From 87b07965011838d63c12020adc4a3b6f9ee50751 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 1 Sep 2021 10:12:40 +0000 Subject: [PATCH 1/8] Auto Generate Syntax Docs + JSONSchema [Wed Sep 1 10:12:40 UTC 2021] :robot: --- SYNTAX-REFERENCE.md | 2701 ++++++++++++++++++++++++++++++++++++++++ nuclei-jsonschema.json | 914 ++++++++++++++ 2 files changed, 3615 insertions(+) create mode 100755 SYNTAX-REFERENCE.md create mode 100755 nuclei-jsonschema.json diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md new file mode 100755 index 000000000..006885fb9 --- /dev/null +++ b/SYNTAX-REFERENCE.md @@ -0,0 +1,2701 @@ + + + + +## Template +Template is a YAML input file which defines all the requests and + other metadata for a template. + + + + +
+ +
+ +id string + +
+
+ +ID is the unique id for the template. IDs must be lowercase +and must not contain spaces in it. + +#### Good IDs + +A good ID uniquely identifies what the requests in the template +are doing. Let's say you have a template that identifies a git-config +file on the webservers, a good name would be `git-config-exposure`. Another +example name is `azure-apps-nxdomain-takeover`. + + + +Examples: + + +```yaml +# ID Example +id: cve-2021-19520 +``` + + +
+ +
+ +
+ +info model.Info + +
+
+ +Info contains metadata information about the template. + + + +Examples: + + +```yaml +info: + name: Argument Injection in Ruby Dragonfly + author: 0xspara + tags: cve,cve2021,rce,ruby + reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ + severity: high +``` + + +
+ +
+ +
+ +requests []http.Request + +
+
+ +Requests contains the http request to make in the template. + + + +Examples: + + +```yaml +requests: + matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +
+ +dns []dns.Request + +
+
+ +DNS contains the dns request to make in the template + + + +Examples: + + +```yaml +dns: + extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com + name: '{{FQDN}}' + type: CNAME + class: inet + retries: 2 + recursion: true +``` + + +
+ +
+ +
+ +file []file.Request + +
+
+ +File contains the file request to make in the template + + + +Examples: + + +```yaml +file: + extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + extensions: + - all +``` + + +
+ +
+ +
+ +network []network.Request + +
+
+ +Network contains the network request to make in the template + + + +Examples: + + +```yaml +network: + host: + - '{{Hostname}}' + - '{{Hostname}}:2181' + inputs: + - data: "envi\r\nquit\r\n" + read-size: 2048 + matchers: + - type: word + words: + - zookeeper.version +``` + + +
+ +
+ +
+ +headless []headless.Request + +
+
+ +Headless contains the headless request to make in the template. + +
+ +
+ +
+ +workflows []workflows.WorkflowTemplate + +
+
+ +Workflows is a list of workflows to execute for a template. + +
+ +
+ + + + + +## model.Info +Info contains metadata information about a template + +Appears in: + + +- Template.info + + +```yaml +name: Argument Injection in Ruby Dragonfly +author: 0xspara +tags: cve,cve2021,rce,ruby +reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ +severity: high +``` + +
+ +
+ +name string + +
+
+ +Name should be good short summary that identifies what the template does. + + + +Examples: + + +```yaml +name: bower.json file disclosure +``` + +```yaml +name: Nagios Default Credentials Check +``` + + +
+ +
+ +
+ +author StringSlice + +
+
+ +Author of the template. + +Multiple values can also be specified separated by commas. + + + +Examples: + + +```yaml +author: +``` + + +
+ +
+ +
+ +tags StringSlice + +
+
+ +Any tags for the template. + +Multiple values can also be specified separated by commas. + + + +Examples: + + +```yaml +# Example tags +tags: cve,cve2019,grafana,auth-bypass,dos +``` + + +
+ +
+ +
+ +description string + +
+
+ +Description of the template. + +You can go in-depth here on what the template actually does. + + + +Examples: + + +```yaml +description: Bower is a package manager which stores packages informations in bower.json file +``` + +```yaml +description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations +``` + + +
+ +
+ +
+ +reference StringSlice + +
+
+ +References for the template. + +This should contain links relevant to the template. + + + +Examples: + + +```yaml +reference: + - https://github.com/strapi/strapi + - https://github.com/getgrav/grav +``` + + +
+ +
+ +
+ +severity severity.SeverityHolder + +
+
+ +Severity of the template. + + +Valid values: + + + - info + + - low + + - medium + + - high + + - critical +
+ +
+ +
+ +additional-fields map[string]string + +
+
+ +AdditionalFields regarding metadata of the template. + + + +Examples: + + +```yaml +additional-fields: + customField1: customValue1 +``` + + +
+ +
+ + + + + +## model.StringSlice + +Appears in: + + +- workflows.WorkflowTemplate.tags + + + + + +## severity.SeverityHolder + +Appears in: + + +- model.Info.severity + + + + + +## http.Request +Request contains a http request to be made from a template + +Appears in: + + +- Template.requests + + +```yaml +matchers: + - type: word + words: + - '[core]' + - type: dsl + condition: and + dsl: + - '!contains(tolower(body), '' + +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +path []string + +
+
+ +Path contains the path/s for the HTTP requests. It supports variables +as placeholders. + + + +Examples: + + +```yaml +# Some example path values +path: + - '{{BaseURL}}' + - '{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions' +``` + + +
+ +
+ +
+ +raw []string + +
+
+ +Raw contains HTTP Requests in Raw format. + + + +Examples: + + +```yaml +# Some example raw requests +raw: + - |- + GET /etc/passwd HTTP/1.1 + Host: + Content-Length: 4 + - |- + POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 + Content-Length: 1 + Connection: close + + echo + echo + cat /etc/passwd 2>&1 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the the optional id of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the request. + +If a name is specified, all the named request in a template can be matched upon +in a combined manner allowing multirequest based matchers. + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +method string + +
+
+ +Method is the HTTP Request Method. + + +Valid values: + + + - GET + + - HEAD + + - POST + + - PUT + + - DELETE + + - CONNECT + + - OPTIONS + + - TRACE + + - PATCH +
