From d04511494d90a0afe7dfd2030d56e13d2887e335 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 27 Jul 2021 16:03:56 +0530 Subject: [PATCH 01/17] Added new YAML based doc to structures --- v2/pkg/operators/extractors/extractors.go | 58 +++++++-- v2/pkg/operators/matchers/matchers.go | 97 +++++++++++--- v2/pkg/operators/operators.go | 21 ++- v2/pkg/protocols/dns/dns.go | 40 +++++- v2/pkg/protocols/file/file.go | 26 +++- v2/pkg/protocols/headless/engine/action.go | 44 ++++++- v2/pkg/protocols/headless/headless.go | 3 +- v2/pkg/protocols/http/http.go | 141 +++++++++++++++++---- v2/pkg/protocols/http/http_test.go | 1 - v2/pkg/protocols/network/network.go | 69 ++++++++-- v2/pkg/templates/templates.go | 50 ++++++-- v2/pkg/workflows/workflows.go | 26 +++- 12 files changed, 478 insertions(+), 98 deletions(-) diff --git a/v2/pkg/operators/extractors/extractors.go b/v2/pkg/operators/extractors/extractors.go index f593a1747..ff07fa010 100644 --- a/v2/pkg/operators/extractors/extractors.go +++ b/v2/pkg/operators/extractors/extractors.go @@ -4,28 +4,70 @@ import "regexp" // Extractor is used to extract part of response using a regex. type Extractor struct { - // Name is the extractor's name + // description: | + // Name of the extractor. Name should be lowercase and must not contain + // spaces or dashes (-). + // examples: + // - value: "\"cookie-extractor\"" Name string `yaml:"name,omitempty"` - // Type is the type of the extractor + // description: | + // Type is the type of the extractor. + // values: + // - "regex" + // - "kval" Type string `yaml:"type"` // extractorType is the internal type of the extractor extractorType ExtractorType - // Regex are the regex pattern required to be present in the response + // description: | + // Regex contains the regular expression patterns to exract from a part. + // + // Go regex engine does not supports lookaheads or lookbehinds, so as a result + // they are also not supported in nuclei. + // examples: + // - name: Braintree Access Token Regex + // value: > + // []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"} + // - name: Wordpress Author Extraction regex + // value: > + // []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"} Regex []string `yaml:"regex"` - // RegexGroup specifies a group to extract from the regex + // description: | + // Group specifies a numbered group to extract from the regex. + // examples: + // - name: Example Regex Group + // - value: "1" RegexGroup int `yaml:"group"` // regexCompiled is the compiled variant regexCompiled []*regexp.Regexp - // KVal are the kval to be present in the response headers/cookies + // description: | + // kval contains the key-value pairs required in the response. + // + // Each protocol exposes a lot of different data in response. The kval + // extractor can be used to extract those key-value pairs. A list of + // supported parts is available in docs for request types. + // examples: + // - name: Extract Server Header From HTTP Response + // value: > + // []string{"Server"} + // - name: Extracting value of PHPSESSID Cookie + // value: > + // []string{"PHPSESSID"} KVal []string `yaml:"kval,omitempty"` - // Part is the part of the request to match + // description: | + // Part is the part of the request response to extract data from. // - // By default, matching is performed in request body. + // Each protocol exposes a lot of different parts which are well + // documented in docs for each request type. + // examples: + // - value: "\"body\"" + // - value: "\"raw\"" Part string `yaml:"part,omitempty"` - // Internal defines if this is used internally + // description: | + // Internal, when set to true will allow using the value extracted + // in the next request for some protocols (like HTTP). Internal bool `yaml:"internal,omitempty"` } diff --git a/v2/pkg/operators/matchers/matchers.go b/v2/pkg/operators/matchers/matchers.go index 2a13b6a1e..c8484c0ca 100644 --- a/v2/pkg/operators/matchers/matchers.go +++ b/v2/pkg/operators/matchers/matchers.go @@ -8,35 +8,102 @@ import ( // Matcher is used to match a part in the output from a protocol. type Matcher struct { - // Type is the type of the matcher + // description: | + // Type is the type of the matcher. + // values: + // - "status" + // - "size" + // - "word" + // - "regex" + // - "binary" + // - "dsl" Type string `yaml:"type"` - // Condition is the optional condition between two matcher variables - // - // By default, the condition is assumed to be OR. + // description: | + // Condition is the optional condition between two matcher variables. By default, + // the condition is assumed to be OR. + // values: + // - "and" + // - "or" Condition string `yaml:"condition,omitempty"` - // Part is the part of the data to match + // description: | + // Part is the part of the request response to match data from. + // + // Each protocol exposes a lot of different parts which are well + // documented in docs for each request type. + // examples: + // - value: "\"body\"" + // - value: "\"raw\"" Part string `yaml:"part,omitempty"` - // Negative specifies if the match should be reversed - // It will only match if the condition is not true. + // description: | + // Negative specifies if the match should be reversed + // It will only match if the condition is not true. Negative bool `yaml:"negative,omitempty"` - // Name is matcher Name + // description: | + // Name of the matcher. Name should be lowercase and must not contain + // spaces or dashes (-). + // examples: + // - value: "\"cookie-matcher\"" Name string `yaml:"name,omitempty"` - // Status are the acceptable status codes for the response + // description: | + // Status are the acceptable status codes for the response. + // examples: + // - value: > + // []int{200, 302} Status []int `yaml:"status,omitempty"` - // Size is the acceptable size for the response + // description: | + // Size is the acceptable size for the response + // examples: + // - value: > + // []int{3029, 2042} Size []int `yaml:"size,omitempty"` - // Words are the words required to be present in the response + // description: | + // Words contains word patterns required to be present in the response part. + // examples: + // - name: Match for outlook mail protection domain + // value: > + // []string{"mail.protection.outlook.com"} + // - name: Match for application/json in response headers + // value: > + // []string{"application/json"} Words []string `yaml:"words,omitempty"` - // Regex are the regex pattern required to be present in the response + // description: | + // Regex contains Regular Expression patterns required to be present in the response part. + // examples: + // - name: Match for Linkerd Service via Regex + // value: > + // []string{`(?mi)^Via\\s*?:.*?linkerd.*$`} + // - name: Match for Open Redirect via Location header + // value: > + // []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`} Regex []string `yaml:"regex,omitempty"` - // Binary are the binary characters required to be present in the response + // description: | + // Binary are the binary patterns required to be present in the response part. + // examples: + // - name: Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte" + // value: > + // []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"} + // - name: Match for 7zip files + // value: > + // []string{"377ABCAF271C"} Binary []string `yaml:"binary,omitempty"` - // DSL are the dsl queries + // description: | + // DSL are the dsl expressions that will be evaluated as part of nuclei matching rules. + // A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/). + // examples: + // - name: DSL Matcher for package.json file + // value: > + // []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"} + // - name: DSL Matcher for missing strict transport security header + // value: > + // []string{"!contains(tolower(all_headers), ''strict-transport-security'')"} DSL []string `yaml:"dsl,omitempty"` - // Encoding specifies the encoding for the word content if any. + // description: | + // Encoding specifies the encoding for the words field if any. + // values: + // - "hex" Encoding string `yaml:"encoding,omitempty"` // cached data for the compiled matcher diff --git a/v2/pkg/operators/operators.go b/v2/pkg/operators/operators.go index 2497fa494..26149f959 100644 --- a/v2/pkg/operators/operators.go +++ b/v2/pkg/operators/operators.go @@ -8,14 +8,23 @@ import ( // Operators contains the operators that can be applied on protocols type Operators struct { - // Matchers contains the detection mechanism for the request to identify - // whether the request was successful + // description: | + // Matchers contains the detection mechanism for the request to identify + // whether the request was successful by doing pattern matching + // on request/responses. + // + // Multiple matchers can be combined together with `matcher-condition` flag + // which accepts either `and` or `or` as argument. Matchers []*matchers.Matcher `yaml:"matchers,omitempty"` - // Extractors contains the extraction mechanism for the request to identify - // and extract parts of the response. + // description: | + // Extractors contains the extraction mechanism for the request to identify + // and extract parts of the response. Extractors []*extractors.Extractor `yaml:"extractors,omitempty"` - // MatchersCondition is the condition of the matchers - // whether to use AND or OR. Default is OR. + // description: | + // MatchersCondition is the condition between the matchers. Default is OR. + // values: + // - "and" + // - "or" MatchersCondition string `yaml:"matchers-condition,omitempty"` // cached variables that may be used along with request. matchersCondition matchers.ConditionType diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index 0538186f9..571a4c83d 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -20,13 +20,42 @@ type Request struct { ID string `yaml:"id"` - // Path contains the path/s for the request + // description: | + // Name is the Hostname to make DNS request for. + // + // Generally, it is set to {{FQDN}} which is the domain we get from input. + // examples: + // - value: "\"{{FQDN}}\"" Name string `yaml:"name"` - // Type is the type of DNS request to make + // description: | + // Type is the type of DNS request to make. + // values: + // - "A" + // - "NS" + // - "CNAME" + // - "SOA" + // - "PTR" + // - "MX" + // - "TXT" + // - "AAAA" Type string `yaml:"type"` - // Class is the class of the DNS request + // description: | + // Class is the class of the DNS request. + // + // Usually it's enough to just leave it as INET. + // values: + // - "INET" + // - "CSNET" + // - "CHAOS" + // - "HESIOD" + // - "NONE" + // - "ANY" Class string `yaml:"class"` - // Retries is the number of retries for the DNS request + // description: | + // Retries is the number of retries for the DNS request + // examples: + // - name: Use a retry of 3 to 5 generally + // value: 5 Retries int `yaml:"retries"` CompiledOperators *operators.Operators @@ -37,7 +66,8 @@ type Request struct { class uint16 question uint16 - // Recursion specifies whether to recurse all the answers. + // description: | + // Recursion determines if resolver should recurse all records to get fresh results. Recursion bool `yaml:"recursion"` } diff --git a/v2/pkg/protocols/file/file.go b/v2/pkg/protocols/file/file.go index d5b810184..81643c10a 100644 --- a/v2/pkg/protocols/file/file.go +++ b/v2/pkg/protocols/file/file.go @@ -12,16 +12,29 @@ import ( type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` - // Extensions is the list of extensions to perform matching on. + // description: | + // Extensions is the list of extensions to perform matching on. + // examples: + // - value: '[]string{".txt", ".go", ".json"}' Extensions []string `yaml:"extensions"` - // ExtensionDenylist is the list of file extensions to deny during matching. + // description: | + // ExtensionDenylist is the list of file extensions to deny during matching. + // + // By default, it contains some non-interesting extensions that are hardcoded + // in nuclei. + // examples: + // - value: '[]string{".avi", ".mov", ".mp3"}' ExtensionDenylist []string `yaml:"denylist"` ID string `yaml:"id"` - // MaxSize is the maximum size of the file to run request on. - // By default, nuclei will process 5MB files and not go more than that. - // It can be set to much lower or higher depending on use. + // description: | + // MaxSize is the maximum size of the file to run request on. + // + // By default, nuclei will process 5MB files and not go more than that. + // It can be set to much lower or higher depending on use. + // examples: + // - value: 2048 MaxSize int `yaml:"max-size"` CompiledOperators *operators.Operators @@ -30,7 +43,8 @@ type Request struct { extensions map[string]struct{} extensionDenylist map[string]struct{} - // NoRecursive specifies whether to not do recursive checks if folders are provided. + // description: | + // NoRecursive specifies whether to not do recursive checks if folders are provided. NoRecursive bool `yaml:"no-recursive"` allExtensions bool diff --git a/v2/pkg/protocols/headless/engine/action.go b/v2/pkg/protocols/headless/engine/action.go index 3c5296adf..6ad6973f2 100644 --- a/v2/pkg/protocols/headless/engine/action.go +++ b/v2/pkg/protocols/headless/engine/action.go @@ -109,10 +109,46 @@ var ActionToActionString = map[ActionType]string{ // are discovered on the found page. We also keep track and only // scrape new navigation from pages we haven't crawled yet. type Action struct { - Data map[string]string `yaml:"args,omitempty"` - Name string `yaml:"name,omitempty"` - Description string `yaml:"description,omitempty"` - ActionType string `yaml:"action"` + // description: + // Args contain arguments for the headless action. + // + // Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/). + Data map[string]string `yaml:"args,omitempty"` + // description: | + // Name is the name assigned to the headless action. + // + // This can be used to execute code, for instance in browser + // DOM using script action, and get the result in a variable + // which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml). + Name string `yaml:"name,omitempty"` + // description: | + // Description is the optional description of the headless action + Description string `yaml:"description,omitempty"` + // description: | + // Action is the type of the action to perform. + // values: + // - "navigate" + // - "script" + // - "click" + // - "rightclick" + // - "text" + // - "screenshot" + // - "time" + // - "select" + // - "files" + // - "waitload" + // - "getresource" + // - "extract" + // - "setmethod" + // - "addheader" + // - "setheader" + // - "deleteheader" + // - "setbody" + // - "waitevent" + // - "keyboard" + // - "debug" + // - "sleep" + ActionType string `yaml:"action"` } // String returns the string representation of an action diff --git a/v2/pkg/protocols/headless/headless.go b/v2/pkg/protocols/headless/headless.go index 77a369311..e33effa6c 100644 --- a/v2/pkg/protocols/headless/headless.go +++ b/v2/pkg/protocols/headless/headless.go @@ -11,7 +11,8 @@ import ( type Request struct { ID string `yaml:"id"` - // Steps is the list of actions to run for headless request + // description: | + // Steps is the list of actions to run for headless request Steps []*engine.Action `yaml:"steps"` // Operators for the current request go here. diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index ecd297f8d..eae261f54 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -16,36 +16,110 @@ import ( type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` - // Path contains the path/s for the request + // description: | + // Path contains the path/s for the HTTP requests. It supports variables + // as placeholders. + // examples: + // - name: Some example path values + // value: > + // []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"} Path []string `yaml:"path"` - // Raw contains raw requests + // description: | + // Raw contains HTTP Requests in Raw format. + // examples: + // - name: Some example raw requests + // value: | + // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw"` - ID string `yaml:"id"` - // Name is the name of the request + // docgen:nodoc + ID string `yaml:"-"` + // description: | + // Name is the optional name of the request. + // + // If a name is specified, all the named request in a template can be matched upon + // in a combined manner allowing multirequest based matchers. Name string `yaml:"Name"` - // AttackType is the attack type - // Sniper, PitchFork and ClusterBomb. Default is Sniper + // description: | + // Attack is the type of payload combinations to perform. + // + // Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates + // permutations and combinations for all payloads. + // values: + // - "sniper" + // - "pitchfork" + // - "clusterbomb" AttackType string `yaml:"attack"` - // Method is the request method, whether GET, POST, PUT, etc + // description: | + // Method is the HTTP Request Method. + // values: + // - "GET" + // - "POST" + // - "PUT" + // - "DELETE" Method string `yaml:"method"` - // Body is an optional parameter which contains the request body for POST methods, etc + // description: | + // Body is an optional parameter which contains HTTP Request body. + // examples: + // - name: Same Body for a Login POST request + // value: "\"username=test&password=test\"" Body string `yaml:"body"` - // Path contains the path/s for the request variables + // description: | + // Payloads contains any payloads for the current request. + // + // Payloads support both key-values combinations where a list + // of payloads is provided, or optionally a single file can also + // be provided as payload which will be read on run-time. + // examples: + // - name: A payload list for Tomcat Bruteforce + // value: exampleTomcatUserPassPayload + // - name: A payload example of reading from file + // value: exampleFileBasedPayload Payloads map[string]interface{} `yaml:"payloads"` - // Headers contains headers to send with the request + // description: | + // Headers contains HTTP Headers to send with the request. + // examples: + // - value: | + // map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"} Headers map[string]string `yaml:"headers"` - // RaceNumberRequests is the number of same request to send in race condition attack + // description: | + // RaceCount is the number of times to send a request in Race Condition Attack. + // examples: + // - name: Send a request 5 times + // value: "5" RaceNumberRequests int `yaml:"race_count"` - // MaxRedirects is the maximum number of redirects that should be followed. + // description: | + // MaxRedirects is the maximum number of redirects that should be followed. + // examples: + // - name: Follow upto 5 redirects + // value: "5" MaxRedirects int `yaml:"max-redirects"` - // PipelineConcurrentConnections is number of connections in pipelining + // description: | + // PipelineConcurrentConnections is number of connections to create during pipelining. + // examples: + // - name: Create 40 concurrent connections + // value: 40 PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections"` - // PipelineRequestsPerConnection is number of requests in pipelining + // description: | + // PipelineRequestsPerConnection is number of requests to send per connection when pipelining. + // examples: + // - name: Send 100 requests per pipeline connection + // value: 100 PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection"` - // Threads specifies number of threads for sending requests + // description: | + // Threads specifies number of threads to use sending requests. This enables Connection Pooling. + // + // Connection: Close attribute must not be used in request while using threads flag, otherwise + // pooling will fail and engine will continue to close connections after requests. + // examples: + // - name: Send requests using 10 concurrent threads + // value: 10 Threads int `yaml:"threads"` - // MaxSize is the maximum size of http response body to read in bytes. + // description: | + // MaxSize is the maximum size of http response body to read in bytes. + // examples: + // - name: Read max 2048 bytes of the response + // value: 2048 MaxSize int `yaml:"max-size"` CompiledOperators *operators.Operators @@ -57,21 +131,36 @@ type Request struct { generator *generators.Generator // optional, only enabled when using payloads httpClient *retryablehttp.Client rawhttpClient *rawhttp.Client - // CookieReuse is an optional setting that makes cookies shared within requests + + // description: | + // CookieReuse is an optional setting that enables cookie reuse for + // all requests defined in raw section. CookieReuse bool `yaml:"cookie-reuse"` - // Redirects specifies whether redirects should be followed. + // description: | + // Redirects specifies whether redirects should be followed by the HTTP Client. + // + // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. Redirects bool `yaml:"redirects"` - // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining (race conditions/billions requests) - // All requests must be indempotent (GET/POST) + // description: | + // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining + // + // All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. Pipeline bool `yaml:"pipeline"` - // Specify in order to skip request RFC normalization + // description: | + // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. + // + // This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete + // control over the request, with no normalization performed by the client. Unsafe bool `yaml:"unsafe"` - // Race determines if all the request have to be attempted at the same time - // The minimum number of requests is determined by threads + // description: | + // Race determines if all the request have to be attempted at the same time (Race Condition) + // + // The actual number of requests that will be sent is determined by the `race_count` field. Race bool `yaml:"race"` - // ReqCondition automatically assigns numbers to requests and preserves - // their history for being matched at the end. - // Currently only works with sequential http requests. + // description: | + // ReqCondition automatically assigns numbers to requests and preserves their history. + // + // This allows matching on them later for multi-request conditions. ReqCondition bool `yaml:"req-condition"` } diff --git a/v2/pkg/protocols/http/http_test.go b/v2/pkg/protocols/http/http_test.go index 9cc22a7c8..1cf6b561f 100644 --- a/v2/pkg/protocols/http/http_test.go +++ b/v2/pkg/protocols/http/http_test.go @@ -14,7 +14,6 @@ func TestHTTPCompile(t *testing.T) { testutils.Init(options) templateID := "testing-http" request := &Request{ - ID: templateID, Name: "testing", Payloads: map[string]interface{}{ "username": []string{"admin"}, diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 196fcbcde..40619fca5 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -17,19 +17,44 @@ import ( type Request struct { ID string `yaml:"id"` - // Address is the address to send requests to (host:port:tls combos generally) + // description: | + // Address is the address to send requests to. + // + // Usually it's set to `{{Hostname}}`. If you want to enable TLS for + // TCP Connection, you can use `tls://{{Hostname}}`. + // examples: + // - value: | + // []string{"{{Hostname}}"} Address []string `yaml:"host"` addresses []addressKV - // AttackType is the attack type - // Sniper, PitchFork and ClusterBomb. Default is Sniper + // description: | + // Attack is the type of payload combinations to perform. + // + // Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates + // permutations and combinations for all payloads. + // values: + // - "sniper" + // - "pitchfork" + // - "clusterbomb" AttackType string `yaml:"attack"` - // Path contains the path/s for the request variables + // description: | + // Payloads contains any payloads for the current request. + // + // Payloads support both key-values combinations where a list + // of payloads is provided, or optionally a single file can also + // be provided as payload which will be read on run-time. Payloads map[string]interface{} `yaml:"payloads"` - // Payload is the payload to send for the network request + // description: | + // Inputs contains inputs for the network socket Inputs []*Input `yaml:"inputs"` - // ReadSize is the size of response to read (1024 if not provided by default) + // description: | + // ReadSize is the size of response to read at the end + // + // Default value for read-size is 1024. + // examples: + // - value: "2048" ReadSize int `yaml:"read-size"` // Operators for the current request go here. @@ -51,13 +76,37 @@ type addressKV struct { // Input is the input to send on the network type Input struct { - // Data is the data to send as the input + // description: | + // Data is the data to send as the input. + // + // It supports DSL Helper Functions as well as normal expressions. + // examples: + // - value: "\"TEST\"" + // - value: "\"hex_decode('50494e47')\"" Data string `yaml:"data"` - // Type is the type of input - hex, text. + // description: | + // Type is the type of input specified in `data` field. + // + // Default value is text, but hex can be used for hex formatted data. + // values: + // - "hex" + // - "text" Type string `yaml:"type"` - // Read is the number of bytes to read from socket + // description: | + // Read is the number of bytes to read from socket. + // + // This can be used for protcols which expected an immediate response. You can + // read and write responses one after another and evetually perform matching + // on every data captured with `name` attribute. + // + // The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. + // examples: + // - value: "1024" Read int `yaml:"read"` - // Name is the optional name of the input to provide matching on + // description: | + // Name is the optional name of the data read to provide matching on. + // examples: + // - value: "\"prefix\"" Name string `yaml:"name"` } diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 12c135e4f..1696cd0ad 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -10,24 +10,56 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/workflows" ) -// Template is a request template parsed from a yaml file +var ( + exampleTomcatUserPassPayload = map[string]interface{}{ + "username": []string{"tomcat", "admin"}, + "password": []string{"tomcat", "admin", "password"}, + } + exampleFileBasedPayload = map[string]interface{}{ + "data": "helpers/payloads/command-injection.txt", + } +) + +// Template is a YAML input file which defines the requests and +// others metadata for a scan template. type Template struct { - // ID is the unique id for the template + // description: | + // ID is the unique id for the template. IDs must be lowercase + // and must not contain spaces in it. + // + // #### Good IDs + // + // A good ID unqiuely identifies what the requests in the template + // are doing. Let's say you have a template that identifies a git-config + // file on the webservers, a good name would be `git-config-exposure`. Another + // example name is `azure-apps-nxdomain-takeover`. + // examples: + // - name: ID Example + // value: "\"cve-2021-19520\"" ID string `yaml:"id"` - // Info contains information about the template + // description: | + // Info contains metadata information about the template. At minimum, it + // should contain `name`, `author`, `severity`, `description`, `tags`. Optionally + // you can also specify a list of `references` for the template. Info map[string]interface{} `yaml:"info"` - // RequestsHTTP contains the http request to make in the template + // description: | + // Requests contains the http request to make in the template RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests"` - // RequestsDNS contains the dns request to make in the template + // description: | + // DNS contains the dns request to make in the template RequestsDNS []*dns.Request `yaml:"dns,omitempty" json:"dns"` - // RequestsFile contains the file request to make in the template + // description: | + // File contains the file request to make in the template RequestsFile []*file.Request `yaml:"file,omitempty" json:"file"` - // RequestsNetwork contains the network request to make in the template + // description: | + // Network contains the network request to make in the template RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network"` - // RequestsHeadless contains the headless request to make in the template. + // description: | + // Headless contains the headless request to make in the template. RequestsHeadless []*headless.Request `yaml:"headless,omitempty" json:"headless"` - // Workflows is a yaml based workflow declaration code. + // description: | + // Workflows is a yaml based workflow declaration code. workflows.Workflow `yaml:",inline,omitempty"` CompiledWorkflow *workflows.Workflow `yaml:"-" json:"-" jsonschema:"-"` diff --git a/v2/pkg/workflows/workflows.go b/v2/pkg/workflows/workflows.go index caae63a6d..183093fce 100644 --- a/v2/pkg/workflows/workflows.go +++ b/v2/pkg/workflows/workflows.go @@ -4,7 +4,8 @@ import "github.com/projectdiscovery/nuclei/v2/pkg/protocols" // Workflow is a workflow to execute with chained requests, etc. type Workflow struct { - // Workflows is a yaml based workflow declaration code. + // description: | + // Workflows is a list of workflows to execute for a template. Workflows []*WorkflowTemplate `yaml:"workflows,omitempty"` Options *protocols.ExecuterOptions @@ -12,13 +13,22 @@ type Workflow struct { // WorkflowTemplate is a template to be ran as part of a workflow type WorkflowTemplate struct { - // Template is the template to run + // description: | + // Template is a single template or directory to execute as part of workflow. + // examples: + // - name: A single template + // value: "\"dns/worksites-detection.yaml\"" + // - name: A template directory + // value: "\"misconfigurations/aem\"" Template string `yaml:"template"` - // Tags to perform filtering of supplied templates on + // description: | + // Tags to run templates based on. Tags string `yaml:"tags"` - // Matchers perform name based matching to run subtemplates for a workflow. + // description: | + // Matchers perform name based matching to run subtemplates for a workflow. Matchers []*Matcher `yaml:"matchers"` - // Subtemplates are ran if the template matches. + // description: | + // Subtemplates are ran if the `template` field Template matches. Subtemplates []*WorkflowTemplate `yaml:"subtemplates"` // Executers perform the actual execution for the workflow template Executers []*ProtocolExecuterPair @@ -32,8 +42,10 @@ type ProtocolExecuterPair struct { // Matcher performs conditional matching on the workflow template results. type Matcher struct { - // Name is the name of the item to match. + // description: | + // Name is the name of the item to match. Name string `yaml:"name"` - // Subtemplates are ran if the name of matcher matches. + // description: | + // Subtemplates are ran if the name of matcher matches. Subtemplates []*WorkflowTemplate `yaml:"subtemplates"` } From 2ea47fe386167375f1b4f84db6789655eec86736 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 3 Aug 2021 20:33:12 +0530 Subject: [PATCH 02/17] Fixed integration test --- v2/pkg/protocols/http/http.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index eae261f54..0f79c701d 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -32,7 +32,7 @@ type Request struct { // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw"` // docgen:nodoc - ID string `yaml:"-"` + ID string `yaml:"id"` // description: | // Name is the optional name of the request. // From 2d0c711638fcc9708e9d882053b58c1cfef750f6 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 3 Aug 2021 20:36:26 +0530 Subject: [PATCH 03/17] Fixed lint errors --- v2/pkg/templates/templates.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 1696cd0ad..f3bef13c1 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -15,9 +15,11 @@ var ( "username": []string{"tomcat", "admin"}, "password": []string{"tomcat", "admin", "password"}, } + _ = exampleTomcatUserPassPayload exampleFileBasedPayload = map[string]interface{}{ "data": "helpers/payloads/command-injection.txt", } + _ = exampleFileBasedPayload ) // Template is a YAML input file which defines the requests and @@ -29,7 +31,7 @@ type Template struct { // // #### Good IDs // - // A good ID unqiuely identifies what the requests in the template + // A good ID uniquely identifies what the requests in the template // are doing. Let's say you have a template that identifies a git-config // file on the webservers, a good name would be `git-config-exposure`. Another // example name is `azure-apps-nxdomain-takeover`. From 8130a76ff1d9dbb3c0dfe1c6109e12944c94f23e Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 3 Aug 2021 20:36:56 +0530 Subject: [PATCH 04/17] Misc --- v2/pkg/templates/templates.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index f3bef13c1..73636ad07 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -10,16 +10,15 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/workflows" ) +// nolint:deadcode // this is intentional var ( exampleTomcatUserPassPayload = map[string]interface{}{ "username": []string{"tomcat", "admin"}, "password": []string{"tomcat", "admin", "password"}, } - _ = exampleTomcatUserPassPayload exampleFileBasedPayload = map[string]interface{}{ "data": "helpers/payloads/command-injection.txt", } - _ = exampleFileBasedPayload ) // Template is a YAML input file which defines the requests and From c9ad9cdff4477cef37294bda173dc11b95eb9cf0 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 3 Aug 2021 20:40:00 +0530 Subject: [PATCH 05/17] Updated examples --- v2/pkg/protocols/http/http.go | 11 +++++++++-- v2/pkg/templates/templates.go | 11 ----------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 0f79c701d..ff285a40f 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -71,9 +71,16 @@ type Request struct { // be provided as payload which will be read on run-time. // examples: // - name: A payload list for Tomcat Bruteforce - // value: exampleTomcatUserPassPayload + // value: > + // map[string]interface{}{ + // "username": []string{"tomcat", "admin"}, + // "password": []string{"tomcat", "admin", "password"}, + // } // - name: A payload example of reading from file - // value: exampleFileBasedPayload + // value: > + // map[string]interface{}{ + // "data": "helpers/payloads/command-injection.txt", + // } Payloads map[string]interface{} `yaml:"payloads"` // description: | // Headers contains HTTP Headers to send with the request. diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 73636ad07..e358c1a2a 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -10,17 +10,6 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/workflows" ) -// nolint:deadcode // this is intentional -var ( - exampleTomcatUserPassPayload = map[string]interface{}{ - "username": []string{"tomcat", "admin"}, - "password": []string{"tomcat", "admin", "password"}, - } - exampleFileBasedPayload = map[string]interface{}{ - "data": "helpers/payloads/command-injection.txt", - } -) - // Template is a YAML input file which defines the requests and // others metadata for a scan template. type Template struct { From 334243d16071e1d56abefd81b3b3ebd5861779b1 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Tue, 3 Aug 2021 22:33:50 +0530 Subject: [PATCH 06/17] Adding documentation generation to nuclei --- .gitignore | 3 +- v2/Makefile | 4 + v2/cmd/docgen/docgen.go | 20 + v2/go.mod | 1 + v2/go.sum | 21 + v2/pkg/protocols/dns/dns.go | 1 + v2/pkg/protocols/file/file.go | 1 + v2/pkg/protocols/headless/headless.go | 1 + v2/pkg/protocols/http/http.go | 2 +- v2/pkg/protocols/network/network.go | 1 + v2/pkg/templates/templates.go | 1 + v2/pkg/templates/templates_doc.go | 893 ++++++++++++++++++++++++++ v2/pkg/templates/templates_test.go | 1 + 13 files changed, 948 insertions(+), 2 deletions(-) create mode 100644 v2/cmd/docgen/docgen.go create mode 100644 v2/pkg/templates/templates_doc.go create mode 100644 v2/pkg/templates/templates_test.go diff --git a/.gitignore b/.gitignore index e812e00d2..520e34e1b 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,5 @@ v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser v2/cmd/functional-test/nuclei_dev v2/cmd/functional-test/nuclei_main -v2/cmd/functional-test/functional-test \ No newline at end of file +v2/cmd/functional-test/functional-test +v2/cmd/docgen/docgen \ No newline at end of file diff --git a/v2/Makefile b/v2/Makefile index 247e7de43..5d3e30536 100644 --- a/v2/Makefile +++ b/v2/Makefile @@ -8,6 +8,10 @@ GOGET=$(GOCMD) get all: build build: $(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go +docs: + $(GOCMD) generate pkg/templates/templates.go + $(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go + ./cmd/docgen/docgen docs.md test: $(GOTEST) -v ./... tidy: diff --git a/v2/cmd/docgen/docgen.go b/v2/cmd/docgen/docgen.go new file mode 100644 index 000000000..907fc3da8 --- /dev/null +++ b/v2/cmd/docgen/docgen.go @@ -0,0 +1,20 @@ +package main + +import ( + "io/ioutil" + "log" + "os" + + "github.com/projectdiscovery/nuclei/v2/pkg/templates" +) + +func main() { + data, err := templates.GetTemplateDoc().Encode() + if err != nil { + log.Fatalf("Could not encode docs: %s\n", err) + } + err = ioutil.WriteFile(os.Args[1], data, 0777) + if err != nil { + log.Fatalf("Could not write docs: %s\n", err) + } +} diff --git a/v2/go.mod b/v2/go.mod index 766add0b8..658e87b44 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -38,6 +38,7 @@ require ( github.com/projectdiscovery/retryabledns v1.0.10 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d + github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a // indirect github.com/remeh/sizedwaitgroup v1.0.0 github.com/rivo/uniseg v0.2.0 // indirect github.com/rs/xid v1.2.1 diff --git a/v2/go.sum b/v2/go.sum index e5fcc17ee..27ecf2b5e 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -70,6 +70,11 @@ github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkb github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= +github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= +github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= +github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8= +github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -149,6 +154,7 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -286,6 +292,8 @@ github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b072 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727/go.mod h1:dx//aY9V247qHdsRf0vdWHTBZuBQ2vm6Dq5dagxrDYI= github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d h1:nlOAex7twmrEqD5i6WLnugF9uO3DQ6jDEKN9gevrTAk= github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d/go.mod h1:TVSdZC0rRQeMIbsNSiGPhbmhyRtxqqtAGA9JiiNp2r4= +github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a h1:3mQRJkqj9TQiFMm3vQZAwrxImPov4gw8LBifyfCZGsg= +github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e h1:ZT3wZ92sp/EHEE/HcFCWCsYS3ROLjHb6EqSX8qYrgXw= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e/go.mod h1:GkLsdH1RZj6RDKeI9A05NGZYmEZQ/PbQcZPnZoSZuYI= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -296,6 +304,7 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/segmentio/ksuid v1.0.3 h1:FoResxvleQwYiPAVKe1tMUlEirodZqlqglIuFsdDntY= @@ -362,6 +371,7 @@ github.com/ysmood/leakless v0.6.12/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNq github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zclconf/go-cty v1.8.2 h1:u+xZfBKgpycDnTNjPhGiTEYZS5qS/Sb5MqSfm7vzcjg= github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -377,6 +387,7 @@ go.uber.org/ratelimit v0.1.0 h1:U2AruXqeTb4Eh9sYQSTrMhH8Cb7M0Ian2ibBOnBcnAw= go.uber.org/ratelimit v0.1.0/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= +golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -418,6 +429,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -447,6 +459,7 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210521195947-fe42d452be8f h1:Si4U+UcgJzya9kpiEUJKQvjr512OLli+gL4poHrz93U= golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -469,6 +482,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -499,8 +513,10 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201113233024-12cec1faf1ba/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -556,12 +572,15 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -654,6 +673,7 @@ gopkg.in/corvus-ch/zbase32.v1 v1.0.0/go.mod h1:T3oKkPOm4AV/bNXCNFUxRmlE9RUyBz/DS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -671,6 +691,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index 571a4c83d..bfa572d6b 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -18,6 +18,7 @@ type Request struct { // Operators for the current request go here. operators.Operators `yaml:",inline"` + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/file/file.go b/v2/pkg/protocols/file/file.go index 81643c10a..ea78be114 100644 --- a/v2/pkg/protocols/file/file.go +++ b/v2/pkg/protocols/file/file.go @@ -26,6 +26,7 @@ type Request struct { // - value: '[]string{".avi", ".mov", ".mp3"}' ExtensionDenylist []string `yaml:"denylist"` + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/headless/headless.go b/v2/pkg/protocols/headless/headless.go index e33effa6c..5f0856c9f 100644 --- a/v2/pkg/protocols/headless/headless.go +++ b/v2/pkg/protocols/headless/headless.go @@ -9,6 +9,7 @@ import ( // Request contains a Headless protocol request to be made from a template type Request struct { + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index ff285a40f..030f7cd31 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -31,7 +31,7 @@ type Request struct { // value: | // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} Raw []string `yaml:"raw"` - // docgen:nodoc + // ID is the ID of the request ID string `yaml:"id"` // description: | // Name is the optional name of the request. diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 40619fca5..20e3b54e3 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -15,6 +15,7 @@ import ( // Request contains a Network protocol request to be made from a template type Request struct { + // ID is the ID of the request ID string `yaml:"id"` // description: | diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index e358c1a2a..60d10aeec 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -1,3 +1,4 @@ +//go:generate dstdocgen -path "" -structure Template -output templates_doc.go -package templates package templates import ( diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go new file mode 100644 index 000000000..aa54452e3 --- /dev/null +++ b/v2/pkg/templates/templates_doc.go @@ -0,0 +1,893 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// DO NOT EDIT: this file is automatically generated by docgen +package templates + +import ( + "github.com/projectdiscovery/yamldoc-go/encoder" +) + +var ( + TemplateDoc encoder.Doc + HTTPRequestDoc encoder.Doc + MATCHERSMatcherDoc encoder.Doc + EXTRACTORSExtractorDoc encoder.Doc + DNSRequestDoc encoder.Doc + FILERequestDoc encoder.Doc + NETWORKRequestDoc encoder.Doc + NETWORKInputDoc encoder.Doc + HEADLESSRequestDoc encoder.Doc + ENGINEActionDoc encoder.Doc + WORKFLOWSWorkflowTemplateDoc encoder.Doc + WORKFLOWSMatcherDoc encoder.Doc +) + +func init() { + TemplateDoc.Type = "Template" + TemplateDoc.Comments[encoder.LineComment] = " Template is a YAML input file which defines the requests and" + TemplateDoc.Description = "Template is a YAML input file which defines the requests and\n others metadata for a scan template." + TemplateDoc.Fields = make([]encoder.Doc, 8) + TemplateDoc.Fields[0].Name = "id" + TemplateDoc.Fields[0].Type = "string" + TemplateDoc.Fields[0].Note = "" + TemplateDoc.Fields[0].Description = "ID is the unique id for the template. IDs must be lowercase\nand must not contain spaces in it.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." + TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template. IDs must be lowercase" + + TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") + TemplateDoc.Fields[1].Name = "info" + TemplateDoc.Fields[1].Type = "map[string]interface{}" + TemplateDoc.Fields[1].Note = "" + TemplateDoc.Fields[1].Description = "Info contains metadata information about the template. At minimum, it\nshould contain `name`, `author`, `severity`, `description`, `tags`. Optionally\nyou can also specify a list of `references` for the template." + TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template. At minimum, it" + TemplateDoc.Fields[2].Name = "requests" + TemplateDoc.Fields[2].Type = "[]http.Request" + TemplateDoc.Fields[2].Note = "" + TemplateDoc.Fields[2].Description = "Requests contains the http request to make in the template" + TemplateDoc.Fields[2].Comments[encoder.LineComment] = "Requests contains the http request to make in the template" + TemplateDoc.Fields[3].Name = "dns" + TemplateDoc.Fields[3].Type = "[]dns.Request" + TemplateDoc.Fields[3].Note = "" + TemplateDoc.Fields[3].Description = "DNS contains the dns request to make in the template" + TemplateDoc.Fields[3].Comments[encoder.LineComment] = "DNS contains the dns request to make in the template" + TemplateDoc.Fields[4].Name = "file" + TemplateDoc.Fields[4].Type = "[]file.Request" + TemplateDoc.Fields[4].Note = "" + TemplateDoc.Fields[4].Description = "File contains the file request to make in the template" + TemplateDoc.Fields[4].Comments[encoder.LineComment] = "File contains the file request to make in the template" + TemplateDoc.Fields[5].Name = "network" + TemplateDoc.Fields[5].Type = "[]network.Request" + TemplateDoc.Fields[5].Note = "" + TemplateDoc.Fields[5].Description = "Network contains the network request to make in the template" + TemplateDoc.Fields[5].Comments[encoder.LineComment] = "Network contains the network request to make in the template" + TemplateDoc.Fields[6].Name = "headless" + TemplateDoc.Fields[6].Type = "[]headless.Request" + TemplateDoc.Fields[6].Note = "" + TemplateDoc.Fields[6].Description = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[6].Comments[encoder.LineComment] = "Headless contains the headless request to make in the template." + TemplateDoc.Fields[7].Name = "workflows" + TemplateDoc.Fields[7].Type = "[]workflows.WorkflowTemplate" + TemplateDoc.Fields[7].Note = "" + TemplateDoc.Fields[7].Description = "Workflows is a list of workflows to execute for a template." + TemplateDoc.Fields[7].Comments[encoder.LineComment] = "Workflows is a list of workflows to execute for a template." + + HTTPRequestDoc.Type = "http.Request" + HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" + HTTPRequestDoc.Description = "Request contains a http request to be made from a template" + HTTPRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "requests", + }, + } + HTTPRequestDoc.Fields = make([]encoder.Doc, 24) + HTTPRequestDoc.Fields[0].Name = "matchers" + HTTPRequestDoc.Fields[0].Type = "[]matchers.Matcher" + HTTPRequestDoc.Fields[0].Note = "" + HTTPRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HTTPRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HTTPRequestDoc.Fields[1].Name = "extractors" + HTTPRequestDoc.Fields[1].Type = "[]extractors.Extractor" + HTTPRequestDoc.Fields[1].Note = "" + HTTPRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HTTPRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HTTPRequestDoc.Fields[2].Name = "matchers-condition" + HTTPRequestDoc.Fields[2].Type = "string" + HTTPRequestDoc.Fields[2].Note = "" + HTTPRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HTTPRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + HTTPRequestDoc.Fields[3].Name = "path" + HTTPRequestDoc.Fields[3].Type = "[]string" + HTTPRequestDoc.Fields[3].Note = "" + HTTPRequestDoc.Fields[3].Description = "Path contains the path/s for the HTTP requests. It supports variables\nas placeholders." + HTTPRequestDoc.Fields[3].Comments[encoder.LineComment] = "Path contains the path/s for the HTTP requests. It supports variables" + + HTTPRequestDoc.Fields[3].AddExample("Some example path values", []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"}) + HTTPRequestDoc.Fields[4].Name = "raw" + HTTPRequestDoc.Fields[4].Type = "[]string" + HTTPRequestDoc.Fields[4].Note = "" + HTTPRequestDoc.Fields[4].Description = "Raw contains HTTP Requests in Raw format." + HTTPRequestDoc.Fields[4].Comments[encoder.LineComment] = "Raw contains HTTP Requests in Raw format." + + HTTPRequestDoc.Fields[4].AddExample("Some example raw requests", []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"}) + HTTPRequestDoc.Fields[5].Name = "id" + HTTPRequestDoc.Fields[5].Type = "string" + HTTPRequestDoc.Fields[5].Note = "" + HTTPRequestDoc.Fields[5].Description = "ID is the ID of the request" + HTTPRequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + HTTPRequestDoc.Fields[6].Name = "name" + HTTPRequestDoc.Fields[6].Type = "string" + HTTPRequestDoc.Fields[6].Note = "" + HTTPRequestDoc.Fields[6].Description = "Name is the optional name of the request.