From fc950a02e66ee5ec0f21ac50100a5e0e923cc557 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:27:17 -0500 Subject: [PATCH 01/14] Update templates_doc.go Typo fix --- v2/pkg/templates/templates_doc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 553b937ef..54d80f714 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -414,7 +414,7 @@ func init() { HTTPRequestDoc.Fields[20].Name = "pipeline" HTTPRequestDoc.Fields[20].Type = "bool" HTTPRequestDoc.Fields[20].Note = "" - HTTPRequestDoc.Fields[20].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be indempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[20].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests." HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" HTTPRequestDoc.Fields[21].Name = "unsafe" HTTPRequestDoc.Fields[21].Type = "bool" From 78cfb07214f8e4e6782bdcd47fba30f25d274a6c Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:29:22 -0500 Subject: [PATCH 02/14] Update templates_doc.go small fixes --- v2/pkg/templates/templates_doc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index 54d80f714..d6b25404b 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -372,7 +372,7 @@ func init() { HTTPRequestDoc.Fields[13].Description = "MaxRedirects is the maximum number of redirects that should be followed." HTTPRequestDoc.Fields[13].Comments[encoder.LineComment] = "MaxRedirects is the maximum number of redirects that should be followed." - HTTPRequestDoc.Fields[13].AddExample("Follow upto 5 redirects", 5) + HTTPRequestDoc.Fields[13].AddExample("Follow up to 5 redirects", 5) HTTPRequestDoc.Fields[14].Name = "pipeline-concurrent-connections" HTTPRequestDoc.Fields[14].Type = "int" HTTPRequestDoc.Fields[14].Note = "" @@ -918,7 +918,7 @@ func init() { NETWORKInputDoc.Fields[2].Name = "read" NETWORKInputDoc.Fields[2].Type = "int" NETWORKInputDoc.Fields[2].Note = "" - NETWORKInputDoc.Fields[2].Description = "Read is the number of bytes to read from socket.\n\nThis can be used for protcols which expected an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this." + NETWORKInputDoc.Fields[2].Description = "Read is the number of bytes to read from socket.\n\nThis can be used for protocols which expect an immediate response. You can\nread and write responses one after another and evetually perform matching\non every data captured with `name` attribute.\n\nThe [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this." NETWORKInputDoc.Fields[2].Comments[encoder.LineComment] = "Read is the number of bytes to read from socket." NETWORKInputDoc.Fields[2].AddExample("", 1024) From d95f7236393e81517b337762b11c501d456c727f Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:30:49 -0500 Subject: [PATCH 03/14] Update model.go small updates --- v2/pkg/model/model.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 85df3724a..dcec3e49c 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -36,9 +36,9 @@ type Info struct { // You can go in-depth here on what the template actually does. // // examples: - // - value: "\"Bower is a package manager which stores packages informations in bower.json file\"" + // - value: "\"Bower is a package manager which stores package information in the bower.json file\"" // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" - Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,example=Bower is a package manager which stores packages informations in bower.json file"` + Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,example=Bower is a package manager which stores package information in the bower.json file"` // description: | // References for the template. // From 2aee20805017ba6a328a8dbd14f6bb51b417bcdb Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:33:20 -0500 Subject: [PATCH 04/14] Update network.go minor nit --- v2/pkg/protocols/network/network.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/protocols/network/network.go b/v2/pkg/protocols/network/network.go index 1178d8f7b..ccce31d76 100644 --- a/v2/pkg/protocols/network/network.go +++ b/v2/pkg/protocols/network/network.go @@ -96,7 +96,7 @@ type Input struct { // description: | // Read is the number of bytes to read from socket. // - // This can be used for protcols which expected an immediate response. You can + // This can be used for protocols which expect an immediate response. You can // read and write responses one after another and evetually perform matching // on every data captured with `name` attribute. // From 115f6d1b52db2e0b8cc7ad56e1e7e48b2d932ba7 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:34:23 -0500 Subject: [PATCH 05/14] Update http.go typo fix --- v2/pkg/protocols/http/http.