External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 04:35:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,323 Commits 49 Branches 135 Tags
Commit Graph

153 Commits

Author SHA1 Message Date
Ramana Reddy
3d2f31a56f
fix missing template_url for pd signed templates when executed from custom path (#5644) 2024-09-19 18:58:20 +05:30
Dwi Siswanto
841d8913e5
feat(headless): add ActionWaitDialog type (#5545) 
* feat(headless): add `dialog` action type

also implement it

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(headless): add `ActionData` for action output datas

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(headless): rm `value` arg for `*Page.HandleDialog`

also:
* expose `err` from \*proto.PageHandleJavaScriptDialog`
* conditional ActionData assignment based on

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(headless): rename to `ActionWaitDialog`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(headless): fix mismatch assertion of `src` output of `ActionGetResource`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test(headless): add TestActionWaitDialog test case

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(headless): add `GetActionDataWithDefault` generic func

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(headless): implement `GetActionDataWithDefault`

to `header` & `status_code`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(headless): use `mapsutil.Map` instead

Signed-off-by: Dwi Siswanto <git@dw1.io>

* Revert "feat(headless): add `GetActionDataWithDefault` generic func"

This reverts commit fa12e0d6a221c8a7bf62200f69814ee27681f08f.

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-09-02 15:29:52 +05:30
Dwi Siswanto
e0b2542868
feat: conditionally panic-recover (#5553) 
* feat: conditionally panic-recover

As discussed with @Mzack9999, we should avoid
overusing panic-recover. We need to review the RCA
first to determine whether this is an exceptional
situation or if it's a higher-level function meant
to recover from a panic. This approach will help
us establish a robust error-handling strategy.

The implementation of panic-recover should be
conditional and NOT applied when running in a CI
environment AND IS temporary. Once we've caught
all errors and made the necessary corrections, we
can remove the deferred recover function.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(deps): bump `go-ci` to v1.0.2

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(make): add `-race` to `GOFLAGS` in `test`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-28 17:57:45 +05:30
Dogan Can Bakir
6b71af448a
Fixed issue with -ms option to scan non accessible host (#5576) 
* fail if OnResult callback is not called

* generate error message from error logs

* try..parse..

* fix lint

* add error message to last matcher event

* fix network protocol error logging

* log returned log from ExecuteWithResults

* add back specific logging

* clean up the msg

* minor

* init integration test for -ms

* add tests for http,network,js,ws protocols

* fix lint

* fix network test

* return err for dns protocol

* add integration test for dns protocol
 2024-08-28 16:27:43 +05:30
mzack9999
5e102b782b fixing race + nil crash 2024-08-21 16:09:47 +02:00
Doğan Can Bakır
d1f4c98cd7 Revert "remove redundant code" 
This reverts commit 35a0d673ad8e12b11e90e8e0090feb26ea042b46.
 2024-08-21 15:03:41 +03:00
Doğan Can Bakır
35a0d673ad remove redundant code 2024-08-21 11:36:33 +03:00
Doğan Can Bakır
46782ff90c use sync.Once 2024-08-21 11:26:17 +03:00
Doğan Can Bakır
3064788d35 fix race condition 2024-08-19 23:02:27 +03:00
Tarun Koyalwar
1c76398aea
lint error fixes (#5531) 
* lint error fixes

* chore: satisfy non-constant format str in call lint (govet)

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Dwi Siswanto <git@dw1.io>
 2024-08-16 20:31:23 +05:30
Ramana Reddy
f29b94521e
fix unresolved variables in dast templates (#5443) 
* fix unresolved variables in dast templates

* dedupe interactsh urls

* misc update
 2024-08-16 18:19:44 +05:30
Dwi Siswanto
1af29f97a9
feat(http): add skip-secret-file field (#5522) 
* feat(http): add `BypassSecretFile` field

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(http): conditionally apply auth strategies

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(http): rename `BypassSecretFile` field to `SkipSecretFile`

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-08-16 18:10:48 +05:30
Ramana Reddy
2609d2d135
feat: add support for multiple auth strategies per target from secrets file (#5500) 2024-08-16 11:59:15 +05:30
Tarun Koyalwar
2df1b2e88e
file proto missing vars in flow & multi-protocol (#5480) 
* fix missing template context in file proto