\n\nIf a name is specified, all the named request in a template can be matched upon\nin a combined manner allowing multirequest based matchers." + HTTPRequestDoc.Fields[6].Comments[encoder.LineComment] = "Name is the optional name of the request." + HTTPRequestDoc.Fields[7].Name = "attack" + HTTPRequestDoc.Fields[7].Type = "string" + HTTPRequestDoc.Fields[7].Note = "" + HTTPRequestDoc.Fields[7].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + HTTPRequestDoc.Fields[7].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + HTTPRequestDoc.Fields[7].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + HTTPRequestDoc.Fields[8].Name = "method" + HTTPRequestDoc.Fields[8].Type = "string" + HTTPRequestDoc.Fields[8].Note = "" + HTTPRequestDoc.Fields[8].Description = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Comments[encoder.LineComment] = "Method is the HTTP Request Method." + HTTPRequestDoc.Fields[8].Values = []string{ + "GET", + "POST", + "PUT", + "DELETE", + } + HTTPRequestDoc.Fields[9].Name = "body" + HTTPRequestDoc.Fields[9].Type = "string" + HTTPRequestDoc.Fields[9].Note = "" + HTTPRequestDoc.Fields[9].Description = "Body is an optional parameter which contains HTTP Request body." + HTTPRequestDoc.Fields[9].Comments[encoder.LineComment] = "Body is an optional parameter which contains HTTP Request body." + + HTTPRequestDoc.Fields[9].AddExample("Same Body for a Login POST request", "username=test&password=test") + HTTPRequestDoc.Fields[10].Name = "payloads" + HTTPRequestDoc.Fields[10].Type = "map[string]interface{}" + HTTPRequestDoc.Fields[10].Note = "" + HTTPRequestDoc.Fields[10].Description = "description: |\n Payloads contains any payloads for the current request.\n\n Payloads support both key-values combinations where a list\n of payloads is provided, or optionally a single file can also\n be provided as payload which will be read on run-time.\n examples:\n - name: A payload list for Tomcat Bruteforce\n value: >\n map[string]interface{}{\n \"username\": []string{\"tomcat\", \"admin\"},\n \"password\": []string{\"tomcat\", \"admin\", \"password\"},\n }\n - name: A payload example of reading from file\n value: >\n map[string]interface{}{\n \"data\": \"helpers/payloads/command-injection.txt\",\n }" + HTTPRequestDoc.Fields[10].Comments[encoder.LineComment] = " description: |" + HTTPRequestDoc.Fields[11].Name = "headers" + HTTPRequestDoc.Fields[11].Type = "map[string]string" + HTTPRequestDoc.Fields[11].Note = "" + HTTPRequestDoc.Fields[11].Description = "Headers contains HTTP Headers to send with the request." + HTTPRequestDoc.Fields[11].Comments[encoder.LineComment] = "Headers contains HTTP Headers to send with the request." + + HTTPRequestDoc.Fields[11].AddExample("", map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"}) + HTTPRequestDoc.Fields[12].Name = "race_count" + HTTPRequestDoc.Fields[12].Type = "int" + HTTPRequestDoc.Fields[12].Note = "" + HTTPRequestDoc.Fields[12].Description = "RaceCount is the number of times to send a request in Race Condition Attack." + HTTPRequestDoc.Fields[12].Comments[encoder.LineComment] = "RaceCount is the number of times to send a request in Race Condition Attack." + + HTTPRequestDoc.Fields[12].AddExample("Send a request 5 times", 5) + HTTPRequestDoc.Fields[13].Name = "max-redirects" + HTTPRequestDoc.Fields[13].Type = "int" + HTTPRequestDoc.Fields[13].Note = "" + HTTPRequestDoc.Fields[13].Description = "MaxRedirects is the maximum number of redirects that should be followed." + HTTPRequestDoc.Fields[13].Comments[encoder.LineComment] = "MaxRedirects is the maximum number of redirects that should be followed." + + HTTPRequestDoc.Fields[13].AddExample("Follow upto 5 redirects", 5) + HTTPRequestDoc.Fields[14].Name = "pipeline-concurrent-connections" + HTTPRequestDoc.Fields[14].Type = "int" + HTTPRequestDoc.Fields[14].Note = "" + HTTPRequestDoc.Fields[14].Description = "PipelineConcurrentConnections is number of connections to create during pipelining." + HTTPRequestDoc.Fields[14].Comments[encoder.LineComment] = "PipelineConcurrentConnections is number of connections to create during pipelining." + + HTTPRequestDoc.Fields[14].AddExample("Create 40 concurrent connections", 40) + HTTPRequestDoc.Fields[15].Name = "pipeline-requests-per-connection" + HTTPRequestDoc.Fields[15].Type = "int" + HTTPRequestDoc.Fields[15].Note = "" + HTTPRequestDoc.Fields[15].Description = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + HTTPRequestDoc.Fields[15].Comments[encoder.LineComment] = "PipelineRequestsPerConnection is number of requests to send per connection when pipelining." + + HTTPRequestDoc.Fields[15].AddExample("Send 100 requests per pipeline connection", 100) + HTTPRequestDoc.Fields[16].Name = "threads" + HTTPRequestDoc.Fields[16].Type = "int" + HTTPRequestDoc.Fields[16].Note = "" + HTTPRequestDoc.Fields[16].Description = "Threads specifies number of threads to use sending requests. This enables Connection Pooling.\n\nConnection: Close attribute must not be used in request while using threads flag, otherwise\npooling will fail and engine will continue to close connections after requests." + HTTPRequestDoc.Fields[16].Comments[encoder.LineComment] = "Threads specifies number of threads to use sending requests. This enables Connection Pooling." + + HTTPRequestDoc.Fields[16].AddExample("Send requests using 10 concurrent threads", 10) + HTTPRequestDoc.Fields[17].Name = "max-size" + HTTPRequestDoc.Fields[17].Type = "int" + HTTPRequestDoc.Fields[17].Note = "" + HTTPRequestDoc.Fields[17].Description = "MaxSize is the maximum size of http response body to read in bytes." + HTTPRequestDoc.Fields[17].Comments[encoder.LineComment] = "MaxSize is the maximum size of http response body to read in bytes." + + HTTPRequestDoc.Fields[17].AddExample("Read max 2048 bytes of the response", 2048) + HTTPRequestDoc.Fields[18].Name = "cookie-reuse" + HTTPRequestDoc.Fields[18].Type = "bool" + HTTPRequestDoc.Fields[18].Note = "" + HTTPRequestDoc.Fields[18].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." + HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" + HTTPRequestDoc.Fields[19].Name = "redirects" + HTTPRequestDoc.Fields[19].Type = "bool" + HTTPRequestDoc.Fields[19].Note = "" + HTTPRequestDoc.Fields[19].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." + HTTPRequestDoc.Fields[20].Name = "pipeline" + HTTPRequestDoc.Fields[20].Type = "bool" + HTTPRequestDoc.Fields[20].Note = "" + HTTPRequestDoc.Fields[20].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be indempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + HTTPRequestDoc.Fields[21].Name = "unsafe" + HTTPRequestDoc.Fields[21].Type = "bool" + HTTPRequestDoc.Fields[21].Note = "" + HTTPRequestDoc.Fields[21].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." + HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." + HTTPRequestDoc.Fields[22].Name = "race" + HTTPRequestDoc.Fields[22].Type = "bool" + HTTPRequestDoc.Fields[22].Note = "" + HTTPRequestDoc.Fields[22].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." + HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" + HTTPRequestDoc.Fields[23].Name = "req-condition" + HTTPRequestDoc.Fields[23].Type = "bool" + HTTPRequestDoc.Fields[23].Note = "" + HTTPRequestDoc.Fields[23].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." + HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." + + MATCHERSMatcherDoc.Type = "matchers.Matcher" + MATCHERSMatcherDoc.Comments[encoder.LineComment] = " Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.Description = "Matcher is used to match a part in the output from a protocol." + MATCHERSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "matchers", + }, + { + TypeName: "dns.Request", + FieldName: "matchers", + }, + { + TypeName: "file.Request", + FieldName: "matchers", + }, + { + TypeName: "network.Request", + FieldName: "matchers", + }, + { + TypeName: "headless.Request", + FieldName: "matchers", + }, + } + MATCHERSMatcherDoc.Fields = make([]encoder.Doc, 12) + MATCHERSMatcherDoc.Fields[0].Name = "type" + MATCHERSMatcherDoc.Fields[0].Type = "string" + MATCHERSMatcherDoc.Fields[0].Note = "" + MATCHERSMatcherDoc.Fields[0].Description = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Type is the type of the matcher." + MATCHERSMatcherDoc.Fields[0].Values = []string{ + "status", + "size", + "word", + "regex", + "binary", + "dsl", + } + MATCHERSMatcherDoc.Fields[1].Name = "condition" + MATCHERSMatcherDoc.Fields[1].Type = "string" + MATCHERSMatcherDoc.Fields[1].Note = "" + MATCHERSMatcherDoc.Fields[1].Description = "Condition is the optional condition between two matcher variables. By default,\nthe condition is assumed to be OR." + MATCHERSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Condition is the optional condition between two matcher variables. By default," + MATCHERSMatcherDoc.Fields[1].Values = []string{ + "and", + "or", + } + MATCHERSMatcherDoc.Fields[2].Name = "part" + MATCHERSMatcherDoc.Fields[2].Type = "string" + MATCHERSMatcherDoc.Fields[2].Note = "" + MATCHERSMatcherDoc.Fields[2].Description = "Part is the part of the request response to match data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + MATCHERSMatcherDoc.Fields[2].Comments[encoder.LineComment] = "Part is the part of the request response to match data from." + + MATCHERSMatcherDoc.Fields[2].AddExample("", "body") + + MATCHERSMatcherDoc.Fields[2].AddExample("", "raw") + MATCHERSMatcherDoc.Fields[3].Name = "negative" + MATCHERSMatcherDoc.Fields[3].Type = "bool" + MATCHERSMatcherDoc.Fields[3].Note = "" + MATCHERSMatcherDoc.Fields[3].Description = "Negative specifies if the match should be reversed\nIt will only match if the condition is not true." + MATCHERSMatcherDoc.Fields[3].Comments[encoder.LineComment] = "Negative specifies if the match should be reversed" + MATCHERSMatcherDoc.Fields[4].Name = "name" + MATCHERSMatcherDoc.Fields[4].Type = "string" + MATCHERSMatcherDoc.Fields[4].Note = "" + MATCHERSMatcherDoc.Fields[4].Description = "Name of the matcher. Name should be lowercase and must not contain\nspaces or dashes (-)." + MATCHERSMatcherDoc.Fields[4].Comments[encoder.LineComment] = "Name of the matcher. Name should be lowercase and must not contain" + + MATCHERSMatcherDoc.Fields[4].AddExample("", "cookie-matcher") + MATCHERSMatcherDoc.Fields[5].Name = "status" + MATCHERSMatcherDoc.Fields[5].Type = "[]int" + MATCHERSMatcherDoc.Fields[5].Note = "" + MATCHERSMatcherDoc.Fields[5].Description = "Status are the acceptable status codes for the response." + MATCHERSMatcherDoc.Fields[5].Comments[encoder.LineComment] = "Status are the acceptable status codes for the response." + + MATCHERSMatcherDoc.Fields[5].AddExample("", []int{200, 302}) + MATCHERSMatcherDoc.Fields[6].Name = "size" + MATCHERSMatcherDoc.Fields[6].Type = "[]int" + MATCHERSMatcherDoc.Fields[6].Note = "" + MATCHERSMatcherDoc.Fields[6].Description = "Size is the acceptable size for the response" + MATCHERSMatcherDoc.Fields[6].Comments[encoder.LineComment] = "Size is the acceptable size for the response" + + MATCHERSMatcherDoc.Fields[6].AddExample("", []int{3029, 2042}) + MATCHERSMatcherDoc.Fields[7].Name = "words" + MATCHERSMatcherDoc.Fields[7].Type = "[]string" + MATCHERSMatcherDoc.Fields[7].Note = "" + MATCHERSMatcherDoc.Fields[7].Description = "Words contains word patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[7].Comments[encoder.LineComment] = "Words contains word patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for outlook mail protection domain", []string{"mail.protection.outlook.com"}) + + MATCHERSMatcherDoc.Fields[7].AddExample("Match for application/json in response headers", []string{"application/json"}) + MATCHERSMatcherDoc.Fields[8].Name = "regex" + MATCHERSMatcherDoc.Fields[8].Type = "[]string" + MATCHERSMatcherDoc.Fields[8].Note = "" + MATCHERSMatcherDoc.Fields[8].Description = "Regex contains Regular Expression patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[8].Comments[encoder.LineComment] = "Regex contains Regular Expression patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Linkerd Service via Regex", []string{`(?mi)^Via\\s*?:.*?linkerd.*$`}) + + MATCHERSMatcherDoc.Fields[8].AddExample("Match for Open Redirect via Location header", []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`}) + MATCHERSMatcherDoc.Fields[9].Name = "binary" + MATCHERSMatcherDoc.Fields[9].Type = "[]string" + MATCHERSMatcherDoc.Fields[9].Note = "" + MATCHERSMatcherDoc.Fields[9].Description = "Binary are the binary patterns required to be present in the response part." + MATCHERSMatcherDoc.Fields[9].Comments[encoder.LineComment] = "Binary are the binary patterns required to be present in the response part." + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for Springboot Heapdump Actuator \"JAVA PROFILE\", \"HPROF\", \"Gunzip magic byte\"", []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"}) + + MATCHERSMatcherDoc.Fields[9].AddExample("Match for 7zip files", []string{"377ABCAF271C"}) + MATCHERSMatcherDoc.Fields[10].Name = "dsl" + MATCHERSMatcherDoc.Fields[10].Type = "[]string" + MATCHERSMatcherDoc.Fields[10].Note = "" + MATCHERSMatcherDoc.Fields[10].Description = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.\nA list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/)." + MATCHERSMatcherDoc.Fields[10].Comments[encoder.LineComment] = "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules." + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for package.json file", []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"}) + + MATCHERSMatcherDoc.Fields[10].AddExample("DSL Matcher for missing strict transport security header", []string{"!contains(tolower(all_headers), ''strict-transport-security'')"}) + MATCHERSMatcherDoc.Fields[11].Name = "encoding" + MATCHERSMatcherDoc.Fields[11].Type = "string" + MATCHERSMatcherDoc.Fields[11].Note = "" + MATCHERSMatcherDoc.Fields[11].Description = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Comments[encoder.LineComment] = "Encoding specifies the encoding for the words field if any." + MATCHERSMatcherDoc.Fields[11].Values = []string{ + "hex", + } + + EXTRACTORSExtractorDoc.Type = "extractors.Extractor" + EXTRACTORSExtractorDoc.Comments[encoder.LineComment] = " Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.Description = "Extractor is used to extract part of response using a regex." + EXTRACTORSExtractorDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "http.Request", + FieldName: "extractors", + }, + { + TypeName: "dns.Request", + FieldName: "extractors", + }, + { + TypeName: "file.Request", + FieldName: "extractors", + }, + { + TypeName: "network.Request", + FieldName: "extractors", + }, + { + TypeName: "headless.Request", + FieldName: "extractors", + }, + } + EXTRACTORSExtractorDoc.Fields = make([]encoder.Doc, 8) + EXTRACTORSExtractorDoc.Fields[0].Name = "name" + EXTRACTORSExtractorDoc.Fields[0].Type = "string" + EXTRACTORSExtractorDoc.Fields[0].Note = "" + EXTRACTORSExtractorDoc.Fields[0].Description = "Name of the extractor. Name should be lowercase and must not contain\nspaces or dashes (-)." + EXTRACTORSExtractorDoc.Fields[0].Comments[encoder.LineComment] = "Name of the extractor. Name should be lowercase and must not contain" + + EXTRACTORSExtractorDoc.Fields[0].AddExample("", "cookie-extractor") + EXTRACTORSExtractorDoc.Fields[1].Name = "type" + EXTRACTORSExtractorDoc.Fields[1].Type = "string" + EXTRACTORSExtractorDoc.Fields[1].Note = "" + EXTRACTORSExtractorDoc.Fields[1].Description = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of the extractor." + EXTRACTORSExtractorDoc.Fields[1].Values = []string{ + "regex", + "kval", + } + EXTRACTORSExtractorDoc.Fields[2].Name = "regex" + EXTRACTORSExtractorDoc.Fields[2].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[2].Note = "" + EXTRACTORSExtractorDoc.Fields[2].Description = "Regex contains the regular expression patterns to exract from a part.\n\nGo regex engine does not supports lookaheads or lookbehinds, so as a result\nthey are also not supported in nuclei." + EXTRACTORSExtractorDoc.Fields[2].Comments[encoder.LineComment] = "Regex contains the regular expression patterns to exract from a part." + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Braintree Access Token Regex", []string{"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"}) + + EXTRACTORSExtractorDoc.Fields[2].AddExample("Wordpress Author Extraction regex", []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"}) + EXTRACTORSExtractorDoc.Fields[3].Name = "group" + EXTRACTORSExtractorDoc.Fields[3].Type = "int" + EXTRACTORSExtractorDoc.Fields[3].Note = "" + EXTRACTORSExtractorDoc.Fields[3].Description = "Group specifies a numbered group to extract from the regex." + EXTRACTORSExtractorDoc.Fields[3].Comments[encoder.LineComment] = "Group specifies a numbered group to extract from the regex." + + EXTRACTORSExtractorDoc.Fields[3].AddExample("", 1) + EXTRACTORSExtractorDoc.Fields[4].Name = "kval" + EXTRACTORSExtractorDoc.Fields[4].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[4].Note = "" + EXTRACTORSExtractorDoc.Fields[4].Description = "kval contains the key-value pairs required in the response.\n\nEach protocol exposes a lot of different data in response. The kval\nextractor can be used to extract those key-value pairs. A list of\nsupported parts is available in docs for request types." + EXTRACTORSExtractorDoc.Fields[4].Comments[encoder.LineComment] = "kval contains the key-value pairs required in the response." + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extract Server Header From HTTP Response", []string{"Server"}) + + EXTRACTORSExtractorDoc.Fields[4].AddExample("Extracting value of PHPSESSID Cookie", []string{"PHPSESSID"}) + EXTRACTORSExtractorDoc.Fields[5].Name = "part" + EXTRACTORSExtractorDoc.Fields[5].Type = "string" + EXTRACTORSExtractorDoc.Fields[5].Note = "" + EXTRACTORSExtractorDoc.Fields[5].Description = "Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + EXTRACTORSExtractorDoc.Fields[5].Comments[encoder.LineComment] = "Part is the part of the request response to extract data from." + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", "body") + + EXTRACTORSExtractorDoc.Fields[5].AddExample("", "raw") + EXTRACTORSExtractorDoc.Fields[6].Name = "json" + EXTRACTORSExtractorDoc.Fields[6].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[6].Note = "" + EXTRACTORSExtractorDoc.Fields[6].Description = "JSON allows using jq-style syntax to extract items from json response" + EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".[] | .id") + + EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".batters | .batter | .[] | .id") + EXTRACTORSExtractorDoc.Fields[7].Name = "internal" + EXTRACTORSExtractorDoc.Fields[7].Type = "bool" + EXTRACTORSExtractorDoc.Fields[7].Note = "" + EXTRACTORSExtractorDoc.Fields[7].Description = "Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)." + EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "Internal, when set to true will allow using the value extracted" + + DNSRequestDoc.Type = "dns.Request" + DNSRequestDoc.Comments[encoder.LineComment] = " Request contains a DNS protocol request to be made from a template" + DNSRequestDoc.Description = "Request contains a DNS protocol request to be made from a template" + DNSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "dns", + }, + } + DNSRequestDoc.Fields = make([]encoder.Doc, 9) + DNSRequestDoc.Fields[0].Name = "matchers" + DNSRequestDoc.Fields[0].Type = "[]matchers.Matcher" + DNSRequestDoc.Fields[0].Note = "" + DNSRequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + DNSRequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + DNSRequestDoc.Fields[1].Name = "extractors" + DNSRequestDoc.Fields[1].Type = "[]extractors.Extractor" + DNSRequestDoc.Fields[1].Note = "" + DNSRequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + DNSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + DNSRequestDoc.Fields[2].Name = "matchers-condition" + DNSRequestDoc.Fields[2].Type = "string" + DNSRequestDoc.Fields[2].Note = "" + DNSRequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + DNSRequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + DNSRequestDoc.Fields[3].Name = "id" + DNSRequestDoc.Fields[3].Type = "string" + DNSRequestDoc.Fields[3].Note = "" + DNSRequestDoc.Fields[3].Description = "ID is the ID of the request" + DNSRequestDoc.Fields[3].Comments[encoder.LineComment] = " ID is the ID of the request" + DNSRequestDoc.Fields[4].Name = "name" + DNSRequestDoc.Fields[4].Type = "string" + DNSRequestDoc.Fields[4].Note = "" + DNSRequestDoc.Fields[4].Description = "Name is the Hostname to make DNS request for.\n\nGenerally, it is set to {{FQDN}} which is the domain we get from input." + DNSRequestDoc.Fields[4].Comments[encoder.LineComment] = "Name is the Hostname to make DNS request for." + + DNSRequestDoc.Fields[4].AddExample("", "{{FQDN}}") + DNSRequestDoc.Fields[5].Name = "type" + DNSRequestDoc.Fields[5].Type = "string" + DNSRequestDoc.Fields[5].Note = "" + DNSRequestDoc.Fields[5].Description = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Comments[encoder.LineComment] = "Type is the type of DNS request to make." + DNSRequestDoc.Fields[5].Values = []string{ + "A", + "NS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA", + } + DNSRequestDoc.Fields[6].Name = "class" + DNSRequestDoc.Fields[6].Type = "string" + DNSRequestDoc.Fields[6].Note = "" + DNSRequestDoc.Fields[6].Description = "Class is the class of the DNS request.\n\nUsually it's enough to just leave it as INET." + DNSRequestDoc.Fields[6].Comments[encoder.LineComment] = "Class is the class of the DNS request." + DNSRequestDoc.Fields[6].Values = []string{ + "INET", + "CSNET", + "CHAOS", + "HESIOD", + "NONE", + "ANY", + } + DNSRequestDoc.Fields[7].Name = "retries" + DNSRequestDoc.Fields[7].Type = "int" + DNSRequestDoc.Fields[7].Note = "" + DNSRequestDoc.Fields[7].Description = "Retries is the number of retries for the DNS request" + DNSRequestDoc.Fields[7].Comments[encoder.LineComment] = "Retries is the number of retries for the DNS request" + + DNSRequestDoc.Fields[7].AddExample("Use a retry of 3 to 5 generally", 5) + DNSRequestDoc.Fields[8].Name = "recursion" + DNSRequestDoc.Fields[8].Type = "bool" + DNSRequestDoc.Fields[8].Note = "" + DNSRequestDoc.Fields[8].Description = "Recursion determines if resolver should recurse all records to get fresh results." + DNSRequestDoc.Fields[8].Comments[encoder.LineComment] = "Recursion determines if resolver should recurse all records to get fresh results." + + FILERequestDoc.Type = "file.Request" + FILERequestDoc.Comments[encoder.LineComment] = " Request contains a File matching mechanism for local disk operations." + FILERequestDoc.Description = "Request contains a File matching mechanism for local disk operations." + FILERequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "file", + }, + } + FILERequestDoc.Fields = make([]encoder.Doc, 8) + FILERequestDoc.Fields[0].Name = "matchers" + FILERequestDoc.Fields[0].Type = "[]matchers.Matcher" + FILERequestDoc.Fields[0].Note = "" + FILERequestDoc.Fields[0].