-
-Requests contains the http request to make in the template.
-
-
-
-Examples:
-
-
-```yaml
-requests:
- matchers:
- - type: word
- words:
- - '[core]'
- - type: dsl
- condition: and
- dsl:
- - '!contains(tolower(body), ''
-
-
-
-
-
-
-DNS contains the dns request to make in the template
-
-
-
-Examples:
-
-
-```yaml
-dns:
- extractors:
- - type: regex
- regex:
- - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com
- - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com
- name: '{{FQDN}}'
- type: CNAME
- class: inet
- retries: 2
- recursion: true
-```
-
-
-
-
-
-
-
-
-
-File contains the file request to make in the template
-
-
-
-Examples:
-
-
-```yaml
-file:
- extractors:
- - type: regex
- regex:
- - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
- extensions:
- - all
-```
-
-
-
-
-
-
-
-
-
-Network contains the network request to make in the template
-
-
-
-Examples:
-
-
-```yaml
-network:
- host:
- - '{{Hostname}}'
- - '{{Hostname}}:2181'
- inputs:
- - data: "envi\r\nquit\r\n"
- read-size: 2048
- matchers:
- - type: word
- words:
- - zookeeper.version
-```
-
-
-
-
-
-
-
-
-
-Headless contains the headless request to make in the template.
-
-
-
-
-
-
-
-
-Workflows is a list of workflows to execute for a template.
-
-
-
-
-
-
-
-
-
-## model.Info
-Info contains metadata information about a template
-
-Appears in:
-
-
-- Template.info
-
-
-```yaml
-name: Argument Injection in Ruby Dragonfly
-author: 0xspara
-tags: cve,cve2021,rce,ruby
-reference: https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
-severity: high
-```
-
-
-
-
-
-name string
-
-
-
-
-Name should be good short summary that identifies what the template does.
-
-
-
-Examples:
-
-
-```yaml
-name: bower.json file disclosure
-```
-
-```yaml
-name: Nagios Default Credentials Check
-```
-
-
-
-
-
-
-
-
-author StringSlice
-
-
-
-
-Author of the template.
-
-Multiple values can also be specified separated by commas.
-
-
-
-Examples:
-
-
-```yaml
-author:
-```
-
-
-
-
-
-
-
-
-tags StringSlice
-
-
-
-
-Any tags for the template.
-
-Multiple values can also be specified separated by commas.
-
-
-
-Examples:
-
-
-```yaml
-# Example tags
-tags: cve,cve2019,grafana,auth-bypass,dos
-```
-
-
-
-
-
-
-
-
-description string
-
-
-
-
-Description of the template.
-
-You can go in-depth here on what the template actually does.
-
-
-
-Examples:
-
-
-```yaml
-description: Bower is a package manager which stores packages informations in bower.json file
-```
-
-```yaml
-description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations
-```
-
-
-
-
-
-
-
-
-reference StringSlice
-
-
-
-
-References for the template.
-
-This should contain links relevant to the template.
-
-
-
-Examples:
-
-
-```yaml
-reference:
- - https://github.com/strapi/strapi
- - https://github.com/getgrav/grav
-```
-
-
-
-
-
-
-
-
-
-Severity of the template.
-
-
-Valid values:
-
-
- - info
-
- - low
-
- - medium
-
- - high
-
- - critical
-
-
-
-
-
-
-additional-fields map[string]string
-
-
-
-
-AdditionalFields regarding metadata of the template.
-
-
-
-Examples:
-
-
-```yaml
-additional-fields:
- customField1: customValue1
-```
-
-
-
-
-
-
-
-
-
-
-## model.StringSlice
-
-Appears in:
-
-
-- workflows.WorkflowTemplate.tags
-
-
-
-
-
-## severity.SeverityHolder
-
-Appears in:
-
-
-- model.Info.severity
-
-
-
-
-
-## http.Request
-Request contains a http request to be made from a template
-
-Appears in:
-
-
-- Template.requests
-
-
-```yaml
-matchers:
- - type: word
- words:
- - '[core]'
- - type: dsl
- condition: and
- dsl:
- - '!contains(tolower(body), ''
-
-
-
-
-Matchers contains the detection mechanism for the request to identify
-whether the request was successful by doing pattern matching
-on request/responses.
