External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-25 14:05:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,895 Commits 49 Branches 135 Tags
Commit Graph

510 Commits

Author SHA1 Message Date
Tarun Koyalwar
21b03a2e8a
bug fix in url path and adds integration tests (#3331) 
* fix unsafe edgecases+ adds integration test

* bug fixes and more url testcases

* upgrade cfssl

* fix template id in integration test
 2023-02-20 22:26:04 +05:30
Mzack9999
d608ffaeb2
clear after stop (#3312) 
* clear after stop

* fixing data races

* adding atomic cache

* fixing lint errors

* fixing imports
 2023-02-13 16:46:41 +05:30
Tarun Koyalwar
e622b989fe
fix url re-encoding issues (#3294) 
* fix double url encoding in urls

* remove extra slash

* url encode matchedURL
 2023-02-10 18:28:28 +05:30
Mzack9999
7556416e5b
adding interactsh support to sni (#3276) 2023-02-07 14:02:10 +05:30
Tarun Koyalwar
32a6adb82e
fix data race in payload (#3265) 2023-02-05 00:00:01 +05:30
Tarun Koyalwar
628628893c
fix make http request inconsistencies (#3243) 
* fix make http request inconsistencies

* remove parameters from http vars

* fix trailingslash unit test

* naming conventions: best practices

* fix publish docs action

* remove branch ref from push
 2023-02-01 17:23:28 +05:30
Tarun Koyalwar
0b2a3e296a
fix url encoding issues and inconsistencies (#3211) 
* fix url encoding issues

* complete requested changes and improvements

* fix missing issue-tracker-config.yaml

* fuzz: deepcopy and use urlutil.Params
 2023-01-24 22:04:52 +05:30
Tarun Koyalwar
edcab07fec
fix aws signer missing template variables (#3206) 
* aws sign: fix missing variables

* signer: add aws defaults

* aws signer default values
 2023-01-24 20:50:20 +05:30
Tarun Koyalwar
6ebf5a789e
fix host spray race condition (#3213) 
* core: bug fixes

* best practices: uniform comments
 2023-01-20 23:49:04 +05:30
Tarun Koyalwar
f646e00c3d
fix unsafe raw request matchedUrl (#3155) 
* fix unsafe raw request matchedurl

* quote metadata in CLI output
 2023-01-05 21:02:36 +05:30
Tarun Koyalwar
4aa2002e72
urlencode key characters only (#3150) 
* only encode key characters

* improve test cases
 2023-01-05 16:41:59 +05:30
Tarun Koyalwar
e66ed30cec
fix missing trailing slash (#3127) 
* raw: fix missing trailing slash

* adds rawpath integration test

* rename trailing slash test
 2023-01-03 23:45:34 +05:30
Tarun Koyalwar
a5b39dcaa5
automerge url parameters from input and templates (#3010) 
* fix automerge url parameters

* fix url encoding & refactor raw request

* handle trailing slash edgecases

* minor code refactoring
 2022-12-13 12:09:31 +05:30
Mzack9999
96c1dd3720
Adding custom ip to protocol generated variables (#3011) 
* lint errors

* Extending context args support

* Ip => ip
 2022-12-10 00:17:03 +05:30
Ice3man
30f26a32ed Do not consider fuzzing template during clustering 2022-12-05 23:07:38 +05:30
xm1k3
628b96f768
added force http2 option (#2919) 
* added force http2 option

* implemented http2 with transport method

* fix and added forcehttp on clientpool

* updated readme with new flag

* option update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-04 22:32:01 +05:30
Ice3man
514c6e2d1e
Added timestamp optional flag + user-agent to probing (#2962) 
* Added timestamp optional flag + user-agent to probing

* fix typo

* misc update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-04 22:16:55 +05:30
Tarun Koyalwar
3b31799847
Issue 2840 aws signature (#2924) 
* docker go version update

* docker fix

* version update

* update chinese readme and typo fixes. (#2862)