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index d3fa89dab..69f3e2762 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -90,7 +90,7 @@ type Request struct { // description: | // MaxRedirects is the maximum number of redirects that should be followed. // examples: - // - name: Follow upto 5 redirects + // - name: Follow up to 5 redirects // value: "5" MaxRedirects int `yaml:"max-redirects,omitempty" jsonschema:"title=maximum number of redirects to follow,description=Maximum number of redirects that should be followed"` // description: | @@ -143,7 +143,7 @@ type Request struct { // description: | // Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining // - // All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. + // All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests. Pipeline bool `yaml:"pipeline,omitempty" jsonschema:"title=perform HTTP 1.1 pipelining,description=Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining"` // description: | // Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests. From e79fcb0db388d2c4dc88cd1210e8df0b2eb1ba37 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:35:20 -0500 Subject: [PATCH 06/14] Update request.go typo fix --- v2/pkg/protocols/http/request.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go index 9045bfc79..2aa52e936 100644 --- a/v2/pkg/protocols/http/request.go +++ b/v2/pkg/protocols/http/request.go @@ -332,7 +332,7 @@ func (r *Request) executeRequest(reqURL string, request *generatedRequest, previ r.options.Progress.IncrementErrorsBy(1) // If we have interactsh markers and request times out, still send - // a callback event so in case we recieve an interaction, correlation is possible. + // a callback event so in case we receive an interaction, correlation is possible. if hasInteractMarkers { outputEvent := r.responseToDSLMap(&http.Response{}, reqURL, formedURL, tostring.UnsafeToString(dumpedRequest), "", "", "", 0, request.meta) if i := strings.LastIndex(hostname, ":"); i != -1 { From 05d1f8aac878d915efdecb93e4f66531976e3dd9 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:36:08 -0500 Subject: [PATCH 07/14] Update build_request.go typo fix --- v2/pkg/protocols/http/build_request.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/protocols/http/build_request.go b/v2/pkg/protocols/http/build_request.go index 23797e887..2fa28a1c7 100644 --- a/v2/pkg/protocols/http/build_request.go +++ b/v2/pkg/protocols/http/build_request.go @@ -113,7 +113,7 @@ func (r *requestGenerator) makeHTTPRequestFromModel(ctx context.Context, data st // request values. finalValues := generators.MergeMaps(generatorValues, values) - // Evaulate the expressions for the request if any. + // Evaluate the expressions for the request if any. var err error data, err = expressions.Evaluate(data, finalValues) if err != nil { @@ -152,7 +152,7 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest // request values. finalValues := generators.MergeMaps(generatorValues, values) - // Evaulate the expressions for raw request if any. + // Evaluate the expressions for raw request if any. var err error rawRequest, err = expressions.Evaluate(rawRequest, finalValues) if err != nil { From eb566416fc7ca0b8e6667531229b1d0d70b96994 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:37:36 -0500 Subject: [PATCH 08/14] Update instance.go typo fix --- v2/pkg/protocols/headless/engine/instance.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/protocols/headless/engine/instance.go b/v2/pkg/protocols/headless/engine/instance.go index f16ceaeb3..3b2db22e8 100644 --- a/v2/pkg/protocols/headless/engine/instance.go +++ b/v2/pkg/protocols/headless/engine/instance.go @@ -18,7 +18,7 @@ type Instance struct { // NewInstance creates a new instance for the current browser. // // The login process is repeated only once for a browser, and the created -// isolated browser instance is used for entire navigation ony be one. +// isolated browser instance is used for entire navigation one by one. // // Users can also choose to run the login->actions process again // which uses a new incognito browser instance to run actions. From 20a1a5c9daa43ab6b250fd0e29b32b42dcedb3c6 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:38:15 -0500 Subject: [PATCH 09/14] Update elasticsearch.go typo fix --- v2/pkg/reporting/exporters/es/elasticsearch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/reporting/exporters/es/elasticsearch.go b/v2/pkg/reporting/exporters/es/elasticsearch.go index ac1a99b02..bf99ffe29 100644 --- a/v2/pkg/reporting/exporters/es/elasticsearch.go +++ b/v2/pkg/reporting/exporters/es/elasticsearch.go @@ -28,7 +28,7 @@ type Options struct { SSLVerification bool `yaml:"ssl-verification"` // Username for the elasticsearch instance Username string `yaml:"username"` - // Pasword is the password for elasticsearch instance + // Password is the password for elasticsearch instance Password string `yaml:"password"` // IndexName is the name of the elasticsearch index IndexName string `yaml:"index-name"` From 3b8ec873eb49a00a16a28748bd8a1fe261dedf75 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:39:45 -0500 Subject: [PATCH 10/14] Update operators.go minor nit --- v2/pkg/operators/operators.