+ +
+ +
+ +body string + +
+
+ +Body is an optional parameter which contains HTTP Request body. + + + +Examples: + + +```yaml +# Same Body for a Login POST request +body: username=test&password=test +``` + + +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +headers map[string]string + +
+
+ +Headers contains HTTP Headers to send with the request. + + + +Examples: + + +```yaml +headers: + Any-Header: Any-Value + Content-Length: "1" + Content-Type: application/x-www-form-urlencoded +``` + + +
+ +
+ +
+ +race_count int + +
+
+ +RaceCount is the number of times to send a request in Race Condition Attack. + + + +Examples: + + +```yaml +# Send a request 5 times +race_count: 5 +``` + + +
+ +
+ +
+ +max-redirects int + +
+
+ +MaxRedirects is the maximum number of redirects that should be followed. + + + +Examples: + + +```yaml +# Follow upto 5 redirects +max-redirects: 5 +``` + + +
+ +
+ +
+ +pipeline-concurrent-connections int + +
+
+ +PipelineConcurrentConnections is number of connections to create during pipelining. + + + +Examples: + + +```yaml +# Create 40 concurrent connections +pipeline-concurrent-connections: 40 +``` + + +
+ +
+ +
+ +pipeline-requests-per-connection int + +
+
+ +PipelineRequestsPerConnection is number of requests to send per connection when pipelining. + + + +Examples: + + +```yaml +# Send 100 requests per pipeline connection +pipeline-requests-per-connection: 100 +``` + + +
+ +
+ +
+ +threads int + +
+
+ +Threads specifies number of threads to use sending requests. This enables Connection Pooling. + +Connection: Close attribute must not be used in request while using threads flag, otherwise +pooling will fail and engine will continue to close connections after requests. + + + +Examples: + + +```yaml +# Send requests using 10 concurrent threads +threads: 10 +``` + + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of http response body to read in bytes. + + + +Examples: + + +```yaml +# Read max 2048 bytes of the response +max-size: 2048 +``` + + +
+ +
+ +
+ +cookie-reuse bool + +
+
+ +CookieReuse is an optional setting that enables cookie reuse for +all requests defined in raw section. + +
+ +
+ +
+ +redirects bool + +
+
+ +Redirects specifies whether redirects should be followed by the HTTP Client. + +This can be used in conjunction with `max-redirects` to control the HTTP request redirects. + +
+ +
+ +
+ +pipeline bool + +
+
+ +Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining + +All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. + +
+ +
+ +
+ +unsafe bool + +
+
+ +Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. + +This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete +control over the request, with no normalization performed by the client. + +
+ +
+ +
+ +race bool + +
+
+ +Race determines if all the request have to be attempted at the same time (Race Condition) + +The actual number of requests that will be sent is determined by the `race_count` field. + +
+ +
+ +
+ +req-condition bool + +
+
+ +ReqCondition automatically assigns numbers to requests and preserves their history. + +This allows matching on them later for multi-request conditions. + +
+ +
+ +
+ +stop-at-first-match bool + +
+
+ +StopAtFirstMatch stops the execution of the requests and template as soon as a match is found. + +
+ +
+ + + + + +## matchers.Matcher +Matcher is used to match a part in the output from a protocol. + +Appears in: + + +- http.Request.matchers + +- dns.Request.matchers + +- file.Request.matchers + +- network.Request.matchers + +- headless.Request.matchers + + + +
+ +
+ +type string + +
+
+ +Type is the type of the matcher. + + +Valid values: + + + - status + + - size + + - word + + - regex + + - binary + + - dsl +
+ +
+ +
+ +condition string + +
+
+ +Condition is the optional condition between two matcher variables. By default, +the condition is assumed to be OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to match data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +negative bool + +
+
+ +Negative specifies if the match should be reversed +It will only match if the condition is not true. + +
+ +
+ +
+ +name string + +
+
+ +Name of the matcher. Name should be lowercase and must not contain +spaces or underscores (_). + + + +Examples: + + +```yaml +name: cookie-matcher +``` + + +
+ +
+ +
+ +status []int + +
+
+ +Status are the acceptable status codes for the response. + + + +Examples: + + +```yaml +status: + - 200 + - 302 +``` + + +
+ +
+ +
+ +size []int + +
+
+ +Size is the acceptable size for the response + + + +Examples: + + +```yaml +size: + - 3029 + - 2042 +``` + + +
+ +
+ +
+ +words []string + +
+
+ +Words contains word patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for outlook mail protection domain +words: + - mail.protection.outlook.com +``` + +```yaml +# Match for application/json in response headers +words: + - application/json +``` + + +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains Regular Expression patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Linkerd Service via Regex +regex: + - (?mi)^Via\\s*?:.*?linkerd.*$ +``` + +```yaml +# Match for Open Redirect via Location header +regex: + - (?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$ +``` + + +
+ +
+ +
+ +binary []string + +
+
+ +Binary are the binary patterns required to be present in the response part. + + + +Examples: + + +```yaml +# Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte" +binary: + - 4a4156412050524f46494c45 + - 4850524f46 + - 1f8b080000000000 +``` + +```yaml +# Match for 7zip files +binary: + - 377ABCAF271C +``` + + +
+ +
+ +
+ +dsl []string + +
+
+ +DSL are the dsl expressions that will be evaluated as part of nuclei matching rules. +A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/). + + + +Examples: + + +```yaml +# DSL Matcher for package.json file +dsl: + - contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200 +``` + +```yaml +# DSL Matcher for missing strict transport security header +dsl: + - '!contains(tolower(all_headers), ''''strict-transport-security'''')' +``` + + +
+ +
+ +
+ +encoding string + +
+
+ +Encoding specifies the encoding for the words field if any. + + +Valid values: + + + - hex +
+ +
