External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-25 00:15:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding separate execution context id

Browse Source
This commit is contained in:
Mzack9999 2025-05-07 21:18:48 +02:00
parent 5d175314fe
commit f27b2518a9
94 changed files with 464 additions and 350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -41,6 +41,7 @@ pkg/protocols/common/helpers/deserialization/testdata/Deserialize.class
pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class
pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser
vendor
cmd/test/test-templates
# Headless `screenshot` action
*.png

10
cmd/integration-test/library.go
View File

@ -68,17 +68,21 @@ func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error)
cache := hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount, nil)
defer cache.Close()
defaultOpts := types.DefaultOptions()
defaultOpts.ExecutionId = "test"
mockProgress := &testutils.MockProgressClient{}
reportingClient, err := reporting.New(&reporting.Options{}, "", false)
reportingClient, err := reporting.New(&reporting.Options{ExecutionId: defaultOpts.ExecutionId}, "", false)
if err != nil {
return nil, err
}
defer reportingClient.Close()
defaultOpts := types.DefaultOptions()
_ = protocolstate.Init(defaultOpts)
_ = protocolinit.Init(defaultOpts)
defer protocolstate.Close(defaultOpts.ExecutionId)
defaultOpts.Templates = goflags.StringSlice{templatePath}
defaultOpts.ExcludeTags = config.ReadIgnoreFile().Tags
@ -128,7 +132,7 @@ func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error)
}
store.Load()
_ = engine.Execute(context.Background(), store.Templates(), provider.NewSimpleInputProviderWithUrls(templateURL))
_ = engine.Execute(context.Background(), store.Templates(), provider.NewSimpleInputProviderWithUrls(defaultOpts.ExecutionId, templateURL))
engine.WorkPool().Wait() // Wait for the scan to finish
return results, nil

39
cmd/nuclei/main.go
View File

@ -18,6 +18,7 @@ import (
"github.com/projectdiscovery/utils/env"
_ "github.com/projectdiscovery/utils/pprof"
stringsutil "github.com/projectdiscovery/utils/strings"
"github.com/rs/xid"
"github.com/projectdiscovery/goflags"
"github.com/projectdiscovery/gologger"
@ -152,6 +153,8 @@ func main() {
}()
}
options.ExecutionId = xid.New().String()
runner.ParseOptions(options)
if options.ScanUploadFile != "" {
@ -191,30 +194,28 @@ func main() {
// Setup graceful exits
resumeFileName := types.DefaultResumeFilePath()
c := make(chan os.Signal, 1)
defer close(c)
signal.Notify(c, os.Interrupt)
go func() {
for range c {
gologger.Info().Msgf("CTRL+C pressed: Exiting\n")
if options.DASTServer {
nucleiRunner.Close()
os.Exit(1)
}
gologger.Info().Msgf("Attempting graceful shutdown...")
if options.EnableCloudUpload {
gologger.Info().Msgf("Uploading scan results to cloud...")
}
<-c
gologger.Info().Msgf("CTRL+C pressed: Exiting\n")
if options.DASTServer {
nucleiRunner.Close()
if options.ShouldSaveResume() {
gologger.Info().Msgf("Creating resume file: %s\n", resumeFileName)
err := nucleiRunner.SaveResumeConfig(resumeFileName)
if err != nil {
gologger.Error().Msgf("Couldn't create resume file: %s\n", err)
}
}
os.Exit(1)
}
gologger.Info().Msgf("Attempting graceful shutdown...")
if options.EnableCloudUpload {
gologger.Info().Msgf("Uploading scan results to cloud...")
}
nucleiRunner.Close()
if options.ShouldSaveResume() {
gologger.Info().Msgf("Creating resume file: %s\n", resumeFileName)
err := nucleiRunner.SaveResumeConfig(resumeFileName)
if err != nil {
gologger.Error().Msgf("Couldn't create resume file: %s\n", err)
}
}
os.Exit(1)
}()
if err := nucleiRunner.RunEnumeration(); err != nil {

11
go.mod
View File

@ -53,6 +53,8 @@ require (
github.com/DataDog/gostackparse v0.6.0
github.com/Masterminds/semver/v3 v3.2.1
github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057
github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697
github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883
github.com/alitto/pond v1.9.2
github.com/antchfx/xmlquery v1.3.17
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
@ -67,7 +69,6 @@ require (
github.com/clbanning/mxj/v2 v2.7.0
github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
github.com/docker/go-units v0.5.0
github.com/dop251/goja v0.0.0-20240220182346-e401ed450204
github.com/fatih/structs v1.1.0
github.com/getkin/kin-openapi v0.126.0
github.com/go-git/go-git/v5 v5.13.0
@ -80,7 +81,6 @@ require (
github.com/kitabisa/go-ci v1.0.3
github.com/labstack/echo/v4 v4.13.3
github.com/leslie-qiwa/flat v0.0.0-20230424180412-f9d1cf014baa
github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.22
github.com/mholt/archives v0.1.0
github.com/microsoft/go-mssqldb v1.6.0
@ -179,7 +179,7 @@ require (
github.com/golang-sql/sqlexp v0.1.0 // indirect
github.com/google/certificate-transparency-go v1.1.4 // indirect
github.com/google/go-github/v30 v30.1.0 // indirect
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect
github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
@ -198,6 +198,7 @@ require (
github.com/klauspost/compress v1.17.11 // indirect
github.com/klauspost/pgzip v1.2.6 // indirect
github.com/kylelemons/godebug v1.1.0 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/logrusorgru/aurora/v4 v4.0.0 // indirect
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
github.com/mackerelio/go-osstat v0.2.4 // indirect
@ -258,12 +259,11 @@ require (
github.com/yuin/goldmark-emoji v1.0.3 // indirect
github.com/zcalusic/sysinfo v1.0.2 // indirect
github.com/zeebo/blake3 v0.2.3 // indirect
go.uber.org/goleak v1.3.0 // indirect
go4.org v0.0.0-20230225012048-214862532bf5 // indirect
golang.org/x/arch v0.3.0 // indirect
golang.org/x/sync v0.13.0 // indirect
gopkg.in/djherbis/times.v1 v1.3.0 // indirect
mellium.im/sasl v0.3.1 // indirect
mellium.im/sasl v0.3.2 // indirect
)
require (
@ -352,7 +352,6 @@ require (
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562
github.com/emirpasic/gods v1.18.1 // indirect
github.com/go-echarts/go-echarts/v2 v2.3.3
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect

30
go.sum
View File

@ -75,6 +75,10 @@ github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057 h1:KFac3SiGbId8ub
github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057/go.mod h1:iLB2pivrPICvLOuROKmlqURtFIEsoJZaMidQfCG1+D4=
github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 h1:ZbFL+BDfBqegi+/Ssh7im5+aQfBRx6it+kHnC7jaDU8=
github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809/go.mod h1:upgc3Zs45jBDnBT4tVRgRcgm26ABpaP7MoTSdgysca4=
github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697 h1:54I+OF5vS4a/rxnUrN5J3hi0VEYKcrTlpc8JosDyP+c=
github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697/go.mod h1:yNqYRqxYkSROY1J+LX+A0tOSA/6soXQs5m8hZSqYBac=
github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883 h1:+Is1AS20q3naP+qJophNpxuvx1daFOx9C0kLIuI0GVk=
github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883/go.mod h1:K+FhM7iKGKtalkeXGEviafPPwyVjDv1a/ehomabLF2w=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
@ -249,13 +253,10 @@ github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0V
github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY=
github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic=
github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
@ -281,7 +282,6 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
@ -299,8 +299,6 @@ github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/
github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
github.com/dlclark/regexp2 v1.4.1-0.20201116162257-a2a8dda75c91/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yAo=
github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
@ -311,14 +309,6 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/dop251/goja v0.0.0-20211022113120-dc8c55024d06/go.mod h1:R9ET47fwRVRPZnOGvHxxhuZcbrMCuiqOz3Rlrh4KSnk=
github.com/dop251/goja v0.0.0-20230531210528-d7324b2d74f7/go.mod h1:QMWlm50DNe14hD7t24KEqZuUdC9sOTy8W6XbCU1mlw4=
github.com/dop251/goja v0.0.0-20240220182346-e401ed450204 h1:O7I1iuzEA7SG+dK8ocOBSlYAA9jBUmCYl/Qa7ey7JAM=
github.com/dop251/goja v0.0.0-20240220182346-e401ed450204/go.mod h1:QMWlm50DNe14hD7t24KEqZuUdC9sOTy8W6XbCU1mlw4=
github.com/dop251/goja_nodejs v0.0.0-20210225215109-d91c329300e7/go.mod h1:hn7BA7c8pLvoGndExHudxTDKZ84Pyvv+90pbBjbTz0Y=
github.com/dop251/goja_nodejs v0.0.0-20211022123610-8dd9abb0616d/go.mod h1:DngW8aVqWbuLRMHItjPUyqdj+HWPvnQe8V8y1nDpIbM=
github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562 h1:ObbB2tzHWWAxzsG5futqeq2Ual2zYlo/+eMkSc5sn8w=
github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562/go.mod h1:X2TOTJ+Uamd454RFp7ig2tmP3hQg0Z2Qk8gbVQmU0mk=
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
@ -418,7 +408,6 @@ github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+j
github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA=
github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg=
github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
github.com/go-sourcemap/sourcemap v2.1.4+incompatible h1:a+iTbH5auLKxaNwQFg0B+TCYl6lbukKPc7b5x0n1s6Q=
github.com/go-sourcemap/sourcemap v2.1.4+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@ -525,9 +514,9 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg=
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 h1:y3N7Bm7Y9/CtpiVkw/ZWj6lSlDF3F74SfKwfTCer72Q=
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k=
github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
@ -598,7 +587,6 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
@ -682,7 +670,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -974,7 +961,6 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
@ -1688,8 +1674,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
mellium.im/sasl v0.3.1 h1:wE0LW6g7U83vhvxjC1IY8DnXM+EU095yeo8XClvCdfo=
mellium.im/sasl v0.3.1/go.mod h1:xm59PUYpZHhgQ9ZqoJ5QaCqzWMi8IeS49dhp6plPCzw=
mellium.im/sasl v0.3.2 h1:PT6Xp7ccn9XaXAnJ03FcEjmAn7kK1x7aoXV6F+Vmrl0=
mellium.im/sasl v0.3.2/go.mod h1:NKXDi1zkr+BlMHLQjY3ofYuU4KSPFxknb8mfEu6SveY=
moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

