README + misc updates (#2961)

* readme update

* version + banner update

* misc option update

* go fmt'ed code

* misc update

README.md

@@ -91,13 +91,15 @@ Nuclei is a fast, template based vulnerability scanner focusing
 on extensive configurability, massive extensibility and ease of use.
 
 Usage:
-  nuclei [flags]
+  ./nuclei [flags]
 
 Flags:
 TARGET:
    -u, -target string[]       target URLs/hosts to scan
    -l, -list string           path to file containing a list of target URLs/hosts to scan (one per line)
-   -resume string        Resume scan using resume.cfg (clustering will be disabled)
+   -resume string             resume scan using resume.cfg (clustering will be disabled)
+   -sa, -scan-all-ips         scan all the IPs associated with dns record
+   -iv, -ip-version string[]  IP version to scan of hostname (4,6) - (default 4)
 
 TEMPLATES:
    -nt, -new-templates                    run only new templates added in latest nuclei-templates release
@@ -108,9 +110,9 @@ TEMPLATES:
    -w, -workflows string[]                list of workflow or workflow directory to run (comma-separated, file)
    -wu, -workflow-url string[]            list of workflow urls to run (comma-separated, file)
    -validate                              validate the passed templates to nuclei
-   -nss, -no-strict-syntax                Disable strict syntax check on templates
+   -nss, -no-strict-syntax                disable strict syntax check on templates
+   -td, -template-display                 displays the templates content
    -tl                                    list all available templates
-   -td                                    displays the template contents
 
 FILTERING:
    -a, -author string[]               templates to run based on authors (comma-separated, file)
@@ -124,8 +126,8 @@ FILTERING:
    -em, -exclude-matchers string[]    template matchers to exclude in result
    -s, -severity value[]              templates to run based on severity. Possible values: info, low, medium, high, critical, unknown
    -es, -exclude-severity value[]     templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown
-   -pt, -type value[]                 templates to run based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
+   -pt, -type value[]                 templates to run based on protocol type. Possible values: dns, file, http, , headless, network, workflow, ssl, websocket, whois
-   -ept, -exclude-type value[]        templates to exclude based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
+   -ept, -exclude-type value[]        templates to exclude based on protocol type. Possible values: dns, file, http, , headless, network, workflow, ssl, websocket, whois
    -tc, -template-condition string[]  templates to run based on expression condition
 
 OUTPUT:
@@ -166,9 +168,9 @@ CONFIGURATIONS:
    -i, -interface string          network interface to use for network scan
    -at, -attack-type string       type of payload combinations to perform (batteringram,pitchfork,clusterbomb)
    -sip, -source-ip string        source ip address to use for network scan
-   -config-directory string       Override the default config path ($home/.config)
+   -config-directory string       override the default config path ($home/.config)
    -rsr, -response-size-read int  max response size to read in bytes (default 10485760)
-   -rss, -response-size-save int  max response size to save in bytes (default 10485760)
+   -rss, -response-size-save int  max response size to read in bytes (default 1048576)
 
 INTERACTSH:
    -iserver, -interactsh-server string  interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
@@ -182,7 +184,7 @@ INTERACTSH:
 UNCOVER:
    -uc, -uncover                  enable uncover engine
    -uq, -uncover-query string[]   uncover search query
-   -ue, -uncover-engine string[]  uncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye) (default shodan)
+   -ue, -uncover-engine string[]  uncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye,netlas) (default shodan)
    -uf, -uncover-field string     uncover fields to return (ip,port,host) (default "ip:port")
    -ul, -uncover-limit int        uncover results to return (default 100)
    -ucd, -uncover-delay int       delay between uncover query requests in seconds (0 to disable) (default 1)
@@ -198,20 +200,21 @@ RATE-LIMIT:
 OPTIMIZATIONS:
    -timeout int                        time to wait in seconds before timeout (default 10)
    -retries int                        number of times to retry a failed request (default 1)
-   -ldp, -leave-default-ports          leave default HTTP/HTTPS ports (eg. host:80,host:443
+   -ldp, -leave-default-ports          leave default HTTP/HTTPS ports (eg. host:80,host:443)
    -mhe, -max-host-error int           max errors for a host before skipping from scan (default 30)
    -project                            use a project folder to avoid sending same request multiple times
    -project-path string                set a specific project path
    -spm, -stop-at-first-match          stop processing HTTP requests after the first match (may break template/workflow logic)
    -stream                             stream mode - start elaborating without sorting the input
    -irt, -input-read-timeout duration  timeout on input read (default 3m0s)
-   -no-stdin                           Disable Stdin processing
+   -nh, -no-httpx                      disable httpx probing for non-url input
+   -no-stdin                           disable stdin processing
 
 HEADLESS:
-   -headless                    enable templates that require headless browser support (root user on linux will disable sandbox)
+   -headless                    enable templates that require headless browser support (root user on Linux will disable sandbox)
    -page-timeout int            seconds to wait for each page in headless mode (default 20)
    -sb, -show-browser           show the browser on the screen when running templates with headless mode
-   -sc, -system-chrome          Use local installed chrome browser instead of nuclei installed
+   -sc, -system-chrome          use local installed Chrome browser instead of nuclei installed
    -lha, -list-headless-action  list available headless actions
 
