Merge pull request #6224 from projectdiscovery/dev

v3.4.4

Dockerfile

@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.22-alpine AS builder
+FROM golang:1.23-alpine AS builder
 
 RUN apk add build-base
 WORKDIR /app
@@ -13,4 +13,4 @@ FROM alpine:latest
 RUN apk add --no-cache bind-tools chromium ca-certificates
 COPY --from=builder /app/bin/nuclei /usr/local/bin/
 
-ENTRYPOINT ["nuclei"]
+ENTRYPOINT ["nuclei"]

README.md

@@ -111,7 +111,7 @@ Browse the full Nuclei [**`documentation here`**](https://docs.projectdiscovery.
 
 ### Installation
 
-`nuclei` requires **go1.22** to install successfully. Run the following command to get the repo:
+`nuclei` requires **go1.23** to install successfully. Run the following command to get the repo:
 
 ```sh
 go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

go.mod

@@ -102,8 +102,8 @@ require (
 	github.com/projectdiscovery/tlsx v1.1.9
 	github.com/projectdiscovery/uncover v1.0.10
 	github.com/projectdiscovery/useragent v0.0.100
-	github.com/projectdiscovery/utils v0.4.18
+	github.com/projectdiscovery/utils v0.4.19
-	github.com/projectdiscovery/wappalyzergo v0.2.27
+	github.com/projectdiscovery/wappalyzergo v0.2.28
 	github.com/redis/go-redis/v9 v9.1.0
 	github.com/seh-msft/burpxml v1.0.1
 	github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466
@@ -310,7 +310,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect
-	github.com/projectdiscovery/networkpolicy v0.1.13
+	github.com/projectdiscovery/networkpolicy v0.1.14
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect

go.sum

@@ -890,8 +890,8 @@ github.com/projectdiscovery/mapcidr v1.1.34 h1:udr83vQ7oz3kEOwlsU6NC6o08leJzSDQt
 github.com/projectdiscovery/mapcidr v1.1.34/go.mod h1:1+1R6OkKSAKtWDXE9RvxXtXPoajXTYX0eiEdkqlhQqQ=
 github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 h1:L/e8z8yw1pfT6bg35NiN7yd1XKtJap5Nk6lMwQ0RNi8=
 github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5/go.mod h1:pGW2ncnTxTxHtP9wzcIJAB+3/NMp6IiuQWd2NK7K+oc=
-github.com/projectdiscovery/networkpolicy v0.1.13 h1:1QBMYdPlMCt71PUAZAQsZgJfEXIYiJa8sgJswLUBpb4=
+github.com/projectdiscovery/networkpolicy v0.1.14 h1:XnwpGjF+h9xgwEIgrFG3G+7cGRPwh6FkxgQaLuw4rv4=
-github.com/projectdiscovery/networkpolicy v0.1.13/go.mod h1:pat2rE4G7kbow8CQ/yOym0bdLPq8rj7ZZWn3/3OT4Rs=
+github.com/projectdiscovery/networkpolicy v0.1.14/go.mod h1:pat2rE4G7kbow8CQ/yOym0bdLPq8rj7ZZWn3/3OT4Rs=
 github.com/projectdiscovery/ratelimit v0.0.80 h1:kDZ9Rgd/EiDR3fw8Ugtp4xVMaMZNzlEO8zCD4QholaE=
 github.com/projectdiscovery/ratelimit v0.0.80/go.mod h1:UW6g3VZbX+wI6WLXsexWGpSYnaQ79Uv+VewRj2+pzXQ=
 github.com/projectdiscovery/rawhttp v0.1.90 h1:LOSZ6PUH08tnKmWsIwvwv1Z/4zkiYKYOSZ6n+8RFKtw=
@@ -912,10 +912,10 @@ github.com/projectdiscovery/uncover v1.0.10 h1:FdnBYgynGUtjIsW5WPIIhadR1Smcghik9
 github.com/projectdiscovery/uncover v1.0.10/go.mod h1:l7QQ+mBc7bLK4tqYqPyo9nrYdz1K8vaGZWKYihkHmAs=
 github.com/projectdiscovery/useragent v0.0.100 h1:gDZSgPQCP8D0XUny41Ch4urP+FK5OcM5TB1btwCg4Gk=