4
internal/runner/options.go
View File

@ -31,7 +31,6 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/utils/yaml"
fileutil "github.com/projectdiscovery/utils/file"
"github.com/projectdiscovery/utils/generic"
logutil "github.com/projectdiscovery/utils/log"
stringsutil "github.com/projectdiscovery/utils/strings"
)
@ -342,6 +341,7 @@ func createReportingOptions(options *types.Options) (*reporting.Options, error)
}
reportingOptions.OmitRaw = options.OmitRawRequests
reportingOptions.ExecutionId = options.ExecutionId
return reportingOptions, nil
}
@ -367,7 +367,7 @@ func configureOutput(options *types.Options) {
}
// disable standard logger (ref: https://github.com/golang/go/issues/19895)
logutil.DisableDefaultLogger()
// logutil.DisableDefaultLogger()
}
// loadResolvers loads resolvers from both user-provided flags and file

5
lib/multi.go
View File

@ -14,6 +14,7 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/types"
"github.com/projectdiscovery/ratelimit"
errorutil "github.com/projectdiscovery/utils/errors"
"github.com/rs/xid"
)
// unsafeOptions are those nuclei objects/instances/types
@ -88,9 +89,11 @@ type ThreadSafeNucleiEngine struct {
// whose methods are thread-safe and can be used concurrently
// Note: Non-thread-safe methods start with Global prefix
func NewThreadSafeNucleiEngineCtx(ctx context.Context, opts ...NucleiSDKOptions) (*ThreadSafeNucleiEngine, error) {
defaultOptions := types.DefaultOptions()
defaultOptions.ExecutionId = xid.New().String()
// default options
e := &NucleiEngine{
opts: types.DefaultOptions(),
opts: defaultOptions,
mode: threadSafe,
}
for _, option := range opts {

5
lib/sdk.go
View File

@ -27,6 +27,7 @@ import (
"github.com/projectdiscovery/ratelimit"
"github.com/projectdiscovery/retryablehttp-go"
errorutil "github.com/projectdiscovery/utils/errors"
"github.com/rs/xid"
)
// NucleiSDKOptions contains options for nuclei SDK
@ -287,8 +288,10 @@ func (e *NucleiEngine) Store() *loader.Store {
// NewNucleiEngineCtx creates a new nuclei engine instance with given context
func NewNucleiEngineCtx(ctx context.Context, options ...NucleiSDKOptions) (*NucleiEngine, error) {
// default options
defaultOptions := types.DefaultOptions()
defaultOptions.ExecutionId = xid.New().String()
e := &NucleiEngine{
opts: types.DefaultOptions(),
opts: defaultOptions,
mode: singleInstance,
}
for _, option := range options {

10
lib/sdk_private.go
View File

@ -37,8 +37,6 @@ import (
"github.com/projectdiscovery/ratelimit"
)
var sharedInit *sync.Once
// applyRequiredDefaults to options
func (e *NucleiEngine) applyRequiredDefaults(ctx context.Context) {
mockoutput := testutils.NewMockOutputWriter(e.opts.OmitTemplate)
@ -112,13 +110,9 @@ func (e *NucleiEngine) init(ctx context.Context) error {
e.parser = templates.NewParser()
if sharedInit == nil || protocolstate.ShouldInit(e.opts.ExecutionId) {
sharedInit = &sync.Once{}
}
sharedInit.Do(func() {
if protocolstate.ShouldInit(e.opts.ExecutionId) {
_ = protocolinit.Init(e.opts)
})
}
if e.opts.ProxyInternal && e.opts.AliveHttpProxy != "" || e.opts.AliveSocksProxy != "" {
httpclient, err := httpclientpool.Get(e.opts, &httpclientpool.Configuration{})

11
pkg/catalog/loader/loader.go
View File

@ -18,6 +18,7 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/keys"
"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
"github.com/projectdiscovery/nuclei/v3/pkg/templates"
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
@ -28,6 +29,7 @@ import (
sliceutil "github.com/projectdiscovery/utils/slice"
stringsutil "github.com/projectdiscovery/utils/strings"
urlutil "github.com/projectdiscovery/utils/url"
"github.com/rs/xid"
)
const (
@ -502,6 +504,15 @@ func (store *Store) LoadTemplatesWithTags(templatesList, tags []string) []*templ
var wgLoadTemplates sync.WaitGroup
if store.config.ExecutorOptions.Options.ExecutionId == "" {
store.config.ExecutorOptions.Options.ExecutionId = xid.New().String()
}
dialers := protocolstate.GetDialersWithId(store.config.ExecutorOptions.Options.ExecutionId)
if dialers == nil {
panic("dealers with executionId " + store.config.ExecutorOptions.Options.ExecutionId + " not found")
}
for templatePath := range templatePathMap {
wgLoadTemplates.Add(1)
go func(templatePath string) {

1
pkg/input/provider/list/hmap.go
View File

@ -170,6 +170,7 @@ func (i *ListInputProvider) Set(executionId string, value string) {
if i.ipOptions.ScanAllIPs {
// scan all ips
dialers := protocolstate.GetDialersWithId(executionId)
dnsData, err := dialers.Fastdialer.GetDNSData(urlx.Hostname())
if err == nil {
if (len(dnsData.A) + len(dnsData.AAAA)) > 0 {

6
pkg/input/provider/list/hmap_test.go
View File

@ -36,7 +36,7 @@ func Test_expandCIDR(t *testing.T) {
input := &ListInputProvider{hostMap: hm}
ips := expand.CIDR(tt.cidr)
input.addTargets(ips)
input.addTargets("", ips)
// scan
got := []string{}
input.hostMap.Scan(func(k, _ []byte) error {
@ -137,7 +137,7 @@ func Test_scanallips_normalizeStoreInputValue(t *testing.T) {
},
}
input.Set(tt.hostname)
input.Set("", tt.hostname)
// scan
got := []string{}
input.hostMap.Scan(func(k, v []byte) error {
@ -180,7 +180,7 @@ func Test_expandASNInputValue(t *testing.T) {
input := &ListInputProvider{hostMap: hm}
// get the IP addresses for ASN number
ips := expand.ASN(tt.asn)
input.addTargets(ips)
input.addTargets("", ips)
// scan the hmap
got := []string{}
input.hostMap.Scan(func(k, v []byte) error {

3
pkg/js/compiler/compiler.go
View File

@ -5,7 +5,7 @@ import (
"context"
"fmt"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/kitabisa/go-ci"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
@ -126,6 +126,7 @@ func (c *Compiler) ExecuteWithOptions(program *goja.Program, args *ExecuteArgs,
results, err := contextutil.ExecFuncWithTwoReturns(ctx, func() (val goja.Value, err error) {
// TODO(dwisiswant0): remove this once we get the RCA.
defer func() {
return
if ci.IsCI() {
return
}

2
pkg/js/compiler/non-pool.go
View File

@ -3,7 +3,7 @@ package compiler
import (
"sync"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
syncutil "github.com/projectdiscovery/utils/sync"
)

15
pkg/js/compiler/pool.go
View File

@ -7,9 +7,9 @@ import (
"reflect"
"sync"
"github.com/dop251/goja"
"github.com/dop251/goja_nodejs/console"
"github.com/dop251/goja_nodejs/require"
"github.com/Mzack9999/goja"
"github.com/Mzack9999/goja_nodejs/console"
"github.com/Mzack9999/goja_nodejs/require"
"github.com/kitabisa/go-ci"
"github.com/projectdiscovery/gologger"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libbytes"
@ -84,12 +84,12 @@ func executeWithRuntime(runtime *goja.Runtime, p *goja.Program, args *ExecuteArg
if opts != nil && opts.Cleanup != nil {
opts.Cleanup(runtime)
}
_ = runtime.GlobalObject().Delete("executionId")
_ = runtime.GlobalObject().Delete("context")
runtime.RemoveContextValue("executionId")
}()
// TODO(dwisiswant0): remove this once we get the RCA.
defer func() {
return
if ci.IsCI() {
return
}
@ -113,10 +113,7 @@ func executeWithRuntime(runtime *goja.Runtime, p *goja.Program, args *ExecuteArg
}
// inject execution id and context
_ = runtime.Set("executionId", opts.ExecutionId)
if opts.Context != nil {
_ = runtime.Set("context", opts.Context)
}
runtime.SetContextValue("executionId", opts.ExecutionId)
// execute the script
return runtime.RunProgram(p)

2
pkg/js/devtools/bindgen/templates/go_class.tmpl
View File

@ -5,7 +5,7 @@ package {{.PackageName}}
import (
{{$pkgName}} "{{.PackagePath}}"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libbytes/bytes.go
View File

@ -3,7 +3,7 @@ package bytes
import (
lib_bytes "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/bytes"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libfs/fs.go
View File

@ -3,7 +3,7 @@ package fs
import (
lib_fs "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/fs"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libgoconsole/goconsole.go
View File

@ -3,7 +3,7 @@ package goconsole
import (
lib_goconsole "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/goconsole"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libikev2/ikev2.go
View File

@ -3,7 +3,7 @@ package ikev2
import (
lib_ikev2 "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ikev2"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libkerberos/kerberos.go
View File

@ -3,7 +3,7 @@ package kerberos
import (
lib_kerberos "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/kerberos"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libldap/ldap.go
View File

