc_examples.go @@ -0,0 +1,72 @@ +//nolint //do not lint as examples with no usage +package templates + +import ( + "github.com/projectdiscovery/nuclei/v2/internal/severity" + "github.com/projectdiscovery/nuclei/v2/pkg/model" + "github.com/projectdiscovery/nuclei/v2/pkg/operators" + "github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors" + "github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/file" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/http" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/network" +) + +var ( + exampleInfoStructure = model.Info{ + Name: "Argument Injection in Ruby Dragonfly", + Authors: model.StringSlice{[]string{"0xspara"}}, + SeverityHolder: severity.SeverityHolder{severity.High}, + Reference: model.StringSlice{"https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"}, + Tags: model.StringSlice{[]string{"cve,cve2021,rce,ruby"}}, + } + exampleNormalHTTPRequest = &http.Request{ + Method: "GET", + Path: []string{"{{BaseURL}}/.git/config"}, + Operators: operators.Operators{ + MatchersCondition: "and", + Matchers: []*matchers.Matcher{ + {Type: "word", Words: []string{"[core]"}}, + {Type: "dsl", DSL: []string{"!contains(tolower(body), ' + +
+ +id string + +
+
+ +ID is the unique id for the template. IDs must be lowercase +and must not contain spaces in it. + +#### Good IDs + +A good ID uniquely identifies what the requests in the template +are doing. Let's say you have a template that identifies a git-config +file on the webservers, a good name would be `git-config-exposure`. Another +example name is `azure-apps-nxdomain-takeover`. + + + +Examples: + + +```yaml +# ID Example +id: cve-2021-19520 +``` + + +
+ +
+ +
+ +info model.Info + +
+
+ +Info contains metadata information about the template. + + + +Examples: + + +```yaml +info: + name: Argument Injection in Ruby Dragonfly + author: + - 0xspara + tags: + - cve,cve2021,rce,ruby + reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ + severity: high +``` + + +
+ +
+ +
+ +requests []http.Request + +
+
+ +Requests contains the http request to make in the template. + + + +Examples: + + +```yaml +requests: + matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +
+ +dns []dns.Request + +
+
+ +DNS contains the dns request to make in the template + + + +Examples: + + +```yaml +dns: + extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com + name: '{{FQDN}}' + type: CNAME + class: inet + retries: 2 + recursion: true +``` + + +
+ +
+ +
+ +file []file.Request + +
+
+ +File contains the file request to make in the template + + + +Examples: + + +```yaml +file: + extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + extensions: + - all +``` + + +
+ +
+ +
+ +network []network.Request + +
+
+ +Network contains the network request to make in the template + + + +Examples: + + +```yaml +network: + host: + - '{{Hostname}}' + - '{{Hostname}}:2181' + inputs: + - data: "envi\r\nquit\r\n" + read-size: 2048 + matchers: + - type: word + words: + - zookeeper.version +``` + + +
+ +
+ +
+ +headless []headless.Request + +
+
+ +Headless contains the headless request to make in the template. + +
+ +
+ +
+ +workflows []workflows.WorkflowTemplate + +
+
+ +Workflows is a list of workflows to execute for a template. + +
+ +
+ + + + + +## model.Info +Info contains metadata information about a template + +Appears in: + + +- Template.info + + +```yaml +name: Argument Injection in Ruby Dragonfly +author: + - 0xspara +tags: + - cve,cve2021,rce,ruby +reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ +severity: high +``` + +
+ +
+ +name string + +
+
+ +Name should be good short summary that identifies what the template does. + + + +Examples: + + +```yaml +name: bower.json file disclosure +``` + +```yaml +name: Nagios Default Credentials Check +``` + + +
+ +
+ +
+ +author StringSlice + +
+
+ +Author of the template. + + + +Examples: + + +```yaml +author: +``` + + +
+ +
+ +
+ +tags StringSlice + +
+
+ +Any tags for the template. + +Multiple values can also be specified separated by commas. + + + +Examples: + + +```yaml +# Example tags +tags: cve,cve2019,grafana,auth-bypass,dos +``` + + +
+ +
+ +
+ +description string + +
+
+ +Description of the template. + +You can go in-depth here on what the template actually does. + + + +Examples: + + +```yaml +description: Bower is a package manager which stores packages informations in bower.json file +``` + +```yaml +description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations +``` + + +