+ + + + + +## extractors.Extractor +Extractor is used to extract part of response using a regex. + +Appears in: + + +- http.Request.extractors + +- dns.Request.extractors + +- file.Request.extractors + +- network.Request.extractors + +- headless.Request.extractors + + + +
+ +
+ +name string + +
+
+ +Name of the extractor. Name should be lowercase and must not contain +spaces or underscores (_). + + + +Examples: + + +```yaml +name: cookie-extractor +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of the extractor. + + +Valid values: + + + - regex + + - kval + + - json + + - xpath +
+ +
+ +
+ +regex []string + +
+
+ +Regex contains the regular expression patterns to extract from a part. + +Go regex engine does not support lookaheads or lookbehinds, so as a result +they are also not supported in nuclei. + + + +Examples: + + +```yaml +# Braintree Access Token Regex +regex: + - access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32} +``` + +```yaml +# Wordpress Author Extraction regex +regex: + - Author:(?:[A-Za-z0-9 -\_="]+)? + +group int + +
+
+ +Group specifies a numbered group to extract from the regex. + + + +Examples: + + +```yaml +# Example Regex Group +group: 1 +``` + + +
+ +
+ +
+ +kval []string + +
+
+ +description: | + kval contains the key-value pairs present in the HTTP response header. + kval extractor can be used to extract HTTP response header and cookie key-value pairs. + kval extractor inputs are case insensitive, and does not support dash (-) in input which can replaced with underscores (_) + For example, Content-Type should be replaced with content_type + + A list of supported parts is available in docs for request types. + examples: + - name: Extract Server Header From HTTP Response + value: > + []string{"server"} + - name: Extracting value of PHPSESSID Cookie + value: > + []string{"phpsessid"} + - name: Extracting value of Content-Type Cookie + value: > + []string{"content_type"} + +
+ +
+ +
+ +json []string + +
+
+ +JSON allows using jq-style syntax to extract items from json response + + + +Examples: + + +```yaml +json: + - .[] | .id +``` + +```yaml +json: + - .batters | .batter | .[] | .id +``` + + +
+ +
+ +
+ +xpath []string + +
+
+ +XPath allows using xpath expressions to extract items from html response + + + +Examples: + + +```yaml +xpath: + - /html/body/div/p[2]/a +``` + + +
+ +
+ +
+ +attribute string + +
+
+ +Attribute is an optional attribute to extract from response XPath. + + + +Examples: + + +```yaml +attribute: href +``` + + +
+ +
+ +
+ +part string + +
+
+ +Part is the part of the request response to extract data from. + +Each protocol exposes a lot of different parts which are well +documented in docs for each request type. + + + +Examples: + + +```yaml +part: body +``` + +```yaml +part: raw +``` + + +
+ +
+ +
+ +internal bool + +
+
+ +Internal, when set to true will allow using the value extracted +in the next request for some protocols (like HTTP). + +
+ +
+ + + + + +## dns.Request +Request contains a DNS protocol request to be made from a template + +Appears in: + + +- Template.dns + + +```yaml +extractors: + - type: regex + regex: + - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com + - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com +name: '{{FQDN}}' +type: CNAME +class: inet +retries: 2 +recursion: true +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +id string + +
+
+ +ID is the the optional id of the request + +
+ +
+ +
+ +name string + +
+
+ +Name is the Hostname to make DNS request for. + +Generally, it is set to {{FQDN}} which is the domain we get from input. + + + +Examples: + + +```yaml +name: '{{FQDN}}' +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of DNS request to make. + + +Valid values: + + + - A + + - NS + + - DS + + - CNAME + + - SOA + + - PTR + + - MX + + - TXT + + - AAAA +
+ +
+ +
+ +class string + +
+
+ +Class is the class of the DNS request. + +Usually it's enough to just leave it as INET. + + +Valid values: + + + - inet + + - csnet + + - chaos + + - hesiod + + - none + + - any +
+ +
+ +
+ +retries int + +
+
+ +Retries is the number of retries for the DNS request + + + +Examples: + + +```yaml +# Use a retry of 3 to 5 generally +retries: 5 +``` + + +
+ +
+ +
+ +recursion bool + +
+
+ +Recursion determines if resolver should recurse all records to get fresh results. + +
+ +
+ + + + + +## file.Request +Request contains a File matching mechanism for local disk operations. + +Appears in: + + +- Template.file + + +```yaml +extractors: + - type: regex + regex: + - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} +extensions: + - all +``` + +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ +
+ +extensions []string + +
+
+ +Extensions is the list of extensions to perform matching on. + + + +Examples: + + +```yaml +extensions: + - .txt + - .go + - .json +``` + + +
+ +
+ +
+ +denylist []string + +
+
+ +ExtensionDenylist is the list of file extensions to deny during matching. + +By default, it contains some non-interesting extensions that are hardcoded +in nuclei. + + + +Examples: + + +```yaml +denylist: + - .avi + - .mov + - .mp3 +``` + + +
+ +
+ +
+ +id string + +
+
+ +ID is the the optional id of the request + +
+ +
+ +
+ +max-size int + +
+
+ +MaxSize is the maximum size of the file to run request on. + +By default, nuclei will process 5MB files and not go more than that. +It can be set to much lower or higher depending on use. + + + +Examples: + + +```yaml +max-size: 2048 +``` + + +
+ +
+ +
+ +no-recursive bool + +
+
+ +NoRecursive specifies whether to not do recursive checks if folders are provided. + +
+ +
+ + + + + +## network.Request +Request contains a Network protocol request to be made from a template + +Appears in: + + +- Template.network + + +```yaml +host: + - '{{Hostname}}' + - '{{Hostname}}:2181' +inputs: + - data: "envi\r\nquit\r\n" +read-size: 2048 +matchers: + - type: word + words: + - zookeeper.version +``` + +
+ +
+ +id string + +
+
+ +ID is the the optional id of the request + +
+ +
+ +
+ +host []string + +
+
+ +Host to send network requests to. + +Usually it's set to `{{Hostname}}`. If you want to enable TLS for +TCP Connection, you can use `tls://{{Hostname}}`. + + + +Examples: + + +```yaml +host: + - '{{Hostname}}' +``` + + +
+ +
+ +
+ +attack string + +
+
+ +Attack is the type of payload combinations to perform. + +Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates +permutations and combinations for all payloads. + + +Valid values: + + + - sniper + + - pitchfork + + - clusterbomb +