@ -3,7 +3,7 @@ package ldap
import (
lib_ldap "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ldap"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libmssql/mssql.go
View File

@ -3,7 +3,7 @@ package mssql
import (
lib_mssql "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/mssql"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libmysql/mysql.go
View File

@ -3,7 +3,7 @@ package mysql
import (
lib_mysql "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/mysql"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libnet/net.go
View File

@ -3,7 +3,7 @@ package net
import (
lib_net "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/net"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/liboracle/oracle.go
View File

@ -3,7 +3,7 @@ package oracle
import (
lib_oracle "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/oracle"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libpop3/pop3.go
View File

@ -3,7 +3,7 @@ package pop3
import (
lib_pop3 "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/pop3"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libpostgres/postgres.go
View File

@ -3,7 +3,7 @@ package postgres
import (
lib_postgres "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/postgres"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/librdp/rdp.go
View File

@ -3,7 +3,7 @@ package rdp
import (
lib_rdp "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/rdp"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libredis/redis.go
View File

@ -3,7 +3,7 @@ package redis
import (
lib_redis "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/redis"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/librsync/rsync.go
View File

@ -3,7 +3,7 @@ package rsync
import (
lib_rsync "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/rsync"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libsmb/smb.go
View File

@ -3,7 +3,7 @@ package smb
import (
lib_smb "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smb"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libsmtp/smtp.go
View File

@ -3,7 +3,7 @@ package smtp
import (
lib_smtp "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smtp"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libssh/ssh.go
View File

@ -3,7 +3,7 @@ package ssh
import (
lib_ssh "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ssh"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libstructs/structs.go
View File

@ -3,7 +3,7 @@ package structs
import (
lib_structs "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/structs"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libtelnet/telnet.go
View File

@ -3,7 +3,7 @@ package telnet
import (
lib_telnet "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/telnet"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/generated/go/libvnc/vnc.go
View File

@ -3,7 +3,7 @@ package vnc
import (
lib_vnc "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/vnc"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

2
pkg/js/global/helpers.go
View File

@ -3,7 +3,7 @@ package global
import (
"encoding/base64"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
)

20
pkg/js/global/scripts.go
View File

@ -9,7 +9,7 @@ import (
"reflect"
"time"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/logrusorgru/aurora"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
@ -113,8 +113,7 @@ func initBuiltInFunc(runtime *goja.Runtime) {
"isPortOpen(host string, port string, [timeout int]) bool",
},
Description: "isPortOpen checks if given TCP port is open on host. timeout is optional and defaults to 5 seconds",
FuncDecl: func(host string, port string, timeout ...int) (bool, error) {
ctx := context.Background()
FuncDecl: func(ctx context.Context, host string, port string, timeout ...int) (bool, error) {
if len(timeout) > 0 {
var cancel context.CancelFunc
ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second)
@ -123,7 +122,11 @@ func initBuiltInFunc(runtime *goja.Runtime) {
if host == "" || port == "" {
return false, errkit.New("isPortOpen: host or port is empty")
}
conn, err := protocolstate.Dialer.Dial(ctx, "tcp", net.JoinHostPort(host, port))
executionId := ctx.Value("executionId").(string)
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(ctx, "tcp", net.JoinHostPort(host, port))
if err != nil {
return false, err
}
@ -138,8 +141,7 @@ func initBuiltInFunc(runtime *goja.Runtime) {
"isUDPPortOpen(host string, port string, [timeout int]) bool",
},
Description: "isUDPPortOpen checks if the given UDP port is open on the host. Timeout is optional and defaults to 5 seconds.",
FuncDecl: func(host string, port string, timeout ...int) (bool, error) {
ctx := context.Background()
FuncDecl: func(ctx context.Context, host string, port string, timeout ...int) (bool, error) {
if len(timeout) > 0 {
var cancel context.CancelFunc
ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second)
@ -148,7 +150,11 @@ func initBuiltInFunc(runtime *goja.Runtime) {
if host == "" || port == "" {
return false, errkit.New("isPortOpen: host or port is empty")
}
conn, err := protocolstate.Dialer.Dial(ctx, "udp", net.JoinHostPort(host, port))
executionId := ctx.Value("executionId").(string)
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(ctx, "udp", net.JoinHostPort(host, port))
if err != nil {
return false, err
}

6
pkg/js/global/scripts_test.go
View File

@ -3,9 +3,9 @@ package global
import (
"testing"
"github.com/dop251/goja"
"github.com/dop251/goja_nodejs/console"
"github.com/dop251/goja_nodejs/require"
"github.com/Mzack9999/goja"
"github.com/Mzack9999/goja_nodejs/console"
"github.com/Mzack9999/goja_nodejs/require"
)
func TestScriptsRuntime(t *testing.T) {

26
pkg/js/gojs/gojs.go
View File

@ -5,8 +5,8 @@ import (
"reflect"
"sync"
"github.com/dop251/goja"
"github.com/dop251/goja_nodejs/require"
"github.com/Mzack9999/goja"
"github.com/Mzack9999/goja_nodejs/require"
"github.com/projectdiscovery/nuclei/v3/pkg/js/utils"
)
@ -103,11 +103,11 @@ func wrapModuleFunc(runtime *goja.Runtime, fn interface{}) interface{} {
func (p *GojaModule) Set(objects Objects) Module {
for k, v := range objects {
// If the value is a function, wrap it with context injection
if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func {
p.sets[k] = wrapModuleFunc(nil, v) // We'll inject the runtime later in Require
} else {
p.sets[k] = v
}
// if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func {
// p.sets[k] = wrapModuleFunc(nil, v) // We'll inject the runtime later in Require
// } else {
p.sets[k] = v
// }
}
return p
}
@ -116,12 +116,12 @@ func (p *GojaModule) Require(runtime *goja.Runtime, module *goja.Object) {
o := module.Get("exports").(*goja.Object)
for k, v := range p.sets {
// If the value is a function, wrap it with context injection
if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func {
_ = o.Set(k, wrapModuleFunc(runtime, v))
} else {
_ = o.Set(k, v)
}
// // If the value is a function, wrap it with context injection
// if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func {
// _ = o.Set(k, wrapModuleFunc(runtime, v))
// } else {
_ = o.Set(k, v)
//}
}
}

6
pkg/js/gojs/set.go
View File

@ -4,7 +4,7 @@ import (
"context"
"reflect"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
errorutil "github.com/projectdiscovery/utils/errors"
)
@ -86,6 +86,6 @@ func RegisterFuncWithSignature(runtime *goja.Runtime, opts FuncOpts) error {
}
// Wrap the function with context injection
wrappedFn := wrapWithContext(runtime, opts.FuncDecl)
return runtime.Set(opts.Name, wrappedFn)
// wrappedFn := wrapWithContext(runtime, opts.FuncDecl)
return runtime.Set(opts.Name, opts.FuncDecl /* wrappedFn */)
}

2
pkg/js/libs/bytes/buffer.go
View File

@ -3,7 +3,7 @@ package bytes
import (
"encoding/hex"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/libs/structs"
"github.com/projectdiscovery/nuclei/v3/pkg/js/utils"
)

2
pkg/js/libs/goconsole/log.go
View File

@ -1,7 +1,7 @@
package goconsole
import (
"github.com/dop251/goja_nodejs/console"
"github.com/Mzack9999/goja_nodejs/console"
"github.com/projectdiscovery/gologger"
)

2
pkg/js/libs/kerberos/kerberosx.go
View File

@ -3,7 +3,7 @@ package kerberos
import (
"strings"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
kclient "github.com/jcmturner/gokrb5/v8/client"
kconfig "github.com/jcmturner/gokrb5/v8/config"
"github.com/jcmturner/gokrb5/v8/iana/errorcode"

2
pkg/js/libs/ldap/ldap.go
View File

@ -8,7 +8,7 @@ import (
"net/url"
"strings"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/go-ldap/ldap/v3"
"github.com/projectdiscovery/nuclei/v3/pkg/js/utils"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"

8
pkg/js/libs/mssql/memo.mssql.go
View File

@ -10,11 +10,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedconnect(host string, port int, username string, password string, dbName string) (bool, error) {
func memoizedconnect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) {
hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return connect(host, port, username, password, dbName)
return connect(executionId, host, port, username, password, dbName)
})
if err != nil {
return false, err
@ -26,11 +26,11 @@ func memoizedconnect(host string, port int, username string, password string, db
return false, errors.New("could not convert cached result")
}
func memoizedisMssql(host string, port int) (bool, error) {
func memoizedisMssql(executionId string, host string, port int) (bool, error) {
hash := "isMssql" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isMssql(host, port)
return isMssql(executionId, host, port)
})
if err != nil {
return false, err