-
-Multiple matchers can be combined together with `matcher-condition` flag
-which accepts either `and` or `or` as argument.
-
-
-
-
-
-
-
-
-Extractors contains the extraction mechanism for the request to identify
-and extract parts of the response.
-
-
-
-
-
-
-
-matchers-condition string
-
-
-
-
-MatchersCondition is the condition between the matchers. Default is OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-path []string
-
-
-
-
-Path contains the path/s for the HTTP requests. It supports variables
-as placeholders.
-
-
-
-Examples:
-
-
-```yaml
-# Some example path values
-path:
- - '{{BaseURL}}'
- - '{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions'
-```
-
-
-
-
-
-
-
-
-raw []string
-
-
-
-
-Raw contains HTTP Requests in Raw format.
-
-
-
-Examples:
-
-
-```yaml
-# Some example raw requests
-raw:
- - |-
- GET /etc/passwd HTTP/1.1
- Host:
- Content-Length: 4
- - |-
- POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1
- Host: {{Hostname}}
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
- Content-Length: 1
- Connection: close
-
- echo
- echo
- cat /etc/passwd 2>&1
-```
-
-
-
-
-
-
-
-
-id string
-
-
-
-
-ID is the the optional id of the request
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name is the optional name of the request.
-
-If a name is specified, all the named request in a template can be matched upon
-in a combined manner allowing multirequest based matchers.
-
-
-
-
-
-
-
-attack string
-
-
-
-
-Attack is the type of payload combinations to perform.
-
-Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates
-permutations and combinations for all payloads.
-
-
-Valid values:
-
-
- - sniper
-
- - pitchfork
-
- - clusterbomb
-
-
-
-
-
-
-method string
-
-
-
-
-Method is the HTTP Request Method.
-
-
-Valid values:
-
-
- - GET
-
- - HEAD
-
- - POST
-
- - PUT
-
- - DELETE
-
- - CONNECT
-
- - OPTIONS
-
- - TRACE
-
- - PATCH
-
-
-
-
-
-
-body string
-
-
-
-
-Body is an optional parameter which contains HTTP Request body.
-
-
-
-Examples:
-
-
-```yaml
-# Same Body for a Login POST request
-body: username=test&password=test
-```
-
-
-
-
-
-
-
-
-payloads map[string]interface{}
-
-
-
-
-Payloads contains any payloads for the current request.
-
-Payloads support both key-values combinations where a list
-of payloads is provided, or optionally a single file can also
-be provided as payload which will be read on run-time.
-
-
-
-
-
-
-
-headers map[string]string
-
-
-
-
-Headers contains HTTP Headers to send with the request.
-
-
-
-Examples:
-
-
-```yaml
-headers:
- Any-Header: Any-Value
- Content-Length: "1"
- Content-Type: application/x-www-form-urlencoded
-```
-
-
-
-
-
-
-
-
-race_count int
-
-
-
-
-RaceCount is the number of times to send a request in Race Condition Attack.
-
-
-
-Examples:
-
-
-```yaml
-# Send a request 5 times
-race_count: 5
-```
-
-
-
-
-
-
-
-
-max-redirects int
-
-
-
-
-MaxRedirects is the maximum number of redirects that should be followed.
-
-
-
-Examples:
-
-
-```yaml
-# Follow upto 5 redirects
-max-redirects: 5
-```
-
-
-
-
-
-
-
-
-pipeline-concurrent-connections int
-
-
-
-
-PipelineConcurrentConnections is number of connections to create during pipelining.
-
-
-
-Examples:
-
-
-```yaml
-# Create 40 concurrent connections
-pipeline-concurrent-connections: 40
-```
-
-
-
-
-
-
-
-
-pipeline-requests-per-connection int
-
-
-
-
-PipelineRequestsPerConnection is number of requests to send per connection when pipelining.