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + FILERequestDoc.Fields[0].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + FILERequestDoc.Fields[1].Name = "extractors" + FILERequestDoc.Fields[1].Type = "[]extractors.Extractor" + FILERequestDoc.Fields[1].Note = "" + FILERequestDoc.Fields[1].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + FILERequestDoc.Fields[1].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + FILERequestDoc.Fields[2].Name = "matchers-condition" + FILERequestDoc.Fields[2].Type = "string" + FILERequestDoc.Fields[2].Note = "" + FILERequestDoc.Fields[2].Description = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + FILERequestDoc.Fields[2].Values = []string{ + "and", + "or", + } + FILERequestDoc.Fields[3].Name = "extensions" + FILERequestDoc.Fields[3].Type = "[]string" + FILERequestDoc.Fields[3].Note = "" + FILERequestDoc.Fields[3].Description = "Extensions is the list of extensions to perform matching on." + FILERequestDoc.Fields[3].Comments[encoder.LineComment] = "Extensions is the list of extensions to perform matching on." + + FILERequestDoc.Fields[3].AddExample("", []string{".txt", ".go", ".json"}) + FILERequestDoc.Fields[4].Name = "denylist" + FILERequestDoc.Fields[4].Type = "[]string" + FILERequestDoc.Fields[4].Note = "" + FILERequestDoc.Fields[4].Description = "ExtensionDenylist is the list of file extensions to deny during matching.\n\nBy default, it contains some non-interesting extensions that are hardcoded\nin nuclei." + FILERequestDoc.Fields[4].Comments[encoder.LineComment] = "ExtensionDenylist is the list of file extensions to deny during matching." + + FILERequestDoc.Fields[4].AddExample("", []string{".avi", ".mov", ".mp3"}) + FILERequestDoc.Fields[5].Name = "id" + FILERequestDoc.Fields[5].Type = "string" + FILERequestDoc.Fields[5].Note = "" + FILERequestDoc.Fields[5].Description = "ID is the ID of the request" + FILERequestDoc.Fields[5].Comments[encoder.LineComment] = " ID is the ID of the request" + FILERequestDoc.Fields[6].Name = "max-size" + FILERequestDoc.Fields[6].Type = "int" + FILERequestDoc.Fields[6].Note = "" + FILERequestDoc.Fields[6].Description = "MaxSize is the maximum size of the file to run request on.\n\nBy default, nuclei will process 5MB files and not go more than that.\nIt can be set to much lower or higher depending on use." + FILERequestDoc.Fields[6].Comments[encoder.LineComment] = "MaxSize is the maximum size of the file to run request on." + + FILERequestDoc.Fields[6].AddExample("", 2048) + FILERequestDoc.Fields[7].Name = "no-recursive" + FILERequestDoc.Fields[7].Type = "bool" + FILERequestDoc.Fields[7].Note = "" + FILERequestDoc.Fields[7].Description = "NoRecursive specifies whether to not do recursive checks if folders are provided." + FILERequestDoc.Fields[7].Comments[encoder.LineComment] = "NoRecursive specifies whether to not do recursive checks if folders are provided." + + NETWORKRequestDoc.Type = "network.Request" + NETWORKRequestDoc.Comments[encoder.LineComment] = " Request contains a Network protocol request to be made from a template" + NETWORKRequestDoc.Description = "Request contains a Network protocol request to be made from a template" + NETWORKRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "network", + }, + } + NETWORKRequestDoc.Fields = make([]encoder.Doc, 9) + NETWORKRequestDoc.Fields[0].Name = "id" + NETWORKRequestDoc.Fields[0].Type = "string" + NETWORKRequestDoc.Fields[0].Note = "" + NETWORKRequestDoc.Fields[0].Description = "ID is the ID of the request" + NETWORKRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + NETWORKRequestDoc.Fields[1].Name = "host" + NETWORKRequestDoc.Fields[1].Type = "[]string" + NETWORKRequestDoc.Fields[1].Note = "" + NETWORKRequestDoc.Fields[1].Description = "Address is the address to send requests to.\n\nUsually it's set to `{{Hostname}}`. If you want to enable TLS for\nTCP Connection, you can use `tls://{{Hostname}}`." + NETWORKRequestDoc.Fields[1].Comments[encoder.LineComment] = "Address is the address to send requests to." + + NETWORKRequestDoc.Fields[1].AddExample("", []string{"{{Hostname}}"}) + NETWORKRequestDoc.Fields[2].Name = "attack" + NETWORKRequestDoc.Fields[2].Type = "string" + NETWORKRequestDoc.Fields[2].Note = "" + NETWORKRequestDoc.Fields[2].Description = "Attack is the type of payload combinations to perform.\n\nSniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates\npermutations and combinations for all payloads." + NETWORKRequestDoc.Fields[2].Comments[encoder.LineComment] = "Attack is the type of payload combinations to perform." + NETWORKRequestDoc.Fields[2].Values = []string{ + "sniper", + "pitchfork", + "clusterbomb", + } + NETWORKRequestDoc.Fields[3].Name = "payloads" + NETWORKRequestDoc.Fields[3].Type = "map[string]interface{}" + NETWORKRequestDoc.Fields[3].Note = "" + NETWORKRequestDoc.Fields[3].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + NETWORKRequestDoc.Fields[3].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." + NETWORKRequestDoc.Fields[4].Name = "inputs" + NETWORKRequestDoc.Fields[4].Type = "[]network.Input" + NETWORKRequestDoc.Fields[4].Note = "" + NETWORKRequestDoc.Fields[4].Description = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[4].Comments[encoder.LineComment] = "Inputs contains inputs for the network socket" + NETWORKRequestDoc.Fields[5].Name = "read-size" + NETWORKRequestDoc.Fields[5].Type = "int" + NETWORKRequestDoc.Fields[5].Note = "" + NETWORKRequestDoc.Fields[5].Description = "ReadSize is the size of response to read at the end\n\nDefault value for read-size is 1024." + NETWORKRequestDoc.Fields[5].Comments[encoder.LineComment] = "ReadSize is the size of response to read at the end" + + NETWORKRequestDoc.Fields[5].AddExample("", 2048) + NETWORKRequestDoc.Fields[6].Name = "matchers" + NETWORKRequestDoc.Fields[6].Type = "[]matchers.Matcher" + NETWORKRequestDoc.Fields[6].Note = "" + NETWORKRequestDoc.Fields[6].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + NETWORKRequestDoc.Fields[6].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + NETWORKRequestDoc.Fields[7].Name = "extractors" + NETWORKRequestDoc.Fields[7].Type = "[]extractors.Extractor" + NETWORKRequestDoc.Fields[7].Note = "" + NETWORKRequestDoc.Fields[7].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + NETWORKRequestDoc.Fields[7].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + NETWORKRequestDoc.Fields[8].Name = "matchers-condition" + NETWORKRequestDoc.Fields[8].Type = "string" + NETWORKRequestDoc.Fields[8].Note = "" + NETWORKRequestDoc.Fields[8].Description = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + NETWORKRequestDoc.Fields[8].Values = []string{ + "and", + "or", + } + + NETWORKInputDoc.Type = "network.Input" + NETWORKInputDoc.Comments[encoder.LineComment] = "" + NETWORKInputDoc.Description = "" + NETWORKInputDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "network.Request", + FieldName: "inputs", + }, + } + NETWORKInputDoc.Fields = make([]encoder.Doc, 4) + NETWORKInputDoc.Fields[0].Name = "data" + NETWORKInputDoc.Fields[0].Type = "string" + NETWORKInputDoc.Fields[0].Note = "" + NETWORKInputDoc.Fields[0].Description = "Data is the data to send as the input.\n\nIt supports DSL Helper Functions as well as normal expressions." + NETWORKInputDoc.Fields[0].Comments[encoder.LineComment] = "Data is the data to send as the input." + + NETWORKInputDoc.Fields[0].AddExample("", "TEST") + + NETWORKInputDoc.Fields[0].AddExample("", "hex_decode('50494e47')") + NETWORKInputDoc.Fields[1].Name = "type" + NETWORKInputDoc.Fields[1].Type = "string" + NETWORKInputDoc.Fields[1].Note = "" + NETWORKInputDoc.Fields[1].Description = "Type is the type of input specified in `data` field.\n\nDefault value is text, but hex can be used for hex formatted data." + NETWORKInputDoc.Fields[1].Comments[encoder.LineComment] = "Type is the type of input specified in `data` field." + NETWORKInputDoc.Fields[1].Values = []string{ + "hex", + "text", + } + NETWORKInputDoc.Fields[2].Name = "read" + NETWORKInputDoc.Fields[2].Type = "int" + NETWORKInputDoc.Fields[2].Note = "" + NETWORKInputDoc.Fields[2].Description = "Read is the number of bytes to read from socket.\n\nThis can be used for protcols which expected an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this." + NETWORKInputDoc.Fields[2].Comments[encoder.LineComment] = "Read is the number of bytes to read from socket." + + NETWORKInputDoc.Fields[2].AddExample("", 1024) + NETWORKInputDoc.Fields[3].Name = "name" + NETWORKInputDoc.Fields[3].Type = "string" + NETWORKInputDoc.Fields[3].Note = "" + NETWORKInputDoc.Fields[3].Description = "Name is the optional name of the data read to provide matching on." + NETWORKInputDoc.Fields[3].Comments[encoder.LineComment] = "Name is the optional name of the data read to provide matching on." + + NETWORKInputDoc.Fields[3].AddExample("", "prefix") + + HEADLESSRequestDoc.Type = "headless.Request" + HEADLESSRequestDoc.Comments[encoder.LineComment] = " Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.Description = "Request contains a Headless protocol request to be made from a template" + HEADLESSRequestDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "headless", + }, + } + HEADLESSRequestDoc.Fields = make([]encoder.Doc, 5) + HEADLESSRequestDoc.Fields[0].Name = "id" + HEADLESSRequestDoc.Fields[0].Type = "string" + HEADLESSRequestDoc.Fields[0].Note = "" + HEADLESSRequestDoc.Fields[0].Description = "ID is the ID of the request" + HEADLESSRequestDoc.Fields[0].Comments[encoder.LineComment] = " ID is the ID of the request" + HEADLESSRequestDoc.Fields[1].Name = "steps" + HEADLESSRequestDoc.Fields[1].Type = "[]engine.Action" + HEADLESSRequestDoc.Fields[1].Note = "" + HEADLESSRequestDoc.Fields[1].Description = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[1].Comments[encoder.LineComment] = "Steps is the list of actions to run for headless request" + HEADLESSRequestDoc.Fields[2].Name = "matchers" + HEADLESSRequestDoc.Fields[2].Type = "[]matchers.Matcher" + HEADLESSRequestDoc.Fields[2].Note = "" + HEADLESSRequestDoc.Fields[2].Description = "Matchers contains the detection mechanism for the request to identify\nwhether the request was successful by doing pattern matching\non request/responses.\n\nMultiple matchers can be combined together with `matcher-condition` flag\nwhich accepts either `and` or `or` as argument." + HEADLESSRequestDoc.Fields[2].Comments[encoder.LineComment] = "Matchers contains the detection mechanism for the request to identify" + HEADLESSRequestDoc.Fields[3].Name = "extractors" + HEADLESSRequestDoc.Fields[3].Type = "[]extractors.Extractor" + HEADLESSRequestDoc.Fields[3].Note = "" + HEADLESSRequestDoc.Fields[3].Description = "Extractors contains the extraction mechanism for the request to identify\nand extract parts of the response." + HEADLESSRequestDoc.Fields[3].Comments[encoder.LineComment] = "Extractors contains the extraction mechanism for the request to identify" + HEADLESSRequestDoc.Fields[4].Name = "matchers-condition" + HEADLESSRequestDoc.Fields[4].Type = "string" + HEADLESSRequestDoc.Fields[4].Note = "" + HEADLESSRequestDoc.Fields[4].Description = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Comments[encoder.LineComment] = "MatchersCondition is the condition between the matchers. Default is OR." + HEADLESSRequestDoc.Fields[4].Values = []string{ + "and", + "or", + } + + ENGINEActionDoc.Type = "engine.Action" + ENGINEActionDoc.Comments[encoder.LineComment] = " Action is an action taken by the browser to reach a navigation" + ENGINEActionDoc.Description = "Action is an action taken by the browser to reach a navigation\n\n Each step that the browser executes is an action. Most navigations\n usually start from the ActionLoadURL event, and further navigations\n are discovered on the found page. We also keep track and only\n scrape new navigation from pages we haven't crawled yet." + ENGINEActionDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "headless.Request", + FieldName: "steps", + }, + } + ENGINEActionDoc.Fields = make([]encoder.Doc, 4) + ENGINEActionDoc.Fields[0].Name = "args" + ENGINEActionDoc.Fields[0].Type = "map[string]string" + ENGINEActionDoc.Fields[0].Note = "" + ENGINEActionDoc.Fields[0].Description = "Args contain arguments for the headless action.\nPer action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/)." + ENGINEActionDoc.Fields[0].Comments[encoder.LineComment] = "Args contain arguments for the headless action." + ENGINEActionDoc.Fields[1].Name = "name" + ENGINEActionDoc.Fields[1].Type = "string" + ENGINEActionDoc.Fields[1].Note = "" + ENGINEActionDoc.Fields[1].Description = "Name is the name assigned to the headless action.\n\nThis can be used to execute code, for instance in browser\nDOM using script action, and get the result in a variable\nwhich can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml)." + ENGINEActionDoc.Fields[1].Comments[encoder.LineComment] = "Name is the name assigned to the headless action." + ENGINEActionDoc.Fields[2].Name = "description" + ENGINEActionDoc.Fields[2].Type = "string" + ENGINEActionDoc.Fields[2].Note = "" + ENGINEActionDoc.Fields[2].Description = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[2].Comments[encoder.LineComment] = "Description is the optional description of the headless action" + ENGINEActionDoc.Fields[3].Name = "action" + ENGINEActionDoc.Fields[3].Type = "string" + ENGINEActionDoc.Fields[3].Note = "" + ENGINEActionDoc.Fields[3].Description = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Comments[encoder.LineComment] = "Action is the type of the action to perform." + ENGINEActionDoc.Fields[3].Values = []string{ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep", + } + + WORKFLOWSWorkflowTemplateDoc.Type = "workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Comments[encoder.LineComment] = "" + WORKFLOWSWorkflowTemplateDoc.Description = "" + WORKFLOWSWorkflowTemplateDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "workflows", + }, + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "subtemplates", + }, + { + TypeName: "workflows.Matcher", + FieldName: "subtemplates", + }, + } + WORKFLOWSWorkflowTemplateDoc.Fields = make([]encoder.Doc, 4) + WORKFLOWSWorkflowTemplateDoc.Fields[0].Name = "template" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[0].Description = "Template is a single template or directory to execute as part of workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[0].Comments[encoder.LineComment] = "Template is a single template or directory to execute as part of workflow." + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A single template", "dns/worksites-detection.yaml") + + WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A template directory", "misconfigurations/aem") + WORKFLOWSWorkflowTemplateDoc.Fields[1].Name = "tags" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Description = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[1].Comments[encoder.LineComment] = "Tags to run templates based on." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Name = "matchers" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Type = "[]workflows.Matcher" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[2].Description = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[2].Comments[encoder.LineComment] = "Matchers perform name based matching to run subtemplates for a workflow." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Name = "subtemplates" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Note = "" + WORKFLOWSWorkflowTemplateDoc.Fields[3].Description = "Subtemplates are ran if the `template` field Template matches." + WORKFLOWSWorkflowTemplateDoc.Fields[3].Comments[encoder.LineComment] = "Subtemplates are ran if the `template` field Template matches." + + WORKFLOWSMatcherDoc.Type = "workflows.Matcher" + WORKFLOWSMatcherDoc.Comments[encoder.LineComment] = "" + WORKFLOWSMatcherDoc.Description = "" + WORKFLOWSMatcherDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "matchers", + }, + } + WORKFLOWSMatcherDoc.Fields = make([]encoder.Doc, 2) + WORKFLOWSMatcherDoc.Fields[0].Name = "name" + WORKFLOWSMatcherDoc.Fields[0].Type = "string" + WORKFLOWSMatcherDoc.Fields[0].Note = "" + WORKFLOWSMatcherDoc.Fields[0].Description = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[0].Comments[encoder.LineComment] = "Name is the name of the item to match." + WORKFLOWSMatcherDoc.Fields[1].Name = "subtemplates" + WORKFLOWSMatcherDoc.Fields[1].Type = "[]workflows.WorkflowTemplate" + WORKFLOWSMatcherDoc.Fields[1].Note = "" + WORKFLOWSMatcherDoc.Fields[1].Description = "Subtemplates are ran if the name of matcher matches." + WORKFLOWSMatcherDoc.Fields[1].Comments[encoder.LineComment] = "Subtemplates are ran if the name of matcher matches." +} + +// GetTemplateDoc returns documentation for the file templates_doc.go. +func GetTemplateDoc() *encoder.FileDoc { + return &encoder.FileDoc{ + Name: "Template", + Description: "", + Structs: []*encoder.Doc{ + &TemplateDoc, + &HTTPRequestDoc, + &MATCHERSMatcherDoc, + &EXTRACTORSExtractorDoc, + &DNSRequestDoc, + &FILERequestDoc, + &NETWORKRequestDoc, + &NETWORKInputDoc, + &HEADLESSRequestDoc, + &ENGINEActionDoc, + &WORKFLOWSWorkflowTemplateDoc, + &WORKFLOWSMatcherDoc, + }, + } +} diff --git a/v2/pkg/templates/templates_test.go b/v2/pkg/templates/templates_test.go new file mode 100644 index 000000000..dac8432fd --- /dev/null +++ b/v2/pkg/templates/templates_test.go @@ -0,0 +1 @@ +package templates From 01dcb01867b726831fb87c64be0ecaf683fd5d9b Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Wed, 4 Aug 2021 14:20:48 +0530 Subject: [PATCH 07/17] Added more docs examples + Misc --- v2/pkg/operators/extractors/extractors.go | 6 +- v2/pkg/protocols/dns/dns.go | 14 ++--- v2/pkg/protocols/file/file.go | 12 ++-- v2/pkg/protocols/headless/headless.go | 4 +- v2/pkg/protocols/http/http.go | 44 ++++++------- v2/pkg/protocols/network/network.go | 22 +++---- v2/pkg/templates/templates.go | 16 ++++- v2/pkg/templates/templates_doc.go | 26 ++++++-- v2/pkg/templates/templates_doc_examples.go | 72 ++++++++++++++++++++++ v2/pkg/workflows/workflows.go | 12 ++-- 10 files changed, 164 insertions(+), 64 deletions(-) create mode 100644 v2/pkg/templates/templates_doc_examples.go diff --git a/v2/pkg/operators/extractors/extractors.go b/v2/pkg/operators/extractors/extractors.go index 7096486c3..1fc2078b5 100644 --- a/v2/pkg/operators/extractors/extractors.go +++ b/v2/pkg/operators/extractors/extractors.go @@ -35,13 +35,13 @@ type Extractor struct { // - name: Wordpress Author Extraction regex // value: > // []string{"Author:(?:[A-Za-z0-9 -\\_=\"]+)?([A-Za-z0-9]+)<\\/span>"} - Regex []string `yaml:"regex"` + Regex []string `yaml:"regex,omitempty"` // description: | // Group specifies a numbered group to extract from the regex. // examples: // - name: Example Regex Group // - value: "1" - RegexGroup int `yaml:"group"` + RegexGroup int `yaml:"group,omitempty"` // regexCompiled is the compiled variant regexCompiled []*regexp.Regexp @@ -76,7 +76,7 @@ type Extractor struct { // examples: // - value: "\".[] | .id\"" // - value: "\".batters | .batter | .[] | .id\"" - JSON []string `yaml:"json"` + JSON []string `yaml:"json,omitempty"` // jsonCompiled is the compiled variant jsonCompiled []*gojq.Code diff --git a/v2/pkg/protocols/dns/dns.go b/v2/pkg/protocols/dns/dns.go index bfa572d6b..c322883b9 100644 --- a/v2/pkg/protocols/dns/dns.go +++ b/v2/pkg/protocols/dns/dns.go @@ -19,7 +19,7 @@ type Request struct { operators.Operators `yaml:",inline"` // ID is the ID of the request - ID string `yaml:"id"` + ID string `yaml:"id,omitempty"` // description: | // Name is the Hostname to make DNS request for. @@ -27,7 +27,7 @@ type Request struct { // Generally, it is set to {{FQDN}} which is the domain we get from input. // examples: // - value: "\"{{FQDN}}\"" - Name string `yaml:"name"` + Name string `yaml:"name,omitempty"` // description: | // Type is the type of DNS request to make. // values: @@ -39,7 +39,7 @@ type Request struct { // - "MX" // - "TXT" // - "AAAA" - Type string `yaml:"type"` + Type string `yaml:"type,omitempty"` // description: | // Class is the class of the DNS request. // @@ -51,15 +51,15 @@ type Request struct { // - "HESIOD" // - "NONE" // - "ANY" - Class string `yaml:"class"` + Class string `yaml:"class,omitempty"` // description: | // Retries is the number of retries for the DNS request // examples: // - name: Use a retry of 3 to 5 generally // value: 5 - Retries int `yaml:"retries"` + Retries int `yaml:"retries,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` dnsClient *retryabledns.Client options *protocols.ExecuterOptions @@ -69,7 +69,7 @@ type Request struct { // description: | // Recursion determines if resolver should recurse all records to get fresh results. - Recursion bool `yaml:"recursion"` + Recursion bool `yaml:"recursion,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/protocols/file/file.go b/v2/pkg/protocols/file/file.go index ea78be114..62f85eecd 100644 --- a/v2/pkg/protocols/file/file.go +++ b/v2/pkg/protocols/file/file.go @@ -16,7 +16,7 @@ type Request struct { // Extensions is the list of extensions to perform matching on. // examples: // - value: '[]string{".txt", ".go", ".json"}' - Extensions []string `yaml:"extensions"` + Extensions []string `yaml:"extensions,omitempty"` // description: | // ExtensionDenylist is the list of file extensions to deny during matching. // @@ -24,10 +24,10 @@ type Request struct { // in nuclei. // examples: // - value: '[]string{".avi", ".mov", ".mp3"}' - ExtensionDenylist []string `yaml:"denylist"` + ExtensionDenylist []string `yaml:"denylist,omitempty"` // ID is the ID of the request - ID string `yaml:"id"` + ID string `yaml:"id,omitempty"` // description: | // MaxSize is the maximum size of the file to run request on. @@ -36,8 +36,8 @@ type Request struct { // It can be set to much lower or higher depending on use. // examples: // - value: 2048 - MaxSize int `yaml:"max-size"` - CompiledOperators *operators.Operators + MaxSize int `yaml:"max-size,omitempty"` + CompiledOperators *operators.Operators `yaml:"-"` // cache any variables that may be needed for operation. options *protocols.ExecuterOptions @@ -46,7 +46,7 @@ type Request struct { // description: | // NoRecursive specifies whether to not do recursive checks if folders are provided. - NoRecursive bool `yaml:"no-recursive"` + NoRecursive bool `yaml:"no-recursive,omitempty"` allExtensions bool } diff --git a/v2/pkg/protocols/headless/headless.go b/v2/pkg/protocols/headless/headless.go index 5f0856c9f..00a5af25d 100644 --- a/v2/pkg/protocols/headless/headless.go +++ b/v2/pkg/protocols/headless/headless.go @@ -10,11 +10,11 @@ import ( // Request contains a Headless protocol request to be made from a template type Request struct { // ID is the ID of the request - ID string `yaml:"id"` + ID string `yaml:"id,omitempty"` // description: | // Steps is the list of actions to run for headless request - Steps []*engine.Action `yaml:"steps"` + Steps []*engine.Action `yaml:"steps,omitempty"` // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 030f7cd31..18b06822a 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -23,22 +23,22 @@ type Request struct { // - name: Some example path values // value: > // []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"} - Path []string `yaml:"path"` + Path []string `yaml:"path,omitempty"` // description: | // Raw contains HTTP Requests in Raw format. // examples: // - name: Some example raw requests // value: | // []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"} - Raw []string `yaml:"raw"` + Raw []string `yaml:"raw,omitempty"` // ID is the ID of the request - ID string `yaml:"id"` + ID string `yaml:"id,omitempty"` // description: | // Name is the optional name of the request. // // If a name is specified, all the named request in a template can be matched upon // in a combined manner allowing multirequest based matchers. - Name string `yaml:"Name"` + Name string `yaml:"name,omitempty"` // description: | // Attack is the type of payload combinations to perform. // @@ -48,7 +48,7 @@ type Request struct { // - "sniper" // - "pitchfork" // - "clusterbomb" - AttackType string `yaml:"attack"` + AttackType string `yaml:"attack,omitempty"` // description: | // Method is the HTTP Request Method. // values: @@ -56,13 +56,13 @@ type Request struct { // - "POST" // - "PUT" // - "DELETE" - Method string `yaml:"method"` + Method string `yaml:"method,omitempty"` // description: | // Body is an optional parameter which contains HTTP Request body. // examples: // - name: Same Body for a Login POST request // value: "\"username=test&password=test\"" - Body string `yaml:"body"` + Body string `yaml:"body,omitempty"` // description: | // Payloads contains any payloads for the current request. // @@ -81,37 +81,37 @@ type Request struct { // map[string]interface{}{ // "data": "helpers/payloads/command-injection.txt", // } - Payloads map[string]interface{} `yaml:"payloads"` + Payloads map[string]interface{} `yaml:"payloads,omitempty"` // description: | // Headers contains HTTP Headers to send with the request. // examples: // - value: | // map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"} - Headers map[string]string `yaml:"headers"` + Headers map[string]string `yaml:"headers,omitempty"` // description: | // RaceCount is the number of times to send a request in Race Condition Attack. // examples: // - name: Send a request 5 times // value: "5" - RaceNumberRequests int `yaml:"race_count"` + RaceNumberRequests int `yaml:"race_count,omitempty"` // description: | // MaxRedirects is the maximum number of redirects that should be followed. // examples: // - name: Follow upto 5 redirects // value: "5" - MaxRedirects int `yaml:"max-redirects"` + MaxRedirects int `yaml:"max-redirects,omitempty"` // description: | // PipelineConcurrentConnections is number of connections to create during pipelining. // examples: // - name: Create 40 concurrent connections // value: 40 - PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections"` + PipelineConcurrentConnections int `yaml:"pipeline-concurrent-connections,omitempty"` // description: | // PipelineRequestsPerConnection is number of requests to send per connection when pipelining. // examples: // - name: Send 100 requests per pipeline connection // value: 100 - PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection"` + PipelineRequestsPerConnection int `yaml:"pipeline-requests-per-connection,omitempty"` // description: | // Threads specifies number of threads to use sending requests. This enables Connection Pooling. // @@ -120,16 +120,16 @@ type Request struct { // examples: // - name: Send requests using 10 concurrent threads // value: 10 - Threads int `yaml:"threads"` + Threads int `yaml:"threads,omitempty"` // description: | // MaxSize is the maximum size of http response body to read in bytes. // examples: // - name: Read max 2048 bytes of the response // value: 2048 - MaxSize int `yaml:"max-size"` + MaxSize int `yaml:"max-size,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` options *protocols.ExecuterOptions attackType generators.Type @@ -142,33 +142,33 @@ type Request struct { // description: | // CookieReuse is an optional setting that enables cookie reuse for // all requests defined in raw section. - CookieReuse bool `yaml:"cookie-reuse"` + CookieReuse bool `yaml:"cookie-reuse,omitempty"` // description: | // Redirects specifies whether redirects should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. - Redirects bool `yaml:"redirects"` + Redirects bool `yaml:"redirects,omitempty"` // description: | // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining // // All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. - Pipeline bool `yaml:"pipeline"` + Pipeline bool `yaml:"pipeline,omitempty"` // description: | // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. // // This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete // control over the request, with no normalization performed by the client. - Unsafe bool `yaml:"unsafe"` + Unsafe bool `yaml:"unsafe,omitempty"` // description: | // Race determines if all the request have to be attempted at the same time (Race Condition) // // The actual number of requests that will be sent is determined by the `race_count` field. - Race bool `yaml:"race"` + Race bool `yaml:"race,omitempty"` // description: | // ReqCondition automatically assigns numbers to requests and preserves their history. // // This allows matching on them later for multi-request conditions. - ReqCondition bool `yaml:"req-condition"` + ReqCondition bool `yaml:"req-condition,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 20e3b54e3..180a5df78 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -16,7 +16,7 @@ import ( // Request contains a Network protocol request to be made from a template type Request struct { // ID is the ID of the request - ID string `yaml:"id"` + ID string `yaml:"id,omitempty"` // description: | // Address is the address to send requests to. @@ -26,7 +26,7 @@ type Request struct { // examples: // - value: | // []string{"{{Hostname}}"} - Address []string `yaml:"host"` + Address []string `yaml:"host,omitempty"` addresses []addressKV // description: | @@ -38,29 +38,29 @@ type Request struct { // - "sniper" // - "pitchfork" // - "clusterbomb" - AttackType string `yaml:"attack"` + AttackType string `yaml:"attack,omitempty"` // description: | // Payloads contains any payloads for the current request. // // Payloads support both key-values combinations where a list // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. - Payloads map[string]interface{} `yaml:"payloads"` + Payloads map[string]interface{} `yaml:"payloads,omitempty"` // description: | // Inputs contains inputs for the network socket - Inputs []*Input `yaml:"inputs"` + Inputs []*Input `yaml:"inputs,omitempty"` // description: | // ReadSize is the size of response to read at the end // // Default value for read-size is 1024. // examples: // - value: "2048" - ReadSize int `yaml:"read-size"` + ReadSize int `yaml:"read-size,omitempty"` // Operators for the current request go here. operators.Operators `yaml:",inline,omitempty"` - CompiledOperators *operators.Operators + CompiledOperators *operators.Operators `yaml:"-"` generator *generators.Generator attackType generators.Type @@ -84,7 +84,7 @@ type Input struct { // examples: // - value: "\"TEST\"" // - value: "\"hex_decode('50494e47')\"" - Data string `yaml:"data"` + Data string `yaml:"data,omitempty"` // description: | // Type is the type of input specified in `data` field. // @@ -92,7 +92,7 @@ type Input struct { // values: // - "hex" // - "text" - Type string `yaml:"type"` + Type string `yaml:"type,omitempty"` // description: | // Read is the number of bytes to read from socket. // @@ -103,12 +103,12 @@ type Input struct { // The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. // examples: // - value: "1024" - Read int `yaml:"read"` + Read int `yaml:"read,omitempty"` // description: | // Name is the optional name of the data read to provide matching on. // examples: // - value: "\"prefix\"" - Name string `yaml:"name"` + Name string `yaml:"name,omitempty"` } // GetID returns the unique ID of the request if any. diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 60d10aeec..47b767631 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -11,8 +11,8 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/workflows" ) -// Template is a YAML input file which defines the requests and -// others metadata for a scan template. +// Template is a YAML input file which defines all the requests and +// other metadata for a template. type Template struct { // description: | // ID is the unique id for the template. IDs must be lowercase @@ -32,18 +32,28 @@ type Template struct { // Info contains metadata information about the template. At minimum, it // should contain `name`, `author`, `severity`, `description`, `tags`. Optionally // you can also specify a list of `references` for the template. + // examples: + // - value: exampleInfoStructure Info map[string]interface{} `yaml:"info"` // description: | - // Requests contains the http request to make in the template + // Requests contains the http request to make in the template. + // examples: + // - value: exampleNormalHTTPRequest RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests"` // description: | // DNS contains the dns request to make in the template + // examples: + // - value: exampleNormalDNSRequest RequestsDNS []*dns.Request `yaml:"dns,omitempty" json:"dns"` // description: | // File contains the file request to make in the template + // examples: + // - value: exampleNormalFileRequest RequestsFile []*file.Request `yaml:"file,omitempty" json:"file"` // description: | // Network contains the network request to make in the template + // examples: + // - value: exampleNormalNetworkRequest RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network"` // description: | // Headless contains the headless request to make in the template. diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index aa54452e3..09db6d599 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -25,8 +25,8 @@ var ( func init() { TemplateDoc.Type = "Template" - TemplateDoc.Comments[encoder.LineComment] = " Template is a YAML input file which defines the requests and" - TemplateDoc.Description = "Template is a YAML input file which defines the requests and\n others metadata for a scan template." + TemplateDoc.Comments[encoder.LineComment] = " Template is a YAML input file which defines all the requests and" + TemplateDoc.Description = "Template is a YAML input file which defines all the requests and\n other metadata for a template." TemplateDoc.Fields = make([]encoder.Doc, 8) TemplateDoc.Fields[0].Name = "id" TemplateDoc.Fields[0].Type = "string" @@ -40,26 +40,36 @@ func init() { TemplateDoc.Fields[1].Note = "" TemplateDoc.Fields[1].Description = "Info contains metadata information about the template. At minimum, it\nshould contain `name`, `author`, `severity`, `description`, `tags`. Optionally\nyou can also specify a list of `references` for the template." TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template. At minimum, it" + + TemplateDoc.Fields[1].AddExample("", exampleInfoStructure) TemplateDoc.Fields[2].Name = "requests" TemplateDoc.Fields[2].Type = "[]http.Request" TemplateDoc.Fields[2].Note = "" - TemplateDoc.Fields[2].Description = "Requests contains the http request to make in the template" - TemplateDoc.Fields[2].Comments[encoder.LineComment] = "Requests contains the http request to make in the template" + TemplateDoc.Fields[2].Description = "Requests contains the http request to make in the template." + TemplateDoc.Fields[2].Comments[encoder.LineComment] = "Requests contains the http request to make in the template." + + TemplateDoc.Fields[2].AddExample("", exampleNormalHTTPRequest) TemplateDoc.Fields[3].Name = "dns" TemplateDoc.Fields[3].Type = "[]dns.Request" TemplateDoc.Fields[3].Note = "" TemplateDoc.Fields[3].Description = "DNS contains the dns request to make in the template" TemplateDoc.Fields[3].Comments[encoder.LineComment] = "DNS contains the dns request to make in the template" + + TemplateDoc.Fields[3].AddExample("", exampleNormalDNSRequest) TemplateDoc.Fields[4].Name = "file" TemplateDoc.Fields[4].Type = "[]file.Request" TemplateDoc.Fields[4].Note = "" TemplateDoc.Fields[4].Description = "File contains the file request to make in the template" TemplateDoc.Fields[4].Comments[encoder.LineComment] = "File contains the file request to make in the template" + + TemplateDoc.Fields[4].AddExample("", exampleNormalFileRequest) TemplateDoc.Fields[5].Name = "network" TemplateDoc.Fields[5].Type = "[]network.Request" TemplateDoc.Fields[5].Note = "" TemplateDoc.Fields[5].Description = "Network contains the network request to make in the template" TemplateDoc.Fields[5].Comments[encoder.LineComment] = "Network contains the network request to make in the template" + + TemplateDoc.Fields[5].AddExample("", exampleNormalNetworkRequest) TemplateDoc.Fields[6].Name = "headless" TemplateDoc.Fields[6].Type = "[]headless.Request" TemplateDoc.Fields[6].Note = "" @@ -74,6 +84,8 @@ func init() { HTTPRequestDoc.Type = "http.Request" HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" HTTPRequestDoc.Description = "Request contains a http request to be made from a template" + + HTTPRequestDoc.AddExample("", exampleNormalHTTPRequest) HTTPRequestDoc.AppearsIn = []encoder.Appearance{ { TypeName: "Template", @@ -459,6 +471,8 @@ func init() { DNSRequestDoc.Type = "dns.Request" DNSRequestDoc.Comments[encoder.LineComment] = " Request contains a DNS protocol request to be made from a template" DNSRequestDoc.Description = "Request contains a DNS protocol request to be made from a template" + + DNSRequestDoc.AddExample("", exampleNormalDNSRequest) DNSRequestDoc.AppearsIn = []encoder.Appearance{ { TypeName: "Template", @@ -541,6 +555,8 @@ func init() { FILERequestDoc.Type = "file.Request" FILERequestDoc.Comments[encoder.LineComment] = " Request contains a File matching mechanism for local disk operations." FILERequestDoc.Description = "Request contains a File matching mechanism for local disk operations." + + FILERequestDoc.AddExample("", exampleNormalFileRequest) FILERequestDoc.AppearsIn = []encoder.Appearance{ { TypeName: "Template", @@ -602,6 +618,8 @@ func init() { NETWORKRequestDoc.Type = "network.Request" NETWORKRequestDoc.Comments[encoder.LineComment] = " Request contains a Network protocol request to be made from a template" NETWORKRequestDoc.Description = "Request contains a Network protocol request to be made from a template" + + NETWORKRequestDoc.AddExample("", exampleNormalNetworkRequest) NETWORKRequestDoc.AppearsIn = []encoder.Appearance{ { TypeName: "Template", diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go new file mode 100644 index 000000000..b11645a45 --- /dev/null +++ b/v2/pkg/templates/templates_doc_examples.go @@ -0,0 +1,72 @@ +//nolint //do not lint as examples with no usage +package templates + +import ( + "github.com/projectdiscovery/nuclei/v2/pkg/operators" + "github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors" + "github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/file" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/http" + "github.com/projectdiscovery/nuclei/v2/pkg/protocols/network" +) + +var ( + exampleInfoStructure = map[string]interface{}{ + "name": "Argument Injection in Ruby Dragonfly", + "author": "0xsapra", + "severity": "critical", + "reference": "https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/", + "tags": "cve,cve2021,rce,ruby", + } + _ = exampleInfoStructure + + exampleNormalHTTPRequest = &http.Request{ + Method: "GET", + Path: []string{"{{BaseURL}}/.git/config"}, + Operators: operators.Operators{ + MatchersCondition: "and", + Matchers: []*matchers.Matcher{ + {Type: "word", Words: []string{"[core]"}}, + {Type: "dsl", DSL: []string{"!contains(tolower(body), ' Date: Thu, 5 Aug 2021 00:54:34 +0530 Subject: [PATCH 08/17] Misc changes to docs --- v2/go.mod | 2 +- v2/go.sum | 4 ++++ v2/pkg/operators/extractors/extractors.go | 8 +++++--- v2/pkg/templates/templates_doc.go | 4 ++-- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 658e87b44..f238a7dca 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -38,7 +38,7 @@ require ( github.com/projectdiscovery/retryabledns v1.0.10 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d - github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a // indirect + github.com/projectdiscovery/yamldoc-go v1.0.1 // indirect github.com/remeh/sizedwaitgroup v1.0.0 github.com/rivo/uniseg v0.2.0 // indirect github.com/rs/xid v1.2.1 diff --git a/v2/go.sum b/v2/go.sum index 27ecf2b5e..a47e754b0 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -294,6 +294,10 @@ github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d h1:nl github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d/go.mod h1:TVSdZC0rRQeMIbsNSiGPhbmhyRtxqqtAGA9JiiNp2r4= github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a h1:3mQRJkqj9TQiFMm3vQZAwrxImPov4gw8LBifyfCZGsg= github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= +github.com/projectdiscovery/yamldoc-go v1.0.0 h1:CGIsFTEGfrcdZHKIxuWfQgDwtY0Y2LRzZW+6aXeU17g= +github.com/projectdiscovery/yamldoc-go v1.0.0/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= +github.com/projectdiscovery/yamldoc-go v1.0.1 h1:q3LyS2Sq8RTxOQEWVza3wNA811eXlmqly3b2eiaQ+as= +github.com/projectdiscovery/yamldoc-go v1.0.1/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e h1:ZT3wZ92sp/EHEE/HcFCWCsYS3ROLjHb6EqSX8qYrgXw= github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e/go.mod h1:GkLsdH1RZj6RDKeI9A05NGZYmEZQ/PbQcZPnZoSZuYI= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= diff --git a/v2/pkg/operators/extractors/extractors.go b/v2/pkg/operators/extractors/extractors.go index 1fc2078b5..91e38de8a 100644 --- a/v2/pkg/operators/extractors/extractors.go +++ b/v2/pkg/operators/extractors/extractors.go @@ -40,7 +40,7 @@ type Extractor struct { // Group specifies a numbered group to extract from the regex. // examples: // - name: Example Regex Group - // - value: "1" + // value: "1" RegexGroup int `yaml:"group,omitempty"` // regexCompiled is the compiled variant regexCompiled []*regexp.Regexp @@ -74,8 +74,10 @@ type Extractor struct { // JSON allows using jq-style syntax to extract items from json response // // examples: - // - value: "\".[] | .id\"" - // - value: "\".batters | .batter | .[] | .id\"" + // - value: > + // []string{".[] | .id"} + // - value: > + // []string{".batters | .batter | .[] | .id"} JSON []string `yaml:"json,omitempty"` // jsonCompiled is the compiled variant jsonCompiled []*gojq.Code diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 09db6d599..173fa85de 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -459,9 +459,9 @@ func init() { EXTRACTORSExtractorDoc.Fields[6].Description = "JSON allows using jq-style syntax to extract items from json response" EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" - EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".[] | .id") + EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".[] | .id"}) - EXTRACTORSExtractorDoc.Fields[6].AddExample("", ".batters | .batter | .[] | .id") + EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".batters | .batter | .[] | .id"}) EXTRACTORSExtractorDoc.Fields[7].Name = "internal" EXTRACTORSExtractorDoc.Fields[7].Type = "bool" EXTRACTORSExtractorDoc.Fields[7].Note = "" From 232c0d9e0ee9ac3b7d9fad4be65413f9ae30fbbb Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 15:11:19 +0530 Subject: [PATCH 09/17] Fixed some merge problems + misc docgen --- v2/Makefile | 4 + v2/go.mod | 52 ++--- v2/go.sum | 257 +++++++++++++-------- v2/internal/severity/severity.go | 5 +- v2/internal/severity/severity_test.go | 8 + v2/pkg/model/model.go | 60 ++++- v2/pkg/model/model_test.go | 28 +++ v2/pkg/protocols/http/http.go | 12 - v2/pkg/templates/templates_doc.go | 132 ++++++++++- v2/pkg/templates/templates_doc_examples.go | 16 +- 10 files changed, 412 insertions(+), 162 deletions(-) diff --git a/v2/Makefile b/v2/Makefile index 5d3e30536..0682b184c 100644 --- a/v2/Makefile +++ b/v2/Makefile @@ -9,6 +9,10 @@ all: build build: $(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go docs: + if ! which dstdocgen > /dev/null; then + echo -e "Command not found! Install? (y/n) \c" + go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen + fi $(GOCMD) generate pkg/templates/templates.go $(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go ./cmd/docgen/docgen docs.md diff --git a/v2/go.mod b/v2/go.mod index 19fe63837..59c5debb9 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -1,70 +1,60 @@ module github.com/projectdiscovery/nuclei/v2 -go 1.15 +go 1.16 require ( github.com/Knetic/govaluate v3.0.0+incompatible - github.com/andygrunwald/go-jira v1.13.0 + github.com/andygrunwald/go-jira v1.14.0 github.com/antchfx/htmlquery v1.2.3 github.com/apex/log v1.9.0 github.com/blang/semver v3.5.1+incompatible - github.com/bluele/gcache v0.0.2 // indirect + github.com/bluele/gcache v0.0.2 github.com/c4milo/unpackit v0.1.0 // indirect github.com/corpix/uarand v0.1.1 - github.com/fatih/structs v1.1.0 // indirect github.com/go-rod/rod v0.91.1 - github.com/golang/protobuf v1.4.3 // indirect github.com/google/go-github v17.0.0+incompatible github.com/gosuri/uilive v0.0.4 // indirect github.com/gosuri/uiprogress v0.0.1 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.6.8 // indirect - github.com/json-iterator/go v1.1.10 github.com/itchyny/gojq v0.12.4 github.com/json-iterator/go v1.1.11 github.com/julienschmidt/httprouter v1.3.0 github.com/karlseguin/ccache v2.0.3+incompatible github.com/karrick/godirwalk v1.16.1 github.com/logrusorgru/aurora v2.0.3+incompatible - github.com/mattn/go-runewidth v0.0.10 // indirect github.com/miekg/dns v1.1.43 github.com/olekukonko/tablewriter v0.0.5 - github.com/owenrumney/go-sarif v1.0.4 + github.com/owenrumney/go-sarif v1.0.11 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.8 - github.com/projectdiscovery/fastdialer v0.0.8 + github.com/projectdiscovery/fastdialer v0.0.12 github.com/projectdiscovery/goflags v0.0.7 github.com/projectdiscovery/gologger v1.1.4 - github.com/projectdiscovery/hmap v0.0.1 + github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f github.com/projectdiscovery/interactsh v0.0.4 github.com/projectdiscovery/rawhttp v0.0.7 - github.com/projectdiscovery/retryabledns v1.0.10 - github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 -<<<<<<< HEAD - github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d - github.com/projectdiscovery/yamldoc-go v1.0.1 // indirect -======= + github.com/projectdiscovery/retryabledns v1.0.12 + github.com/projectdiscovery/retryablehttp-go v1.0.1 github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe ->>>>>>> 37eaadefeaec7c24eb38a0c70888f832f41334ef + github.com/projectdiscovery/yamldoc-go v1.0.2 github.com/remeh/sizedwaitgroup v1.0.0 - github.com/rivo/uniseg v0.2.0 // indirect github.com/rs/xid v1.3.0 - github.com/segmentio/ksuid v1.0.3 - github.com/shirou/gopsutil/v3 v3.21.5 + github.com/segmentio/ksuid v1.0.4 + github.com/shirou/gopsutil/v3 v3.21.7 github.com/spaolacci/murmur3 v1.1.0 - github.com/spf13/cast v1.3.1 + github.com/spf13/cast v1.4.1 github.com/stretchr/testify v1.7.0 github.com/syndtr/goleveldb v1.0.0 github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible - github.com/trivago/tgo v1.0.7 // indirect github.com/valyala/fasttemplate v1.2.1 - github.com/xanzy/go-gitlab v0.44.0 - go.uber.org/atomic v1.7.0 - go.uber.org/multierr v1.6.0 + github.com/xanzy/go-gitlab v0.50.3 + github.com/ysmood/got v0.14.1 // indirect + github.com/ysmood/gotrace v0.2.2 // indirect + github.com/ysmood/gson v0.6.4 // indirect + github.com/ysmood/leakless v0.7.0 // indirect + go.uber.org/atomic v1.9.0 + go.uber.org/multierr v1.7.0 go.uber.org/ratelimit v0.2.0 - golang.org/x/net v0.0.0-20210614182718-04defd469f4e - golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 - golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect - google.golang.org/appengine v1.6.7 // indirect + golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d + golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab gopkg.in/yaml.v2 v2.4.0 ) diff --git a/v2/go.sum b/v2/go.sum index 96823a35a..36bcd8f91 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a h1:3i+FJ7IpSZHL+VAjtpQeZCRhrpP0odl5XfoLBY4fxJ8= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a/go.mod h1:C7hXLmFmPYPjIDGfQl1clsmQ5TMEQfmzWTrJk475bUs= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg= @@ -40,12 +42,17 @@ github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8L github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk= -github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA= +github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= +github.com/akrylysov/pogreb v0.10.0 h1:pVKi+uf3EzZUmiwr9bZnPk4W379KP8QsFzAa9IUuOog= +github.com/akrylysov/pogreb v0.10.0/go.mod h1:pNs6QmpQ1UlTJKDezuRWmaqkgUE2TuU0YTWyqJZ7+lI= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= -github.com/andygrunwald/go-jira v1.13.0 h1:vvIImGgX32bHfoiyUwkNo+/YrPnRczNarvhLOncP6dE= -github.com/andygrunwald/go-jira v1.13.0/go.mod h1:jYi4kFDbRPZTJdJOVJO4mpMMIwdB+rcZwSO58DzPd2I= +github.com/andygrunwald/go-jira v1.14.0 h1:7GT/3qhar2dGJ0kq8w0d63liNyHOnxZsUZ9Pe4+AKBI= +github.com/andygrunwald/go-jira v1.14.0/go.mod h1:KMo2f4DgMZA1C9FdImuLc04x4WQhn5derQpnsuBFgqE= github.com/antchfx/htmlquery v1.2.3 h1:sP3NFDneHx2stfNXCKbhHFo8XgNjCACnU/4AO5gWz6M= github.com/antchfx/htmlquery v1.2.3/go.mod h1:B0ABL+F5irhhMWg54ymEZinzMSi0Kt3I2if0BLYa3V0= github.com/antchfx/xpath v1.1.6 h1:6sVh6hB5T6phw1pFpHRQ+C4bd8sNI+O58flqtg7h0R0= @@ -56,6 +63,7 @@ github.com/apex/logs v1.0.0/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDw github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= @@ -67,6 +75,8 @@ github.com/bradfitz/iter v0.0.0-20191230175014-e8f45d346db8/go.mod h1:spo1JLcs67 github.com/c4milo/unpackit v0.1.0 h1:91pWJ6B3svZ4LOE+p3rnyucRK5fZwBdF/yQ/pcZO31I= github.com/c4milo/unpackit v0.1.0/go.mod h1:pvXCMYlSV8zwGFWMaT+PWYkAB/cvDjN2mv9r7ZRSxEo= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -75,9 +85,14 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 h1:ox2F0PSMlrAAiAdknSRMDrAr8mfxPCfSZolH+/qQnyQ= github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08/go.mod h1:pCxVEbcm3AMg7ejXyorUXi6HQCzOIBf7zEDVPtw0/U4= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY= github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= @@ -86,13 +101,21 @@ github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWE github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= +github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= +github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/ristretto v0.0.3 h1:jh22xisGBjrEVnRZ1DVTpBVQm0Xndu8sMl0CWDzSIBI= +github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= +github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eggsampler/acme/v3 v3.2.1 h1:Lfsrg3M2zt00QRnizOFzdpSfsS9oDvPsGrodXS/w1KI= github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -100,20 +123,24 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/structs v1.0.