+ +
+ +
+ +reference StringSlice + +
+
+ +References for the template. + +This should contain links relevant to the template. + + + +Examples: + + +```yaml +reference: + - https://github.com/strapi/strapi + - https://github.com/getgrav/grav +``` + + +
+ +
+ +
+ +severity severity.SeverityHolder + +
+
+ +Severity of the template. + + +Valid values: + + + - info + + - low + + - medium + + - high + + - critical +
+ +
+ +
+ +additional-fields map[string]string + +
+
+ +AdditionalFields regarding metadata of the template. + + + +Examples: + + +```yaml +additional-fields: + customField1: customValue1 +``` + + +
+ +
+ + + + + +## model.StringSlice + +Appears in: + + +- workflows.WorkflowTemplate.tags + + + + + +## severity.SeverityHolder + +Appears in: + + +- model.Info.severity + + + + + +## http.Request +Request contains a http request to be made from a template + +Appears in: + + +- Template.requests + + +```yaml +matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +path []string + +
+
+ +Path contains the path/s for the HTTP requests. It supports variables +as placeholders. + + + +Examples: + + +```yaml +# Some example path values +path: + - '{{BaseURL}}' + - '{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions' +``` + + +
+ +
+ +
+ +raw []string + +
+
+ +Raw contains HTTP Requests in Raw format. + + + +Examples: + + +```yaml +# Some example raw requests +raw: + - |- + GET /etc/passwd HTTP/1.1 + Host: + Content-Length: 4 + - |- + POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 + Content-Length: 1 + Connection: close + + echo + echo + cat /etc/passwd 2>&1 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the request. + +If a name is specified, all the named request in a template can be matched upon +in a combined manner allowing multirequest based matchers. + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +method string + +
+
+ +Method is the HTTP Request Method. + + +Valid values: + + + - GET + + - POST + + - PUT + + - DELETE +
+ +
+ +
+ +body string + +
+
+ +Body is an optional parameter which contains HTTP Request body. + + + +Examples: + + +```yaml +# Same Body for a Login POST request +body: username=test&password=test +``` + + +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +headers map[string]string + +
+
+ +Headers contains HTTP Headers to send with the request. + + + +Examples: + + +```yaml +headers: + Any-Header: Any-Value + Content-Length: "1" + Content-Type: application/x-www-form-urlencoded +``` + + +
+ +
+ +
+ +race_count int + +
+
+ +RaceCount is the number of times to send a request in Race Condition Attack. + + + +Examples: + + +```yaml +# Send a request 5 times +race_count: 5 +``` + + +
+ +
+ +
+ +max-redirects int + +
+
+ +MaxRedirects is the maximum number of redirects that should be followed. + + + +Examples: + + +```yaml +# Follow upto 5 redirects +max-redirects: 5 +``` + + +
+ +
+ +
+ +pipeline-concurrent-connections int + +
+
+ +PipelineConcurrentConnections is number of connections to create during pipelining. + + + +Examples: + + +```yaml +# Create 40 concurrent connections +pipeline-concurrent-connections: 40 +``` + + +
+ +
+ +
+ +pipeline-requests-per-connection int + +
+
+ +PipelineRequestsPerConnection is number of requests to send per connection when pipelining. + + + +Examples: + + +```yaml +# Send 100 requests per pipeline connection +pipeline-requests-per-connection: 100 +``` + + +
+ +
+ +
+ +threads int + +
+
+ +Threads specifies number of threads to use sending requests. This enables Connection Pooling. + +Connection: Close attribute must not be used in request while using threads flag, otherwise +pooling will fail and engine will continue to close connections after requests. + + + +Examples: + + +```yaml +# Send requests using 10 concurrent threads +threads: 10 +``` + + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of http response body to read in bytes. + + + +Examples: + + +```yaml +# Read max 2048 bytes of the response +max-size: 2048 +``` + + +
+ +
+ +
+ +cookie-reuse bool + +
+
+ +CookieReuse is an optional setting that enables cookie reuse for +all requests defined in raw section. + +
+ +
+ +
+ +redirects bool + +
+
+ +Redirects specifies whether redirects should be followed by the HTTP Client. + +This can be used in conjunction with `max-redirects` to control the HTTP request redirects. + +