-
-
-
-Examples:
-
-
-```yaml
-# Send 100 requests per pipeline connection
-pipeline-requests-per-connection: 100
-```
-
-
-
-
-
-
-
-
-threads int
-
-
-
-
-Threads specifies number of threads to use sending requests. This enables Connection Pooling.
-
-Connection: Close attribute must not be used in request while using threads flag, otherwise
-pooling will fail and engine will continue to close connections after requests.
-
-
-
-Examples:
-
-
-```yaml
-# Send requests using 10 concurrent threads
-threads: 10
-```
-
-
-
-
-
-
-
-
-max-size int
-
-
-
-
-MaxSize is the maximum size of http response body to read in bytes.
-
-
-
-Examples:
-
-
-```yaml
-# Read max 2048 bytes of the response
-max-size: 2048
-```
-
-
-
-
-
-
-
-
-cookie-reuse bool
-
-
-
-
-CookieReuse is an optional setting that enables cookie reuse for
-all requests defined in raw section.
-
-
-
-
-
-
-
-redirects bool
-
-
-
-
-Redirects specifies whether redirects should be followed by the HTTP Client.
-
-This can be used in conjunction with `max-redirects` to control the HTTP request redirects.
-
-
-
-
-
-
-
-pipeline bool
-
-
-
-
-Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining
-
-All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests.
-
-
-
-
-
-
-
-unsafe bool
-
-
-
-
-Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.
-
-This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete
-control over the request, with no normalization performed by the client.
-
-
-
-
-
-
-
-race bool
-
-
-
-
-Race determines if all the request have to be attempted at the same time (Race Condition)
-
-The actual number of requests that will be sent is determined by the `race_count` field.
-
-
-
-
-
-
-
-req-condition bool
-
-
-
-
-ReqCondition automatically assigns numbers to requests and preserves their history.
-
-This allows matching on them later for multi-request conditions.
-
-
-
-
-
-
-
-stop-at-first-match bool
-
-
-
-
-StopAtFirstMatch stops the execution of the requests and template as soon as a match is found.
-
-
-
-
-
-
-
-
-
-## matchers.Matcher
-Matcher is used to match a part in the output from a protocol.
-
-Appears in:
-
-
-- http.Request.matchers
-
-- dns.Request.matchers
-
-- file.Request.matchers
-
-- network.Request.matchers
-
-- headless.Request.matchers
-
-
-
-
-
-
-
-type string
-
-
-
-
-Type is the type of the matcher.
-
-
-Valid values:
-
-
- - status
-
- - size
-
- - word
-
- - regex
-
- - binary
-
- - dsl
-
-
-
-
-
-
-condition string
-
-
-
-
-Condition is the optional condition between two matcher variables. By default,
-the condition is assumed to be OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-part string
-
-
-
-
-Part is the part of the request response to match data from.
-
-Each protocol exposes a lot of different parts which are well
-documented in docs for each request type.
-
-
-
-Examples:
-
-
-```yaml
-part: body
-```
-
-```yaml
-part: raw
-```
-
-
-
-
-
-
-
-
-negative bool
-
-
-
-
-Negative specifies if the match should be reversed
-It will only match if the condition is not true.
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name of the matcher. Name should be lowercase and must not contain
-spaces or underscores (_).
-
-
-
-Examples:
-
-
-```yaml
-name: cookie-matcher
-```
-
-
-
-
-
-
-
-
-status []int
-
-
-
-
-Status are the acceptable status codes for the response.
-
-
-
-Examples:
-
-
-```yaml
-status:
- - 200
- - 302
-```
-
-
-
-
-
-
-
-
-size []int
-
-
-
-
-Size is the acceptable size for the response
-
-
-
-Examples:
-
-
-```yaml
-size:
- - 3029
- - 2042
-```
-
-
-
-
-
-
-
-
-words []string
-
-
-
-
-Words contains word patterns required to be present in the response part.