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI= -github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= +github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY= +github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-redis/redis v6.15.5+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-rod/rod v0.91.1 h1:7xIlC/bXCXosZqZUl2x6GVB8tv4yMQ4W/ZVdGVa1qYI= github.com/go-rod/rod v0.91.1/go.mod h1:/W4lcZiCALPD603MnJGIvhtywP3R6yRB9EDfFfsHiiI= +github.com/go-rod/rod v0.101.5 h1:Dc3IDAQ0k8BUuKsF+xEg23SimHEs5uoTEiEH1zBf7W0= +github.com/go-rod/rod v0.101.5/go.mod h1:+iB8bs4SPa2DKxDUo1jy316LoQ5uEE6k58UfQdQTMhs= +github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= +github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -139,11 +166,13 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.2 h1:aeE13tS0IiQgFjYdoL8qN3K1N2bXXtI6Vi51/y7BpMw= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -153,8 +182,10 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v0.0.0-20170111101155-53e6ce116135/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -181,23 +212,20 @@ github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY= github.com/gosuri/uilive v0.0.4/go.mod h1:V/epo5LjjlDE5RJUcqx8dbw+zc93y5Ya3yg8tfZ74VI= github.com/gosuri/uiprogress v0.0.1 h1:0kpv/XY/qTmFWl/SkaJykZXrBBzwwadmW8fRb7RJSxw= github.com/gosuri/uiprogress v0.0.1/go.mod h1:C1RTYn4Sc7iEyf6j8ft5dyoZ4212h8G1ol9QQluh5+0= +github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs= github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hooklift/assert v0.1.0 h1:UZzFxx5dSb9aBtvMHTtnPuvFnBvcEhHTPb9+0+jpEjs= github.com/hooklift/assert v0.1.0/go.mod h1:pfexfvIHnKCdjh6CkkIZv5ic6dQ6aU2jhKghBlXuwwY= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/itchyny/go-flags v1.5.0/go.mod h1:lenkYuCobuxLBAd/HGFE4LRoW8D3B6iXRQfWYJ+MNbA= github.com/itchyny/gojq v0.12.4 h1:8zgOZWMejEWCLjbF/1mWY7hY7QEARm7dtuhC6Bp4R8o= github.com/itchyny/gojq v0.12.4/go.mod h1:EQUSKgW/YaOxmXpAwGiowFDO4i2Rmtk5+9dFyeiymAg= @@ -238,23 +266,25 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8= github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg= -github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= -github.com/miekg/dns v1.1.38/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -262,19 +292,27 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4= +github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/owenrumney/go-sarif v1.0.4 h1:0LFC5eHP6amc/9ajM1jDiE52UfXFcl/oozay+X3KgV4= -github.com/owenrumney/go-sarif v1.0.4/go.mod h1:DXUGbHwQcCMvqcvZbxh8l/7diHsJVztOKZgmPt88RNI= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ= +github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= +github.com/owenrumney/go-sarif v1.0.11 h1:7k4TLSi6h3vAozSECjO0arcQoeUNDMgvA7LDac95sJo= +github.com/owenrumney/go-sarif v1.0.11/go.mod h1:hTBFbxU7GuVRUvwMx+eStp9M/Oun4xHCS3vqpPvket8= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -282,61 +320,74 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/projectdiscovery/clistats v0.0.8 h1:tjmWb15mqsPf/yrQXVHLe2ThZX/5+mgKSfZBKWWLh20= github.com/projectdiscovery/clistats v0.0.8/go.mod h1:lV6jUHAv2bYWqrQstqW8iVIydKJhWlVaLl3Xo9ioVGg= -github.com/projectdiscovery/fastdialer v0.0.8 h1:mEMc8bfXV5hc1PUEkJiUnR5imYQe6+839Zezd5jLkc0= -github.com/projectdiscovery/fastdialer v0.0.8/go.mod h1:AuaV0dzrNeBLHqjNnzpFSnTXnHGIZAlGQE+WUMmSIW4= +github.com/projectdiscovery/fastdialer v0.0.12 h1:TjvM41UfR+A7YsxQZoTvI6C5nVe1d+fvRqtcDNbSwz8= +github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0= github.com/projectdiscovery/goflags v0.0.7 h1:aykmRkrOgDyRwcvGrK3qp+9aqcjGfAMs/+LtRmtyxwk= github.com/projectdiscovery/goflags v0.0.7/go.mod h1:Jjwsf4eEBPXDSQI2Y+6fd3dBumJv/J1U0nmpM+hy2YY= +github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE= github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI= github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY= -github.com/projectdiscovery/hmap v0.0.1 h1:VAONbJw5jP+syI5smhsfkrq9XPGn4aiYy5pR6KR1wog= github.com/projectdiscovery/hmap v0.0.1/go.mod h1:VDEfgzkKQdq7iGTKz8Ooul0NuYHQ8qiDs6r8bPD1Sb0= +github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f h1:r0t4/voYErvcK/WBNZkvjZf6aQK0FOnc/sQKjlMS1AA= +github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f/go.mod h1:FH+MS/WNKTXJQtdRn+/Zg5WlKCiMN0Z1QUedUIuM5n8= github.com/projectdiscovery/interactsh v0.0.4 h1:3BtCZrrTovGYiqdFktXJ4NxKAQFvUvzcEI5pJIuShM8= github.com/projectdiscovery/interactsh v0.0.4/go.mod h1:PtJrddeBW1/LeOVgTvvnjUl3Hu/17jTkoIi8rXeEODE= +github.com/projectdiscovery/ipranger v0.0.2/go.mod h1:kcAIk/lo5rW+IzUrFkeYyXnFJ+dKwYooEOHGVPP/RWE= +github.com/projectdiscovery/iputil v0.0.0-20210414194613-4b4d2517acf0/go.mod h1:PQAqn5h5NXsQTF4ZA00ZTYLRzGCjOtcCq8llAqrsd1A= +github.com/projectdiscovery/iputil v0.0.0-20210429152401-c18a5408ca46 h1:veDjJpC3q2PLyuYPS3jNeoYgbHvHPWQhwqRPoCe6YTA= +github.com/projectdiscovery/iputil v0.0.0-20210429152401-c18a5408ca46/go.mod h1:PQAqn5h5NXsQTF4ZA00ZTYLRzGCjOtcCq8llAqrsd1A= +github.com/projectdiscovery/mapcidr v0.0.4/go.mod h1:ALOIj6ptkWujNoX8RdQwB2mZ+kAmKuLJBq9T5gR5wG0= +github.com/projectdiscovery/mapcidr v0.0.6 h1:RRIrqNakUEF/pstIXWTD6yvCMF9N6SnOb9m4ju4xavc= +github.com/projectdiscovery/mapcidr v0.0.6/go.mod h1:ZEBhMmBU3laUl3g9QGTrzJku1VJOzjdFwW01f/zVVzM= +github.com/projectdiscovery/networkpolicy v0.0.1 h1:RGRuPlxE8WLFF9tdKSjTsYiTIKHNHW20Kl0nGGiRb1I= +github.com/projectdiscovery/networkpolicy v0.0.1/go.mod h1:asvdg5wMy3LPVMGALatebKeOYH5n5fV5RCTv6DbxpIs= github.com/projectdiscovery/rawhttp v0.0.7 h1:5m4peVgjbl7gqDcRYMTVEuX+Xs/nh76ohTkkvufucLg= github.com/projectdiscovery/rawhttp v0.0.7/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0= -github.com/projectdiscovery/retryabledns v1.0.7/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ= -github.com/projectdiscovery/retryabledns v1.0.10 h1:xJZ2aKoqrNg/OZEw1+4+QIOH40V/WkZDYY1ZZc+uphE= -github.com/projectdiscovery/retryabledns v1.0.10/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryabledns v1.0.11/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryabledns v1.0.12 h1:OzCsUaipN75OwjtH62FxBIhKye1NmnfG4DxtQclOtns= +github.com/projectdiscovery/retryabledns v1.0.12/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= +github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE= github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek= -github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 h1:CJHP3CLCc/eqdXQEvZy8KiiqtAk9kEsd1URtPyPAQ1s= -github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727/go.mod h1:dx//aY9V247qHdsRf0vdWHTBZuBQ2vm6Dq5dagxrDYI= -github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d h1:nlOAex7twmrEqD5i6WLnugF9uO3DQ6jDEKN9gevrTAk= -github.com/projectdiscovery/stringsutil v0.0.0-20210617141317-00728870f68d/go.mod h1:TVSdZC0rRQeMIbsNSiGPhbmhyRtxqqtAGA9JiiNp2r4= -github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a h1:3mQRJkqj9TQiFMm3vQZAwrxImPov4gw8LBifyfCZGsg= -github.com/projectdiscovery/yamldoc-go v0.0.0-20210803152633-4db1fb7fe36a/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= -github.com/projectdiscovery/yamldoc-go v1.0.0 h1:CGIsFTEGfrcdZHKIxuWfQgDwtY0Y2LRzZW+6aXeU17g= -github.com/projectdiscovery/yamldoc-go v1.0.0/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= +github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe h1:tQTgf5XLBgZbkJDPtnV3SfdP9tzz5ZWeDBwv8WhnH9Q= +github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I= github.com/projectdiscovery/yamldoc-go v1.0.1 h1:q3LyS2Sq8RTxOQEWVza3wNA811eXlmqly3b2eiaQ+as= github.com/projectdiscovery/yamldoc-go v1.0.1/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= -github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e h1:ZT3wZ92sp/EHEE/HcFCWCsYS3ROLjHb6EqSX8qYrgXw= -github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e/go.mod h1:GkLsdH1RZj6RDKeI9A05NGZYmEZQ/PbQcZPnZoSZuYI= +github.com/projectdiscovery/yamldoc-go v1.0.2 h1:SKb7PHgSOXm27Zci05ba0FxpyQiu6bGEiVMEcjCK1rQ= +github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= -github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= -github.com/segmentio/ksuid v1.0.3 h1:FoResxvleQwYiPAVKe1tMUlEirodZqlqglIuFsdDntY= +github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4= +github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/segmentio/ksuid v1.0.3/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= +github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/shirou/gopsutil/v3 v3.21.5 h1:YUBf0w/KPLk7w1803AYBnH7BmA+1Z/Q5MEZxpREUaB4= -github.com/shirou/gopsutil/v3 v3.21.5/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw= +github.com/shirou/gopsutil/v3 v3.21.7 h1:PnTqQamUjwEDSgn+nBGu0qSDV/CfvyiR/gwTH3i7HTU= +github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= +github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -349,15 +400,17 @@ github.com/tj/go-buffer v1.1.0/go.mod h1:iyiJpfFcR2B9sXu7KvjbT9fpM4mOelRSDTbntVj github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= +github.com/tj/go-update v2.2.4+incompatible h1:7Rkw5ZyRSFb3QyEWM7sHCy9rCy1/r66elkOyGlfnZFc= +github.com/tj/go-update v2.2.4+incompatible/go.mod h1:waFwwyiAhGey2e+dNoYQ/iLhIcFqhCW7zL/+vDU1WLo= github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible h1:guTq1YxwB8XSILkI9q4IrOmrCOS6Hc1L3hmOhi4Swcs= github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible/go.mod h1:waFwwyiAhGey2e+dNoYQ/iLhIcFqhCW7zL/+vDU1WLo= -github.com/tklauser/go-sysconf v0.3.4 h1:HT8SVixZd3IzLdfs/xlpq0jeSfTX57g1v6wB1EuzV7M= -github.com/tklauser/go-sysconf v0.3.4/go.mod h1:Cl2c8ZRWfHD5IrfHo9VN+FX9kCFjIOyVklgXycLB6ek= -github.com/tklauser/numcpus v0.2.1 h1:ct88eFm+Q7m2ZfXJdan1xYoXKlmwsfP+k88q05KvlZc= -github.com/tklauser/numcpus v0.2.1/go.mod h1:9aU+wOc6WjUIZEwWMP62PL/41d65P+iks1gBkr4QyP8= -github.com/trivago/tgo v1.0.1/go.mod h1:w4dpD+3tzNIIiIfkWWa85w5/B77tlvdZckQ+6PkFnhc= +github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg= +github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4= +github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8= +github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8dsCw5j+E= github.com/trivago/tgo v1.0.7 h1:uaWH/XIy9aWYWpjm2CU3RpcqZXmX2ysQ9/Go+d9gyrM= github.com/trivago/tgo v1.0.7/go.mod h1:w4dpD+3tzNIIiIfkWWa85w5/B77tlvdZckQ+6PkFnhc= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= @@ -369,36 +422,47 @@ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ= github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM= -github.com/xanzy/go-gitlab v0.44.0 h1:cEiGhqu7EpFGuei2a2etAwB+x6403E5CvpLn35y+GPs= -github.com/xanzy/go-gitlab v0.44.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= +github.com/xanzy/go-gitlab v0.50.3 h1:M7ncgNhCN4jaFNyXxarJhCLa9Qi6fdmCxFFhMTQPZiY= +github.com/xanzy/go-gitlab v0.50.3/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU= +github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g= github.com/ysmood/goob v0.3.0 h1:XZ51cZJ4W3WCoCiUktixzMIQF86W7G5VFL4QQ/Q2uS0= github.com/ysmood/goob v0.3.0/go.mod h1:S3lq113Y91y1UBf1wj1pFOxeahvfKkCk6mTWTWbDdWs= -github.com/ysmood/got v0.9.3 h1:qx51X49jL/WAiqZzPTkPZ0zp5pTmrWJa4zYFTYo0gHI= github.com/ysmood/got v0.9.3/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= -github.com/ysmood/gotrace v0.2.0 h1:IkTC6rJREwXSaG8yWK+NFwIJGIsxA1DjC6/gxYyQttE= +github.com/ysmood/got v0.14.1 h1:lTtBNVF2nxLs/jcV7leNUWVYO9jgjOUpClXbu3ihIPA= +github.com/ysmood/got v0.14.1/go.mod h1:pE1l4LOwOBhQg6A/8IAatkGp7uZjnalzrZolnlhhMgY= github.com/ysmood/gotrace v0.2.0/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= -github.com/ysmood/gson v0.6.3 h1:4cU+5oOdsyundXHy00t99H0rLXLthuseD3x6W+xmCiU= +github.com/ysmood/gotrace v0.2.2 h1:006KHGRThSRf8lwh4EyhNmuuq/l+Ygs+JqojkhEG1/E= +github.com/ysmood/gotrace v0.2.2/go.mod h1:TzhIG7nHDry5//eYZDYcTzuJLYQIkykJzCRIo4/dzQM= github.com/ysmood/gson v0.6.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= -github.com/ysmood/leakless v0.6.12 h1:XxtRYl97bJklfv4BZVdyGnd/y42p6w8lu1hUzfCkT4M= +github.com/ysmood/gson v0.6.4 h1:Yb6tosv6bk59HqjZu2/7o4BFherpYEMkDkXmlhgryZ4= +github.com/ysmood/gson v0.6.4/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/leakless v0.6.12/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= +github.com/ysmood/leakless v0.7.0 h1:XCGdaPExyoreoQd+H5qgxM3ReNbSPFsEXpSKwbXbwQw= +github.com/ysmood/leakless v0.7.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zclconf/go-cty v1.8.2 h1:u+xZfBKgpycDnTNjPhGiTEYZS5qS/Sb5MqSfm7vzcjg= -github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.8.4 h1:pwhhz5P+Fjxse7S7UriBrMu6AUJSZM5pKqGem1PjGAs= +github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= +go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= +go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -406,7 +470,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -437,11 +500,11 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -464,24 +527,26 @@ golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99 h1:5vD4XjIc0X5+kHZjx4UecYdjA6mJo+XXNoaW0EjU5Os= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab h1:llrcWN/wOwO+6gAyfBzxb5hZ+c3mriU/0+KNgYu6adA= +golang.org/x/oauth2 v0.0.0-20210817223510-7df4dd6e12ab/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -490,11 +555,13 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -503,10 +570,14 @@ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -523,19 +594,21 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201113233024-12cec1faf1ba/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210415045647-66c3f260301c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b h1:qh4f65QIVFjq9eBURLEYWqaEXmOyqdUyiBSgaXWccWk= +golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -546,9 +619,8 @@ golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE= -golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -591,7 +663,9 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -620,9 +694,8 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -673,8 +746,10 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -683,13 +758,14 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/corvus-ch/zbase32.v1 v1.0.0 h1:K4u1NprbDNvKPczKfHLbwdOWHTZ0zfv2ow71H1nRnFU= gopkg.in/corvus-ch/zbase32.v1 v1.0.0/go.mod h1:T3oKkPOm4AV/bNXCNFUxRmlE9RUyBz/DSo0nK9U+c0Y= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -703,6 +779,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA= mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/v2/internal/severity/severity.go b/v2/internal/severity/severity.go index 0cd555062..c889356a8 100644 --- a/v2/internal/severity/severity.go +++ b/v2/internal/severity/severity.go @@ -53,7 +53,6 @@ func (severity Severity) String() string { } //nolint:exported,revive //prefer to be explicit about the name, and make it refactor-safe -//goland:noinspection GoNameStartsWithPackageName type SeverityHolder struct { Severity Severity } @@ -76,3 +75,7 @@ func (severityHolder *SeverityHolder) UnmarshalYAML(unmarshal func(interface{}) func (severityHolder *SeverityHolder) MarshalJSON() ([]byte, error) { return json.Marshal(severityHolder.Severity.String()) } + +func (severityHolder SeverityHolder) MarshalYAML() (interface{}, error) { + return severityHolder.Severity.String(), nil +} diff --git a/v2/internal/severity/severity_test.go b/v2/internal/severity/severity_test.go index d782cb39e..fc091a034 100644 --- a/v2/internal/severity/severity_test.go +++ b/v2/internal/severity/severity_test.go @@ -12,6 +12,14 @@ func TestYamlUnmarshal(t *testing.T) { testUnmarshal(t, yaml.Unmarshal, func(value string) string { return value }) } +func TestYamlMarshal(t *testing.T) { + severity := SeverityHolder{Severity: High} + + marshalled, err := severity.MarshalYAML() + assert.Nil(t, err, "could not marshal yaml") + assert.Equal(t, "high", marshalled, "could not marshal severity correctly") +} + func TestYamlUnmarshalFail(t *testing.T) { testUnmarshalFail(t, yaml.Unmarshal, createYAML) } diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 7d709e556..ab37195e5 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -3,20 +3,64 @@ package model import ( "encoding/json" "fmt" - "gopkg.in/yaml.v2" "strings" "github.com/projectdiscovery/nuclei/v2/internal/severity" "github.com/projectdiscovery/nuclei/v2/pkg/utils" ) +// Info contains metadata information about a template type Info struct { - Name string `json:"name" yaml:"name"` - Authors StringSlice `json:"author" yaml:"author"` - Tags StringSlice `json:"tags" yaml:"tags"` - Description string `json:"description" yaml:"description"` - Reference StringSlice `json:"reference" yaml:"reference"` - SeverityHolder severity.SeverityHolder `json:"severity" yaml:"severity"` + // description: | + // Name should be good short summary that identifies what the template does. + // + // examples: + // - value: "\"bower.json file disclosure\"" + // - value: "\"Nagios Default Credentials Check\"" + Name string `json:"name,omitempty" yaml:"name,omitempty"` + // description: | + // Author of the template. + // + // examples: + // - value: "\"\"" + Authors StringSlice `json:"author,omitempty" yaml:"author,omitempty"` + // description: | + // Any tags for the template. + // + // Multiple values can also be specified separated by commas. + // + // examples: + // - name: Example tags + // value: "\"cve,cve2019,grafana,auth-bypass,dos\"" + Tags StringSlice `json:"tags,omitempty" yaml:"tags,omitempty"` + // description: | + // Description of the template. + // + // You can go in-depth here on what the template actually does. + // + // examples: + // - value: "\"Bower is a package manager which stores packages informations in bower.json file\"" + // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" + Description string `json:"description,omitempty" yaml:"description,omitempty"` + // description: | + // References for the template. + // + // This should contain links relevant to the template. + // + // examples: + // - value: > + // []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"} + Reference StringSlice `json:"reference,omitempty" yaml:"reference,omitempty"` + // description: | + // Severity of the template. + // + // values: + // - info + // - low + // - medium + // - high + // - critical + SeverityHolder severity.SeverityHolder `json:"severity,omitempty" yaml:"severity,omitempty"` } // StringSlice represents a single (in-lined) or multiple string value(s). @@ -82,7 +126,7 @@ func marshalStringToSlice(unmarshal func(interface{}) error) ([]string, error) { } func (stringSlice StringSlice) MarshalYAML() (interface{}, error) { - return yaml.Marshal(stringSlice.Value) + return stringSlice.Value, nil } func (stringSlice StringSlice) MarshalJSON() ([]byte, error) { diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index 083214019..d5a363536 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -6,6 +6,7 @@ import ( "github.com/projectdiscovery/nuclei/v2/internal/severity" "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" ) func TestInfoJsonMarshal(t *testing.T) { @@ -24,3 +25,30 @@ func TestInfoJsonMarshal(t *testing.T) { expected := `{"name":"Test Template Name","author":["forgedhallpass","ice3man"],"tags":["cve","misc"],"description":"Test description","reference":"reference1","severity":"high"}` assert.Equal(t, expected, string(result)) } + +func TestInfoYamlMarshal(t *testing.T) { + info := Info{ + Name: "Test Template Name", + Authors: StringSlice{[]string{"forgedhallpass", "ice3man"}}, + Description: "Test description", + SeverityHolder: severity.SeverityHolder{Severity: severity.High}, + Tags: StringSlice{[]string{"cve", "misc"}}, + Reference: StringSlice{"reference1"}, + } + + result, err := yaml.Marshal(&info) + assert.Nil(t, err) + + expected := `name: Test Template Name +author: +- forgedhallpass +- ice3man +tags: +- cve +- misc +description: Test description +reference: reference1 +severity: high +` + assert.Equal(t, expected, string(result)) +} diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index b35dd0e27..4e93753ac 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -69,18 +69,6 @@ type Request struct { // Payloads support both key-values combinations where a list // of payloads is provided, or optionally a single file can also // be provided as payload which will be read on run-time. - // examples: - // - name: A payload list for Tomcat Bruteforce - // value: > - // map[string]interface{}{ - // "username": []string{"tomcat", "admin"}, - // "password": []string{"tomcat", "admin", "password"}, - // } - // - name: A payload example of reading from file - // value: > - // map[string]interface{}{ - // "data": "helpers/payloads/command-injection.txt", - // } Payloads map[string]interface{} `yaml:"payloads,omitempty"` // description: | // Headers contains HTTP Headers to send with the request. diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 173fa85de..439b41757 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -10,6 +10,9 @@ import ( var ( TemplateDoc encoder.Doc + MODELInfoDoc encoder.Doc + MODELStringSliceDoc encoder.Doc + SEVERITYSeverityHolderDoc encoder.Doc HTTPRequestDoc encoder.Doc MATCHERSMatcherDoc encoder.Doc EXTRACTORSExtractorDoc encoder.Doc @@ -36,10 +39,10 @@ func init() { TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") TemplateDoc.Fields[1].Name = "info" - TemplateDoc.Fields[1].Type = "map[string]interface{}" + TemplateDoc.Fields[1].Type = "model.Info" TemplateDoc.Fields[1].Note = "" - TemplateDoc.Fields[1].Description = "Info contains metadata information about the template. At minimum, it\nshould contain `name`, `author`, `severity`, `description`, `tags`. Optionally\nyou can also specify a list of `references` for the template." - TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template. At minimum, it" + TemplateDoc.Fields[1].Description = "Info contains metadata information about the template." + TemplateDoc.Fields[1].Comments[encoder.LineComment] = "Info contains metadata information about the template." TemplateDoc.Fields[1].AddExample("", exampleInfoStructure) TemplateDoc.Fields[2].Name = "requests" @@ -81,6 +84,92 @@ func init() { TemplateDoc.Fields[7].Description = "Workflows is a list of workflows to execute for a template." TemplateDoc.Fields[7].Comments[encoder.LineComment] = "Workflows is a list of workflows to execute for a template." + MODELInfoDoc.Type = "model.Info" + MODELInfoDoc.Comments[encoder.LineComment] = " Info contains metadata information about a template" + MODELInfoDoc.Description = "Info contains metadata information about a template" + + MODELInfoDoc.AddExample("", exampleInfoStructure) + MODELInfoDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "Template", + FieldName: "info", + }, + } + MODELInfoDoc.Fields = make([]encoder.Doc, 6) + MODELInfoDoc.Fields[0].Name = "name" + MODELInfoDoc.Fields[0].Type = "string" + MODELInfoDoc.Fields[0].Note = "" + MODELInfoDoc.Fields[0].Description = "Name should be good short summary that identifies what the template does." + MODELInfoDoc.Fields[0].Comments[encoder.LineComment] = "Name should be good short summary that identifies what the template does." + + MODELInfoDoc.Fields[0].AddExample("", "bower.json file disclosure") + + MODELInfoDoc.Fields[0].AddExample("", "Nagios Default Credentials Check") + MODELInfoDoc.Fields[1].Name = "author" + MODELInfoDoc.Fields[1].Type = "StringSlice" + MODELInfoDoc.Fields[1].Note = "" + MODELInfoDoc.Fields[1].Description = "Author of the template." + MODELInfoDoc.Fields[1].Comments[encoder.LineComment] = "Author of the template." + + MODELInfoDoc.Fields[1].AddExample("", "") + MODELInfoDoc.Fields[2].Name = "tags" + MODELInfoDoc.Fields[2].Type = "StringSlice" + MODELInfoDoc.Fields[2].Note = "" + MODELInfoDoc.Fields[2].Description = "Any tags for the template.