 github.com/projectdiscovery/useragent v0.0.100/go.mod h1:8je9oUPzT5R+gjKQNEFurDSvX7fCnqW2iDGYdKMH6hY=
-github.com/projectdiscovery/utils v0.4.18 h1:cSjMOLXI5gAajfA6KV+0iQG4dGx2IHWLQyND/Snvw7k=
+github.com/projectdiscovery/utils v0.4.19 h1:rWOOTWUMQK9gvgH01rrw0qFi0hrh712hM1pCUzapCqA=
-github.com/projectdiscovery/utils v0.4.18/go.mod h1:y5gnpQn802iEWqf0djTRNskJlS62P5eqe1VS1+ah0tk=
+github.com/projectdiscovery/utils v0.4.19/go.mod h1:y5gnpQn802iEWqf0djTRNskJlS62P5eqe1VS1+ah0tk=
-github.com/projectdiscovery/wappalyzergo v0.2.27 h1:u5z/3YohzwtX3n4EGDGy4XOKAXZx4JorNzZlw9CzOK0=
+github.com/projectdiscovery/wappalyzergo v0.2.28 h1:fd4xne6ndxJFSqJfSDAXmR3G87SZQdOYFTapHk4Ksh4=
-github.com/projectdiscovery/wappalyzergo v0.2.27/go.mod h1:F8X79ljvmvrG+EIxdxWS9VbdkVTsQupHYz+kXlp8O0o=
+github.com/projectdiscovery/wappalyzergo v0.2.28/go.mod h1:F8X79ljvmvrG+EIxdxWS9VbdkVTsQupHYz+kXlp8O0o=
 github.com/projectdiscovery/yamldoc-go v1.0.6 h1:GCEdIRlQjDux28xTXKszM7n3jlMf152d5nqVpVoetas=
 github.com/projectdiscovery/yamldoc-go v1.0.6/go.mod h1:R5lWrNzP+7Oyn77NDVPnBsxx2/FyQZBBkIAaSaCQFxw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=

pkg/catalog/config/constants.go

@@ -31,7 +31,7 @@ const (
 	CLIConfigFileName               = "config.yaml"
 	ReportingConfigFilename         = "reporting-config.yaml"
 	// Version is the current version of nuclei
-	Version = `v3.4.3`
+	Version = `v3.4.4`
 	// Directory Names of custom templates
 	CustomS3TemplatesDirName     = "s3"
 	CustomGitHubTemplatesDirName = "github"

pkg/input/formats/openapi/examples.go

@@ -288,3 +288,33 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS
 func generateExampleFromSchema(schema *openapi3.Schema) (interface{}, error) {
 	return openAPIExample(schema, make(map[*openapi3.Schema]*cachedSchema)) // TODO: Use caching
 }
+
+func generateEmptySchemaValue(contentType string) *openapi3.Schema {
+	schema := &openapi3.Schema{}
+	objectType := &openapi3.Types{"object"}
+	stringType := &openapi3.Types{"string"}
+
+	switch contentType {
+	case "application/json":
+		schema.Type = objectType
+		schema.Properties = make(map[string]*openapi3.SchemaRef)
+	case "application/xml":
+		schema.Type = stringType
+		schema.Format = "xml"
+		schema.Example = "<?xml version=\"1.0\"?><root/>"
+	case "text/plain":
+		schema.Type = stringType
+	case "application/x-www-form-urlencoded":
+		schema.Type = objectType
+		schema.Properties = make(map[string]*openapi3.SchemaRef)
+	case "multipart/form-data":
+		schema.Type = objectType
+		schema.Properties = make(map[string]*openapi3.SchemaRef)
+	case "application/octet-stream":
+	default:
+		schema.Type = stringType
+		schema.Format = "binary"
+	}
+
+	return schema
+}

pkg/input/formats/openapi/generator.go

@@ -268,24 +268,32 @@ func generateRequestsFromOp(opts *generateReqOptions) error {
 		for content, value := range opts.op.RequestBody.Value.Content {
 			cloned := req.Clone(req.Context())
 
-			example, err := generateExampleFromSchema(value.Schema.Value)
+			var val interface{}
-			if err != nil {