-
-
-
-Examples:
-
-
-```yaml
-# Match for outlook mail protection domain
-words:
- - mail.protection.outlook.com
-```
-
-```yaml
-# Match for application/json in response headers
-words:
- - application/json
-```
-
-
-
-
-
-
-
-
-regex []string
-
-
-
-
-Regex contains Regular Expression patterns required to be present in the response part.
-
-
-
-Examples:
-
-
-```yaml
-# Match for Linkerd Service via Regex
-regex:
- - (?mi)^Via\\s*?:.*?linkerd.*$
-```
-
-```yaml
-# Match for Open Redirect via Location header
-regex:
- - (?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$
-```
-
-
-
-
-
-
-
-
-binary []string
-
-
-
-
-Binary are the binary patterns required to be present in the response part.
-
-
-
-Examples:
-
-
-```yaml
-# Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte"
-binary:
- - 4a4156412050524f46494c45
- - 4850524f46
- - 1f8b080000000000
-```
-
-```yaml
-# Match for 7zip files
-binary:
- - 377ABCAF271C
-```
-
-
-
-
-
-
-
-
-dsl []string
-
-
-
-
-DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.
-A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/).
-
-
-
-Examples:
-
-
-```yaml
-# DSL Matcher for package.json file
-dsl:
- - contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200
-```
-
-```yaml
-# DSL Matcher for missing strict transport security header
-dsl:
- - '!contains(tolower(all_headers), ''''strict-transport-security'''')'
-```
-
-
-
-
-
-
-
-
-encoding string
-
-
-
-
-Encoding specifies the encoding for the words field if any.
-
-
-Valid values:
-
-
- - hex
-
-
-
-
-
-
-
-
-## extractors.Extractor
-Extractor is used to extract part of response using a regex.
-
-Appears in:
-
-
-- http.Request.extractors
-
-- dns.Request.extractors
-
-- file.Request.extractors
-
-- network.Request.extractors
-
-- headless.Request.extractors
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name of the extractor. Name should be lowercase and must not contain
-spaces or underscores (_).
-
-
-
-Examples:
-
-
-```yaml
-name: cookie-extractor
-```
-
-
-
-
-
-
-
-
-type string
-
-
-
-
-Type is the type of the extractor.
-
-
-Valid values:
-
-
- - regex
-
- - kval
-
- - json
-
- - xpath
-
-
-
-
-
-
-regex []string
-
-
-
-
-Regex contains the regular expression patterns to extract from a part.
-
-Go regex engine does not support lookaheads or lookbehinds, so as a result
-they are also not supported in nuclei.
-
-
-
-Examples:
-
-
-```yaml
-# Braintree Access Token Regex
-regex:
- - access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}
-```
-
-```yaml
-# Wordpress Author Extraction regex
-regex:
- - Author:(?:[A-Za-z0-9 -\_="]+)?
-
-group int
-
-
-
-
-Group specifies a numbered group to extract from the regex.
-
-
-
-Examples:
-
-
-```yaml
-# Example Regex Group
-group: 1
-```
-
-
-
-
-
-
-
-
-kval []string
-
-
-
-
-description: |
- kval contains the key-value pairs present in the HTTP response header.
- kval extractor can be used to extract HTTP response header and cookie key-value pairs.
- kval extractor inputs are case insensitive, and does not support dash (-) in input which can replaced with underscores (_)
- For example, Content-Type should be replaced with content_type
-
- A list of supported parts is available in docs for request types.
- examples:
- - name: Extract Server Header From HTTP Response
- value: >
- []string{"server"}
- - name: Extracting value of PHPSESSID Cookie
- value: >
- []string{"phpsessid"}
- - name: Extracting value of Content-Type Cookie
- value: >
- []string{"content_type"}
-
-
-
-
-
-
-
-json []string
-
-
-
-
-JSON allows using jq-style syntax to extract items from json response
-
-
-
-Examples:
-
-
-```yaml
-json:
- - .[] | .id
-```
-
-```yaml
-json:
- - .batters | .batter | .[] | .id
-```
-
-
-
-
-
-
-
-
-xpath []string
-
-
-
-
-XPath allows using xpath expressions to extract items from html response
-
-
-
-Examples:
-
-
-```yaml
-xpath:
- - /html/body/div/p[2]/a
-```
-
-
-
-
-
-
-
-
-attribute string
-
-
-
-
-Attribute is an optional attribute to extract from response XPath.
