External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-25 04:25:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,895 Commits 49 Branches 135 Tags
Commit Graph

314 Commits

Author SHA1 Message Date
Mzack9999
84abef3f70 Merge branch 'dev' into issue-2188-reporting-client 2023-02-24 15:58:43 +01:00
Alexandre ZANNI
e3e60d0ba8
uncover: add criminalip support (#3162) 
* update uncover engine options

* add criminalip support

* update criminalIP variable

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
 2023-02-21 00:23:11 +05:30
Sandeep Singh
ba7fcd08ff
Merge branch 'dev' into issue-2188-reporting-client 2023-02-20 15:26:16 +05:30
Mzack9999
d608ffaeb2
clear after stop (#3312) 
* clear after stop

* fixing data races

* adding atomic cache

* fixing lint errors

* fixing imports
 2023-02-13 16:46:41 +05:30
Ice3man
7e7bb1ed0a
AES CBC PKCS5Padding helper function update (#3287) 
* Added DSL helper functions for CVE + misc

* Added aes_cbc with pkcspadding

* Misc

* Misc

* Misc

* Removed debug statement

* Misc

* Misc

* Fixed tests
 2023-02-09 20:22:42 +05:30
Mzack9999
d57aec5ec7 converting reporting client to interface 2023-02-07 09:45:49 +01:00
Mzack9999
7556416e5b
adding interactsh support to sni (#3276) 2023-02-07 14:02:10 +05:30
Tarun Koyalwar
d18fa6f6b2 fix data race in race requests 2023-02-06 16:18:30 +05:30
Mzack9999
6c56a20544
Adding support for nmhe (#3219) 
* adding support for nmhe

* updating docs
 2023-01-22 15:08:50 +05:30
Mzack9999
e4402e7449
lowering hmap storage requirement via omitempty (#3111) 2023-01-12 20:01:45 +05:30
Tarun Koyalwar
e899afafdf
skip scanallip if input is ip (#3186) 
* skip scanallips for ip input

* uncover,url parsing bug fix

* minor changes:best practices
 2023-01-11 22:50:57 +05:30
Sandeep Singh
2d7948af55
Fixing host skipping error (#3143) 
* removed error resulting into excessive error count

* banner update
 2023-01-04 00:43:18 +05:30
Sandeep Singh
e66821b49f
Added more error + display skipped host on default run for more visibility. (#3123) 2023-01-02 19:00:10 +05:30
Sandeep Singh
212d0e5cfc
Adding more error to ignore with hosts (#3121) 2023-01-02 17:09:39 +05:30
xm1k3
34120fbecc
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) 
* added logs for debug

* fixes

* removed logs

* using cache item

* implemented multiple tests

* fixed some unit tests

* implemented test for skipping

* added multiple tests together

* added mark failed

* fix on tests

* better test implementation + concurrent

* fix: fixes on concurrent tests

* removed parallel and 1 unit test

DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build)

* fixes on go routine

* increasing parallelism of once.Do

* bumping go to 1.19 for atomic types support

* removing redundant check + fixing test concurrency on create

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2023-01-02 13:52:06 +05:30
Mzack9999
34976029d3
removing most go routine leaks (#3073) 
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-24 19:22:14 +05:30
Mzack9999
093d691c16
Issue 3033 deny list (#3037) 
* fixing file deny list + refactoring

* err variable renaming

* removing redundant function

* removing unused code

* adding check on empty operator

* updating tests
 2022-12-21 02:29:28 +05:30
Mzack9999
96c1dd3720
Adding custom ip to protocol generated variables (#3011) 
* lint errors

* Extending context args support

* Ip => ip
 2022-12-10 00:17:03 +05:30
Sandeep Singh
6ae9eee8d3
README + misc updates (#2961) 
* readme update

* version + banner update

* misc option update

* go fmt'ed code

* misc update
 2022-12-04 20:51:33 +05:30
Sandeep Singh
515503f5f6
Added connection refused error to skip with MaxHostError option (#2955) 2022-12-03 12:54:03 +05:30
dependabot[bot]
9d6ca66da9
chore(deps): bump github.com/projectdiscovery/uncover from 0.0.9 to 1.0.0 in /v2 (#2926) 
* chore(deps): bump github.com/projectdiscovery/uncover in /v2

Bumps [github.com/projectdiscovery/uncover](https://github.com/projectdiscovery/uncover) from 0.0.9 to 1.0.0.
- [Release notes](https://github.com/projectdiscovery/uncover/releases)
- [Changelog](https://github.com/projectdiscovery/uncover/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/uncover/compare/v0.0.9...v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/uncover
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Add uncover netlas source