+ +
+ +
+ +pipeline bool + +
+
+ +Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining + +All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. + +
+ +
+ +
+ +unsafe bool + +
+
+ +Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. + +This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete +control over the request, with no normalization performed by the client. + +
+ +
+ +
+ +race bool + +
+
+ +Race determines if all the request have to be attempted at the same time (Race Condition) + +The actual number of requests that will be sent is determined by the `race_count` field. + +
+ +
+ +
+ +req-condition bool + +
+
+ +ReqCondition automatically assigns numbers to requests and preserves their history. + +This allows matching on them later for multi-request conditions. + +
+ +
+ + + + + +## matchers.Matcher +Matcher is used to match a part in the output from a protocol. + +Appears in: + + +- http.Request.matchers + +- dns.Request.matchers + +- file.Request.matchers + +- network.Request.matchers + +- headless.Request.matchers + + + +
+ +
+ +type string + +
+
+ +Type is the type of the matcher. + + +Valid values: + + + - status + + - size + + - word + + - regex + + - binary + + - dsl +
+ +
+ +
+ +condition string + +
+
+ +Condition is the optional condition between two matcher variables. By default, +the condition is assumed to be OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to match data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +negative bool + +
+
+ +Negative specifies if the match should be reversed +It will only match if the condition is not true. + +
+ +
+ +
+ +name string + +
+
+ +Name of the matcher. Name should be lowercase and must not contain +spaces or dashes (-). + + + +Examples: + + +```yaml +name: cookie-matcher +``` + + +
+ +
+ +
+ +status []int + +
+
+ +Status are the acceptable status codes for the response. + + + +Examples: + + +```yaml +status: + - 200 + - 302 +``` + + +
+ +
+ +
+ +size []int + +
+
+ +Size is the acceptable size for the response + + + +Examples: + + +```yaml +size: + - 3029 + - 2042 +``` + + +
+ +
+ +
+ +words []string + +
+
+ +Words contains word patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for outlook mail protection domain +words: + - mail.protection.outlook.com +``` + +```yaml +# Match for application/json in response headers +words: + - application/json +``` + + +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains Regular Expression patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Linkerd Service via Regex +regex: + - (?mi)^Via\\s*?:.*?linkerd.*$ +``` + +```yaml +# Match for Open Redirect via Location header +regex: + - (?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$ +``` + + +
+ +
+ +
+ +binary []string + +
+
+ +Binary are the binary patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte" +binary: + - 4a4156412050524f46494c45 + - 4850524f46 + - 1f8b080000000000 +``` + +```yaml +# Match for 7zip files +binary: + - 377ABCAF271C +``` + + +
+ +
+ +
+ +dsl []string + +
+
+ +DSL are the dsl expressions that will be evaluated as part of nuclei matching rules. +A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/). + + + +Examples: + + +```yaml +# DSL Matcher for package.json file +dsl: + - contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200 +``` + +```yaml +# DSL Matcher for missing strict transport security header +dsl: + - '!contains(tolower(all_headers), ''''strict-transport-security'''')' +``` + + +
+ +
+ +
+ +encoding string + +
+
+ +Encoding specifies the encoding for the words field if any. + + +Valid values: + + + - hex +
+ +
+ + + + + +## extractors.Extractor +Extractor is used to extract part of response using a regex. + +Appears in: + + +- http.Request.extractors + +- dns.Request.extractors + +- file.Request.extractors + +- network.Request.extractors + +- headless.Request.extractors + + + +
+ +
+ +name string + +
+
+ +Name of the extractor. Name should be lowercase and must not contain +spaces or dashes (-). + + + +Examples: + + +```yaml +name: cookie-extractor +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of the extractor. + + +Valid values: + + + - regex + + - kval +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains the regular expression patterns to exract from a part. + +Go regex engine does not supports lookaheads or lookbehinds, so as a result +they are also not supported in nuclei. + + + +Examples: + + +```yaml +# Braintree Access Token Regex +regex: + - access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32} +``` + +```yaml +# Wordpress Author Extraction regex +regex: + - Author:(?:[A-Za-z0-9 -\_="]+)? + +group int + +