33
pkg/js/libs/mssql/mssql.go
View File

@ -36,8 +36,9 @@ type (
// const client = new mssql.MSSQLClient;
// const connected = client.Connect('acme.com', 1433, 'username', 'password');
// ```
func (c *MSSQLClient) Connect(host string, port int, username, password string) (bool, error) {
return memoizedconnect(host, port, username, password, "master")
func (c *MSSQLClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizedconnect(executionId, host, port, username, password, "master")
}
// ConnectWithDB connects to MS SQL database using given credentials and database name.
@ -50,16 +51,17 @@ func (c *MSSQLClient) Connect(host string, port int, username, password string)
// const client = new mssql.MSSQLClient;
// const connected = client.ConnectWithDB('acme.com', 1433, 'username', 'password', 'master');
// ```
func (c *MSSQLClient) ConnectWithDB(host string, port int, username, password, dbName string) (bool, error) {
return memoizedconnect(host, port, username, password, dbName)
func (c *MSSQLClient) ConnectWithDB(ctx context.Context, host string, port int, username, password, dbName string) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizedconnect(executionId, host, port, username, password, dbName)
}
// @memo
func connect(host string, port int, username string, password string, dbName string) (bool, error) {
func connect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) {
if host == "" || port <= 0 {
return false, fmt.Errorf("invalid host or port")
}
if !protocolstate.IsHostAllowed(host) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
@ -105,18 +107,20 @@ func connect(host string, port int, username string, password string, dbName str
// const mssql = require('nuclei/mssql');
// const isMssql = mssql.IsMssql('acme.com', 1433);
// ```
func (c *MSSQLClient) IsMssql(host string, port int) (bool, error) {
return memoizedisMssql(host, port)
func (c *MSSQLClient) IsMssql(ctx context.Context, host string, port int) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisMssql(executionId, host, port)
}
// @memo
func isMssql(host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(host) {
func isMssql(executionId string, host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
if err != nil {
return false, err
}
@ -143,18 +147,19 @@ func isMssql(host string, port int) (bool, error) {
// const result = client.ExecuteQuery('acme.com', 1433, 'username', 'password', 'master', 'SELECT @@version');
// log(to_json(result));
// ```
func (c *MSSQLClient) ExecuteQuery(host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) {
func (c *MSSQLClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) {
executionId := ctx.Value("executionId").(string)
if host == "" || port <= 0 {
return nil, fmt.Errorf("invalid host or port")
}
if !protocolstate.IsHostAllowed(host) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(host)
}
target := net.JoinHostPort(host, fmt.Sprintf("%d", port))
ok, err := c.IsMssql(host, port)
ok, err := c.IsMssql(ctx, host, port)
if err != nil {
return nil, err
}

8
pkg/js/libs/mysql/memo.mysql.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisMySQL(host string, port int) (bool, error) {
func memoizedisMySQL(executionId string, host string, port int) (bool, error) {
hash := "isMySQL" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isMySQL(host, port)
return isMySQL(executionId, host, port)
})
if err != nil {
return false, err
@ -24,11 +24,11 @@ func memoizedisMySQL(host string, port int) (bool, error) {
return false, errors.New("could not convert cached result")
}
func memoizedfingerprintMySQL(host string, port int) (MySQLInfo, error) {
func memoizedfingerprintMySQL(executionId string, host string, port int) (MySQLInfo, error) {
hash := "fingerprintMySQL" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return fingerprintMySQL(host, port)
return fingerprintMySQL(executionId, host, port)
})
if err != nil {
return MySQLInfo{}, err

48
pkg/js/libs/mysql/mysql.go
View File

@ -35,18 +35,20 @@ type (
// const mysql = require('nuclei/mysql');
// const isMySQL = mysql.IsMySQL('acme.com', 3306);
// ```
func (c *MySQLClient) IsMySQL(host string, port int) (bool, error) {
func (c *MySQLClient) IsMySQL(ctx context.Context, host string, port int) (bool, error) {
executionId := ctx.Value("executionId").(string)
// todo: why this is exposed? Service fingerprint should be automatic
return memoizedisMySQL(host, port)
return memoizedisMySQL(executionId, host, port)
}
// @memo
func isMySQL(host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(host) {
func isMySQL(executionId string, host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
if err != nil {
return false, err
}
@ -73,14 +75,15 @@ func isMySQL(host string, port int) (bool, error) {
// const client = new mysql.MySQLClient;
// const connected = client.Connect('acme.com', 3306, 'username', 'password');
// ```
func (c *MySQLClient) Connect(host string, port int, username, password string) (bool, error) {
if !protocolstate.IsHostAllowed(host) {
func (c *MySQLClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) {
executionId := ctx.Value("executionId").(string)
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
// executing queries implies the remote mysql service
ok, err := c.IsMySQL(host, port)
ok, err := c.IsMySQL(ctx, host, port)
if err != nil {
return false, err
}
@ -125,18 +128,20 @@ type (
// const info = mysql.FingerprintMySQL('acme.com', 3306);
// log(to_json(info));
// ```
func (c *MySQLClient) FingerprintMySQL(host string, port int) (MySQLInfo, error) {
return memoizedfingerprintMySQL(host, port)
func (c *MySQLClient) FingerprintMySQL(ctx context.Context, host string, port int) (MySQLInfo, error) {
executionId := ctx.Value("executionId").(string)
return memoizedfingerprintMySQL(executionId, host, port)
}
// @memo
func fingerprintMySQL(host string, port int) (MySQLInfo, error) {
func fingerprintMySQL(executionId string, host string, port int) (MySQLInfo, error) {
info := MySQLInfo{}
if !protocolstate.IsHostAllowed(host) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return info, protocolstate.ErrHostDenied.Msgf(host)
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
if err != nil {
return info, err
}
@ -188,14 +193,15 @@ func (c *MySQLClient) ConnectWithDSN(dsn string) (bool, error) {
// const result = mysql.ExecuteQueryWithOpts(options, 'SELECT * FROM users');
// log(to_json(result));
// ```
func (c *MySQLClient) ExecuteQueryWithOpts(opts MySQLOptions, query string) (*utils.SQLResult, error) {
if !protocolstate.IsHostAllowed(opts.Host) {
func (c *MySQLClient) ExecuteQueryWithOpts(ctx context.Context, opts MySQLOptions, query string) (*utils.SQLResult, error) {
executionId := ctx.Value("executionId").(string)
if !protocolstate.IsHostAllowed(executionId, opts.Host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(opts.Host)
}
// executing queries implies the remote mysql service
ok, err := c.IsMySQL(opts.Host, opts.Port)
ok, err := c.IsMySQL(ctx, opts.Host, opts.Port)
if err != nil {
return nil, err
}
@ -240,9 +246,9 @@ func (c *MySQLClient) ExecuteQueryWithOpts(opts MySQLOptions, query string) (*ut
// const result = mysql.ExecuteQuery('acme.com', 3306, 'username', 'password', 'SELECT * FROM users');
// log(to_json(result));
// ```
func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, query string) (*utils.SQLResult, error) {
func (c *MySQLClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, query string) (*utils.SQLResult, error) {
// executing queries implies the remote mysql service
ok, err := c.IsMySQL(host, port)
ok, err := c.IsMySQL(ctx, host, port)
if err != nil {
return nil, err
}
@ -250,7 +256,7 @@ func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, qu
return nil, fmt.Errorf("not a mysql service")
}
return c.ExecuteQueryWithOpts(MySQLOptions{
return c.ExecuteQueryWithOpts(ctx, MySQLOptions{
Host: host,
Port: port,
Protocol: "tcp",
@ -267,8 +273,8 @@ func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, qu
// const result = mysql.ExecuteQueryOnDB('acme.com', 3306, 'username', 'password', 'dbname', 'SELECT * FROM users');
// log(to_json(result));
// ```
func (c *MySQLClient) ExecuteQueryOnDB(host string, port int, username, password, dbname, query string) (*utils.SQLResult, error) {
return c.ExecuteQueryWithOpts(MySQLOptions{
func (c *MySQLClient) ExecuteQueryOnDB(ctx context.Context, host string, port int, username, password, dbname, query string) (*utils.SQLResult, error) {
return c.ExecuteQueryWithOpts(ctx, MySQLOptions{
Host: host,
Port: port,
Protocol: "tcp",

12
pkg/js/libs/net/net.go
View File

@ -25,8 +25,10 @@ var (
// const net = require('nuclei/net');
// const conn = net.Open('tcp', 'acme.com:80');
// ```
func Open(protocol, address string) (*NetConn, error) {
conn, err := protocolstate.Dialer.Dial(context.TODO(), protocol, address)
func Open(ctx context.Context, protocol, address string) (*NetConn, error) {
executionId := ctx.Value("executionId").(string)
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(ctx, protocol, address)
if err != nil {
return nil, err
}
@ -40,7 +42,7 @@ func Open(protocol, address string) (*NetConn, error) {
// const net = require('nuclei/net');
// const conn = net.OpenTLS('tcp', 'acme.com:443');
// ```
func OpenTLS(protocol, address string) (*NetConn, error) {
func OpenTLS(ctx context.Context, protocol, address string) (*NetConn, error) {
config := &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS10}
host, _, _ := net.SplitHostPort(address)
if host != "" {
@ -48,7 +50,9 @@ func OpenTLS(protocol, address string) (*NetConn, error) {
c.ServerName = host
config = c
}
conn, err := protocolstate.Dialer.DialTLSWithConfig(context.TODO(), protocol, address, config)
executionId := ctx.Value("executionId").(string)
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.DialTLSWithConfig(ctx, protocol, address, config)
if err != nil {
return nil, err
}

4
pkg/js/libs/oracle/memo.oracle.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisOracle(host string, port int) (IsOracleResponse, error) {
func memoizedisOracle(executionId string, host string, port int) (IsOracleResponse, error) {
hash := "isOracle" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isOracle(host, port)
return isOracle(executionId, host, port)
})
if err != nil {
return IsOracleResponse{}, err

11
pkg/js/libs/oracle/oracle.go
View File

@ -32,16 +32,19 @@ type (
// const isOracle = oracle.IsOracle('acme.com', 1521);
// log(toJSON(isOracle));
// ```
func IsOracle(host string, port int) (IsOracleResponse, error) {
return memoizedisOracle(host, port)
func IsOracle(ctx context.Context, host string, port int) (IsOracleResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisOracle(executionId, host, port)
}
// @memo
func isOracle(host string, port int) (IsOracleResponse, error) {
func isOracle(executionId string, host string, port int) (IsOracleResponse, error) {
resp := IsOracleResponse{}
dialer := protocolstate.GetDialersWithId(executionId)
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return resp, err
}

4
pkg/js/libs/pop3/memo.pop3.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisPoP3(host string, port int) (IsPOP3Response, error) {
func memoizedisPoP3(executionId string, host string, port int) (IsPOP3Response, error) {
hash := "isPoP3" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isPoP3(host, port)
return isPoP3(executionId, host, port)
})
if err != nil {
return IsPOP3Response{}, err