-
-
-
-Examples:
-
-
-```yaml
-attribute: href
-```
-
-
-
-
-
-
-
-
-part string
-
-
-
-
-Part is the part of the request response to extract data from.
-
-Each protocol exposes a lot of different parts which are well
-documented in docs for each request type.
-
-
-
-Examples:
-
-
-```yaml
-part: body
-```
-
-```yaml
-part: raw
-```
-
-
-
-
-
-
-
-
-internal bool
-
-
-
-
-Internal, when set to true will allow using the value extracted
-in the next request for some protocols (like HTTP).
-
-
-
-
-
-
-
-
-
-## dns.Request
-Request contains a DNS protocol request to be made from a template
-
-Appears in:
-
-
-- Template.dns
-
-
-```yaml
-extractors:
- - type: regex
- regex:
- - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com
- - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com
-name: '{{FQDN}}'
-type: CNAME
-class: inet
-retries: 2
-recursion: true
-```
-
-
-
-
-
-
-Matchers contains the detection mechanism for the request to identify
-whether the request was successful by doing pattern matching
-on request/responses.
-
-Multiple matchers can be combined together with `matcher-condition` flag
-which accepts either `and` or `or` as argument.
-
-
-
-
-
-
-
-
-Extractors contains the extraction mechanism for the request to identify
-and extract parts of the response.
-
-
-
-
-
-
-
-matchers-condition string
-
-
-
-
-MatchersCondition is the condition between the matchers. Default is OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-id string
-
-
-
-
-ID is the the optional id of the request
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name is the Hostname to make DNS request for.
-
-Generally, it is set to {{FQDN}} which is the domain we get from input.
-
-
-
-Examples:
-
-
-```yaml
-name: '{{FQDN}}'
-```
-
-
-
-
-
-
-
-
-type string
-
-
-
-
-Type is the type of DNS request to make.
-
-
-Valid values:
-
-
- - A
-
- - NS
-
- - DS
-
- - CNAME
-
- - SOA
-
- - PTR
-
- - MX
-
- - TXT
-
- - AAAA
-
-
-
-
-
-
-class string
-
-
-
-
-Class is the class of the DNS request.
-
-Usually it's enough to just leave it as INET.
-
-
-Valid values:
-
-
- - inet
-
- - csnet
-
- - chaos
-
- - hesiod
-
- - none
-
- - any
-
-
-
-
-
-
-retries int
-
-
-
-
-Retries is the number of retries for the DNS request
-
-
-
-Examples:
-
-
-```yaml
-# Use a retry of 3 to 5 generally
-retries: 5
-```
-
-
-
-
-
-
-
-
-recursion bool
-
-
-
-
-Recursion determines if resolver should recurse all records to get fresh results.
-
-
-
-
-
-
-
-
-
-## file.Request
-Request contains a File matching mechanism for local disk operations.
-
-Appears in:
-
-
-- Template.file
-
-
-```yaml
-extractors:
- - type: regex
- regex:
- - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
-extensions:
- - all
-```
-
-
-
-
-
-
-Matchers contains the detection mechanism for the request to identify
-whether the request was successful by doing pattern matching
-on request/responses.
-
-Multiple matchers can be combined together with `matcher-condition` flag
-which accepts either `and` or `or` as argument.
-
-
-
-
-
-
-
-
-Extractors contains the extraction mechanism for the request to identify
-and extract parts of the response.
-
-
-
-
-
-
-
-matchers-condition string
-
-
-
-
-MatchersCondition is the condition between the matchers. Default is OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-extensions []string
-
-
-
-
-Extensions is the list of extensions to perform matching on.