* fix file protocol missing vars

* fix test

* skip example advanced test
 2024-08-04 18:14:08 +05:30
Mohammed Diaa
ff23949bb0
Apply input transformation to multi-protocol templates (#5426) 
* Apply input transformation to multi-protocol template execution

* Remove ad hoc input transoformation from DNS protocol

* Add SSL protocol input transformer

* Remove ad hoc input transoformation from SSL protocol

* Remove unused function extractDomain from the DNS protocol engine

* transform in flow as well

* bug fix + update test

* bug fix multi proto
:

* bug fix multi proto input

* bug fixes in input transform

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-08-01 20:43:47 +05:30
Tarun Koyalwar
2418319df4
js: generate matcher-status event (#5450) 
* js: generate matcher-status event

* isPortOpen: use fastdialer instance

* update sdk unit test

* add docs :)
 2024-07-27 02:46:34 +05:30
Dwi Siswanto
6d325a4ebe
feat(http): assign customHeaders to the map directly (#5445) 
also add skip expr if header key is "Host"

Signed-off-by: Dwi Siswanto <git@dw1.io>
 2024-07-26 22:24:35 +07:00
Ramana Reddy
33dbb51505
fix unresolved interactsh-url variable with fuzzing (#5289) 
* fix unresolved interactsh variable with fuzzing

* fix variables override with fuzzing
 2024-07-26 00:01:05 +05:30
Ramana Reddy
3e1cd27943
Fix stop-at-first-match in headless mode fuzzing (#5330) 2024-07-15 16:57:12 +05:30
Mzack9999
bc229a46ca
Merge pull request #5331 from projectdiscovery/use_containsall 
use `stringsutil.ContainsAll`
 2024-07-15 13:21:03 +02:00
Dogan Can Bakir
f080d614c3
introduce timeouts config in types.Options (#5228) 
* introduce timeout variants

* update instances and add codeexectimeout

* fix test

* default to 10s

* minor

* make timeouts pluggable and rename

* remove residual code

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-07-15 15:57:15 +05:30
mzack9999
3c2af0e47c fixing many data races 2024-07-12 17:23:44 +02:00
mzack
ead444b88b Merge branch 'dev' into use_containsall 2024-07-12 13:05:14 +02:00
Tarun Koyalwar
c9a9bd3bfc
include cname in http output if available (#5389) 2024-07-10 20:43:22 +05:30
Kristinn Vikar Jónsson
381ebba6a2
Clustering performance improvements (#5319) 
* Clustering performance improvements

* IsClusterable filters out beforehand, update test to mirror that

* inverse IsClusterable
This makes much more sense

* HashMap based clustering

* furthur improvements to clustering

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-06-27 13:14:43 +05:30
Doğan Can Bakır
c7006a9168 use stringsutil.ContainsAll 2024-06-25 12:26:18 +03:00
Mzack9999
52975373ff Merge branch 'dev' into feat-4808-planner 2024-06-13 17:19:43 +02:00
mzack
61f391ee8a . 2024-06-12 00:34:45 +02:00
Mzack9999
9f1414e3e8 . 2024-06-11 13:38:28 +02:00
Mzack9999
26c84e3747 Merge branch 'dev' into bugfix-1241-wtf 2024-06-11 12:34:41 +02:00
Mzack9999
e13c7cc967 testing fastdialer native 2024-06-11 12:21:43 +02:00
Ice3man
9f3f7fce06
Fuzzing additions & enhancements (#5139) 
* feat: added fuzzing output enhancements

* changes as requested

* misc

* feat: added dfp flag to display fuzz points + misc additions

* feat: added support for fuzzing nested path segments

* feat: added parts to fuzzing requests

* feat: added tracking for parameter occurence frequency in fuzzing

* added cli flag for fuzz frequency

* fixed broken tests

* fixed path based sqli integration test

* feat: added configurable fuzzing aggression level for payloads

* fixed failing test
 2024-06-11 04:43:46 +05:30
mzack
fd2311d034 fixing slow elab 2024-06-10 03:23:00 +02:00
Tarun Koyalwar
8720e4f863
fix panic: ref #5217 (#5230) 2024-06-02 17:11:56 +05:30
mzack
46e2a54bfe Merge branch 'dev' into feat-4808-planner 2024-05-25 02:45:54 +02:00
Tarun Koyalwar
23bd0336fb
multiple bug fixes + performance improvements (#5148) 
* prototype errkit