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/operators/operators.go b/v2/pkg/operators/operators.go index 3bf0f0efa..3d3cf979a 100644 --- a/v2/pkg/operators/operators.go +++ b/v2/pkg/operators/operators.go @@ -161,7 +161,7 @@ func (r *Operators) Execute(data map[string]interface{}, match MatchFunc, extrac if len(result.DynamicValues) > 0 { return result, true } - // Don't print if we have matchers and they have not matched, irregardless of extractor + // Don't print if we have matchers and they have not matched, regardless of extractor if len(r.Matchers) > 0 && !matches { return nil, false } From c8307b2c83d4e9a8e4dd81106fc594e9dca13bdd Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:40:10 -0500 Subject: [PATCH 11/14] Update dsl.go typo fix --- v2/pkg/operators/common/dsl/dsl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/operators/common/dsl/dsl.go b/v2/pkg/operators/common/dsl/dsl.go index 78c171b9a..740dd1b38 100644 --- a/v2/pkg/operators/common/dsl/dsl.go +++ b/v2/pkg/operators/common/dsl/dsl.go @@ -258,7 +258,7 @@ func HelperFunctions() map[string]govaluate.ExpressionFunction { return functions } -// AddHelperFunction allows creation of additiona helper functions to be supported with templates +// AddHelperFunction allows creation of additional helper functions to be supported with templates func AddHelperFunction(key string, value func(args ...interface{}) (interface{}, error)) error { if _, ok := functions[key]; !ok { functions[key] = value From 67d3bd6052e39a1862c46d170ef9dc44fb2c6e3a Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:44:09 -0500 Subject: [PATCH 12/14] Update README.md typo fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 637088d6e..966045639 100644 --- a/README.md +++ b/README.md @@ -254,7 +254,7 @@ Pen-testers get the full power of our public templates and customization capabil # For Developers and Organisations -Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occuring in future. +Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occurring in future. - **CI/CD:** Engineers are already utilising Nuclei within their CI/CD pipeline, it allows them to constantly monitor their staging and production environments with customised templates. - **Continuous Regression Cycle:** With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle. From 4fdda86a0b6246ab8fab96723d43694722e37fe9 Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:45:57 -0500 Subject: [PATCH 13/14] Update SYNTAX-REFERENCE.md typo fix --- SYNTAX-REFERENCE.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index cdb81ba4e..b9d4033ee 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -348,7 +348,7 @@ Examples: ```yaml -description: Bower is a package manager which stores packages informations in bower.json file +description: Bower is a package manager which stores package information in the bower.json file ``` ```yaml @@ -979,7 +979,7 @@ Examples: ```yaml -# Follow upto 5 redirects +# Follow up to 5 redirects max-redirects: 5 ``` @@ -1125,7 +1125,7 @@ This can be used in conjunction with `max-redirects` to control the HTTP request Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining -All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests. +All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests. @@ -2482,8 +2482,8 @@ Valid values: Read is the number of bytes to read from socket. -This can be used for protcols which expected an immediate response. You can -read and write responses one after another and evetually perform matching +This can be used for protocols which expect an immediate response. You can +read and write responses one after another and eventually perform matching on every data captured with `name` attribute. The [network docs](https://nuclei.projectdiscovery.io/templating-guide/protocols/network/) highlight more on how to do this. From 0d31e965effeb0eebca824e2c659b9999390c89a Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Thu, 16 Sep 2021 11:46:36 -0500 Subject: [PATCH 14/14] Update nuclei-jsonschema.json minor nit --- nuclei-jsonschema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index c26306c6a..462279c06 100755 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -57,7 +57,7 @@ "title": "description of the template", "description": "In-depth explanation on what the template does", "examples": [ - "Bower is a package manager which stores packages informations in bower.json file" + "Bower is a package manager which stores package information in the bower.json file" ] }, "reference": {