* fix aws request signer

* fix reader by upgrading retryablehttp-go

* go mod tidy

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>
 2022-12-03 07:10:57 +05:30
Ice3man
e7fb40a413 Added sandboxing for payload files and requests 2022-11-16 13:49:24 +05:30
Mzack9999
1fbbca66f9
Adding support to scan all v4/v6 IPs (#2709) 
* Adding support to scan all v4/v6 IPs

* adding tests

* metainput prototype

* using new signature

* fixing nil pointer

* adding request context with metadata

* removing log instruction

* fixing merge conflicts

* adding clone helpers

* attempting to fix ipv6 square parenthesis wrap

* fixing dialed ip info

* fixing syntax

* fixing output ip selection

* adding integration tests

* disabling test due to gh ipv6 issue

* using ipv4 only due to GH limited networking

* extending metainput marshaling

* fixing hmap key

* adding test for httpx integration

* fixing lint error

* reworking marshaling/id-calculation

* adding ip version validation

* improving handling non url targets

* fixing condition check
 2022-11-09 18:48:56 +05:30
vrenzolaverace
2aaf2a2158
Use utils helpers libraries (#2809) (#2810) 
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
 2022-11-07 01:54:23 +05:30
Ice3man
b9472cf7e1
Added fuzzing support for query params + var dump feature (#2679) 
* Added fuzzing support for query params + var dump feature

* Added query-fuzz integration test

* Fixed payloads + added keys-regex fuzz parameter

* Fixed interactsh not working + misc

* Fixed evaluation + added global variables/dsl support to payloads

* Misc fixes related to variables evaluations

* Added http variables support to fuzz

* misc

* Misc

* Added testing playground + misc renaming

* Added support for path and raw request to fuzzing

* Fixed fuzz integration test

* Fixed variable unresolved issue

* Add multiple parameter support with same name

* Added parameter value as 'value' dsl variable for parts

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-11-01 20:28:50 +05:30
Mzack9999
cc0c20053a
Improving unsafe uri path (#2722) 
* Improving unsafe uri path

* fixing raw path output
 2022-10-27 20:09:38 +02:00
Sajad
928f082109
set content_length as len(body) if response ContentLength is -1 (#2407) 
* set content_length as len(body) if response ContentLength is -1

* move content-length calculation to utils

* adding basic tests

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-10-24 16:37:09 +02:00
Ice3man
d956f08cb9
Added attack-type option to override template attack-type (#2724) 
* Added attack-type option to override template attack-type

* Added docs + integration tests
 2022-10-19 03:51:45 +05:30
Mzack9999
9493dfdb20
Adding automatic request condition detection (#2707) 
* Adding automatic request condition detection

* adding missing checks on part

* test update as per latest change

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-15 15:19:04 +05:30
mzack
70cecf83fb Adding custom cancel function 2022-10-10 08:10:07 +02:00
Ice3man
9944f5e94e
Added response truncation support with flags (#2688) 
* Added response truncation support with flags

* Fixed failing tests for no size
 2022-10-07 20:10:00 +05:30
Mzack9999
781e4e6105
Shared Execution Context Prototype (#2576) 
* renaming var

* Introducing shared execution context prototype

* fixing field name

* adding shared values propagation

* adding shared context lock

* add slice values normalization

* adding integration tests

* adding metadata support for dns

* adding multi-protocol context sharing test

* removing debug test files

* moving contextargs around

* adding comments

* refactoring code

- getter/setter for complex types
- using pointers to avoid heap allocations
 2022-10-03 15:42:20 +05:30
Mzack9999
0b1ff2bfa4
Forcing conns to be gc-ed by default disabling keep-alive (#2642) 
* Forcing conns to be gc-ed with keep-alive

* removing redundant code

keep-alive are disabled by default

* fixing merge conflict

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-09-30 04:25:56 +05:30
Mzack9999
18f14b631c
Adding same host redirect support (#2655) 
* simplifying test syntax

* adding same host redirect + refactoring redirect handling

* adding missing file

* adding support for template syntax

* adding integration test

* updating options

* fixing issue on same host redirect
 2022-09-29 04:11:28 +05:30
Mzack9999
99c14f4c9c
implementation of rate limiter with bucket refill and unrestricted token burst (#2536) 
* implementation of rate limiter with interval burst