+
-				continue
+			if value.Schema == nil || value.Schema.Value == nil {
+				val = generateEmptySchemaValue(content)
+			} else {
+				var err error
+
+				val, err = generateExampleFromSchema(value.Schema.Value)
+				if err != nil {
+					continue
+				}
 			}
 
 			// var body string
 			switch content {
 			case "application/json":
-				if marshalled, err := json.Marshal(example); err == nil {
+				if marshalled, err := json.Marshal(val); err == nil {
 					// body = string(marshalled)
 					cloned.Body = io.NopCloser(bytes.NewReader(marshalled))
 					cloned.ContentLength = int64(len(marshalled))
 					cloned.Header.Set("Content-Type", "application/json")
 				}
 			case "application/xml":
-				exampleVal := mxj.Map(example.(map[string]interface{}))
+				values := mxj.Map(val.(map[string]interface{}))
 
-				if marshalled, err := exampleVal.Xml(); err == nil {
+				if marshalled, err := values.Xml(); err == nil {
 					// body = string(marshalled)
 					cloned.Body = io.NopCloser(bytes.NewReader(marshalled))
 					cloned.ContentLength = int64(len(marshalled))
@@ -294,7 +302,7 @@ func generateRequestsFromOp(opts *generateReqOptions) error {
 					gologger.Warning().Msgf("openapi: could not encode xml")
 				}
 			case "application/x-www-form-urlencoded":
-				if values, ok := example.(map[string]interface{}); ok {
+				if values, ok := val.(map[string]interface{}); ok {
 					cloned.Form = url.Values{}
 					for k, v := range values {
 						cloned.Form.Set(k, types.ToString(v))
@@ -306,7 +314,7 @@ func generateRequestsFromOp(opts *generateReqOptions) error {
 					cloned.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 				}
 			case "multipart/form-data":
-				if values, ok := example.(map[string]interface{}); ok {
+				if values, ok := val.(map[string]interface{}); ok {
 					buffer := &bytes.Buffer{}
 					multipartWriter := multipart.NewWriter(buffer)
 					for k, v := range values {
@@ -326,13 +334,13 @@ func generateRequestsFromOp(opts *generateReqOptions) error {
 					cloned.Header.Set("Content-Type", multipartWriter.FormDataContentType())
 				}
 			case "text/plain":
-				str := types.ToString(example)
+				str := types.ToString(val)
 				// body = str
 				cloned.Body = io.NopCloser(strings.NewReader(str))
 				cloned.ContentLength = int64(len(str))
 				cloned.Header.Set("Content-Type", "text/plain")
 			case "application/octet-stream":
-				str := types.ToString(example)
+				str := types.ToString(val)
 				if str == "" {
 					// use two strings
 					str = "string1\nstring2"

pkg/protocols/http/httpclientpool/clientpool.go

@@ -307,6 +307,14 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl
 			if err != nil {
 				return nil, err
 			}
+			if tlsConfig.ServerName == "" {
+				// addr should be in form of host:port already set from canonicalAddr
+				host, _, err := net.SplitHostPort(addr)
+				if err != nil {
+					return nil, err
+				}
+				tlsConfig.ServerName = host
+			}
 			return tls.Client(conn, tlsConfig), nil
 		}
 	}