11
pkg/js/libs/pop3/pop3.go
View File

@ -33,16 +33,19 @@ type (
// const isPOP3 = pop3.IsPOP3('acme.com', 110);
// log(toJSON(isPOP3));
// ```
func IsPOP3(host string, port int) (IsPOP3Response, error) {
return memoizedisPoP3(host, port)
func IsPOP3(ctx context.Context, host string, port int) (IsPOP3Response, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisPoP3(executionId, host, port)
}
// @memo
func isPoP3(host string, port int) (IsPOP3Response, error) {
func isPoP3(executionId string, host string, port int) (IsPOP3Response, error) {
resp := IsPOP3Response{}
dialer := protocolstate.GetDialersWithId(executionId)
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return resp, err
}

12
pkg/js/libs/postgres/memo.postgres.go
View File

@ -12,11 +12,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisPostgres(host string, port int) (bool, error) {
func memoizedisPostgres(executionId string, host string, port int) (bool, error) {
hash := "isPostgres" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isPostgres(host, port)
return isPostgres(executionId, host, port)
})
if err != nil {
return false, err
@ -28,11 +28,11 @@ func memoizedisPostgres(host string, port int) (bool, error) {
return false, errors.New("could not convert cached result")
}
func memoizedexecuteQuery(host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) {
func memoizedexecuteQuery(executionId string, host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) {
hash := "executeQuery" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName) + ":" + fmt.Sprint(query)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return executeQuery(host, port, username, password, dbName, query)
return executeQuery(executionId, host, port, username, password, dbName, query)
})
if err != nil {
return nil, err
@ -44,11 +44,11 @@ func memoizedexecuteQuery(host string, port int, username string, password strin
return nil, errors.New("could not convert cached result")
}
func memoizedconnect(host string, port int, username string, password string, dbName string) (bool, error) {
func memoizedconnect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) {
hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return connect(host, port, username, password, dbName)
return connect(executionId, host, port, username, password, dbName)
})
if err != nil {
return false, err

46
pkg/js/libs/postgres/postgres.go
View File

@ -36,16 +36,19 @@ type (
// const postgres = require('nuclei/postgres');
// const isPostgres = postgres.IsPostgres('acme.com', 5432);
// ```
func (c *PGClient) IsPostgres(host string, port int) (bool, error) {
func (c *PGClient) IsPostgres(ctx context.Context, host string, port int) (bool, error) {
executionId := ctx.Value("executionId").(string)
// todo: why this is exposed? Service fingerprint should be automatic
return memoizedisPostgres(host, port)
return memoizedisPostgres(executionId, host, port)
}
// @memo
func isPostgres(host string, port int) (bool, error) {
func isPostgres(executionId string, host string, port int) (bool, error) {
timeout := 10 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return false, err
}
@ -74,15 +77,16 @@ func isPostgres(host string, port int) (bool, error) {
// const client = new postgres.PGClient;
// const connected = client.Connect('acme.com', 5432, 'username', 'password');
// ```
func (c *PGClient) Connect(host string, port int, username, password string) (bool, error) {
ok, err := c.IsPostgres(host, port)
func (c *PGClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) {
ok, err := c.IsPostgres(ctx, host, port)
if err != nil {
return false, err
}
if !ok {
return false, fmt.Errorf("not a postgres service")
}
return memoizedconnect(host, port, username, password, "postgres")
executionId := ctx.Value("executionId").(string)
return memoizedconnect(executionId, host, port, username, password, "postgres")
}
// ExecuteQuery connects to Postgres database using given credentials and database name.
@ -95,8 +99,8 @@ func (c *PGClient) Connect(host string, port int, username, password string) (bo
// const result = client.ExecuteQuery('acme.com', 5432, 'username', 'password', 'dbname', 'select * from users');
// log(to_json(result));
// ```
func (c *PGClient) ExecuteQuery(host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) {
ok, err := c.IsPostgres(host, port)
func (c *PGClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) {
ok, err := c.IsPostgres(ctx, host, port)
if err != nil {
return nil, err
}
@ -104,12 +108,14 @@ func (c *PGClient) ExecuteQuery(host string, port int, username, password, dbNam
return nil, fmt.Errorf("not a postgres service")
}
return memoizedexecuteQuery(host, port, username, password, dbName, query)
executionId := ctx.Value("executionId").(string)
return memoizedexecuteQuery(executionId, host, port, username, password, dbName, query)
}
// @memo
func executeQuery(host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) {
if !protocolstate.IsHostAllowed(host) {
func executeQuery(executionId string, host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(host)
}
@ -144,8 +150,8 @@ func executeQuery(host string, port int, username string, password string, dbNam
// const client = new postgres.PGClient;
// const connected = client.ConnectWithDB('acme.com', 5432, 'username', 'password', 'dbname');
// ```
func (c *PGClient) ConnectWithDB(host string, port int, username, password, dbName string) (bool, error) {
ok, err := c.IsPostgres(host, port)
func (c *PGClient) ConnectWithDB(ctx context.Context, host string, port int, username, password, dbName string) (bool, error) {
ok, err := c.IsPostgres(ctx, host, port)
if err != nil {
return false, err
}
@ -153,16 +159,18 @@ func (c *PGClient) ConnectWithDB(host string, port int, username, password, dbNa
return false, fmt.Errorf("not a postgres service")
}
return memoizedconnect(host, port, username, password, dbName)
executionId := ctx.Value("executionId").(string)
return memoizedconnect(executionId, host, port, username, password, dbName)
}
// @memo
func connect(host string, port int, username string, password string, dbName string) (bool, error) {
func connect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) {
if host == "" || port <= 0 {
return false, fmt.Errorf("invalid host or port")
}
if !protocolstate.IsHostAllowed(host) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
@ -172,13 +180,15 @@ func connect(host string, port int, username string, password string, dbName str
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
dialer := protocolstate.GetDialersWithId(executionId)
db := pg.Connect(&pg.Options{
Addr: target,
User: username,
Password: password,
Database: dbName,
Dialer: func(network, addr string) (net.Conn, error) {
return protocolstate.Dialer.Dial(context.Background(), network, addr)
return dialer.Fastdialer.Dial(context.Background(), network, addr)
},
IdleCheckFrequency: -1,
}).WithContext(ctx).WithTimeout(10 * time.Second)

8
pkg/js/libs/rdp/memo.rdp.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisRDP(host string, port int) (IsRDPResponse, error) {
func memoizedisRDP(executionId string, host string, port int) (IsRDPResponse, error) {
hash := "isRDP" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isRDP(host, port)
return isRDP(executionId, host, port)
})
if err != nil {
return IsRDPResponse{}, err
@ -24,11 +24,11 @@ func memoizedisRDP(host string, port int) (IsRDPResponse, error) {
return IsRDPResponse{}, errors.New("could not convert cached result")
}
func memoizedcheckRDPAuth(host string, port int) (CheckRDPAuthResponse, error) {
func memoizedcheckRDPAuth(executionId string, host string, port int) (CheckRDPAuthResponse, error) {
hash := "checkRDPAuth" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return checkRDPAuth(host, port)
return checkRDPAuth(executionId, host, port)
})
if err != nil {
return CheckRDPAuthResponse{}, err

22
pkg/js/libs/rdp/rdp.go
View File

@ -35,16 +35,19 @@ type (
// const isRDP = rdp.IsRDP('acme.com', 3389);
// log(toJSON(isRDP));
// ```
func IsRDP(host string, port int) (IsRDPResponse, error) {
return memoizedisRDP(host, port)
func IsRDP(ctx context.Context, host string, port int) (IsRDPResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisRDP(executionId, host, port)
}
// @memo
func isRDP(host string, port int) (IsRDPResponse, error) {
func isRDP(executionId string, host string, port int) (IsRDPResponse, error) {
resp := IsRDPResponse{}
dialer := protocolstate.GetDialersWithId(executionId)
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return resp, err
}
@ -86,16 +89,19 @@ type (
// const checkRDPAuth = rdp.CheckRDPAuth('acme.com', 3389);
// log(toJSON(checkRDPAuth));
// ```
func CheckRDPAuth(host string, port int) (CheckRDPAuthResponse, error) {
return memoizedcheckRDPAuth(host, port)
func CheckRDPAuth(ctx context.Context, host string, port int) (CheckRDPAuthResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedcheckRDPAuth(executionId, host, port)
}
// @memo
func checkRDPAuth(host string, port int) (CheckRDPAuthResponse, error) {
func checkRDPAuth(executionId string, host string, port int) (CheckRDPAuthResponse, error) {
resp := CheckRDPAuthResponse{}
dialer := protocolstate.GetDialersWithId(executionId)
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return resp, err
}

16
pkg/js/libs/redis/memo.redis.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedgetServerInfo(host string, port int) (string, error) {
func memoizedgetServerInfo(executionId string, host string, port int) (string, error) {
hash := "getServerInfo" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return getServerInfo(host, port)
return getServerInfo(executionId, host, port)
})
if err != nil {
return "", err
@ -24,11 +24,11 @@ func memoizedgetServerInfo(host string, port int) (string, error) {
return "", errors.New("could not convert cached result")
}
func memoizedconnect(host string, port int, password string) (bool, error) {
func memoizedconnect(executionId string, host string, port int, password string) (bool, error) {
hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(password)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return connect(host, port, password)
return connect(executionId, host, port, password)
})
if err != nil {
return false, err
@ -40,11 +40,11 @@ func memoizedconnect(host string, port int, password string) (bool, error) {
return false, errors.New("could not convert cached result")
}
func memoizedgetServerInfoAuth(host string, port int, password string) (string, error) {
func memoizedgetServerInfoAuth(executionId string, host string, port int, password string) (string, error) {
hash := "getServerInfoAuth" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(password)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return getServerInfoAuth(host, port, password)
return getServerInfoAuth(executionId, host, port, password)
})
if err != nil {
return "", err
@ -56,11 +56,11 @@ func memoizedgetServerInfoAuth(host string, port int, password string) (string,
return "", errors.New("could not convert cached result")
}
func memoizedisAuthenticated(host string, port int) (bool, error) {
func memoizedisAuthenticated(executionId string, host string, port int) (bool, error) {
hash := "isAuthenticated" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isAuthenticated(host, port)
return isAuthenticated(executionId, host, port)
})
if err != nil {
return false, err