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
 2022-11-30 20:29:55 +05:30
Shubham Rasal
ebfd2e648a
Remove nuclei-updatecheck-api as dependency (#2923) 
* Remove nuclei-updatecheck-api as dependency

* Run go mod tidy

* go mod tidy

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-11-29 23:53:05 +05:30
Mzack9999
b3d4dba047
Reverting retryablehttp-go to fix custom http client (#2900) 
* Reverting retryablehttp-go to fix custom http client

* fixing sandbox test
 2022-11-24 21:16:03 +05:30
Ice3man
e7fb40a413 Added sandboxing for payload files and requests 2022-11-16 13:49:24 +05:30
Shubham Rasal
6b142d794a
Issue 2254 uncover integration (#2786) 
* nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/

- `nuclei -uq 'vuln:CVE-2021-26855' -t cves/2021/`

* Add automatic template execution using metadata

- Query uncover after the template is loaded.
- Add the received hosts to the input provider from uncover
- Make NormalizeStoreInputValue() function public to add hosts from the
  runner after uncover hosts received.

* run go mod tidy

* Remove unnecessary comments

* Resolve the requested changes

- move uncover code to protocols/common/uncover package
- Use uncover delay to create uncover rate limiter
- Use single ratelimiter object and remove not required ratelimiters
- Create Set() method for input provider interface
- Rename normalizeStoreInputValue to Set() method

* Solved the uncover running twice.

- flag StringSliceVarP adds the default value twice in the variable
- Check if provider keys exists or not
- Add uncover help block to english readme.md

* Add uncover field functionality

- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf host
- ./nuclei -uq 'vuln:CVE-2021-26855' -t dns -duc -uf ip:port

* Update error messages and solve nuclei hang for wrong uncover engine

- Get uncover engine values from uncover package

* Resolve merge conflicts

* misc option update

* Update logging for templates

- remove duplicate env log printing
- Log message for template queries

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-11-16 11:12:39 +05:30
Mzack9999
1fbbca66f9
Adding support to scan all v4/v6 IPs (#2709) 
* Adding support to scan all v4/v6 IPs

* adding tests

* metainput prototype

* using new signature

* fixing nil pointer

* adding request context with metadata

* removing log instruction

* fixing merge conflicts

* adding clone helpers

* attempting to fix ipv6 square parenthesis wrap

* fixing dialed ip info

* fixing syntax

* fixing output ip selection

* adding integration tests

* disabling test due to gh ipv6 issue

* using ipv4 only due to GH limited networking

* extending metainput marshaling

* fixing hmap key

* adding test for httpx integration

* fixing lint error

* reworking marshaling/id-calculation

* adding ip version validation

* improving handling non url targets

* fixing condition check
 2022-11-09 18:48:56 +05:30
Mzack9999
6ac669eb43
Replacing rdap with fixed fork (#2819) 
* Replacing rdap with pd fixed fork

* mod tidy

* updating rdap commit ref

* reworking rdap client pool

* removing unused code
 2022-11-08 17:27:18 +05:30
vrenzolaverace
2aaf2a2158
Use utils helpers libraries (#2809) (#2810) 
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
 2022-11-07 01:54:23 +05:30
Ice3man
e1b0564c0a
Fixed nested expression replacement using fasttemplate (#2790) 2022-11-03 18:31:04 +05:30
Ice3man
b9472cf7e1
Added fuzzing support for query params + var dump feature (#2679) 
* Added fuzzing support for query params + var dump feature

* Added query-fuzz integration test

* Fixed payloads + added keys-regex fuzz parameter

* Fixed interactsh not working + misc

* Fixed evaluation + added global variables/dsl support to payloads

* Misc fixes related to variables evaluations

* Added http variables support to fuzz

* misc

* Misc

* Added testing playground + misc renaming

* Added support for path and raw request to fuzzing

* Fixed fuzz integration test

* Fixed variable unresolved issue

* Add multiple parameter support with same name

* Added parameter value as 'value' dsl variable for parts

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-11-01 20:28:50 +05:30
Ice3man
363ffb75db
Added probing for URL + input based on protocol (#2614) 
* Added workflow names based condition

* Added conditional filtering to workflow executor

* Replaced names with single name stringslice

* Added probing for URL + input based on protocol

* Remove debug comments

* Fixed typo

* Fixed failing tests

* Fixed workflow matcher condition + tests

* Fixed workflow item name

* Switch to if-else

* Fixed review comment strict

* Increase bulk size

* Added default port for SSL protocol + misc changes

* Fixed failing tests

* Fixed misc changes to executer

* Fixed failing self-contained and offlinehttp tests

* Fixed atomic increment operation

* misc update

* Fixed failing builds

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-20 17:23:00 +05:30
Ice3man
d956f08cb9
Added attack-type option to override template attack-type (#2724) 
* Added attack-type option to override template attack-type