+ +
+ +
+ +payloads map[string]interface{} + +
+
+ +Payloads contains any payloads for the current request. + +Payloads support both key-values combinations where a list +of payloads is provided, or optionally a single file can also +be provided as payload which will be read on run-time. + +
+ +
+ +
+ +inputs []network.Input + +
+
+ +Inputs contains inputs for the network socket + +
+ +
+ +
+ +read-size int + +
+
+ +ReadSize is the size of response to read at the end + +Default value for read-size is 1024. + + + +Examples: + + +```yaml +read-size: 2048 +``` + + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## network.Input + +Appears in: + + +- network.Request.inputs + + + +
+ +
+ +data string + +
+
+ +Data is the data to send as the input. + +It supports DSL Helper Functions as well as normal expressions. + + + +Examples: + + +```yaml +data: TEST +``` + +```yaml +data: hex_decode('50494e47') +``` + + +
+ +
+ +
+ +type string + +
+
+ +Type is the type of input specified in `data` field. + +Default value is text, but hex can be used for hex formatted data. + + +Valid values: + + + - hex + + - text +
+ +
+ +
+ +read int + +
+
+ +Read is the number of bytes to read from socket. + +This can be used for protcols which expected an immediate response. You can +read and write responses one after another and evetually perform matching +on every data captured with `name` attribute. + +The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. + + + +Examples: + + +```yaml +read: 1024 +``` + + +
+ +
+ +
+ +name string + +
+
+ +Name is the optional name of the data read to provide matching on. + + + +Examples: + + +```yaml +name: prefix +``` + + +
+ +
+ + + + + +## headless.Request +Request contains a Headless protocol request to be made from a template + +Appears in: + + +- Template.headless + + + +
+ +
+ +id string + +
+
+ +ID is the the optional id of the request + +
+ +
+ +
+ +steps []engine.Action + +
+
+ +Steps is the list of actions to run for headless request + +
+ +
+ +
+ +matchers []matchers.Matcher + +
+
+ +Matchers contains the detection mechanism for the request to identify +whether the request was successful by doing pattern matching +on request/responses. + +Multiple matchers can be combined together with `matcher-condition` flag +which accepts either `and` or `or` as argument. + +
+ +
+ +
+ +extractors []extractors.Extractor + +
+
+ +Extractors contains the extraction mechanism for the request to identify +and extract parts of the response. + +
+ +
+ +
+ +matchers-condition string + +
+
+ +MatchersCondition is the condition between the matchers. Default is OR. + + +Valid values: + + + - and + + - or +
+ +
+ + + + + +## engine.Action +Action is an action taken by the browser to reach a navigation + + Each step that the browser executes is an action. Most navigations + usually start from the ActionLoadURL event, and further navigations + are discovered on the found page. We also keep track and only + scrape new navigation from pages we haven't crawled yet. + +Appears in: + + +- headless.Request.steps + + + +
+ +
+ +args map[string]string + +
+
+ +Args contain arguments for the headless action. +Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/). + +
+ +
+ +
+ +name string + +
+
+ +Name is the name assigned to the headless action. + +This can be used to execute code, for instance in browser +DOM using script action, and get the result in a variable +which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml). + +
+ +
+ +
+ +description string + +
+
+ +Description is the optional description of the headless action + +
+ +
+ +
+ +action string + +
+
+ +Action is the type of the action to perform. + + +Valid values: + + + - navigate + + - script + + - click + + - rightclick + + - text + + - screenshot + + - time + + - select + + - files + + - waitload + + - getresource + + - extract + + - setmethod + + - addheader + + - setheader + + - deleteheader + + - setbody + + - waitevent + + - keyboard + + - debug + + - sleep +
+ +
+ + + + + +## workflows.WorkflowTemplate + +Appears in: + + +- Template.workflows + +- workflows.WorkflowTemplate.subtemplates + +- workflows.Matcher.subtemplates + + + +
+ +
+ +template string + +
+
+ +Template is a single template or directory to execute as part of workflow. + + + +Examples: + + +```yaml +# A single template +template: dns/worksites-detection.yaml +``` + +```yaml +# A template directory +template: misconfigurations/aem +``` + + +
+ +
+ +
+ +tags model.StringSlice + +
+
+ +Tags to run templates based on. + +
+ +
+ +
+ +matchers []workflows.Matcher + +
+
+ +Matchers perform name based matching to run subtemplates for a workflow. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the `template` field Template matches. + +
+ +
+ + + + + +## workflows.Matcher + +Appears in: + + +- workflows.WorkflowTemplate.matchers + + + +
+ +
+ +name string + +
+
+ +Name is the name of the item to match. + +
+ +
+ +
+ +subtemplates []workflows.WorkflowTemplate + +
+
+ +Subtemplates are ran if the name of matcher matches. + +
+ +
+ + + + diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json new file mode 100755 index 000000000..6092a125a --- /dev/null +++ b/nuclei-jsonschema.json @@ -0,0 +1,914 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/templates.Template", + "definitions": { + "severity.SeverityHolder": { + "enum": [ + "info", + "low", + "medium", + "high", + "critical" + ], + "type": "string", + "title": "severity of the template", + "description": "Seriousness of the implications of the template" + }, + "model.Info": { + "properties": { + "name": { + "type": "string", + "title": "name of the template", + "description": "Name is a short summary of what the template does", + "examples": [ + "Nagios Default Credentials Check" + ] + }, + "author": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/model.StringSlice", + "title": "author of the template", + "description": "Author is the author of the template" + }, + "tags": { + "$ref": "#/definitions/model.StringSlice", + "title": "tags of the template", + "description": "Any tags for the template" + }, + "description": { + "type": "string", + "title": "description of the template", + "description": "In-depth explanation on