diff --git a/README.md b/README.md index 4c04562df..454ded4cc 100644 --- a/README.md +++ b/README.md @@ -98,27 +98,27 @@ TARGET: -resume Resume scan using resume.cfg (clustering will be disabled) TEMPLATES: - -t, -templates string[] template or template directory paths to include in the scan - -tu, -template-url string[] URL containing list of templates to run -nt, -new-templates run only new templates added in latest nuclei-templates release - -w, -workflows string[] workflow or workflow directory paths to include in the scan - -wu, -workflow-url string[] URL containing list of workflows to run + -t, -templates string[] list of template or template directory to run (comma-separated, file) + -tu, -template-url string[] list of template urls to run (comma-separated, file) + -w, -workflows string[] list of workflow or workflow directory to run (comma-separated, file) + -wu, -workflow-url string[] list of workflow urls to run (comma-separated, file) -validate validate the passed templates to nuclei -tl list all available templates FILTERING: - -tags string[] execute a subset of templates that contain the provided tags - -itags, -include-tags string[] tags from the default deny list that permit executing more intrusive templates - -etags, -exclude-tags string[] exclude templates with the provided tags + -a, -author string[] templates to run based on authors (comma-separated, file) + -tags string[] templates to run based on tags (comma-separated, file) + -etags, -exclude-tags string[] templates to exclude based on tags (comma-separated, file) + -itags, -include-tags string[] tags to be executed even if they are excluded either by default or configuration + -id, -template-id string[] templates to run based on template ids (comma-separated, file) + -eid, -exclude-id string[] templates to exclude based on template ids (comma-separated, file) -it, -include-templates string[] templates to be executed even if they are excluded either by default or configuration - -et, -exclude-templates string[] template or template directory paths to exclude - -s, -severity value[] Templates to run based on severity. Possible values: info, low, medium, high, critical - -es, -exclude-severity value[] Templates to exclude based on severity. Possible values: info, low, medium, high, critical - -pt, -type value[] protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois - -ept, -exclude-type value[] protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois - -a, -author string[] execute templates that are (co-)created by the specified authors - -id, -template-id string[] List of template IDs to run (comma-separated, file) - -eid, -exclude-id string[] List of template IDs to exclude (comma-separated, file) + -et, -exclude-templates string[] template or template directory to exclude (comma-separated, file) + -s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical + -es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical + -pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois + -ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois OUTPUT: -o, -output string output file to write found issues/vulnerabilities @@ -126,10 +126,10 @@ OUTPUT: -nc, -no-color disable output content coloring (ANSI escape codes) -json write output in JSONL(ines) format -irr, -include-rr include request/response pairs in the JSONL output (for findings only) - -nm, -no-meta don't display match metadata - -nts, -no-timestamp don't display timestamp metadata in CLI output - -rdb, -report-db string local nuclei reporting database (always use this to persist report data) - -ms, -matcher-status show optional match failure status + -nm, -no-meta disable printing result metadata in cli output + -nts, -no-timestamp disable printing timestamp in cli output + -rdb, -report-db string nuclei reporting database (always use this to persist report data) + -ms, -matcher-status display match failure status -me, -markdown-export string directory to export results in markdown format -se, -sarif-export string file to export results in SARIF format @@ -165,13 +165,14 @@ RATE-LIMIT: -hc, -headless-concurrency int maximum number of headless templates to be executed in parallel (default 10) OPTIMIZATIONS: - -timeout int time to wait in seconds before timeout (default 5) - -retries int number of times to retry a failed request (default 1) - -mhe, -max-host-error int max errors for a host before skipping from scan (default 30) - -project use a project folder to avoid sending same request multiple times - -project-path string set a specific project path - -spm, -stop-at-first-path stop processing HTTP requests after the first match (may break template/workflow logic) - -stream Stream mode - start elaborating without sorting the input + -timeout int time to wait in seconds before timeout (default 5) + -retries int number of times to retry a failed request (default 1) + -ldp, -leave-default-ports leave default HTTP/HTTPS ports (eg. host:80,host:443 + -mhe, -max-host-error int max errors for a host before skipping from scan (default 30) + -project use a project folder to avoid sending same request multiple times + -project-path string set a specific project path + -spm, -stop-at-first-path stop processing HTTP requests after the first match (may break template/workflow logic) + -stream stream mode - start elaborating without sorting the input HEADLESS: -headless enable templates that require headless browser support (root user on linux will disable sandbox) diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 42e445775..f6d153743 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -88,29 +88,29 @@ on extensive configurability, massive extensibility and ease of use.`) ) createGroup(flagSet, "templates", "Templates", - flagSet.FileNormalizedStringSliceVarP(&options.Templates, "templates", "t", []string{}, "template or template directory paths to include in the scan"), - flagSet.FileNormalizedStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "URL containing list of templates to run"), flagSet.BoolVarP(&options.NewTemplates, "new-templates", "nt", false, "run only new templates added in latest nuclei-templates release"), - flagSet.FileNormalizedStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "workflow or workflow directory paths to include in the scan"), - flagSet.FileNormalizedStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "URL containing list of workflows to run"), + flagSet.FileNormalizedStringSliceVarP(&options.Templates, "templates", "t", []string{}, "list of template or template directory to run (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "list of template urls to run (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "list of workflow or workflow directory to run (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "list of workflow urls to run (comma-separated, file)"), flagSet.BoolVar(&options.Validate, "validate", false, "validate the passed templates to nuclei"), flagSet.BoolVar(&options.TemplateList, "tl", false, "list all available templates"), flagSet.StringSliceVarConfigOnly(&options.RemoteTemplateDomainList, "remote-template-domain", []string{"api.nuclei.sh"}, "allowed domain list to load remote templates from"), ) createGroup(flagSet, "filters", "Filtering", - flagSet.FileNormalizedStringSliceVar(&options.Tags, "tags", []string{}, "execute a subset of templates that contain the provided tags"), - flagSet.FileNormalizedStringSliceVarP(&options.IncludeTags, "include-tags", "itags", []string{}, "tags from the default deny list that permit executing more intrusive templates"), // TODO show default deny list - flagSet.FileNormalizedStringSliceVarP(&options.ExcludeTags, "exclude-tags", "etags", []string{}, "exclude templates with the provided tags"), + flagSet.FileNormalizedStringSliceVarP(&options.Authors, "author", "a", []string{}, "templates to run based on authors (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVar(&options.Tags, "tags", []string{}, "templates to run based on tags (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.ExcludeTags, "exclude-tags", "etags", []string{}, "templates to exclude based on tags (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.IncludeTags, "include-tags", "itags", []string{}, "tags to be executed even if they are excluded either by default or configuration"), // TODO show default deny list + flagSet.FileNormalizedStringSliceVarP(&options.IncludeIds, "template-id", "id", []string{}, "templates to run based on template ids (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.ExcludeIds, "exclude-id", "eid", []string{}, "templates to exclude based on template ids (comma-separated, file)"), flagSet.FileNormalizedStringSliceVarP(&options.IncludeTemplates, "include-templates", "it", []string{}, "templates to be executed even if they are excluded either by default or configuration"), - flagSet.FileNormalizedStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory paths to exclude"), - flagSet.VarP(&options.Severities, "severity", "s", fmt.Sprintf("Templates to run