-
-
-
-Examples:
-
-
-```yaml
-extensions:
- - .txt
- - .go
- - .json
-```
-
-
-
-
-
-
-
-
-denylist []string
-
-
-
-
-ExtensionDenylist is the list of file extensions to deny during matching.
-
-By default, it contains some non-interesting extensions that are hardcoded
-in nuclei.
-
-
-
-Examples:
-
-
-```yaml
-denylist:
- - .avi
- - .mov
- - .mp3
-```
-
-
-
-
-
-
-
-
-id string
-
-
-
-
-ID is the the optional id of the request
-
-
-
-
-
-
-
-max-size int
-
-
-
-
-MaxSize is the maximum size of the file to run request on.
-
-By default, nuclei will process 5MB files and not go more than that.
-It can be set to much lower or higher depending on use.
-
-
-
-Examples:
-
-
-```yaml
-max-size: 2048
-```
-
-
-
-
-
-
-
-
-no-recursive bool
-
-
-
-
-NoRecursive specifies whether to not do recursive checks if folders are provided.
-
-
-
-
-
-
-
-
-
-## network.Request
-Request contains a Network protocol request to be made from a template
-
-Appears in:
-
-
-- Template.network
-
-
-```yaml
-host:
- - '{{Hostname}}'
- - '{{Hostname}}:2181'
-inputs:
- - data: "envi\r\nquit\r\n"
-read-size: 2048
-matchers:
- - type: word
- words:
- - zookeeper.version
-```
-
-
-
-
-
-id string
-
-
-
-
-ID is the the optional id of the request
-
-
-
-
-
-
-
-host []string
-
-
-
-
-Host to send network requests to.
-
-Usually it's set to `{{Hostname}}`. If you want to enable TLS for
-TCP Connection, you can use `tls://{{Hostname}}`.
-
-
-
-Examples:
-
-
-```yaml
-host:
- - '{{Hostname}}'
-```
-
-
-
-
-
-
-
-
-attack string
-
-
-
-
-Attack is the type of payload combinations to perform.
-
-Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates
-permutations and combinations for all payloads.
-
-
-Valid values:
-
-
- - sniper
-
- - pitchfork
-
- - clusterbomb
-
-
-
-
-
-
-payloads map[string]interface{}
-
-
-
-
-Payloads contains any payloads for the current request.
-
-Payloads support both key-values combinations where a list
-of payloads is provided, or optionally a single file can also
-be provided as payload which will be read on run-time.
-
-
-
-
-
-
-
-
-Inputs contains inputs for the network socket
-
-
-
-
-
-
-
-read-size int
-
-
-
-
-ReadSize is the size of response to read at the end
-
-Default value for read-size is 1024.
-
-
-
-Examples:
-
-
-```yaml
-read-size: 2048
-```
-
-
-
-
-
-
-
-
-
-Matchers contains the detection mechanism for the request to identify
-whether the request was successful by doing pattern matching
-on request/responses.
-
-Multiple matchers can be combined together with `matcher-condition` flag
-which accepts either `and` or `or` as argument.
-
-
-
-
-
-
-
-
-Extractors contains the extraction mechanism for the request to identify
-and extract parts of the response.
-
-
-
-
-
-
-
-matchers-condition string
-
-
-
-
-MatchersCondition is the condition between the matchers. Default is OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-
-
-## network.Input
-
-Appears in:
-
-
-- network.Request.inputs
-
-
-
-
-
-
-
-data string
-
-
-
-
-Data is the data to send as the input.
-
-It supports DSL Helper Functions as well as normal expressions.
-
-
-
-Examples:
-
-
-```yaml
-data: TEST
-```
-
-```yaml
-data: hex_decode('50494e47')
-```
-
-
-
-
-
-
-
-
-type string
-
-
-
-
-Type is the type of input specified in `data` field.
-
-Default value is text, but hex can be used for hex formatted data.
