test(nuclei): add flow benchmark tests

Signed-off-by: Dwi Siswanto <git@dw1.io>
2025-12-17 13:55:24 +00:00 · 2025-06-26 11:43:23 +07:00 · 2025-06-26 11:43:23 +07:00 · 5f9dcccd28
commit 5f9dcccd28
parent 7f2adbe43a
3 changed files with 166 additions and 5 deletions
--- a/cmd/nuclei/main_benchmark_test.go
+++ b/cmd/nuclei/main_benchmark_test.go
@ -117,12 +117,12 @@ func runEnumBenchmark(b *testing.B, options *types.Options) {

 func BenchmarkRunEnumeration(b *testing.B) {
 	// Default case: run enumeration with default options == all nuclei-templates
-	// b.Run("Default", func(b *testing.B) {
-	// 	options := getDefaultOptions()
-	// 	options.Targets = []string{targetURL}
+	b.Run("Default", func(b *testing.B) {
+		options := getDefaultOptions()
+		options.Targets = []string{targetURL}

-	// 	runEnumBenchmark(b, options)
-	// })
+		runEnumBenchmark(b, options)
+	})

 	// Case: https://github.com/projectdiscovery/nuclei/pull/6258
 	b.Run("Multiproto", func(b *testing.B) {
@ -132,4 +132,53 @@ func BenchmarkRunEnumeration(b *testing.B) {

 		runEnumBenchmark(b, options)
 	})
+
+	// Case: https://github.com/projectdiscovery/nuclei/issues/6263
+	b.Run("Flow", func(b *testing.B) {
+		options := getDefaultOptions()
+		options.Targets = []string{
+			"https://google.com",
+			"https://youtube.com",
+			"https://facebook.com",
+			"https://baidu.com",
+			"https://wikipedia.org",
+			"https://qq.com",
+			"https://taobao.com",
+			"https://yahoo.com",
+			"https://tmall.com",
+			"https://amazon.com",
+			"https://twitter.com",
+			"https://sohu.com",
+			"https://live.com",
+			"https://jd.com",
+			"https://vk.com",
+			"https://instagram.com",
+			"https://sina.com.cn",
+			"https://weibo.com",
+			"https://reddit.com",
+			"https://login.tmall.com",
+			"https://360.cn",
+			"https://yandex.ru",
+			"https://linkedin.com",
+			"https://blogspot.com",
+			"https://netflix.com",
+			"https://twitch.tv",
+			"https://whatsapp.com",
+			"https://yahoo.co.jp",
+			"https://csdn.net",
+			"https://wordcamp.org",
+		}
+
+		b.Run("Local-Scoping", func(b *testing.B) {
+			options.Templates = []string{"./cmd/nuclei/testdata/benchmark/flow/wordpress-readme-local-scoping.yaml"}
+
+			runEnumBenchmark(b, options)
+		})
+
+		b.Run("Namespacing", func(b *testing.B) {
+			options.Templates = []string{"./cmd/nuclei/testdata/benchmark/flow/wordpress-readme-namespacing.yaml"}
+
+			runEnumBenchmark(b, options)
+		})
+	})
 }
--- a/cmd/nuclei/testdata/benchmark/flow/wordpress-readme-local-scoping.yaml
+++ b/cmd/nuclei/testdata/benchmark/flow/wordpress-readme-local-scoping.yaml
@ -0,0 +1,56 @@
+id: wordpress_readme-scoping
+
+info:
+  name: WordPress readme detection
+  author: nisay759
+  severity: info
+  tags: readme,wordpress,themes,plugins
+
+flow: |
+  // get imports from website's root
+  http(1);
+
+  let uniq = Dedupe();
+
+  // get unique webroot of each import
+  for (let path of iterate(template["imports"])) {
+    let pathArray = path.split("/");
+    let rootIdx = pathArray.indexOf("wp-content") + 3;
+    let finalUrl = pathArray.slice(0, rootIdx).join("/");
+    uniq.Add(finalUrl);
+  }
+
+  // for each import, look for readme
+  for (let url of iterate(uniq.Values())) {
+    set("target", url);
+    http(2);
+  }
+
+http:
+  # http(1) - Query web root and extract themes/plugins imports
+  - method: GET
+    redirects: true
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: xpath
+        name: "imports"
+        internal: true
+        xpath:
+          - "/html/*/script/@src[contains(.,'wp-content/plugins/')]"
+          - "/html/*/script/@src[contains(.,'wp-content/themes/')]"
+          - "/html/*/style/@src[contains(.,'wp-content/themes/')]"
+          - "/html/*/img/@src[contains(.,'wp-content/themes/')]"
+
+  # http(2) - Given a theme/plugin "target", look for Readme file
+  - method: GET
+    path:
+      - "{{target}}/README.md"
+      - "{{target}}/README.txt"
+
+    stop-at-first-match: true
+    matchers:
+      - type: status
+        status:
+          - 200
--- a/cmd/nuclei/testdata/benchmark/flow/wordpress-readme-namespacing.yaml
+++ b/cmd/nuclei/testdata/benchmark/flow/wordpress-readme-namespacing.yaml
@ -0,0 +1,56 @@
+id: wordpress_readme-namespacing
+
+info:
+  name: WordPress readme detection
+  author: nisay759
+  severity: info
+  tags: readme,wordpress,themes,plugins
+
+flow: |
+  // get imports from website's root
+  http(1);
+
+  template["{{BaseURL}}_results"] = Dedupe();
+
+  // get unique webroot of each import
+  for (let path of iterate(template["imports"])) {
+    let pathArray = path.split("/");
+    let rootIdx = pathArray.indexOf("wp-content") + 3;
+    let finalUrl = pathArray.slice(0, rootIdx).join("/");
+    template["{{BaseURL}}_results"].Add(finalUrl);
+  }
+
+  // for each import, look for readme
+  for (let url of iterate(template["{{BaseURL}}_results"].Values())) {
+    set("target", url);
+    http(2);
+  }
+
+http:
+  # http(1) - Query web root and extract themes/plugins imports
+  - method: GET
+    redirects: true
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: xpath
+        name: "imports"
+        internal: true
+        xpath:
+          - "/html/*/script/@src[contains(.,'wp-content/plugins/')]"
+          - "/html/*/script/@src[contains(.,'wp-content/themes/')]"
+          - "/html/*/style/@src[contains(.,'wp-content/themes/')]"
+          - "/html/*/img/@src[contains(.,'wp-content/themes/')]"
+
+  # http(2) - Given a theme/plugin "target", look for Readme file
+  - method: GET
+    path:
+      - "{{target}}/README.md"
+      - "{{target}}/README.txt"
+
+    stop-at-first-match: true
+    matchers:
+      - type: status
+        status:
+          - 200