 DEBUG:
@@ -228,6 +231,7 @@ DEBUG:
    -v, -verbose              show verbose output
    -profile-mem string       optional nuclei memory profile dump file
    -vv                       display templates loaded for scan
+   -svd, -show-var-dump      show variables dump for debugging
    -ep, -enable-pprof        enable pprof debugging server
    -tv, -templates-version   shows the version of the installed nuclei-templates
    -hc, -health-check        run diagnostic check up

v2/cmd/nuclei/main.go

@@ -270,7 +270,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 		flagSet.BoolVarP(&options.Verbose, "verbose", "v", false, "show verbose output"),
 		flagSet.StringVar(&memProfile, "profile-mem", "", "optional nuclei memory profile dump file"),
 		flagSet.BoolVar(&options.VerboseVerbose, "vv", false, "display templates loaded for scan"),
-		flagSet.BoolVarP(&options.ShowVarDump, "show-var-dump", "sdp", false, "show variables dump for debugging"),
+		flagSet.BoolVarP(&options.ShowVarDump, "show-var-dump", "svd", false, "show variables dump for debugging"),
 		flagSet.BoolVarP(&options.EnablePprof, "enable-pprof", "ep", false, "enable pprof debugging server"),
 		flagSet.BoolVarP(&options.TemplatesVersion, "templates-version", "tv", false, "shows the version of the installed nuclei-templates"),
 		flagSet.BoolVarP(&options.HealthCheck, "health-check", "hc", false, "run diagnostic check up"),

v2/internal/runner/banner.go

@@ -12,14 +12,11 @@ var banner = fmt.Sprintf(`
    ____  __  _______/ /__  (_)
   / __ \/ / / / ___/ / _ \/ /
  / / / / /_/ / /__/ /  __/ /
-/_/ /_/\__,_/\___/_/\___/_/   %s
+/_/ /_/\__,_/\___/_/\___/_/   v%s
 `, config.Version)
 
 // showBanner is used to show the banner to the user
 func showBanner() {
 	gologger.Print().Msgf("%s\n", banner)
 	gologger.Print().Msgf("\t\tprojectdiscovery.io\n\n")
-
-	gologger.Print().Label("WRN").Msgf("Use with caution. You are responsible for your actions.\n")
-	gologger.Print().Label("WRN").Msgf("Developers assume no liability and are not responsible for any misuse or damage.\n")
 }

v2/internal/runner/inputs.go

@@ -29,7 +29,7 @@ func (r *Runner) initializeTemplatesHTTPInput() (*hybrid.HybridMap, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "could not get http client")
 	}
-	gologger.Info().Msgf("Running httpx on input to execute http based template")
+	gologger.Info().Msgf("Running httpx on input host")
 
 	var bulkSize = probeBulkSize
 	if r.options.BulkSize > probeBulkSize {
@@ -56,7 +56,7 @@ func (r *Runner) initializeTemplatesHTTPInput() (*hybrid.HybridMap, error) {
 	})
 	swg.Wait()
 
-	gologger.Info().Msgf("Discovered %d URL from input", atomic.LoadInt32(&count))
+	gologger.Info().Msgf("Found %d URL from httpx", atomic.LoadInt32(&count))
 	return hm, nil
 }
 

v2/internal/runner/nucleicloud/cloud.go

@@ -152,7 +152,7 @@ func (c *Client) GetScans() ([]GetScanRequest, error) {
 	return items, nil
 }
 
-//Delete a scan and it's issues by the scan id.
+// Delete a scan and it's issues by the scan id.
 func (c *Client) DeleteScan(id string) (DeleteScanResults, error) {
 	deletescan := DeleteScanResults{}
 	httpReq, err := retryablehttp.NewRequest(http.MethodDelete, fmt.Sprintf("%s/scan?id=%s", c.baseURL, id), nil)

v2/pkg/catalog/config/config.go

@@ -32,7 +32,7 @@ type Config struct {
 const nucleiConfigFilename = ".templates-config.json"
 
 // Version is the current version of nuclei
-const Version = `2.7.9`
+const Version = `2.8.0`
 
 var customConfigDirectory string
 

v2/pkg/model/types/severity/severity.go

@@ -64,8 +64,9 @@ func (severity Severity) String() string {
 	return severityMappings[severity]
 }
 
-//nolint:exported,revive //prefer to be explicit about the name, and make it refactor-safe
 // Holder holds a Severity type. Required for un/marshalling purposes
+//
+//nolint:exported,revive //prefer to be explicit about the name, and make it refactor-safe
 type Holder struct {
 	Severity Severity `mapping:"true"`
 }

v2/pkg/operators/matchers/matchers_types.go

@@ -38,7 +38,7 @@ var MatcherTypes = map[MatcherType]string{
 	DSLMatcher:    "dsl",
 }
 
-//GetType returns the type of the matcher
+// GetType returns the type of the matcher
 func (matcher *Matcher) GetType() MatcherType {
 	return matcher.Type.MatcherType
 }

v2/pkg/protocols/common/automaticscan/doc.go

@@ -7,6 +7,7 @@
 // which are then used as tags for the execution of the templates.
 //
 // Example -
+//
 //	"Amazon Web Services,Jenkins,Atlassian Jira" -> "amazon,web,services,jenkins,atlassian,jira".
 //
 // Wappalyzergo (https://github.com/projectdiscovery/wappalyzergo) is used for wappalyzer tech

v2/pkg/templates/templates_doc_examples.go

@@ -1,5 +1,5 @@
 // Package templates
-//nolint //do not lint as examples with no usage
+// nolint //do not lint as examples with no usage
 package templates
 
 import (