+
+ +Group specifies a numbered group to extract from the regex. + + + +Examples: + + +```yaml +# Example Regex Group +group: 1 +``` + + +
+ +
+ +
+ +kval []string + +
+
+ +kval contains the key-value pairs required in the response. + +Each protocol exposes a lot of different data in response. The kval +extractor can be used to extract those key-value pairs. A list of +supported parts is available in docs for request types. + + + +Examples: + + +```yaml +# Extract Server Header From HTTP Response +kval: + - Server +``` + +```yaml +# Extracting value of PHPSESSID Cookie +kval: + - PHPSESSID +``` + + +
+ +
+ +
+ +json []string + +
+
+ +JSON allows using jq-style syntax to extract items from json response + + + +Examples: + + +```yaml +json: + - .[] | .id +``` + +```yaml +json: + - .batters | .batter | .[] | .id +``` + + +
+ +
+ +
+ +xpath []string + +
+
+ +XPath allows using xpath expressions to extract items from html response + + + +Examples: + + +```yaml +xpath: + - /html/body/div/p[2]/a +``` + +```yaml +xpath: + - .batters | .batter | .[] | .id +``` + + +
+ +
+ +
+ +attribute string + +
+
+ +Attribute is an optional attribute to extract from response XPath. + + + +Examples: + + +```yaml +attribute: href +``` + + +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to extract data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +internal bool + +
+
+ +Internal, when set to true will allow using the value extracted +in the next request for some protocols (like HTTP). + +
+ +
+ + + + + +## dns.Request +Request contains a DNS protocol request to be made from a template + +Appears in: + + +- Template.dns + + +```yaml +extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com +name: '{{FQDN}}' +type: CNAME +class: inet +retries: 2 +recursion: true +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the Hostname to make DNS request for. + +Generally, it is set to {{FQDN}} which is the domain we get from input. + + + +Examples: + + +```yaml +name: '{{FQDN}}' +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of DNS request to make. + + +Valid values: + + + - A + + - NS + + - CNAME + + - SOA + + - PTR + + - MX + + - TXT + + - AAAA +
+ +
+ +
+ +class string + +
+
+ +Class is the class of the DNS request. + +Usually it's enough to just leave it as INET. + + +Valid values: + + + - INET + + - CSNET + + - CHAOS + + - HESIOD + + - NONE + + - ANY +
+ +
+ +
+ +retries int + +
+
+ +Retries is the number of retries for the DNS request + + + +Examples: + + +```yaml +# Use a retry of 3 to 5 generally +retries: 5 +``` + + +
+ +
+ +
+ +recursion bool + +
+
+ +Recursion determines if resolver should recurse all records to get fresh results. + +
+ +
+ + + + + +## file.Request +Request contains a File matching mechanism for local disk operations. + +Appears in: + + +- Template.file + + +```yaml +extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} +extensions: + - all +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +extensions []string + +
+
+ +Extensions is the list of extensions to perform matching on. + + + +Examples: + + +```yaml +extensions: + - .txt + - .go + - .json +``` + + +
+ +
+ +
+ +denylist []string + +
+
+ +ExtensionDenylist is the list of file extensions to deny during matching. + +By default, it contains some non-interesting extensions that are hardcoded +in nuclei. + + + +Examples: + + +```yaml +denylist: + - .avi + - .mov + - .mp3 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of the file to run request on. + +By default, nuclei will process 5MB files and not go more than that. +It can be set to much lower or higher depending on use. + + + +Examples: + + +```yaml +max-size: 2048 +``` + + +
+ +
+ +
+ +no-recursive bool + +
+
+ +NoRecursive specifies whether to not do recursive checks if folders are provided. + +
+ +
+ + + + + +## network.Request +Request contains a Network protocol request to be made from a template + +Appears in: + + +- Template.network + + +```yaml +host: + - '{{Hostname}}' + - '{{Hostname}}:2181' +inputs: + - data: "envi\r\nquit\r\n" +read-size: 2048 +matchers: + - type: word + words: + - zookeeper.version +``` + +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +host []string + +