what the template does", + "examples": [ + "Bower is a package manager which stores packages informations in bower.json file" + ] + }, + "reference": { + "$ref": "#/definitions/model.StringSlice", + "title": "references for the template", + "description": "Links relevant to the template" + }, + "severity": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/severity.SeverityHolder" + }, + "additional-fields": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object", + "title": "additional metadata for the template", + "description": "Additional metadata fields for the template" + } + }, + "additionalProperties": false, + "type": "object" + }, + "model.StringSlice": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "array" + } + ] + }, + "extractors.Extractor": { + "required": [ + "type" + ], + "properties": { + "name": { + "type": "string", + "title": "name of the extractor", + "description": "Name of the extractor" + }, + "type": { + "enum": [ + "regex", + "kval", + "json", + "xpath" + ], + "type": "string", + "title": "type of the extractor", + "description": "Type of the extractor" + }, + "regex": { + "items": { + "type": "string" + }, + "type": "array", + "title": "regex to extract from part", + "description": "Regex to extract from part" + }, + "group": { + "type": "integer", + "title": "group to extract from regex", + "description": "Group to extract from regex" + }, + "kval": { + "items": { + "type": "string" + }, + "type": "array", + "title": "kval pairs to extract from response", + "description": "Kval pairs to extract from response" + }, + "json": { + "items": { + "type": "string" + }, + "type": "array", + "title": "json jq expressions to extract data", + "description": "JSON JQ expressions to evaluate from response part" + }, + "xpath": { + "items": { + "type": "string" + }, + "type": "array", + "title": "html xpath expressions to extract data", + "description": "XPath allows using xpath expressions to extract items from html response" + }, + "attribute": { + "type": "string", + "title": "optional attribute to extract from xpath", + "description": "Optional attribute to extract from response XPath" + }, + "part": { + "type": "string", + "title": "part of response to extract data from", + "description": "Part of the request response to extract data from" + }, + "internal": { + "type": "boolean", + "title": "mark extracted value for internal variable use", + "description": "Internal when set to true will allow using the value extracted in the next request for some protocols" + } + }, + "additionalProperties": false, + "type": "object" + }, + "matchers.Matcher": { + "required": [ + "type" + ], + "properties": { + "type": { + "enum": [ + "status", + "size", + "word", + "regex", + "dsl" + ], + "type": "string", + "title": "type of matcher", + "description": "Type of the matcher" + }, + "condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between matcher variables", + "description": "Condition between the matcher variables" + }, + "part": { + "type": "string", + "title": "part of response to match", + "description": "Part of response to match data from" + }, + "negative": { + "type": "boolean", + "title": "negative specifies if match reversed", + "description": "Negative specifies if the match should be reversed. It will only match if the condition is not true" + }, + "name": { + "type": "string", + "title": "name of the matcher", + "description": "Name of the matcher" + }, + "status": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "status to match", + "description": "Status to match for the response" + }, + "size": { + "items": { + "type": "integer" + }, + "type": "array", + "title": "acceptable size for response", + "description": "Size is the acceptable size for the response" + }, + "words": { + "items": { + "type": "string" + }, + "type": "array", + "title": "words to match in response", + "description": " Words contains word patterns required to be present in the response part" + }, + "regex": { + "items": { + "type": "string" + }, + "type": "array", + "title": "regex to match in response", + "description": "Regex contains regex patterns required to be present in the response part" + }, + "binary": { + "items": { + "type": "string" + }, + "type": "array", + "title": "binary patterns to match in response", + "description": "Binary are the binary patterns required to be present in the response part" + }, + "dsl": { + "items": { + "type": "string" + }, + "type": "array", + "title": "dsl expressions to match in response", + "description": "DSL are the dsl expressions that will be evaluated as part of nuclei matching rules" + }, + "encoding": { + "enum": [ + "hex" + ], + "type": "string", + "title": "encoding for word field", + "description": "Optional encoding for the word fields" + } + }, + "additionalProperties": false, + "type": "object" + }, + "dns.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/definitions/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/definitions/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the dns request", + "description": "ID is the optional ID of the DNS Request" + }, + "name": { + "type": "string", + "title": "hostname to make dns request for", + "description": "Name is the Hostname to make DNS request for" + }, + "type": { + "enum": [ + "A", + "NS", + "DS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA" + ], + "type": "string", + "title": "type of dns request to make", + "description": "Type is the type of DNS request to make" + }, + "class": { + "enum": [ + "inet", + "csnet", + "chaos", + "hesiod", + "none", + "any" + ], + "type": "string", + "title": "class of DNS request", + "description": "Class is the class of the DNS request" + }, + "retries": { + "type": "integer", + "title": "retries for dns request", + "description": "Retries is the number of retries for the DNS request" + }, + "recursion": { + "type": "boolean", + "title": "recurse all servers", + "description": "Recursion determines if resolver should recurse all records to get fresh results" + } + }, + "additionalProperties": false, + "type": "object" + }, + "file.