based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), - flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("Templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), - flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("protocol types to be executed. Possible values: %s", templateTypes.GetSupportedProtocolTypes())), - flagSet.VarP(&options.ExcludeProtocols, "exclude-type", "ept", fmt.Sprintf("protocol types to not be executed. Possible values: %s", templateTypes.GetSupportedProtocolTypes())), - flagSet.FileNormalizedStringSliceVarP(&options.Authors, "author", "a", []string{}, "execute templates that are (co-)created by the specified authors"), - flagSet.FileNormalizedStringSliceVarP(&options.IncludeIds, "template-id", "id", []string{}, "List of template IDs to run (comma-separated, file)"), - flagSet.FileNormalizedStringSliceVarP(&options.ExcludeIds, "exclude-id", "eid", []string{}, "List of template IDs to exclude (comma-separated, file)"), + flagSet.FileNormalizedStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory to exclude (comma-separated, file)"), + flagSet.VarP(&options.Severities, "severity", "s", fmt.Sprintf("templates to run based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), + flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), + flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("templates to run based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())), + flagSet.VarP(&options.ExcludeProtocols, "exclude-type", "ept", fmt.Sprintf("templates to exclude based on protocol type. Possible values: %s", templateTypes.GetSupportedProtocolTypes())), ) createGroup(flagSet, "output", "Output", @@ -119,10 +119,10 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.BoolVarP(&options.NoColor, "no-color", "nc", false, "disable output content coloring (ANSI escape codes)"), flagSet.BoolVar(&options.JSON, "json", false, "write output in JSONL(ines) format"), flagSet.BoolVarP(&options.JSONRequests, "include-rr", "irr", false, "include request/response pairs in the JSONL output (for findings only)"), - flagSet.BoolVarP(&options.NoMeta, "no-meta", "nm", false, "don't display match metadata"), - flagSet.BoolVarP(&options.NoTimestamp, "no-timestamp", "nts", false, "don't display timestamp metadata in CLI output"), - flagSet.StringVarP(&options.ReportingDB, "report-db", "rdb", "", "local nuclei reporting database (always use this to persist report data)"), - flagSet.BoolVarP(&options.MatcherStatus, "matcher-status", "ms", false, "show optional match failure status"), + flagSet.BoolVarP(&options.NoMeta, "no-meta", "nm", false, "disable printing result metadata in cli output"), + flagSet.BoolVarP(&options.NoTimestamp, "no-timestamp", "nts", false, "disable printing timestamp in cli output"), + flagSet.StringVarP(&options.ReportingDB, "report-db", "rdb", "", "nuclei reporting database (always use this to persist report data)"), + flagSet.BoolVarP(&options.MatcherStatus, "matcher-status", "ms", false, "display match failure status"), flagSet.StringVarP(&options.MarkdownExportDirectory, "markdown-export", "me", "", "directory to export results in markdown format"), flagSet.StringVarP(&options.SarifExport, "sarif-export", "se", "", "file to export results in SARIF format"), ) @@ -164,12 +164,12 @@ on extensive configurability, massive extensibility and ease of use.`) createGroup(flagSet, "optimization", "Optimizations", flagSet.IntVar(&options.Timeout, "timeout", 5, "time to wait in seconds before timeout"), flagSet.IntVar(&options.Retries, "retries", 1, "number of times to retry a failed request"), - flagSet.BoolVarP(&options.LeaveDefaultPorts, "leave-default-ports", "ldp", false, "Leave default HTTP/HTTPS ports (eg. host:80,host:443"), + flagSet.BoolVarP(&options.LeaveDefaultPorts, "leave-default-ports", "ldp", false, "leave default HTTP/HTTPS ports (eg. host:80,host:443"), flagSet.IntVarP(&options.MaxHostError, "max-host-error", "mhe", 30, "max errors for a host before skipping from scan"), flagSet.BoolVar(&options.Project, "project", false, "use a project folder to avoid sending same request multiple times"), flagSet.StringVar(&options.ProjectPath, "project-path", os.TempDir(), "set a specific project path"), flagSet.BoolVarP(&options.StopAtFirstMatch, "stop-at-first-path", "spm", false, "stop processing HTTP requests after the first match (may break template/workflow logic)"), - flagSet.BoolVar(&options.Stream, "stream", false, "Stream mode - start elaborating without sorting the input"), + flagSet.BoolVar(&options.Stream, "stream", false, "stream mode - start elaborating without sorting the input"), ) createGroup(flagSet, "headless", "Headless",