+
+ +Address is the address to send requests to. + +Usually it's set to `{{Hostname}}`. If you want to enable TLS for +TCP Connection, you can use `tls://{{Hostname}}`. + + + +Examples: + + +```yaml +host: + - '{{Hostname}}' +``` + + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +inputs []network.Input + +
+
+ +Inputs contains inputs for the network socket + +
+ +
+ +
+ +read-size int + +
+
+ +ReadSize is the size of response to read at the end + +Default value for read-size is 1024. + + + +Examples: + + +```yaml +read-size: 2048 +``` + + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## network.Input + +Appears in: + + +- network.Request.inputs + + + +
+ +
+ +data string + +
+
+ +Data is the data to send as the input. + +It supports DSL Helper Functions as well as normal expressions. + + + +Examples: + + +```yaml +data: TEST +``` + +```yaml +data: hex_decode('50494e47') +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of input specified in `data` field. + +Default value is text, but hex can be used for hex formatted data. + + +Valid values: + + + - hex + + - text +
+ +
+ +
+ +read int + +
+
+ +Read is the number of bytes to read from socket. + +This can be used for protcols which expected an immediate response. You can +read and write responses one after another and evetually perform matching +on every data captured with `name` attribute. + +The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. + + + +Examples: + + +```yaml +read: 1024 +``` + + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the data read to provide matching on. + + + +Examples: + + +```yaml +name: prefix +``` + + +
+ +
+ + + + + +## headless.Request +Request contains a Headless protocol request to be made from a template + +Appears in: + + +- Template.headless + + + +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +steps []engine.Action + +
+
+ +Steps is the list of actions to run for headless request + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## engine.Action +Action is an action taken by the browser to reach a navigation + + Each step that the browser executes is an action. Most navigations + usually start from the ActionLoadURL event, and further navigations + are discovered on the found page. We also keep track and only + scrape new navigation from pages we haven't crawled yet. + +Appears in: + + +- headless.Request.steps + + + +
+ +
+ +args map[string]string + +
+
+ +Args contain arguments for the headless action. +Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/). + +
+ +
+ +
+ +name string + +
+
+ +Name is the name assigned to the headless action. + +This can be used to execute code, for instance in browser +DOM using script action, and get the result in a variable +which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml). + +
+ +
+ +
+ +description string + +
+
+ +Description is the optional description of the headless action + +
+ +
+ +
+ +action string + +
+
+ +Action is the type of the action to perform. + + +Valid values: + + + - navigate + + - script + + - click + + - rightclick + + - text + + - screenshot + + - time + + - select + + - files + + - waitload + + - getresource + + - extract + + - setmethod + + - addheader + + - setheader + + - deleteheader + + - setbody + + - waitevent + + - keyboard + + - debug + + - sleep +
+ +
+ + + + + +## workflows.WorkflowTemplate + +Appears in: + + +- Template.workflows + +- workflows.WorkflowTemplate.subtemplates + +- workflows.Matcher.subtemplates + + + +
+ +
+ +template string + +
+
+ +Template is a single template or directory to execute as part of workflow. + + + +Examples: + + +```yaml +# A single template +template: dns/worksites-detection.yaml +``` + +```yaml +# A template directory +template: misconfigurations/aem +``` + + +
+ +
+ +
+ +tags model.StringSlice + +
+
+ +Tags to run templates based on. + +
+ +
+ +
+ +matchers []workflows.Matcher + +
+
+ +Matchers perform name based matching to run subtemplates for a workflow. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the `template` field Template matches. + +
+ +
+ + + + + +## workflows.Matcher + +Appears in: + + +- workflows.WorkflowTemplate.matchers + + + +
+ +
+ +name string + +
+
+ +Name is the name of the item to match. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the name of matcher matches. + +
+ +
+ + + +