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/definitions/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/definitions/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "extensions": { + "items": { + "type": "string" + }, + "type": "array", + "title": "extensions to match", + "description": "List of extensions to perform matching on" + }, + "denylist": { + "items": { + "type": "string" + }, + "type": "array", + "title": "extensions to deny match", + "description": "List of file extensions to deny during matching" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID is the optional ID for the request" + }, + "max-size": { + "type": "integer", + "title": "max size data to run request on", + "description": "Maximum size of the file to run request on" + }, + "no-recursive": { + "type": "boolean", + "title": "do not perform recursion", + "description": "Specifies whether to not do recursive checks if folders are provided" + } + }, + "additionalProperties": false, + "type": "object" + }, + "headless.Request": { + "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "Optional ID of the headless request" + }, + "steps": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/engine.Action" + }, + "type": "array", + "title": "list of actions for headless request", + "description": "List of actions to run for headless request" + }, + "matchers": { + "items": { + "$ref": "#/definitions/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/definitions/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between the matchers", + "description": "Conditions between the matchers" + } + }, + "additionalProperties": false, + "type": "object" + }, + "engine.Action": { + "required": [ + "action" + ], + "properties": { + "args": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object", + "title": "arguments for headless action", + "description": "Args contain arguments for the headless action" + }, + "name": { + "type": "string", + "title": "name for headless action", + "description": "Name is the name assigned to the headless action" + }, + "description": { + "type": "string", + "title": "description for headless action", + "description": "Description of the headless action" + }, + "action": { + "enum": [ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep" + ], + "type": "string", + "title": "action to perform", + "description": "Type of actions to perform" + } + }, + "additionalProperties": false, + "type": "object" + }, + "http.Request": { + "properties": { + "matchers": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "path": { + "items": { + "type": "string" + }, + "type": "array", + "title": "path(s) for the http request", + "description": "Path(s) to send http requests to" + }, + "raw": { + "items": { + "type": "string" + }, + "type": "array", + "description": "HTTP Requests in Raw Format" + }, + "id": { + "type": "string", + "title": "id for the http request", + "description": "ID for the HTTP Request" + }, + "name": { + "type": "string", + "title": "name for the http request", + "description": "Optional name for the HTTP Request" + }, + "attack": { + "enum": [ + "sniper", + "pitchfork", + "clusterbomb" + ], + "type": "string", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "method": { + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH" + ], + "type": "string", + "title": "method is the http request method", + "description": "Method is the HTTP Request Method" + }, + "body": { + "type": "string", + "title": "body is the http request body", + "description": "Body is an optional parameter which contains HTTP Request body" + }, + "payloads": { + "patternProperties": { + ".*": { + "additionalProperties": true + } + }, + "type": "object", + "title": "payloads for the http request", + "description": "Payloads contains any payloads for the current request" + }, + "headers": { + "patternProperties": { + ".*": { + "type": "string" + } + }, + "type": "object", + "title": "headers to send with the http request", + "description": "Headers contains HTTP Headers to send with the request" + }, + "race_count": { + "type": "integer", + "title": "number of times to repeat request in race condition", + "description": "Number of times to send a request in Race Condition Attack" + }, + "max-redirects": { + "type": "integer", + "title": "maximum number of redirects to follow", + "description": "Maximum number of redirects that should be followed" + }, + "pipeline-concurrent-connections": { + "type": "integer", + "title": "number of pipelining connections", + "description": "Number of connections to create during pipelining" + }, + "pipeline-requests-per-connection": { + "type": "integer", + "title": "number of requests to send per pipelining connections", + "description": "Number of requests to send per connection when pipelining" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "max-size": { + "type": "integer", + "title": "maximum http response body size", + "description": "Maximum size of http response body to read in bytes" + }, + "cookie-reuse": { + "type": "boolean", + "title": "optional cookie reuse enable", + "description": "Optional setting that enables cookie reuse" + }, + "redirects": { + "type": "boolean", + "title": "follow http redirects", + "description": "Specifies whether redirects should be followed by the HTTP Client" + }, + "pipeline": { + "type": "boolean", + "title": "perform HTTP 1.1 pipelining", + "description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + }, + "unsafe": { + "type": "boolean", + "title": "use rawhttp non-strict-rfc client", + "description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests" + }, + "race": { + "type": "boolean", + "title": "perform race-http request coordination attack", + "description": "Race determines if all the request have to be attempted at the same time (Race Condition)" + }, + "req-condition": { + "type": "boolean", + "title": "preserve request history", + "description": "Automatically assigns numbers to requests and preserves their history" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + } + }, + "additionalProperties": false, + "type": "object" + }, + "network.Input": { + "properties": { + "data": { + "type": "string", + "title": "data to send as input", + "description": "Data is the data to send as the input" + }, + "type": { + "enum": [ + "hex", + "text" + ], + "type": "string", + "title": "type is the type of input data", + "description": "Type of input specified in data field" + }, + "read": { + "type": "integer", + "title": "bytes to read from socket", + "description": "Number of bytes to read from socket" + }, + "name": { + "type": "string", + "title": "optional name for data read", + "description": "Optional name of the data read to provide matching on" + } + }, + "additionalProperties": false, + "type": "object" + }, + "network.Request": { + "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "host": { + "items": { + "type": "string" + }, + "type": "array", + "title": "host to send requests to", + "description": "Host to send network requests to" + }, + "attack": { + "enum": [ + "sniper", + "pitchfork", + "clusterbomb" + ], + "type": "string", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "patternProperties": { + ".