\n\nMultiple values can also be specified separated by commas." + MODELInfoDoc.Fields[2].Comments[encoder.LineComment] = "Any tags for the template." + + MODELInfoDoc.Fields[2].AddExample("Example tags", "cve,cve2019,grafana,auth-bypass,dos") + MODELInfoDoc.Fields[3].Name = "description" + MODELInfoDoc.Fields[3].Type = "string" + MODELInfoDoc.Fields[3].Note = "" + MODELInfoDoc.Fields[3].Description = "Description of the template.\n\nYou can go in-depth here on what the template actually does." + MODELInfoDoc.Fields[3].Comments[encoder.LineComment] = "Description of the template." + + MODELInfoDoc.Fields[3].AddExample("", "Bower is a package manager which stores packages informations in bower.json file") + + MODELInfoDoc.Fields[3].AddExample("", "Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations") + MODELInfoDoc.Fields[4].Name = "reference" + MODELInfoDoc.Fields[4].Type = "StringSlice" + MODELInfoDoc.Fields[4].Note = "" + MODELInfoDoc.Fields[4].Description = "References for the template.\n\nThis should contain links relevant to the template." + MODELInfoDoc.Fields[4].Comments[encoder.LineComment] = "References for the template." + + MODELInfoDoc.Fields[4].AddExample("", []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}) + MODELInfoDoc.Fields[5].Name = "severity" + MODELInfoDoc.Fields[5].Type = "severity.SeverityHolder" + MODELInfoDoc.Fields[5].Note = "" + MODELInfoDoc.Fields[5].Description = "Severity of the template." + MODELInfoDoc.Fields[5].Comments[encoder.LineComment] = "Severity of the template." + MODELInfoDoc.Fields[5].Values = []string{ + "info", + "low", + "medium", + "high", + "critical", + } + + MODELStringSliceDoc.Type = "model.StringSlice" + MODELStringSliceDoc.Comments[encoder.LineComment] = "" + MODELStringSliceDoc.Description = "" + MODELStringSliceDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "workflows.WorkflowTemplate", + FieldName: "tags", + }, + } + MODELStringSliceDoc.Fields = make([]encoder.Doc, 0) + + SEVERITYSeverityHolderDoc.Type = "severity.SeverityHolder" + SEVERITYSeverityHolderDoc.Comments[encoder.LineComment] = "" + SEVERITYSeverityHolderDoc.Description = "" + SEVERITYSeverityHolderDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "model.Info", + FieldName: "severity", + }, + } + SEVERITYSeverityHolderDoc.Fields = make([]encoder.Doc, 0) + HTTPRequestDoc.Type = "http.Request" HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" HTTPRequestDoc.Description = "Request contains a http request to be made from a template" @@ -167,8 +256,8 @@ func init() { HTTPRequestDoc.Fields[10].Name = "payloads" HTTPRequestDoc.Fields[10].Type = "map[string]interface{}" HTTPRequestDoc.Fields[10].Note = "" - HTTPRequestDoc.Fields[10].Description = "description: |\n Payloads contains any payloads for the current request.\n\n Payloads support both key-values combinations where a list\n of payloads is provided, or optionally a single file can also\n be provided as payload which will be read on run-time.\n examples:\n - name: A payload list for Tomcat Bruteforce\n value: >\n map[string]interface{}{\n \"username\": []string{\"tomcat\", \"admin\"},\n \"password\": []string{\"tomcat\", \"admin\", \"password\"},\n }\n - name: A payload example of reading from file\n value: >\n map[string]interface{}{\n \"data\": \"helpers/payloads/command-injection.txt\",\n }" - HTTPRequestDoc.Fields[10].Comments[encoder.LineComment] = " description: |" + HTTPRequestDoc.Fields[10].Description = "Payloads contains any payloads for the current request.\n\nPayloads support both key-values combinations where a list\nof payloads is provided, or optionally a single file can also\nbe provided as payload which will be read on run-time." + HTTPRequestDoc.Fields[10].Comments[encoder.LineComment] = "Payloads contains any payloads for the current request." HTTPRequestDoc.Fields[11].Name = "headers" HTTPRequestDoc.Fields[11].Type = "map[string]string" HTTPRequestDoc.Fields[11].Note = "" @@ -402,7 +491,7 @@ func init() { FieldName: "extractors", }, } - EXTRACTORSExtractorDoc.Fields = make([]encoder.Doc, 8) + EXTRACTORSExtractorDoc.Fields = make([]encoder.Doc, 10) EXTRACTORSExtractorDoc.Fields[0].Name = "name" EXTRACTORSExtractorDoc.Fields[0].Type = "string" EXTRACTORSExtractorDoc.Fields[0].Note = "" @@ -434,7 +523,7 @@ func init() { EXTRACTORSExtractorDoc.Fields[3].Description = "Group specifies a numbered group to extract from the regex." EXTRACTORSExtractorDoc.Fields[3].Comments[encoder.LineComment] = "Group specifies a numbered group to extract from the regex." - EXTRACTORSExtractorDoc.Fields[3].AddExample("", 1) + EXTRACTORSExtractorDoc.Fields[3].AddExample("Example Regex Group", 1) EXTRACTORSExtractorDoc.Fields[4].Name = "kval" EXTRACTORSExtractorDoc.Fields[4].Type = "[]string" EXTRACTORSExtractorDoc.Fields[4].Note = "" @@ -462,11 +551,27 @@ func init() { EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".[] | .id"}) EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".batters | .batter | .[] | .id"}) - EXTRACTORSExtractorDoc.Fields[7].Name = "internal" - EXTRACTORSExtractorDoc.Fields[7].Type = "bool" + EXTRACTORSExtractorDoc.Fields[7].Name = "xpath" + EXTRACTORSExtractorDoc.Fields[7].Type = "[]string" EXTRACTORSExtractorDoc.Fields[7].Note = "" - EXTRACTORSExtractorDoc.Fields[7].Description = "Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)." - EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "Internal, when set to true will allow using the value extracted" + EXTRACTORSExtractorDoc.Fields[7].Description = "XPath allows using xpath expressions to extract items from html response" + EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "XPath allows using xpath expressions to extract items from html response" + + EXTRACTORSExtractorDoc.Fields[7].AddExample("", []string{"/html/body/div/p[2]/a"}) + + EXTRACTORSExtractorDoc.Fields[7].AddExample("", []string{".batters | .batter | .[] | .id"}) + EXTRACTORSExtractorDoc.Fields[8].Name = "attribute" + EXTRACTORSExtractorDoc.Fields[8].Type = "string" + EXTRACTORSExtractorDoc.Fields[8].Note = "" + EXTRACTORSExtractorDoc.Fields[8].Description = "Attribute is an optional attribute to extract from response XPath." + EXTRACTORSExtractorDoc.Fields[8].Comments[encoder.LineComment] = "Attribute is an optional attribute to extract from response XPath." + + EXTRACTORSExtractorDoc.Fields[8].AddExample("", "href") + EXTRACTORSExtractorDoc.Fields[9].Name = "internal" + EXTRACTORSExtractorDoc.Fields[9].Type = "bool" + EXTRACTORSExtractorDoc.Fields[9].Note = "" + EXTRACTORSExtractorDoc.Fields[9].Description = "Internal, when set to true will allow using the value extracted\nin the next request for some protocols (like HTTP)." + EXTRACTORSExtractorDoc.Fields[9].Comments[encoder.LineComment] = "Internal, when set to true will allow using the value extracted" DNSRequestDoc.Type = "dns.Request" DNSRequestDoc.Comments[encoder.LineComment] = " Request contains a DNS protocol request to be made from a template" @@ -851,7 +956,7 @@ func init() { WORKFLOWSWorkflowTemplateDoc.Fields[0].AddExample("A template directory", "misconfigurations/aem") WORKFLOWSWorkflowTemplateDoc.Fields[1].Name = "tags" - WORKFLOWSWorkflowTemplateDoc.Fields[1].Type = "string" + WORKFLOWSWorkflowTemplateDoc.Fields[1].Type = "model.StringSlice" WORKFLOWSWorkflowTemplateDoc.Fields[1].Note = "" WORKFLOWSWorkflowTemplateDoc.Fields[1].Description = "Tags to run templates based on." WORKFLOWSWorkflowTemplateDoc.Fields[1].Comments[encoder.LineComment] = "Tags to run templates based on." @@ -895,6 +1000,9 @@ func GetTemplateDoc() *encoder.FileDoc { Description: "", Structs: []*encoder.Doc{ &TemplateDoc, + &MODELInfoDoc, + &MODELStringSliceDoc, + &SEVERITYSeverityHolderDoc, &HTTPRequestDoc, &MATCHERSMatcherDoc, &EXTRACTORSExtractorDoc, diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go index b11645a45..61d0a2a32 100644 --- a/v2/pkg/templates/templates_doc_examples.go +++ b/v2/pkg/templates/templates_doc_examples.go @@ -2,6 +2,8 @@ package templates import ( + "github.com/projectdiscovery/nuclei/v2/internal/severity" + "github.com/projectdiscovery/nuclei/v2/pkg/model" "github.com/projectdiscovery/nuclei/v2/pkg/operators" "github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors" "github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers" @@ -12,15 +14,13 @@ import ( ) var ( - exampleInfoStructure = map[string]interface{}{ - "name": "Argument Injection in Ruby Dragonfly", - "author": "0xsapra", - "severity": "critical", - "reference": "https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/", - "tags": "cve,cve2021,rce,ruby", + exampleInfoStructure = model.Info{ + Name: "Argument Injection in Ruby Dragonfly", + Authors: model.StringSlice{[]string{"0xspara"}}, + SeverityHolder: severity.SeverityHolder{severity.High}, + Reference: model.StringSlice{"https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"}, + Tags: model.StringSlice{[]string{"cve,cve2021,rce,ruby"}}, } - _ = exampleInfoStructure - exampleNormalHTTPRequest = &http.Request{ Method: "GET", Path: []string{"{{BaseURL}}/.git/config"}, From 919d726762d3c0f9d80a62715c645fbf046dcd8b Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 15:24:33 +0530 Subject: [PATCH 10/17] Added docs generate github action --- .github/workflows/publish-docs.yaml | 59 +++++++++++++++++++++++++++++ v2/go.mod | 7 ---- v2/go.sum | 1 + 3 files changed, 60 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/publish-docs.yaml diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml new file mode 100644 index 000000000..4ca32d0d7 --- /dev/null +++ b/.github/workflows/publish-docs.yaml @@ -0,0 +1,59 @@ +name: Publish Docs + +on: + #create: + # tags: + # - v* + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + with: + persist-credentials: false + fetch-depth: 0 + ref: yamldoc # temporary + + - name: Check out nuclei-docs + uses: actions/checkout@master + with: + repository: projectdiscovery/nuclei-docs + persist-credentials: false + fetch-depth: 0 + token: ${{ secrets.PRIVATE_CLONE_TOKEN }} + + - name: "Set up Go" + uses: actions/setup-go@v2 + with: + go-version: 1.16 + + - name: Generate YAML Syntax Documentation + run: | + go run cmd/docgen/docgen.go ../nuclei-docs/docs.md + if ! which dstdocgen > /dev/null; then + echo -e "Command not found! Installing\c" + go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen + fi + go generate pkg/templates/templates.go + go build -o "cmd/docgen/docgen" cmd/docgen/docgen.go + ./cmd/docgen/docgen syntax-reference.md + echo "::set-output name=changes::$(git status -s | wc -l)" + working-directory: v2 + + - name: Commit files + if: steps.update-readme.outputs.changes > 0 + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add syntax-reference.md + git commit -m "Auto Generate Syntax Docs [$(date)] :robot:" -a + + - name: Push changes + if: steps.update-readme.outputs.changes > 0 + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: ${{ github.ref }} \ No newline at end of file diff --git a/v2/go.mod b/v2/go.mod index fb4e27a25..6a1afbb9f 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -32,17 +32,10 @@ require ( github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f github.com/projectdiscovery/interactsh v0.0.4 github.com/projectdiscovery/rawhttp v0.0.7 -<<<<<<< HEAD github.com/projectdiscovery/retryabledns v1.0.12 - github.com/projectdiscovery/retryablehttp-go v1.0.1 github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe github.com/projectdiscovery/yamldoc-go v1.0.2 -======= - github.com/projectdiscovery/retryabledns v1.0.10 github.com/projectdiscovery/retryablehttp-go v1.0.2-0.20210524224054-9fbe1f2b0727 - github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe - github.com/projectdiscovery/yamldoc-go v1.0.1 ->>>>>>> a038889c213b2472f7e4106d8a989c00956dee8e github.com/remeh/sizedwaitgroup v1.0.0 github.com/rs/xid v1.3.0 github.com/segmentio/ksuid v1.0.4 diff --git a/v2/go.sum b/v2/go.sum index 9df475efa..b918b8899 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -540,6 +540,7 @@ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210414194228-064579744ee0/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +golang.org/x/net v0.0.0-20210521195947-fe42d452be8f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= From 3c0936fc86524a2eea2448e3f7507a6ae79bc016 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 15:32:29 +0530 Subject: [PATCH 11/17] Updated README with syntax reference --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5a1c58c24..865008d68 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,8 @@ Nuclei has had built-in support for automatic update/download templates since ve You may still use the `update-templates` flag to update the nuclei templates at any time; automatic updates happen every 24 hours. You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://nuclei.projectdiscovery.io/templating-guide/). +The YAML DSL reference syntax is available [here](v2/syntax-reference.md). + From 7377dd6c54dd4464c933b7b4bcc0d5e17c2c0f74 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Fri, 20 Aug 2021 15:57:28 +0530 Subject: [PATCH 12/17] Create publish-docs.yaml --- .github/workflows/publish-docs.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/publish-docs.yaml diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml new file mode 100644 index 000000000..fe78a54ea --- /dev/null +++ b/.github/workflows/publish-docs.yaml @@ -0,0 +1,15 @@ +name: Publish Docs + +on: + workflow_dispatch: + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + with: + persist-credentials: false + fetch-depth: 0 + ref: yamldoc # temporary From 07d0b1997ca29e316df48de32eacc0b863ca8bd8 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 15:59:32 +0530 Subject: [PATCH 13/17] Misc --- .github/workflows/publish-docs.yaml | 31 ++++++++++++----------------- 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 4ca32d0d7..65a0d3a03 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -4,10 +4,11 @@ on: #create: # tags: # - v* + push: workflow_dispatch: jobs: - build: + docs: runs-on: ubuntu-latest steps: - name: Check out code @@ -16,15 +17,8 @@ jobs: persist-credentials: false fetch-depth: 0 ref: yamldoc # temporary - - - name: Check out nuclei-docs - uses: actions/checkout@master - with: - repository: projectdiscovery/nuclei-docs - persist-credentials: false - fetch-depth: 0 - token: ${{ secrets.PRIVATE_CLONE_TOKEN }} - + token: ${{ secrets.GITHUB_TOKEN }} + - name: "Set up Go" uses: actions/setup-go@v2 with: @@ -32,11 +26,11 @@ jobs: - name: Generate YAML Syntax Documentation run: | - go run cmd/docgen/docgen.go ../nuclei-docs/docs.md if ! which dstdocgen > /dev/null; then - echo -e "Command not found! Installing\c" + echo -e "Command dstdocgen not found! Installing\c" go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen fi + dstdocgen -h go generate pkg/templates/templates.go go build -o "cmd/docgen/docgen" cmd/docgen/docgen.go ./cmd/docgen/docgen syntax-reference.md @@ -50,10 +44,11 @@ jobs: git config --local user.name "GitHub Action" git add syntax-reference.md git commit -m "Auto Generate Syntax Docs [$(date)] :robot:" -a + cat v2/syntax-reference.md - - name: Push changes - if: steps.update-readme.outputs.changes > 0 - uses: ad-m/github-push-action@master - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - branch: ${{ github.ref }} \ No newline at end of file + #- name: Push changes + # if: steps.update-readme.outputs.changes > 0 + # uses: ad-m/github-push-action@master + # with: + # github_token: ${{ secrets.GITHUB_TOKEN }} + # branch: ${{ github.ref }} \ No newline at end of file From 3f5db14a7583e26cf9c793d21dd57d83f11629fe Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 16:04:05 +0530 Subject: [PATCH 14/17] Push changes if doc changed --- .github/workflows/publish-docs.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 65a0d3a03..8c2554836 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -25,6 +25,7 @@ jobs: go-version: 1.16 - name: Generate YAML Syntax Documentation + id: generate-docs run: | if ! which dstdocgen > /dev/null; then echo -e "Command dstdocgen not found! Installing\c" @@ -34,11 +35,11 @@ jobs: go generate pkg/templates/templates.go go build -o "cmd/docgen/docgen" cmd/docgen/docgen.go ./cmd/docgen/docgen syntax-reference.md - echo "::set-output name=changes::$(git status -s | wc -l)" + echo "::set-output name=changes::$(git status -s | wc -l)" working-directory: v2 - name: Commit files - if: steps.update-readme.outputs.changes > 0 + if: steps.generate-docs.outputs.changes > 0 run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" @@ -46,9 +47,9 @@ jobs: git commit -m "Auto Generate Syntax Docs [$(date)] :robot:" -a cat v2/syntax-reference.md - #- name: Push changes - # if: steps.update-readme.outputs.changes > 0 - # uses: ad-m/github-push-action@master - # with: - # github_token: ${{ secrets.GITHUB_TOKEN }} - # branch: ${{ github.ref }} \ No newline at end of file + - name: Push changes + if: steps.generate-docs.outputs.changes > 0 + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: ${{ github.ref }} \ No newline at end of file From e92c9bc7bc3a0e2a08c3c9d37c9f2fb01ab0a333 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 16:06:18 +0530 Subject: [PATCH 15/17] Fixed an issue with doc publish --- .github/workflows/publish-docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 8c2554836..53dc87b05 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -43,7 +43,7 @@ jobs: run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" - git add syntax-reference.md + git add v2/syntax-reference.md git commit -m "Auto Generate Syntax Docs [$(date)] :robot:" -a cat v2/syntax-reference.md From adc37acfca20c93e48904cab2a5c42f801191ab1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 20 Aug 2021 10:37:41 +0000 Subject: [PATCH 16/17] Auto Generate Syntax Docs [Fri Aug 20 10:37:41 UTC 2021] :robot: --- v2/pkg/templates/templates_doc.go | 51 +- v2/syntax-reference.md | 2685 +++++++++++++++++++++++++++++ 2 files changed, 2714 insertions(+), 22 deletions(-) create mode 100755 v2/syntax-reference.md diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 439b41757..4baa36448 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -95,7 +95,7 @@ func init() { FieldName: "info", }, } - MODELInfoDoc.Fields = make([]encoder.Doc, 6) + MODELInfoDoc.Fields = make([]encoder.Doc, 7) MODELInfoDoc.Fields[0].Name = "name" MODELInfoDoc.Fields[0].Type = "string" MODELInfoDoc.Fields[0].Note = "" @@ -147,6 +147,13 @@ func init() { "high", "critical", } + MODELInfoDoc.Fields[6].Name = "additional-fields" + MODELInfoDoc.Fields[6].Type = "map[string]string" + MODELInfoDoc.Fields[6].Note = "" + MODELInfoDoc.Fields[6].Description = "AdditionalFields regarding metadata of the template." + MODELInfoDoc.Fields[6].Comments[encoder.LineComment] = "AdditionalFields regarding metadata of the template." + + MODELInfoDoc.Fields[6].AddExample("", map[string]string{"customField1": "customValue1"}) MODELStringSliceDoc.Type = "model.StringSlice" MODELStringSliceDoc.Comments[encoder.LineComment] = "" @@ -533,40 +540,40 @@ func init() { EXTRACTORSExtractorDoc.Fields[4].AddExample("Extract Server Header From HTTP Response", []string{"Server"}) EXTRACTORSExtractorDoc.Fields[4].AddExample("Extracting value of PHPSESSID Cookie", []string{"PHPSESSID"}) - EXTRACTORSExtractorDoc.Fields[5].Name = "part" - EXTRACTORSExtractorDoc.Fields[5].Type = "string" + EXTRACTORSExtractorDoc.Fields[5].Name = "json" + EXTRACTORSExtractorDoc.Fields[5].Type = "[]string" EXTRACTORSExtractorDoc.Fields[5].Note = "" - EXTRACTORSExtractorDoc.Fields[5].Description = "Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." - EXTRACTORSExtractorDoc.Fields[5].Comments[encoder.LineComment] = "Part is the part of the request response to extract data from." + EXTRACTORSExtractorDoc.Fields[5].Description = "JSON allows using jq-style syntax to extract items from json response" + EXTRACTORSExtractorDoc.Fields[5].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" - EXTRACTORSExtractorDoc.Fields[5].AddExample("", "body") + EXTRACTORSExtractorDoc.Fields[5].AddExample("", []string{".[] | .id"}) - EXTRACTORSExtractorDoc.Fields[5].AddExample("", "raw") - EXTRACTORSExtractorDoc.Fields[6].Name = "json" + EXTRACTORSExtractorDoc.Fields[5].AddExample("", []string{".batters | .batter | .[] | .id"}) + EXTRACTORSExtractorDoc.Fields[6].Name = "xpath" EXTRACTORSExtractorDoc.Fields[6].Type = "[]string" EXTRACTORSExtractorDoc.Fields[6].Note = "" - EXTRACTORSExtractorDoc.Fields[6].Description = "JSON allows using jq-style syntax to extract items from json response" - EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "JSON allows using jq-style syntax to extract items from json response" + EXTRACTORSExtractorDoc.Fields[6].Description = "XPath allows using xpath expressions to extract items from html response" + EXTRACTORSExtractorDoc.Fields[6].Comments[encoder.LineComment] = "XPath allows using xpath expressions to extract items from html response" - EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".[] | .id"}) + EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{"/html/body/div/p[2]/a"}) EXTRACTORSExtractorDoc.Fields[6].AddExample("", []string{".batters | .batter | .[] | .id"}) - EXTRACTORSExtractorDoc.Fields[7].Name = "xpath" - EXTRACTORSExtractorDoc.Fields[7].Type = "[]string" + EXTRACTORSExtractorDoc.Fields[7].Name = "attribute" + EXTRACTORSExtractorDoc.Fields[7].Type = "string" EXTRACTORSExtractorDoc.Fields[7].Note = "" - EXTRACTORSExtractorDoc.Fields[7].Description = "XPath allows using xpath expressions to extract items from html response" - EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "XPath allows using xpath expressions to extract items from html response" + EXTRACTORSExtractorDoc.Fields[7].Description = "Attribute is an optional attribute to extract from response XPath." + EXTRACTORSExtractorDoc.Fields[7].Comments[encoder.LineComment] = "Attribute is an optional attribute to extract from response XPath." - EXTRACTORSExtractorDoc.Fields[7].AddExample("", []string{"/html/body/div/p[2]/a"}) - - EXTRACTORSExtractorDoc.Fields[7].AddExample("", []string{".batters | .batter | .[] | .id"}) - EXTRACTORSExtractorDoc.Fields[8].Name = "attribute" + EXTRACTORSExtractorDoc.Fields[7].AddExample("", "href") + EXTRACTORSExtractorDoc.Fields[8].Name = "part" EXTRACTORSExtractorDoc.Fields[8].Type = "string" EXTRACTORSExtractorDoc.Fields[8].Note = "" - EXTRACTORSExtractorDoc.Fields[8].Description = "Attribute is an optional attribute to extract from response XPath." - EXTRACTORSExtractorDoc.Fields[8].Comments[encoder.LineComment] = "Attribute is an optional attribute to extract from response XPath." + EXTRACTORSExtractorDoc.Fields[8].Description = "Part is the part of the request response to extract data from.\n\nEach protocol exposes a lot of different parts which are well\ndocumented in docs for each request type." + EXTRACTORSExtractorDoc.Fields[8].Comments[encoder.LineComment] = "Part is the part of the request response to extract data from." - EXTRACTORSExtractorDoc.Fields[8].AddExample("", "href") + EXTRACTORSExtractorDoc.Fields[8].AddExample("", "body") + + EXTRACTORSExtractorDoc.Fields[8].AddExample("", "raw") EXTRACTORSExtractorDoc.Fields[9].Name = "internal" EXTRACTORSExtractorDoc.Fields[9].Type = "bool" EXTRACTORSExtractorDoc.Fields[9].Note = "" diff --git a/v2/syntax-reference.md b/v2/syntax-reference.md new file mode 100755 index 000000000..3fc976642 --- /dev/null +++ b/v2/syntax-reference.md @@ -0,0 +1,2685 @@ + + + + +## Template +Template is a YAML input file which defines all the requests and + other metadata for a template. + + + + +