42
pkg/js/libs/redis/redis.go
View File

@ -18,13 +18,14 @@ import (
// const redis = require('nuclei/redis');
// const info = redis.GetServerInfo('acme.com', 6379);
// ```
func GetServerInfo(host string, port int) (string, error) {
return memoizedgetServerInfo(host, port)
func GetServerInfo(ctx context.Context, host string, port int) (string, error) {
executionId := ctx.Value("executionId").(string)
return memoizedgetServerInfo(executionId, host, port)
}
// @memo
func getServerInfo(host string, port int) (string, error) {
if !protocolstate.IsHostAllowed(host) {
func getServerInfo(executionId string, host string, port int) (string, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return "", protocolstate.ErrHostDenied.Msgf(host)
}
@ -57,13 +58,14 @@ func getServerInfo(host string, port int) (string, error) {
// const redis = require('nuclei/redis');
// const connected = redis.Connect('acme.com', 6379, 'password');
// ```
func Connect(host string, port int, password string) (bool, error) {
return memoizedconnect(host, port, password)
func Connect(ctx context.Context, host string, port int, password string) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizedconnect(executionId, host, port, password)
}
// @memo
func connect(host string, port int, password string) (bool, error) {
if !protocolstate.IsHostAllowed(host) {
func connect(executionId string, host string, port int, password string) (bool, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
@ -94,13 +96,14 @@ func connect(host string, port int, password string) (bool, error) {
// const redis = require('nuclei/redis');
// const info = redis.GetServerInfoAuth('acme.com', 6379, 'password');
// ```
func GetServerInfoAuth(host string, port int, password string) (string, error) {
return memoizedgetServerInfoAuth(host, port, password)
func GetServerInfoAuth(ctx context.Context, host string, port int, password string) (string, error) {
executionId := ctx.Value("executionId").(string)
return memoizedgetServerInfoAuth(executionId, host, port, password)
}
// @memo
func getServerInfoAuth(host string, port int, password string) (string, error) {
if !protocolstate.IsHostAllowed(host) {
func getServerInfoAuth(executionId string, host string, port int, password string) (string, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return "", protocolstate.ErrHostDenied.Msgf(host)
}
@ -133,15 +136,17 @@ func getServerInfoAuth(host string, port int, password string) (string, error) {
// const redis = require('nuclei/redis');
// const isAuthenticated = redis.IsAuthenticated('acme.com', 6379);
// ```
func IsAuthenticated(host string, port int) (bool, error) {
return memoizedisAuthenticated(host, port)
func IsAuthenticated(ctx context.Context, host string, port int) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisAuthenticated(executionId, host, port)
}
// @memo
func isAuthenticated(host string, port int) (bool, error) {
func isAuthenticated(executionId string, host string, port int) (bool, error) {
plugin := pluginsredis.REDISPlugin{}
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return false, err
}
@ -160,8 +165,9 @@ func isAuthenticated(host string, port int) (bool, error) {
// const redis = require('nuclei/redis');
// const result = redis.RunLuaScript('acme.com', 6379, 'password', 'return redis.call("get", KEYS[1])');
// ```
func RunLuaScript(host string, port int, password string, script string) (interface{}, error) {
if !protocolstate.IsHostAllowed(host) {
func RunLuaScript(ctx context.Context, host string, port int, password string, script string) (interface{}, error) {
executionId := ctx.Value("executionId").(string)
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}

4
pkg/js/libs/rsync/memo.rsync.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisRsync(host string, port int) (IsRsyncResponse, error) {
func memoizedisRsync(executionId string, host string, port int) (IsRsyncResponse, error) {
hash := "isRsync" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isRsync(host, port)
return isRsync(executionId, host, port)
})
if err != nil {
return IsRsyncResponse{}, err

10
pkg/js/libs/rsync/rsync.go
View File

@ -33,16 +33,18 @@ type (
// const isRsync = rsync.IsRsync('acme.com', 873);
// log(toJSON(isRsync));
// ```
func IsRsync(host string, port int) (IsRsyncResponse, error) {
return memoizedisRsync(host, port)
func IsRsync(ctx context.Context, host string, port int) (IsRsyncResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisRsync(executionId, host, port)
}
// @memo
func isRsync(host string, port int) (IsRsyncResponse, error) {
func isRsync(executionId string, host string, port int) (IsRsyncResponse, error) {
resp := IsRsyncResponse{}
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return resp, err
}

8
pkg/js/libs/smb/memo.smb.go
View File

@ -10,11 +10,11 @@ import (
"github.com/zmap/zgrab2/lib/smb/smb"
)
func memoizedconnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
func memoizedconnectSMBInfoMode(executionId string, host string, port int) (*smb.SMBLog, error) {
hash := "connectSMBInfoMode" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return connectSMBInfoMode(host, port)
return connectSMBInfoMode(executionId, host, port)
})
if err != nil {
return nil, err
@ -26,11 +26,11 @@ func memoizedconnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
return nil, errors.New("could not convert cached result")
}
func memoizedlistShares(host string, port int, user string, password string) ([]string, error) {
func memoizedlistShares(executionId string, host string, port int, user string, password string) ([]string, error) {
hash := "listShares" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(user) + ":" + fmt.Sprint(password)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return listShares(host, port, user, password)
return listShares(executionId, host, port, user, password)
})
if err != nil {
return []string{}, err

4
pkg/js/libs/smb/memo.smb_private.go
View File

@ -12,11 +12,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedcollectSMBv2Metadata(host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) {
func memoizedcollectSMBv2Metadata(executionId string, host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) {
hash := "collectSMBv2Metadata" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(timeout)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return collectSMBv2Metadata(host, port, timeout)
return collectSMBv2Metadata(executionId, host, port, timeout)
})
if err != nil {
return nil, err

4
pkg/js/libs/smb/memo.smbghost.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizeddetectSMBGhost(host string, port int) (bool, error) {
func memoizeddetectSMBGhost(executionId string, host string, port int) (bool, error) {
hash := "detectSMBGhost" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return detectSMBGhost(host, port)
return detectSMBGhost(executionId, host, port)
})
if err != nil {
return false, err

33
pkg/js/libs/smb/smb.go
View File

@ -34,17 +34,19 @@ type (
// const info = client.ConnectSMBInfoMode('acme.com', 445);
// log(to_json(info));
// ```
func (c *SMBClient) ConnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
return memoizedconnectSMBInfoMode(host, port)
func (c *SMBClient) ConnectSMBInfoMode(ctx context.Context, host string, port int) (*smb.SMBLog, error) {
executionId := ctx.Value("executionId").(string)
return memoizedconnectSMBInfoMode(executionId, host, port)
}
// @memo
func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
if !protocolstate.IsHostAllowed(host) {
func connectSMBInfoMode(executionId string, host string, port int) (*smb.SMBLog, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(host)
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return nil, err
}
@ -56,7 +58,7 @@ func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
}
// try to negotiate SMBv1
conn, err = protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
conn, err = dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return nil, err
}
@ -79,12 +81,13 @@ func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) {
// const metadata = client.ListSMBv2Metadata('acme.com', 445);
// log(to_json(metadata));
// ```
func (c *SMBClient) ListSMBv2Metadata(host string, port int) (*plugins.ServiceSMB, error) {
if !protocolstate.IsHostAllowed(host) {
func (c *SMBClient) ListSMBv2Metadata(ctx context.Context, host string, port int) (*plugins.ServiceSMB, error) {
executionId := ctx.Value("executionId").(string)
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(host)
}
return memoizedcollectSMBv2Metadata(host, port, 5*time.Second)
return memoizedcollectSMBv2Metadata(executionId, host, port, 5*time.Second)
}
// ListShares tries to connect to provided host and port
@ -102,17 +105,19 @@ func (c *SMBClient) ListSMBv2Metadata(host string, port int) (*plugins.ServiceSM
// }
//
// ```
func (c *SMBClient) ListShares(host string, port int, user, password string) ([]string, error) {
return memoizedlistShares(host, port, user, password)
func (c *SMBClient) ListShares(ctx context.Context, host string, port int, user, password string) ([]string, error) {
executionId := ctx.Value("executionId").(string)
return memoizedlistShares(executionId, host, port, user, password)
}
// @memo
func listShares(host string, port int, user string, password string) ([]string, error) {
if !protocolstate.IsHostAllowed(host) {
func listShares(executionId string, host string, port int, user string, password string) ([]string, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return nil, protocolstate.ErrHostDenied.Msgf(host)
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port))
if err != nil {
return nil, err
}

5
pkg/js/libs/smb/smb_private.go
View File

@ -16,11 +16,12 @@ import (
// collectSMBv2Metadata collects metadata for SMBv2 services.
// @memo
func collectSMBv2Metadata(host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) {
func collectSMBv2Metadata(executionId string, host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) {
if timeout == 0 {
timeout = 5 * time.Second
}
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
if err != nil {
return nil, err
}

12
pkg/js/libs/smb/smbghost.go
View File

@ -25,18 +25,20 @@ const (
// const smb = require('nuclei/smb');
// const isSMBGhost = smb.DetectSMBGhost('acme.com', 445);
// ```
func (c *SMBClient) DetectSMBGhost(host string, port int) (bool, error) {
return memoizeddetectSMBGhost(host, port)
func (c *SMBClient) DetectSMBGhost(ctx context.Context, host string, port int) (bool, error) {
executionId := ctx.Value("executionId").(string)
return memoizeddetectSMBGhost(executionId, host, port)
}
// @memo
func detectSMBGhost(host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(host) {
func detectSMBGhost(executionId string, host string, port int) (bool, error) {
if !protocolstate.IsHostAllowed(executionId, host) {
// host is not valid according to network policy
return false, protocolstate.ErrHostDenied.Msgf(host)
}
addr := net.JoinHostPort(host, strconv.Itoa(port))
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", addr)
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", addr)
if err != nil {
return false, err