* Added docs + integration tests
 2022-10-19 03:51:45 +05:30
Bertold Kolics
1af96fc679
Issue 2460: extended unit tests for replacer (#2691) 2022-10-10 22:00:43 +05:30
Mzack9999
33ed5e7c93
Merge pull request #2671 from bertold/bk/randomip-unittest 
Unit test for GetRandomIPWithCidr and fixes
 2022-10-04 12:29:41 +02:00
Bertold Kolics
087be32ae0 Added unit test for GetRandomIPWithCidr 
Fixed an issue with handling non-zero based networks
Fixed an issue handling network addresses with single IPs
 2022-10-03 18:30:55 -05:00
Mzack9999
781e4e6105
Shared Execution Context Prototype (#2576) 
* renaming var

* Introducing shared execution context prototype

* fixing field name

* adding shared values propagation

* adding shared context lock

* add slice values normalization

* adding integration tests

* adding metadata support for dns

* adding multi-protocol context sharing test

* removing debug test files

* moving contextargs around

* adding comments

* refactoring code

- getter/setter for complex types
- using pointers to avoid heap allocations
 2022-10-03 15:42:20 +05:30
Sajad
5377ee3f36
add proxy support at dialer level (#2549) 
* add proxy support at dailer level

* add forward dialer to proxy
 2022-09-16 21:36:17 +05:30
Ice3man
466176e9e8
Merge pull request #2500 from projectdiscovery/goflags-update 
Updated goflags to latest + misc
 2022-08-30 11:52:25 +05:30
M. Ángel Jimeno
62a4e0aa52
Return wrapped errors for DSL compilation problems (#2492) 
This allows the DSL help information to be printed when in debug mode.

Fixes #2481
 2022-08-29 13:41:32 +05:30
Ice3man
8892250583 Updated goflags to latest + misc 2022-08-27 19:35:17 +05:30
Sajad
011da1388d
add option to specify network interface (#2384) 
* add option to specify network interface

* add source-ip flag

* fix typo

* fix err return

* readme update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-08-25 17:42:35 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering (#2374) 
* Adding advanced template filtering

* fixing bug in slice

* refactoring tests

* adding test cases

* increasing error verbosity

* fixing quoted fields with spaces

* adding more test cases

* fixing merge error

* fixing lint errors

* switching to []string

* updating tag filter tests

* updating functional tests

* fixing functional test cases

* updating syntax
 2022-08-25 16:52:08 +05:30
Ice3man
0be596efb4
Added variable debug support with debug mode (#2442) 
* Added variable debug support with debug mode

* Added changes as per review comments

* Fixed debug request condition
 2022-08-25 15:37:03 +05:30
Ice3man
8f313629b8
Memory usage optimizations (#2350) 
* Replaced strings.Replaced with fasttemplate reducing allocations

Custom template parsing logic was replaced with fasttemplate package for reducing
allocations in the replacer.Replace hotpath leading to allocation reduction which
accounted for 30% of total nuclei allocations.

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
BenchmarkReplacer-8               837232              1422 ns/op            2112 B/op         31 allocs/op
BenchmarkReplacerNew-8           3672765               320.3 ns/op            48 B/op          4 allocs/op

* Fixed tests failing

* Use pre-compiled map of DSL expressions

* Reworked expression parsing logic to reduce memory allocations

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions
BenchmarkEvaluate-8        31560             37769 ns/op           31731 B/op        265 allocs/op
BenchmarkEvaluateNew-8       109144              9621 ns/op            6253 B/op        116 allocs/op
 2022-08-23 13:16:41 +05:30
Ice3man
9e531727a7
Fixed a bug with numerical regex in unresolved var detection (#2431) 2022-08-17 03:59:51 +04:00
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Mzack9999
b942ddc6ad
Fixing map race condition (#2340) 2022-07-26 18:30:15 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface (#2291) 
* expose hosterrorscache as an interface, change signature to capture the error reason

* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation

Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
 2022-07-19 02:05:53 +05:30
Sami
6c2fdd3387
Issue 2227 ntv flag run new templates added in specific version (#2275) 
* ntv flag to run templates added in specified version

* added missing arguments

* misc update

* added functional test and err check

* updated the min version

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-07-13 16:49:06 +05:30
Ice3man
5b3c2861c2
Added interact-url placeholder support to variables in http requests (#2237) 
* Added interact-url placeholder support to variables in http requests

* Fixed variable errors

* Fixed issue with interactsh in req
 2022-07-11 22:18:13 +05:30