*": { + "additionalProperties": true + } + }, + "type": "object", + "title": "payloads for the network request", + "description": "Payloads contains any payloads for the current request" + }, + "inputs": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/network.Input" + }, + "type": "array", + "title": "inputs for the network request", + "description": "Inputs contains any input/output for the current request" + }, + "read-size": { + "type": "integer", + "title": "size of network response to read", + "description": "Size of response to read at the end. Default is 1024 bytes" + }, + "matchers": { + "items": { + "$ref": "#/definitions/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/definitions/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "enum": [ + "and", + "or" + ], + "type": "string", + "title": "condition between the matchers", + "description": "Conditions between the matchers" + } + }, + "additionalProperties": false, + "type": "object" + }, + "templates.Template": { + "required": [ + "id", + "info" + ], + "properties": { + "id": { + "type": "string", + "title": "id of the template", + "description": "The Unique ID for the template", + "examples": [ + "cve-2021-19520" + ] + }, + "info": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/model.Info", + "title": "info for the template", + "description": "Info contains metadata for the template" + }, + "requests": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/http.Request" + }, + "type": "array", + "title": "http requests to make", + "description": "HTTP requests to make for the template" + }, + "dns": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/dns.Request" + }, + "type": "array", + "title": "dns requests to make", + "description": "DNS requests to make for the template" + }, + "file": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/file.Request" + }, + "type": "array", + "title": "file requests to make", + "description": "File requests to make for the template" + }, + "network": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/network.Request" + }, + "type": "array", + "title": "network requests to make", + "description": "Network requests to make for the template" + }, + "headless": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/headless.Request" + }, + "type": "array", + "title": "headless requests to make", + "description": "Headless requests to make for the template" + }, + "workflows": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/workflows.WorkflowTemplate" + }, + "type": "array", + "title": "list of workflows to execute", + "description": "List of workflows to execute for template" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.Matcher": { + "properties": { + "name": { + "type": "string", + "title": "name of item to match", + "description": "Name of item to match" + }, + "subtemplates": { + "items": { + "$ref": "#/definitions/workflows.WorkflowTemplate" + }, + "type": "array", + "title": "templates to run after match", + "description": "Templates to run after match" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.WorkflowTemplate": { + "properties": { + "template": { + "type": "string", + "title": "template/directory to execute", + "description": "Template or directory to execute as part of workflow" + }, + "tags": { + "$ref": "#/definitions/model.StringSlice", + "title": "tags to execute", + "description": "Tags to run template based on" + }, + "matchers": { + "items": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/workflows.Matcher" + }, + "type": "array", + "title": "name based template result matchers", + "description": "Matchers perform name based matching to run subtemplates for a workflow" + }, + "subtemplates": { + "items": { + "$ref": "#/definitions/workflows.WorkflowTemplate" + }, + "type": "array", + "title": "subtemplate based result matchers", + "description": "Subtemplates are ran if the template field Template matches" + } + }, + "additionalProperties": false, + "type": "object" + } + } +} From f3ed61b4c7f36881b430e0c9d6de9fb716caa305 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 1 Sep 2021 15:48:01 +0530 Subject: [PATCH 2/8] misc update --- README.md | 2 +- v2/pkg/templates/templates.go | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b1ee8b943..637088d6e 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Nuclei has had built-in support for automatic update/download templates since ve You may still use the `update-templates` flag to update the nuclei templates at any time; automatic updates happen every 24 hours. You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://nuclei.projectdiscovery.io/templating-guide/). -The YAML DSL reference syntax is available [here](v2/syntax-reference.md). +The YAML DSL reference syntax is available [here](SYNTAX-REFERENCE.md). diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index 3194425c7..f03b486b6 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -16,8 +16,7 @@ import ( // other metadata for a template. type Template struct { // description: | - // ID is the unique id for the template. IDs must be lowercase - // and must not contain spaces in it. + // ID is the unique id for the template. // // #### Good IDs // From 9d0856e3c8ea23f1bf9f5677a5b2d82db6697f6c Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 1 Sep 2021 10:19:34 +0000 Subject: [PATCH 3/8] Auto Generate Syntax Docs + JSONSchema [Wed Sep 1 10:19:34 UTC 2021] :robot: --- SYNTAX-REFERENCE.md | 3 +-- v2/pkg/templates/templates_doc.go | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index 006885fb9..8c3f0800d 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -18,8 +18,7 @@ Template is a YAML input file which defines all the requests and