17
pkg/js/libs/smtp/smtp.go
View File

@ -8,7 +8,7 @@ import (
"strconv"
"time"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/praetorian-inc/fingerprintx/pkg/plugins"
"github.com/projectdiscovery/nuclei/v3/pkg/js/utils"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
@ -65,8 +65,10 @@ func NewSMTPClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Objec
c.host = host
c.port = port
executionId := c.nj.ExecutionId()
// check if this is allowed address
c.nj.Require(protocolstate.IsHostAllowed(host+":"+port), protocolstate.ErrHostDenied.Msgf(host+":"+port).Error())
c.nj.Require(protocolstate.IsHostAllowed(executionId, host+":"+port), protocolstate.ErrHostDenied.Msgf(host+":"+port).Error())
// Link Constructor to Client and return
return utils.LinkConstructor(call, runtime, c)
@ -86,7 +88,11 @@ func (c *Client) IsSMTP() (SMTPResponse, error) {
c.nj.Require(c.port != "", "port cannot be empty")
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(c.host, c.port))
executionId := c.nj.ExecutionId()
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(c.host, c.port))
if err != nil {
return resp, err
}
@ -121,8 +127,11 @@ func (c *Client) IsOpenRelay(msg *SMTPMessage) (bool, error) {
c.nj.Require(c.host != "", "host cannot be empty")
c.nj.Require(c.port != "", "port cannot be empty")
executionId := c.nj.ExecutionId()
dialer := protocolstate.GetDialersWithId(executionId)
addr := net.JoinHostPort(c.host, c.port)
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", addr)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", addr)
if err != nil {
return false, err
}

48
pkg/js/libs/ssh/ssh.go
View File

@ -1,6 +1,7 @@
package ssh
import (
"context"
"fmt"
"strings"
"time"
@ -45,12 +46,14 @@ func (c *SSHClient) SetTimeout(sec int) {
// const client = new ssh.SSHClient();
// const connected = client.Connect('acme.com', 22, 'username', 'password');
// ```
func (c *SSHClient) Connect(host string, port int, username, password string) (bool, error) {
func (c *SSHClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) {
executionId := ctx.Value("executionId").(string)
conn, err := connect(&connectOptions{
Host: host,
Port: port,
User: username,
Password: password,
Host: host,
Port: port,
User: username,
Password: password,
ExecutionId: executionId,
})
if err != nil {
return false, err
@ -71,12 +74,14 @@ func (c *SSHClient) Connect(host string, port int, username, password string) (b
// const privateKey = `-----BEGIN RSA PRIVATE KEY----- ...`;
// const connected = client.ConnectWithKey('acme.com', 22, 'username', privateKey);
// ```
func (c *SSHClient) ConnectWithKey(host string, port int, username, key string) (bool, error) {
func (c *SSHClient) ConnectWithKey(ctx context.Context, host string, port int, username, key string) (bool, error) {
executionId := ctx.Value("executionId").(string)
conn, err := connect(&connectOptions{
Host: host,
Port: port,
User: username,
PrivateKey: key,
Host: host,
Port: port,
User: username,
PrivateKey: key,
ExecutionId: executionId,
})
if err != nil {
@ -100,10 +105,12 @@ func (c *SSHClient) ConnectWithKey(host string, port int, username, key string)
// const info = client.ConnectSSHInfoMode('acme.com', 22);
// log(to_json(info));
// ```
func (c *SSHClient) ConnectSSHInfoMode(host string, port int) (*ssh.HandshakeLog, error) {
func (c *SSHClient) ConnectSSHInfoMode(ctx context.Context, host string, port int) (*ssh.HandshakeLog, error) {
executionId := ctx.Value("executionId").(string)
return memoizedconnectSSHInfoMode(&connectOptions{
Host: host,
Port: port,
Host: host,
Port: port,
ExecutionId: executionId,
})
}
@ -157,12 +164,13 @@ func (c *SSHClient) Close() (bool, error) {
// unexported functions
type connectOptions struct {
Host string
Port int
User string
Password string
PrivateKey string
Timeout time.Duration // default 10s
Host string
Port int
User string
Password string
PrivateKey string
Timeout time.Duration // default 10s
ExecutionId string
}
func (c *connectOptions) validate() error {
@ -172,7 +180,7 @@ func (c *connectOptions) validate() error {
if c.Port <= 0 {
return errorutil.New("port is required")
}
if !protocolstate.IsHostAllowed(c.Host) {
if !protocolstate.IsHostAllowed(c.ExecutionId, c.Host) {
// host is not valid according to network policy
return protocolstate.ErrHostDenied.Msgf(c.Host)
}

4
pkg/js/libs/telnet/memo.telnet.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisTelnet(host string, port int) (IsTelnetResponse, error) {
func memoizedisTelnet(executionId string, host string, port int) (IsTelnetResponse, error) {
hash := "isTelnet" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isTelnet(host, port)
return isTelnet(executionId, host, port)
})
if err != nil {
return IsTelnetResponse{}, err

10
pkg/js/libs/telnet/telnet.go
View File

@ -33,16 +33,18 @@ type (
// const isTelnet = telnet.IsTelnet('acme.com', 23);
// log(toJSON(isTelnet));
// ```
func IsTelnet(host string, port int) (IsTelnetResponse, error) {
return memoizedisTelnet(host, port)
func IsTelnet(ctx context.Context, host string, port int) (IsTelnetResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisTelnet(executionId, host, port)
}
// @memo
func isTelnet(host string, port int) (IsTelnetResponse, error) {
func isTelnet(executionId string, host string, port int) (IsTelnetResponse, error) {
resp := IsTelnetResponse{}
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return resp, err
}

4
pkg/js/libs/vnc/memo.vnc.go
View File

@ -8,11 +8,11 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
func memoizedisVNC(host string, port int) (IsVNCResponse, error) {
func memoizedisVNC(executionId string, host string, port int) (IsVNCResponse, error) {
hash := "isVNC" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port)
v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {
return isVNC(host, port)
return isVNC(executionId, host, port)
})
if err != nil {
return IsVNCResponse{}, err

10
pkg/js/libs/vnc/vnc.go
View File

@ -34,16 +34,18 @@ type (
// const isVNC = vnc.IsVNC('acme.com', 5900);
// log(toJSON(isVNC));
// ```
func IsVNC(host string, port int) (IsVNCResponse, error) {
return memoizedisVNC(host, port)
func IsVNC(ctx context.Context, host string, port int) (IsVNCResponse, error) {
executionId := ctx.Value("executionId").(string)
return memoizedisVNC(executionId, host, port)
}
// @memo
func isVNC(host string, port int) (IsVNCResponse, error) {
func isVNC(executionId string, host string, port int) (IsVNCResponse, error) {
resp := IsVNCResponse{}
timeout := 5 * time.Second
conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
dialer := protocolstate.GetDialersWithId(executionId)
conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port)))
if err != nil {
return resp, err
}

8
pkg/js/utils/nucleijs.go
View File

@ -6,7 +6,7 @@ import (
"strings"
"sync"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
)
// temporary on demand runtime to throw errors when vm is not available
@ -43,7 +43,11 @@ func (j *NucleiJS) runtime() *goja.Runtime {
}
func (j *NucleiJS) ExecutionId() string {
return j.runtime().Get("executionId").String()
executionId, ok := j.vm.GetContextValue("executionId")
if !ok {
return ""
}
return executionId.(string)
}
// see: https://arc.net/l/quote/wpenftpc for throwing docs

6
pkg/js/utils/pgwrap/pgwrap.go
View File

@ -7,9 +7,7 @@ import (
"net"
"time"
"github.com/lib/pq"
"github.com/projectdiscovery/fastdialer/fastdialer"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
)
const (
@ -45,7 +43,9 @@ type PgDriver struct{}
// Most users should only use it through database/sql package from the standard
// library.
func (d PgDriver) Open(name string) (driver.Conn, error) {
return pq.DialOpen(&pgDial{fd: protocolstate.Dialer}, name)
panic("todo")
return nil, nil
//return pq.DialOpen(&pgDial{fd: dialer.Fastdialer}, name)
}
func init() {

2
pkg/protocols/code/code.go
View File

@ -8,9 +8,9 @@ import (
"strings"
"time"
"github.com/Mzack9999/goja"
"github.com/alecthomas/chroma/quick"
"github.com/ditashi/jsbeautifier-go/jsbeautifier"
"github.com/dop251/goja"
"github.com/pkg/errors"
"github.com/projectdiscovery/gologger"

2
pkg/protocols/code/helpers.go
View File

@ -3,7 +3,7 @@ package code
import (
goruntime "runtime"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
osutils "github.com/projectdiscovery/utils/os"
)

2
pkg/protocols/common/automaticscan/automaticscan.go
View File

@ -188,7 +188,7 @@ func (s *Service) executeAutomaticScanOnTarget(input *contextargs.MetaInput) {
execOptions.Progress = &testutils.MockProgressClient{} // stats are not supported yet due to centralized logic and cannot be reinitialized
eng.SetExecuterOptions(execOptions)
tmp := eng.ExecuteScanWithOpts(context.Background(), finalTemplates, provider.NewSimpleInputProviderWithUrls(input.Input), true)
tmp := eng.ExecuteScanWithOpts(context.Background(), finalTemplates, provider.NewSimpleInputProviderWithUrls(s.opts.Options.ExecutionId, input.Input), true)
s.hasResults.Store(tmp.Load())
}

4
pkg/protocols/common/protocolstate/js.go
View File

@ -1,8 +1,8 @@
package protocolstate
import (
"github.com/dop251/goja"
"github.com/dop251/goja/parser"
"github.com/Mzack9999/goja"
"github.com/Mzack9999/goja/parser"
"github.com/projectdiscovery/gologger"
)