* complete errkit implementation

* add cause to all timeouts

* fix request timeout annotation @timeout

* increase responseHeaderTimeout to 8 for stability

* rawhttp error related improvements

* feat: add port status caching

* add port status caching to http

* migrate to new utils/errkit

* remote dialinterface + error cause

* debug dir support using .gitignore debug-*

* make nuclei easy to debug

* debug dir update .gitignore

* temp change (to revert)

* Revert "temp change (to revert)"

This reverts commit d3131f777713b9f80e2275142e80f36340a76d36.

* use available context instead of new one

* bump fastdialer

* fix hosterrorscache + misc improvements

* add 'address' field in error log

* fix js vague errors + pgwrap driver

* fix max host error + misc updates

* update tests as per changes

* fix request annotation context

* remove closed dialer reference

* fix sdk panic issue

* bump retryablehttp-go,utils,fastdialer

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2024-05-25 00:29:04 +05:30
Mzack9999
4fc16e36e1 Merge branch 'dev' into feat-4808-planner 2024-05-23 09:08:53 +02:00
Mzack9999
9cc335a34c
first interface ipv4 address (#5186) 2024-05-20 02:42:21 +05:30
Ice3man
4170e1cbb8
more goroutine leak fixes to nuclei (#5188) 
* more goroutine leak fixes to nuclei

* run only dns templates for test

* updated httpx to dev

* dep update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-20 00:48:40 +05:30
Mzack9999
47ca8fe842 fix non gc-able dialer 
closes #5165
 2024-05-15 21:25:40 +02:00
Mzack9999
9adfc531c7 uniforming sizes with utils 2024-05-15 15:34:59 +02:00
Ramana Reddy
0f983d8204
Add support for multiple uncover queries (#5132) 
* Add support for multiple uncover queries

* Fix issue with multiple engines
 2024-05-10 22:16:01 +05:30
Ice3man
9784ca860a
feat: added fuzzing output enhancements (#5126) 
* feat: added fuzzing output enhancements

* changes as requested

* misc
 2024-05-03 18:46:28 +05:30
Tarun Koyalwar
3e54ca54b0
feat: fix utils and add goroutine leak unit tests (#5112) 
* feat: fixed leak

* add go leak unit test in sdk

* added goleak unit tests

* bugfix: add random user agents to fuzzing requests

* misc

* misc

* fix lint + use utils pr + misc

* fix ratelimit memleak in sdk

* close protocolstate shared resources in nuclei sdk/lib

* add missing close references

* ignore read/write loop of intransit connections

* close unnecessary idle conns

* add ignore method

* using fixed utils

* dep update

---------

Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-05-01 00:28:11 +05:30
Dogan Can Bakir
c8cda14e41
remove default val in CLI and increase MaxBodyRead to 10mb (#5100) 
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-25 16:28:37 +05:30
Ice3man
0b82e8b7aa
feat: added support for context cancellation to engine (#5096) 
* feat: added support for context cancellation to engine

* misc

* feat: added contexts everywhere

* misc

* misc

* use granular http timeouts and increase http timeout to 30s using multiplier

* track response header timeout in mhe

* update responseHeaderTimeout to 5sec

* skip failing windows test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-25 15:37:56 +05:30
Tarun Koyalwar
3dfcec0a36
missing mhe check in http payloads (#5099) 
* go mod tidy

* fix spm missing hosterrorcheck + improvements

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2024-04-24 19:34:13 +05:30
Dogan Can Bakir
cfe6f5da58
fix tests (#5092) 2024-04-24 18:49:39 +05:30
Dogan Can Bakir
8676cb6daf
add response read timeout flag (#4944) 
* add response read timeout flag

* fix test

* bump utils

* fix network tests

* fix incorrect unit of response-read-timeout unit

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2024-04-24 13:05:05 +05:30
Dogan Can Bakir
e480d131f1
add query param (#4894) 
* include params

* add query var

* override params for base url var
 2024-04-23 19:17:26 +05:30