-ID is the unique id for the template. IDs must be lowercase -and must not contain spaces in it. +ID is the unique id for the template. #### Good IDs diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 5e65c59e5..4ed4b1263 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -34,8 +34,8 @@ func init() { TemplateDoc.Fields[0].Name = "id" TemplateDoc.Fields[0].Type = "string" TemplateDoc.Fields[0].Note = "" - TemplateDoc.Fields[0].Description = "ID is the unique id for the template. IDs must be lowercase\nand must not contain spaces in it.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." - TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template. IDs must be lowercase" + TemplateDoc.Fields[0].Description = "ID is the unique id for the template.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." + TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template." TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") TemplateDoc.Fields[1].Name = "info" From 7d630aac98527a24becada1f969fcd74c64e25a5 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 1 Sep 2021 10:19:45 +0000 Subject: [PATCH 4/8] Auto Generate Syntax Docs + JSONSchema [Wed Sep 1 10:19:45 UTC 2021] :robot: --- SYNTAX-REFERENCE.md | 3 +-- v2/pkg/templates/templates_doc.go | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index 006885fb9..8c3f0800d 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -18,8 +18,7 @@ Template is a YAML input file which defines all the requests and
-ID is the unique id for the template. IDs must be lowercase -and must not contain spaces in it. +ID is the unique id for the template. #### Good IDs diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 5e65c59e5..4ed4b1263 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -34,8 +34,8 @@ func init() { TemplateDoc.Fields[0].Name = "id" TemplateDoc.Fields[0].Type = "string" TemplateDoc.Fields[0].Note = "" - TemplateDoc.Fields[0].Description = "ID is the unique id for the template. IDs must be lowercase\nand must not contain spaces in it.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." - TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template. IDs must be lowercase" + TemplateDoc.Fields[0].Description = "ID is the unique id for the template.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." + TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template." TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") TemplateDoc.Fields[1].Name = "info" From d7f8ad8a629afe8652556df7b232c259b1a23753 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 1 Sep 2021 15:53:30 +0530 Subject: [PATCH 5/8] final changes --- .github/workflows/publish-docs.yaml | 1 - v2/pkg/templates/templates.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 6a96a98f3..4f534d428 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -47,4 +47,3 @@ jobs: uses: ad-m/github-push-action@master with: github_token: ${{ secrets.GITHUB_TOKEN }} - branch: ${{ github.ref }} diff --git a/v2/pkg/templates/templates.go b/v2/pkg/templates/templates.go index f03b486b6..b6f2491ac 100644 --- a/v2/pkg/templates/templates.go +++ b/v2/pkg/templates/templates.go @@ -26,7 +26,7 @@ type Template struct { // example name is `azure-apps-nxdomain-takeover`. // examples: // - name: ID Example - // value: "\"cve-2021-19520\"" + // value: "\"CVE-2021-19520\"" ID string `yaml:"id" jsonschema:"title=id of the template,description=The Unique ID for the template,example=cve-2021-19520"` // description: | // Info contains metadata information about the template. From 04e636075edb280c710e750e9ce072a02b82c167 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 1 Sep 2021 10:24:55 +0000 Subject: [PATCH 6/8] Auto Generate Syntax Docs + JSONSchema [Wed Sep 1 10:24:55 UTC 2021] :robot: --- SYNTAX-REFERENCE.md | 2 +- v2/pkg/templates/templates_doc.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index 8c3f0800d..a50d97658 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -34,7 +34,7 @@ Examples: ```yaml # ID Example -id: cve-2021-19520 +id: CVE-2021-19520 ``` diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 4ed4b1263..1a715176d 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -37,7 +37,7 @@ func init() { TemplateDoc.Fields[0].Description = "ID is the unique id for the template.\n\n#### Good IDs\n\nA good ID uniquely identifies what the requests in the template\nare doing. Let's say you have a template that identifies a git-config\nfile on the webservers, a good name would be `git-config-exposure`. Another\nexample name is `azure-apps-nxdomain-takeover`." TemplateDoc.Fields[0].Comments[encoder.LineComment] = "ID is the unique id for the template." - TemplateDoc.Fields[0].AddExample("ID Example", "cve-2021-19520") + TemplateDoc.Fields[0].AddExample("ID Example", "CVE-2021-19520") TemplateDoc.Fields[1].Name = "info" TemplateDoc.Fields[1].Type = "model.Info" TemplateDoc.Fields[1].Note = "" From 3fb99721147b63b51ee7137abc288e4696fb59c4 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Wed, 1 Sep 2021 20:56:30 +0530 Subject: [PATCH 7/8] misc update --- v2/.goreleaser.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/v2/.goreleaser.yml b/v2/.goreleaser.yml index e97cfc12a..8ae96e831 100644 --- a/v2/.goreleaser.yml +++ b/v2/.goreleaser.yml @@ -20,6 +20,8 @@ builds: goarch: '386' - goos: windows goarch: 'arm' + - goos: windows + goarch: 'arm64' binary: '{{ .ProjectName }}' main: cmd/nuclei/main.go @@ -30,4 +32,4 @@ archives: darwin: macOS checksum: - algorithm: sha256 \ No newline at end of file + algorithm: sha256 From 7e80dec5e74bc47e4d6b457323a6cd1346b7ec21 Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 1 Sep 2021 21:07:37 +0530 Subject: [PATCH 8/8] dev update --- v2/pkg/catalog/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/catalog/config/config.go b/v2/pkg/catalog/config/config.go index 503aa6811..1ebfaaf51 100644 --- a/v2/pkg/catalog/config/config.go +++ b/v2/pkg/catalog/config/config.go @@ -28,7 +28,7 @@ type Config struct { const nucleiConfigFilename = ".templates-config.json" // Version is the current version of nuclei -const Version = `2.5.0` +const Version = `2.5.1-dev` func getConfigDetails() (string, error) { homeDir, err := os.UserHomeDir()