* fixing import path

* fixing syntax

* adding tests

* fixing lint errors

* adding support for context

* moving rate limiter earlier to avoid hitting timeout
 2022-09-19 17:09:28 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering (#2374) 
* Adding advanced template filtering

* fixing bug in slice

* refactoring tests

* adding test cases

* increasing error verbosity

* fixing quoted fields with spaces

* adding more test cases

* fixing merge error

* fixing lint errors

* switching to []string

* updating tag filter tests

* updating functional tests

* fixing functional test cases

* updating syntax
 2022-08-25 16:52:08 +05:30
51pwn
606c361b2a
Add substr and aes_cbc DSL functions (#2361) 
* 1、add DSL substr for #2304 By @hktalent
substr('xxtestxxx',2)。   testxxx
substr('xxtestxxx',2,-2)  testx
substr('xxtestxxx',2,6)   test

2、add DSL aes_cbc for #2243 By @hktalent
aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")

3、fixed An error occurs when running nuclei with multiple instances #2301 By @hktalent

* refactoring helpers

* removing unwanted mutex

* commenting out test

* removing aes_cbc test due to random iv

Co-authored-by: 51pwn <51pwn@51pwn.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-25 15:50:08 +05:30
Ice3man
0be596efb4
Added variable debug support with debug mode (#2442) 
* Added variable debug support with debug mode

* Added changes as per review comments

* Fixed debug request condition
 2022-08-25 15:37:03 +05:30
M. Ángel Jimeno
ecb3f21076
http: prevent HTTP 'connection' header from being added twice (#2480) 
* http: prevent HTTP 'connection' header from being added twice

* misc fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-25 00:25:02 +05:30
Ice3man
8165db2633
Fixed fatal panic in http header map read (#2488) 2022-08-24 23:29:22 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30
Dani Goland
8670c8b20d
Modified "xpath" extractor to support XML XPath in addition to HTML XPath (#2471) 
* Modified "xpath" extractor to support XML XPath in addition to HTML XPath

* Updated function docs
 2022-08-22 15:27:32 +05:30
xixijun
2ae7e58c83
Fix socks5 proxy not working on tor proxy (#2455) 
* fix: socks5 proxy not working on tor proxy

* fix: socks5 proxy not working on tor proxy

* minor refactoring

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-22 15:18:45 +05:30
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Ice3man
4dc98a1d95
Added support for blank Request-URI which specifies no slash suffix (#2414) 2022-08-10 10:15:09 -07:00
Sami
4da4ca5a16
missing ip in json (#2310) 
* missing ip in json

* using GetDNSData in place of GetDialedIP

* updated go mod

* bumping rawhttp test version

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-26 17:08:53 +05:30
Ice3man
2873e6ebc8
Added timeout context cancellation to http requests (#2319) 2022-07-21 21:29:34 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface (#2291) 
* expose hosterrorscache as an interface, change signature to capture the error reason

* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation

Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
 2022-07-19 02:05:53 +05:30
Ice3man
07d5beb73a
Fixed race condition with raw http options (#2306) 2022-07-19 01:08:30 +05:30
Mzack9999
cf1039f49c
Adding prototype of request flow override annotations (#2161) 
* Adding prototype of request flow override annotations

* reworking iteration engine

* adding directory to .gitignore
 2022-07-18 14:16:03 +05:30
Ice3man
5b3c2861c2
Added interact-url placeholder support to variables in http requests (#2237) 
* Added interact-url placeholder support to variables in http requests

* Fixed variable errors

* Fixed issue with interactsh in req
 2022-07-11 22:18:13 +05:30
anykno
73a0043f2d
fix: socks5 proxy not working on https target (#2228) 
* fix: socks5 proxy not working on https target

* small name refactor

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-01 15:31:00 +05:30
Ice3man
f3de611b49
Added enhancements for http variables support (#2223) 2022-06-28 20:20:18 +05:30