-
-
-Valid values:
-
-
- - hex
-
- - text
-
-
-
-
-
-
-read int
-
-
-
-
-Read is the number of bytes to read from socket.
-
-This can be used for protcols which expected an immediate response. You can
-read and write responses one after another and evetually perform matching
-on every data captured with `name` attribute.
-
-The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this.
-
-
-
-Examples:
-
-
-```yaml
-read: 1024
-```
-
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name is the optional name of the data read to provide matching on.
-
-
-
-Examples:
-
-
-```yaml
-name: prefix
-```
-
-
-
-
-
-
-
-
-
-
-## headless.Request
-Request contains a Headless protocol request to be made from a template
-
-Appears in:
-
-
-- Template.headless
-
-
-
-
-
-
-
-id string
-
-
-
-
-ID is the the optional id of the request
-
-
-
-
-
-
-
-
-Steps is the list of actions to run for headless request
-
-
-
-
-
-
-
-
-Matchers contains the detection mechanism for the request to identify
-whether the request was successful by doing pattern matching
-on request/responses.
-
-Multiple matchers can be combined together with `matcher-condition` flag
-which accepts either `and` or `or` as argument.
-
-
-
-
-
-
-
-
-Extractors contains the extraction mechanism for the request to identify
-and extract parts of the response.
-
-
-
-
-
-
-
-matchers-condition string
-
-
-
-
-MatchersCondition is the condition between the matchers. Default is OR.
-
-
-Valid values:
-
-
- - and
-
- - or
-
-
-
-
-
-
-
-
-## engine.Action
-Action is an action taken by the browser to reach a navigation
-
- Each step that the browser executes is an action. Most navigations
- usually start from the ActionLoadURL event, and further navigations
- are discovered on the found page. We also keep track and only
- scrape new navigation from pages we haven't crawled yet.
-
-Appears in:
-
-
-- headless.Request.steps
-
-
-
-
-
-
-
-args map[string]string
-
-
-
-
-Args contain arguments for the headless action.
-Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/).
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name is the name assigned to the headless action.
-
-This can be used to execute code, for instance in browser
-DOM using script action, and get the result in a variable
-which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml).
-
-
-
-
-
-
-
-description string
-
-
-
-
-Description is the optional description of the headless action
-
-
-
-
-
-
-
-action string
-
-
-
-
-Action is the type of the action to perform.
-
-
-Valid values:
-
-
- - navigate
-
- - script
-
- - click
-
- - rightclick
-
- - text
-
- - screenshot
-
- - time
-
- - select
-
- - files
-
- - waitload
-
- - getresource
-
- - extract
-
- - setmethod
-
- - addheader
-
- - setheader
-
- - deleteheader
-
- - setbody
-
- - waitevent
-
- - keyboard
-
- - debug
-
- - sleep
-
-
-
-
-
-
-
-
-## workflows.WorkflowTemplate
-
-Appears in:
-
-
-- Template.workflows
-
-- workflows.WorkflowTemplate.subtemplates
-
-- workflows.Matcher.subtemplates
-
-
-
-
-
-
-
-template string
-
-
-
-
-Template is a single template or directory to execute as part of workflow.
-
-
-
-Examples:
-
-
-```yaml
-# A single template
-template: dns/worksites-detection.yaml
-```
-
-```yaml
-# A template directory
-template: misconfigurations/aem
-```
-
-
-
-
-
-
-
-
-
-Tags to run templates based on.
-
-
-
-
-
-
-
-
-Matchers perform name based matching to run subtemplates for a workflow.
-
-
-
-
-
-
-
-
-Subtemplates are ran if the `template` field Template matches.
-
-
-
-
-
-
-
-
-
-## workflows.Matcher
-
-Appears in:
-
-
-- workflows.WorkflowTemplate.matchers
-
-
-
-
-
-
-
-name string
-
-
-
-
-Name is the name of the item to match.
-
-
-
-
-
-
-
-
-Subtemplates are ran if the name of matcher matches.
-
-
-
-
-
-
-
-