23
pkg/protocols/common/protocolstate/state.go
View File

@ -15,14 +15,18 @@ import (
"github.com/projectdiscovery/networkpolicy"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
"github.com/projectdiscovery/nuclei/v3/pkg/utils/expand"
"github.com/projectdiscovery/retryablehttp-go"
mapsutil "github.com/projectdiscovery/utils/maps"
)
// Dialer is a shared fastdialer instance for host DNS resolution
var (
dialers *mapsutil.SyncLockMap[string, *Dialers]
)
func init() {
dialers = mapsutil.NewSyncLockMap[string, *Dialers]()
}
func GetDialers(ctx context.Context) *Dialers {
executionContext := GetExecutionContext(ctx)
dialers, ok := dialers.Get(executionContext.ExecutionID)
@ -43,7 +47,7 @@ func GetDialersWithId(id string) *Dialers {
func ShouldInit(id string) bool {
dialer, ok := dialers.Get(id)
if !ok {
return false
return true
}
return dialer == nil
}
@ -54,6 +58,11 @@ func Init(options *types.Options) error {
return nil
}
return initDialers(options)
}
// initDialers is the internal implementation of Init
func initDialers(options *types.Options) error {
lfaAllowed = options.AllowLocalFileAccess
opts := fastdialer.DefaultOptions
opts.DialerTimeout = options.GetTimeouts().DialTimeout
@ -168,8 +177,9 @@ func Init(options *types.Options) error {
networkPolicy, _ := networkpolicy.New(*npOptions)
dialersInstance := &Dialers{
Fastdialer: dialer,
NetworkPolicy: networkPolicy,
Fastdialer: dialer,
NetworkPolicy: networkPolicy,
HTTPClientPool: mapsutil.NewSyncLockMap[string, *retryablehttp.Client](),
}
dialers.Set(options.ExecutionId, dialersInstance)
@ -184,8 +194,9 @@ func Init(options *types.Options) error {
addr += ":3306"
}
// TODO: find a way to get dialer from context
return Dialer.Dial(ctx, "tcp", addr)
executionId := ctx.Value("executionId").(string)
dialer := GetDialersWithId(executionId)
return dialer.Fastdialer.Dial(ctx, "tcp", addr)
})
StartActiveMemGuardian(context.Background())

1
pkg/protocols/headless/engine/page_actions.go
View File

@ -54,6 +54,7 @@ func (p *Page) ExecuteActions(input *contextargs.Context, actions []*Action) (ou
// avoid any future panics caused due to go-rod library
// TODO(dwisiswant0): remove this once we get the RCA.
defer func() {
return
if ci.IsCI() {
return
}

1
pkg/protocols/http/httpclientpool/clientpool.go
View File

@ -166,6 +166,7 @@ func Get(options *types.Options, configuration *Configuration) (*retryablehttp.C
dialers := protocolstate.GetDialersWithId(options.ExecutionId)
return dialers.DefaultHTTPClient, nil
}
return wrappedGet(options, configuration)
}

5
pkg/protocols/javascript/js.go
View File

@ -9,9 +9,9 @@ import (
"sync/atomic"
"time"
"github.com/Mzack9999/goja"
"github.com/alecthomas/chroma/quick"
"github.com/ditashi/jsbeautifier-go/jsbeautifier"
"github.com/dop251/goja"
"github.com/pkg/errors"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/js/compiler"
@ -151,6 +151,7 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error {
}
opts := &compiler.ExecuteOptions{
ExecutionId: request.options.Options.ExecutionId,
TimeoutVariants: request.options.Options.GetTimeouts(),
Source: &request.Init,
Context: context.Background(),
@ -357,6 +358,7 @@ func (request *Request) ExecuteWithResults(target *contextargs.Context, dynamicV
result, err := request.options.JsCompiler.ExecuteWithOptions(request.preConditionCompiled, argsCopy,
&compiler.ExecuteOptions{
ExecutionId: requestOptions.Options.ExecutionId,
TimeoutVariants: requestOptions.Options.GetTimeouts(),
Source: &request.PreCondition, Context: target.Context(),
})
@ -530,6 +532,7 @@ func (request *Request) executeRequestWithPayloads(hostPort string, input *conte
results, err := request.options.JsCompiler.ExecuteWithOptions(request.scriptCompiled, argsCopy,
&compiler.ExecuteOptions{
ExecutionId: requestOptions.Options.ExecutionId,
TimeoutVariants: requestOptions.Options.GetTimeouts(),
Source: &request.Code,
Context: input.Context(),

9
pkg/reporting/exporters/es/elasticsearch.go
View File

@ -37,7 +37,8 @@ type Options struct {
// IndexName is the name of the elasticsearch index
IndexName string `yaml:"index-name" validate:"required"`
HttpClient *retryablehttp.Client `yaml:"-"`
HttpClient *retryablehttp.Client `yaml:"-"`
ExecutionId string `yaml:"-"`
}
type data struct {
@ -56,6 +57,8 @@ type Exporter struct {
func New(option *Options) (*Exporter, error) {
var ei *Exporter
dialer := protocolstate.GetDialersWithId(option.ExecutionId)
var client *http.Client
if option.HttpClient != nil {
client = option.HttpClient.HTTPClient
@ -65,8 +68,8 @@ func New(option *Options) (*Exporter, error) {
Transport: &http.Transport{
MaxIdleConns: 10,
MaxIdleConnsPerHost: 10,
DialContext: protocolstate.Dialer.Dial,
DialTLSContext: protocolstate.Dialer.DialTLS,
DialContext: dialer.Fastdialer.Dial,
DialTLSContext: dialer.Fastdialer.DialTLS,
TLSClientConfig: &tls.Config{InsecureSkipVerify: option.SSLVerification},
},
}

9
pkg/reporting/exporters/splunk/splunkhec.go
View File

@ -30,7 +30,8 @@ type Options struct {
Token string `yaml:"token" validate:"required"`
IndexName string `yaml:"index-name" validate:"required"`
HttpClient *retryablehttp.Client `yaml:"-"`
HttpClient *retryablehttp.Client `yaml:"-"`
ExecutionId string `yaml:"-"`
}
type data struct {
@ -48,6 +49,8 @@ type Exporter struct {
func New(option *Options) (*Exporter, error) {
var ei *Exporter
dialer := protocolstate.GetDialersWithId(option.ExecutionId)
var client *http.Client
if option.HttpClient != nil {
client = option.HttpClient.HTTPClient
@ -57,8 +60,8 @@ func New(option *Options) (*Exporter, error) {
Transport: &http.Transport{
MaxIdleConns: 10,
MaxIdleConnsPerHost: 10,
DialContext: protocolstate.Dialer.Dial,
DialTLSContext: protocolstate.Dialer.DialTLS,
DialContext: dialer.Fastdialer.Dial,
DialTLSContext: dialer.Fastdialer.DialTLS,
TLSClientConfig: &tls.Config{InsecureSkipVerify: option.SSLVerification},
},
}

2
pkg/reporting/options.go
View File

@ -50,4 +50,6 @@ type Options struct {
HttpClient *retryablehttp.Client `yaml:"-"`
OmitRaw bool `yaml:"-"`
ExecutionId string `yaml:"-"`
}

2
pkg/reporting/reporting.go
View File

@ -154,6 +154,7 @@ func New(options *Options, db string, doNotDedupe bool) (Client, error) {
}
if options.ElasticsearchExporter != nil {
options.ElasticsearchExporter.HttpClient = options.HttpClient
options.ElasticsearchExporter.ExecutionId = options.ExecutionId
exporter, err := es.New(options.ElasticsearchExporter)
if err != nil {
return nil, errorutil.NewWithErr(err).Wrap(ErrExportClientCreation)
@ -162,6 +163,7 @@ func New(options *Options, db string, doNotDedupe bool) (Client, error) {
}
if options.SplunkExporter != nil {
options.SplunkExporter.HttpClient = options.HttpClient
options.SplunkExporter.ExecutionId = options.ExecutionId
exporter, err := splunk.New(options.SplunkExporter)
if err != nil {
return nil, errorutil.NewWithErr(err).Wrap(ErrExportClientCreation)

2
pkg/tmplexec/exec.go
View File

@ -7,7 +7,7 @@ import (
"sync/atomic"
"time"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/js/compiler"
"github.com/projectdiscovery/nuclei/v3/pkg/operators"

2
pkg/tmplexec/flow/builtin/dedupe.go
View File

@ -4,7 +4,7 @@ import (
"crypto/md5"
"reflect"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
)

7
pkg/tmplexec/flow/flow_executor.go
View File

@ -7,7 +7,7 @@ import (
"strings"
"sync/atomic"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v3/pkg/scan"
@ -200,11 +200,12 @@ func (f *FlowExecutor) ExecuteWithResults(ctx *scan.ScanContext) error {
for proto := range f.protoFunctions {
_ = runtime.GlobalObject().Delete(proto)
}
runtime.RemoveContextValue("executionId")
}()
// TODO(dwisiswant0): remove this once we get the RCA.
defer func() {
return
if ci.IsCI() {
return
}
@ -241,6 +242,8 @@ func (f *FlowExecutor) ExecuteWithResults(ctx *scan.ScanContext) error {
return err
}
runtime.SetContextValue("executionId", f.options.Options.ExecutionId)
// pass flow and execute the js vm and handle errors
_, err := runtime.RunProgram(f.program)
if err != nil {

2
pkg/tmplexec/flow/flow_internal.go
View File

@ -4,7 +4,7 @@ import (
"fmt"
"sync/atomic"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/projectdiscovery/nuclei/v3/pkg/output"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
mapsutil "github.com/projectdiscovery/utils/maps"

2
pkg/tmplexec/flow/vm.go
View File

@ -5,7 +5,7 @@ import (
"reflect"
"sync"
"github.com/dop251/goja"
"github.com/Mzack9999/goja"
"github.com/logrusorgru/aurora"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"