+ +
+ +id string + +
+
+ +ID is the unique id for the template. IDs must be lowercase +and must not contain spaces in it. + +#### Good IDs + +A good ID uniquely identifies what the requests in the template +are doing. Let's say you have a template that identifies a git-config +file on the webservers, a good name would be `git-config-exposure`. Another +example name is `azure-apps-nxdomain-takeover`. + + + +Examples: + + +```yaml +# ID Example +id: cve-2021-19520 +``` + + +
+ +
+ +
+ +info model.Info + +
+
+ +Info contains metadata information about the template. + + + +Examples: + + +```yaml +info: + name: Argument Injection in Ruby Dragonfly + author: + - 0xspara + tags: + - cve,cve2021,rce,ruby + reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ + severity: high +``` + + +
+ +
+ +
+ +requests []http.Request + +
+
+ +Requests contains the http request to make in the template. + + + +Examples: + + +```yaml +requests: + matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +
+ +dns []dns.Request + +
+
+ +DNS contains the dns request to make in the template + + + +Examples: + + +```yaml +dns: + extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com + name: '{{FQDN}}' + type: CNAME + class: inet + retries: 2 + recursion: true +``` + + +
+ +
+ +
+ +file []file.Request + +
+
+ +File contains the file request to make in the template + + + +Examples: + + +```yaml +file: + extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + extensions: + - all +``` + + +
+ +
+ +
+ +network []network.Request + +
+
+ +Network contains the network request to make in the template + + + +Examples: + + +```yaml +network: + host: + - '{{Hostname}}' + - '{{Hostname}}:2181' + inputs: + - data: "envi\r\nquit\r\n" + read-size: 2048 + matchers: + - type: word + words: + - zookeeper.version +``` + + +
+ +
+ +
+ +headless []headless.Request + +
+
+ +Headless contains the headless request to make in the template. + +
+ +
+ +
+ +workflows []workflows.WorkflowTemplate + +
+
+ +Workflows is a list of workflows to execute for a template. + +
+ +
+ + + + + +## model.Info +Info contains metadata information about a template + +Appears in: + + +- Template.info + + +```yaml +name: Argument Injection in Ruby Dragonfly +author: + - 0xspara +tags: + - cve,cve2021,rce,ruby +reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ +severity: high +``` + +
+ +
+ +name string + +
+
+ +Name should be good short summary that identifies what the template does. + + + +Examples: + + +```yaml +name: bower.json file disclosure +``` + +```yaml +name: Nagios Default Credentials Check +``` + + +
+ +
+ +
+ +author StringSlice + +
+
+ +Author of the template. + + + +Examples: + + +```yaml +author: +``` + + +
+ +
+ +
+ +tags StringSlice + +
+
+ +Any tags for the template. + +Multiple values can also be specified separated by commas. + + + +Examples: + + +```yaml +# Example tags +tags: cve,cve2019,grafana,auth-bypass,dos +``` + + +
+ +
+ +
+ +description string + +
+
+ +Description of the template. + +You can go in-depth here on what the template actually does. + + + +Examples: + + +```yaml +description: Bower is a package manager which stores packages informations in bower.json file +``` + +```yaml +description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations +``` + + +
+ +
+ +
+ +reference StringSlice + +
+
+ +References for the template. + +This should contain links relevant to the template. + + + +Examples: + + +```yaml +reference: + - https://github.com/strapi/strapi + - https://github.com/getgrav/grav +``` + + +
+ +
+ +
+ +severity severity.SeverityHolder + +
+
+ +Severity of the template. + + +Valid values: + + + - info + + - low + + - medium + + - high + + - critical +
+ +
+ +
+ +additional-fields map[string]string + +
+
+ +AdditionalFields regarding metadata of the template. + + + +Examples: + + +```yaml +additional-fields: + customField1: customValue1 +``` + + +
+ +
+ + + + + +## model.StringSlice + +Appears in: + + +- workflows.WorkflowTemplate.tags + + + + + +## severity.SeverityHolder + +Appears in: + + +- model.Info.severity + + + + + +## http.Request +Request contains a http request to be made from a template + +Appears in: + + +- Template.requests + + +```yaml +matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +path []string + +
+
+ +Path contains the path/s for the HTTP requests. It supports variables +as placeholders. + + + +Examples: + + +```yaml +# Some example path values +path: + - '{{BaseURL}}' + - '{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions' +``` + + +
+ +
+ +
+ +raw []string + +
+
+ +Raw contains HTTP Requests in Raw format. + + + +Examples: + + +```yaml +# Some example raw requests +raw: + - |- + GET /etc/passwd HTTP/1.1 + Host: + Content-Length: 4 + - |- + POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 + Content-Length: 1 + Connection: close + + echo + echo + cat /etc/passwd 2>&1 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the request. + +If a name is specified, all the named request in a template can be matched upon +in a combined manner allowing multirequest based matchers. + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +method string + +
+
+ +Method is the HTTP Request Method. + + +Valid values: + + + - GET + + - POST + + - PUT + + - DELETE +
+ +
+ +
+ +body string + +
+
+ +Body is an optional parameter which contains HTTP Request body. + + + +Examples: + + +```yaml +# Same Body for a Login POST request +body: username=test&password=test +``` + + +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +headers map[string]string + +
+
+ +Headers contains HTTP Headers to send with the request. + + + +Examples: + + +```yaml +headers: + Any-Header: Any-Value + Content-Length: "1" + Content-Type: application/x-www-form-urlencoded +``` + + +
+ +
+ +
+ +race_count int + +
+
+ +RaceCount is the number of times to send a request in Race Condition Attack. + + + +Examples: + + +```yaml +# Send a request 5 times +race_count: 5 +``` + + +
+ +
+ +
+ +max-redirects int + +
+
+ +MaxRedirects is the maximum number of redirects that should be followed. + + + +Examples: + + +```yaml +# Follow upto 5 redirects +max-redirects: 5 +``` + + +
+ +
+ +
+ +pipeline-concurrent-connections int + +
+
+ +PipelineConcurrentConnections is number of connections to create during pipelining. + + + +Examples: + + +```yaml +# Create 40 concurrent connections +pipeline-concurrent-connections: 40 +``` + + +
+ +
+ +
+ +pipeline-requests-per-connection int + +
+
+ +PipelineRequestsPerConnection is number of requests to send per connection when pipelining. + + + +Examples: + + +```yaml +# Send 100 requests per pipeline connection +pipeline-requests-per-connection: 100 +``` + + +
+ +
+ +
+ +threads int + +
+
+ +Threads specifies number of threads to use sending requests. This enables Connection Pooling. + +Connection: Close attribute must not be used in request while using threads flag, otherwise +pooling will fail and engine will continue to close connections after requests. + + + +Examples: + + +```yaml +# Send requests using 10 concurrent threads +threads: 10 +``` + + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of http response body to read in bytes. + + + +Examples: + + +```yaml +# Read max 2048 bytes of the response +max-size: 2048 +``` + + +
+ +
+ +
+ +cookie-reuse bool + +
+
+ +CookieReuse is an optional setting that enables cookie reuse for +all requests defined in raw section. + +
+ +
+ +
+ +redirects bool + +
+
+ +Redirects specifies whether redirects should be followed by the HTTP Client. + +This can be used in conjunction with `max-redirects` to control the HTTP request redirects. + +
+ +
+ +
+ +pipeline bool + +
+
+ +Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining + +All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. + +
+ +
+ +
+ +unsafe bool + +
+
+ +Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. + +This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete +control over the request, with no normalization performed by the client. + +
+ +
+ +
+ +race bool + +
+
+ +Race determines if all the request have to be attempted at the same time (Race Condition) + +The actual number of requests that will be sent is determined by the `race_count` field. + +
+ +
+ +
+ +req-condition bool + +
+
+ +ReqCondition automatically assigns numbers to requests and preserves their history. + +This allows matching on them later for multi-request conditions. + +
+ +
+ + + + + +## matchers.Matcher +Matcher is used to match a part in the output from a protocol. + +Appears in: + + +- http.Request.matchers + +- dns.Request.matchers + +- file.Request.matchers + +- network.Request.matchers + +- headless.Request.matchers + + + +
+ +
+ +type string + +
+
+ +Type is the type of the matcher. + + +Valid values: + + + - status + + - size + + - word + + - regex + + - binary + + - dsl +
+ +
+ +
+ +condition string + +
+
+ +Condition is the optional condition between two matcher variables. By default, +the condition is assumed to be OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to match data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +negative bool + +
+
+ +Negative specifies if the match should be reversed +It will only match if the condition is not true. + +
+ +
+ +
+ +name string + +
+
+ +Name of the matcher. Name should be lowercase and must not contain +spaces or dashes (-). + + + +Examples: + + +```yaml +name: cookie-matcher +``` + + +
+ +
+ +
+ +status []int + +
+
+ +Status are the acceptable status codes for the response. + + + +Examples: + + +```yaml +status: + - 200 + - 302 +``` + + +
+ +
+ +
+ +size []int + +
+
+ +Size is the acceptable size for the response + + + +Examples: + + +```yaml +size: + - 3029 + - 2042 +``` + + +
+ +
+ +
+ +words []string + +
+
+ +Words contains word patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for outlook mail protection domain +words: + - mail.protection.outlook.com +``` + +```yaml +# Match for application/json in response headers +words: + - application/json +``` + + +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains Regular Expression patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Linkerd Service via Regex +regex: + - (?mi)^Via\\s*?:.*?linkerd.*$ +``` + +```yaml +# Match for Open Redirect via Location header +regex: + - (?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$ +``` + + +
+ +
+ +
+ +binary []string + +
+
+ +Binary are the binary patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte" +binary: + - 4a4156412050524f46494c45 + - 4850524f46 + - 1f8b080000000000 +``` + +```yaml +# Match for 7zip files +binary: + - 377ABCAF271C +``` + + +
+ +
+ +
+ +dsl []string + +
+
+ +DSL are the dsl expressions that will be evaluated as part of nuclei matching rules. +A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/). + + + +Examples: + + +```yaml +# DSL Matcher for package.json file +dsl: + - contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200 +``` + +```yaml +# DSL Matcher for missing strict transport security header +dsl: + - '!contains(tolower(all_headers), ''''strict-transport-security'''')' +``` + + +
+ +
+ +
+ +encoding string + +
+
+ +Encoding specifies the encoding for the words field if any. + + +Valid values: + + + - hex +
+ +
+ + + + + +## extractors.Extractor +Extractor is used to extract part of response using a regex. + +Appears in: + + +- http.Request.extractors + +- dns.Request.extractors + +- file.Request.extractors + +- network.Request.extractors + +- headless.Request.extractors + + + +
+ +
+ +name string + +
+
+ +Name of the extractor. Name should be lowercase and must not contain +spaces or dashes (-). + + + +Examples: + + +```yaml +name: cookie-extractor +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of the extractor. + + +Valid values: + + + - regex + + - kval +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains the regular expression patterns to exract from a part. + +Go regex engine does not supports lookaheads or lookbehinds, so as a result +they are also not supported in nuclei. + + + +Examples: + + +```yaml +# Braintree Access Token Regex +regex: + - access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32} +``` + +```yaml +# Wordpress Author Extraction regex +regex: + - Author:(?:[A-Za-z0-9 -\_="]+)? + +group int + +
+
+ +Group specifies a numbered group to extract from the regex. + + + +Examples: + + +```yaml +# Example Regex Group +group: 1 +``` + + +
+ +
+ +
+ +kval []string + +
+
+ +kval contains the key-value pairs required in the response. + +Each protocol exposes a lot of different data in response. The kval +extractor can be used to extract those key-value pairs. A list of +supported parts is available in docs for request types. + + + +Examples: + + +```yaml +# Extract Server Header From HTTP Response +kval: + - Server +``` + +```yaml +# Extracting value of PHPSESSID Cookie +kval: + - PHPSESSID +``` + + +
+ +
+ +
+ +json []string + +
+
+ +JSON allows using jq-style syntax to extract items from json response + + + +Examples: + + +```yaml +json: + - .[] | .id +``` + +```yaml +json: + - .batters | .batter | .[] | .id +``` + + +
+ +
+ +
+ +xpath []string + +
+
+ +XPath allows using xpath expressions to extract items from html response + + + +Examples: + + +```yaml +xpath: + - /html/body/div/p[2]/a +``` + +```yaml +xpath: + - .batters | .batter | .[] | .id +``` + + +
+ +
+ +
+ +attribute string + +
+
+ +Attribute is an optional attribute to extract from response XPath. + + + +Examples: + + +```yaml +attribute: href +``` + + +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to extract data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +internal bool + +
+
+ +Internal, when set to true will allow using the value extracted +in the next request for some protocols (like HTTP). + +
+ +
+ + + + + +## dns.Request +Request contains a DNS protocol request to be made from a template + +Appears in: + + +- Template.dns + + +```yaml +extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com +name: '{{FQDN}}' +type: CNAME +class: inet +retries: 2 +recursion: true +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the Hostname to make DNS request for. + +Generally, it is set to {{FQDN}} which is the domain we get from input. + + + +Examples: + + +```yaml +name: '{{FQDN}}' +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of DNS request to make. + + +Valid values: + + + - A + + - NS + + - CNAME + + - SOA + + - PTR + + - MX + + - TXT + + - AAAA +
+ +
+ +
+ +class string + +
+
+ +Class is the class of the DNS request. + +Usually it's enough to just leave it as INET. + + +Valid values: + + + - INET + + - CSNET + + - CHAOS + + - HESIOD + + - NONE + + - ANY +
+ +
+ +
+ +retries int + +
+
+ +Retries is the number of retries for the DNS request + + + +Examples: + + +```yaml +# Use a retry of 3 to 5 generally +retries: 5 +``` + + +
+ +
+ +
+ +recursion bool + +
+
+ +Recursion determines if resolver should recurse all records to get fresh results. + +
+ +
+ + + + + +## file.Request +Request contains a File matching mechanism for local disk operations. + +Appears in: + + +- Template.file + + +```yaml +extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} +extensions: + - all +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +extensions []string + +
+
+ +Extensions is the list of extensions to perform matching on. + + + +Examples: + + +```yaml +extensions: + - .txt + - .go + - .json +``` + + +
+ +
+ +
+ +denylist []string + +
+
+ +ExtensionDenylist is the list of file extensions to deny during matching. + +By default, it contains some non-interesting extensions that are hardcoded +in nuclei. + + + +Examples: + + +```yaml +denylist: + - .avi + - .mov + - .mp3 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of the file to run request on. + +By default, nuclei will process 5MB files and not go more than that. +It can be set to much lower or higher depending on use. + + + +Examples: + + +```yaml +max-size: 2048 +``` + + +
+ +
+ +
+ +no-recursive bool + +
+
+ +NoRecursive specifies whether to not do recursive checks if folders are provided. + +
+ +
+ + + + + +## network.Request +Request contains a Network protocol request to be made from a template + +Appears in: + + +- Template.network + + +```yaml +host: + - '{{Hostname}}' + - '{{Hostname}}:2181' +inputs: + - data: "envi\r\nquit\r\n" +read-size: 2048 +matchers: + - type: word + words: + - zookeeper.version +``` + +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +host []string + +
+
+ +Address is the address to send requests to. + +Usually it's set to `{{Hostname}}`. If you want to enable TLS for +TCP Connection, you can use `tls://{{Hostname}}`. + + + +Examples: + + +```yaml +host: + - '{{Hostname}}' +``` + + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +inputs []network.Input + +
+
+ +Inputs contains inputs for the network socket + +
+ +
+ +
+ +read-size int + +
+
+ +ReadSize is the size of response to read at the end + +Default value for read-size is 1024. + + + +Examples: + + +```yaml +read-size: 2048 +``` + + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## network.Input + +Appears in: + + +- network.Request.inputs + + + +
+ +
+ +data string + +
+
+ +Data is the data to send as the input. + +It supports DSL Helper Functions as well as normal expressions. + + + +Examples: + + +```yaml +data: TEST +``` + +```yaml +data: hex_decode('50494e47') +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of input specified in `data` field. + +Default value is text, but hex can be used for hex formatted data. + + +Valid values: + + + - hex + + - text +
+ +
+ +
+ +read int + +
+
+ +Read is the number of bytes to read from socket. + +This can be used for protcols which expected an immediate response. You can +read and write responses one after another and evetually perform matching +on every data captured with `name` attribute. + +The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. + + + +Examples: + + +```yaml +read: 1024 +``` + + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the data read to provide matching on. + + + +Examples: + + +```yaml +name: prefix +``` + + +
+ +
+ + + + + +## headless.Request +Request contains a Headless protocol request to be made from a template + +Appears in: + + +- Template.headless + + + +
+ +
+ +id string + +
+
+ +ID is the ID of the request + +
+ +
+ +
+ +steps []engine.Action + +
+
+ +Steps is the list of actions to run for headless request + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## engine.Action +Action is an action taken by the browser to reach a navigation + + Each step that the browser executes is an action. Most navigations + usually start from the ActionLoadURL event, and further navigations + are discovered on the found page. We also keep track and only + scrape new navigation from pages we haven't crawled yet. + +Appears in: + + +- headless.Request.steps + + + +
+ +
+ +args map[string]string + +
+
+ +Args contain arguments for the headless action. +Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/). + +
+ +
+ +
+ +name string + +
+
+ +Name is the name assigned to the headless action. + +This can be used to execute code, for instance in browser +DOM using script action, and get the result in a variable +which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml). + +
+ +
+ +
+ +description string + +
+
+ +Description is the optional description of the headless action + +
+ +
+ +
+ +action string + +
+
+ +Action is the type of the action to perform. + + +Valid values: + + + - navigate + + - script + + - click + + - rightclick + + - text + + - screenshot + + - time + + - select + + - files + + - waitload + + - getresource + + - extract + + - setmethod + + - addheader + + - setheader + + - deleteheader + + - setbody + + - waitevent + + - keyboard + + - debug + + - sleep +
+ +
+ + + + + +## workflows.WorkflowTemplate + +Appears in: + + +- Template.workflows + +- workflows.WorkflowTemplate.subtemplates + +- workflows.Matcher.subtemplates + + + +
+ +
+ +template string + +
+
+ +Template is a single template or directory to execute as part of workflow. + + + +Examples: + + +```yaml +# A single template +template: dns/worksites-detection.yaml +``` + +```yaml +# A template directory +template: misconfigurations/aem +``` + + +
+ +
+ +
+ +tags model.StringSlice + +
+
+ +Tags to run templates based on. + +
+ +
+ +
+ +matchers []workflows.Matcher + +
+
+ +Matchers perform name based matching to run subtemplates for a workflow. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the `template` field Template matches. + +
+ +
+ + + + + +## workflows.Matcher + +Appears in: + + +- workflows.WorkflowTemplate.matchers + + + +
+ +
+ +name string + +
+
+ +Name is the name of the item to match. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the name of matcher matches. + +
+ +
+ + + + From ba4d5a8d217a1bf17fafce759582d73ccd3a5394 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Fri, 20 Aug 2021 16:19:33 +0530 Subject: [PATCH 17/17] Removed temporary fix --- .github/workflows/publish-docs.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index c799ac610..d91c70de2 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -12,7 +12,6 @@ jobs: with: persist-credentials: false fetch-depth: 0 - ref: yamldoc # temporary token: ${{ secrets.GITHUB_TOKEN }} - name: "Set up Go"