External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-26 18:55:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,256 Commits 49 Branches 135 Tags
Commit Graph

705 Commits

Author SHA1 Message Date
Josh Soref
4c1c5301b9
Spelling (#4008) 
* spelling: addresses

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: asynchronous

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: basic

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: brute force

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: constant

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: disables

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: engine

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: every time

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: execution

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: false positives

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: from

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: further

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: github

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: gitlab

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: highlight

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: hygiene

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: ignore

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: input

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: item

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: itself

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: latestxxx

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: navigation

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: negative

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: nonexistent

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: occurred

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: override

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: overrides

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: payload

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: performed

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: respective

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: retrieve

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: scanlist

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: separated

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: separator

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: severity

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: source

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: strategy

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: string

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: templates

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: terminal

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: timeout

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: trailing slash

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: trailing

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: websocket

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2023-08-02 00:03:43 +05:30
Dogan Can Bakir
163bc22281
add headless options flag (#3951) 
* add headless options flag

* disable some tests for windows

* disable interactsh tests on darwin

* disable network/hex.yaml on windows

* make DisableOn func
 2023-07-28 21:20:57 +05:30
sandeep
1635a2f58a Merge remote-tracking branch 'origin' into dev 2023-07-22 04:21:43 +05:30
Mzack9999
ac51b571ae
adding set with httpx probe (#3955) 2023-07-22 04:19:52 +05:30
Keith Chason
759ee3d5f8
Markdown Export Sorting (#3961) 
* Sort markdown exports by host, severity, or template

* Switch default to empty string

* use fileutil to create folder

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-07-22 02:24:06 +05:30
Keith Chason
08e1ab9ddd
Disable Template Locations (#3705) (#3926) 
* Download override option definition

* Update the variable names for consistency

* Add checks for custom template disable flags

* Environment variable controlled template downloads

* Switch env naming per feedback from @ehsandeep

* minor changes

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-07-18 00:53:10 +05:30
Keith Chason
b3ccb9a6e5
Exclude Raw Request Payloads (#3710) 
* Add command docs and CLI hook

* Add configurable exclusion from reports

* Register the CLI argument with exporter configuration

* Switch to inverted logic with JSONRequest flag

* Switch variable name for the -include-rr/-irr flag

* Remove flags from README

* Update call for -irr and -or

* convert -irr to no-op

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-07-05 02:07:56 +05:30
Mzack9999
fa199ed3b3
Improving clientpool with client certificates (#3851) 
* Improving clientpool with client certificates

* adding test case

* Revert "Merge branch 'dev' into issue-3800-client-cert"

This reverts commit 7f057d742f4b9bda8e83b2052e29617b86b6776d, reversing
changes made to 7297cebcf8bb0f88961b644fc2ac7c040df8ffd9.

* Revert "Revert "Merge branch 'dev' into issue-3800-client-cert""

This reverts commit 2053a248a0cdc2002e0b4b4faa3472cf11c29760.

* go fmt

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-06-26 17:45:12 +05:30
Mzack9999
f9039c0557 adding comment 2023-06-12 12:35:21 +02:00
Mzack9999
83b6ab54a6 Using safe dereferencing 2023-06-12 12:30:46 +02:00
三米前有蕉皮
b4e4715d36
deprecatedProtocolNameTemplates concurrent map writes (#3785) 
* deprecatedProtocolNameTemplates

* use syncLock

* fix lint error

* change version in deprecated warning msg

* comment asnmap expand unit test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
 2023-06-08 23:58:40 +05:30
Dogan Can Bakir
512a481997
enable no-httpx when passive scan is launched (#3789) 2023-06-07 18:46:01 +05:30
Tarun Koyalwar
8f55579924
fix gitlab custom template update (#3769) 
* fix gitlab custom template update

* exclude AS134029 from unit test
 2023-06-01 14:59:15 +05:30
Keith Chason
4d6080f3bc
"Executer" to "Executor" (#3760) 
* Fix spelling of "executer" to "executor"

* minor change: use defer file.Close()

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-06-01 02:28:10 +05:30
sandeep
74ab1428be Merge branch 'dev' 2023-05-28 16:58:08 +05:30
Keith Chason
42a59189f3
Fix mis-spellings and other comment cleanup (#3704) 2023-05-19 21:06:39 +05:30
Tarun Koyalwar
4a6a0185f5
Feat template update improvements (#3675) 
* path modification of official templates

* fix deprecated paths counter

* add reset flag to nuclei

* bug fix: deprecated path counter

* ignore meta files

* purge empty dirs

* fix lint error
 2023-05-12 05:17:19 +05:30
Tarun Koyalwar
c62dc01f9f
uncover logic refactor to v0.0.4 (#3663) 
* uncover logic refactor to v0.0.4

* remove deprecated import: stringsutil
 2023-05-09 03:57:56 +05:30
Tarun Koyalwar
37aaa5ebaa
add support for resolving old template paths (#3635) 
* add support for resolving old template paths

* skip resolving if new path is specified

* add debug statement

* show error if fallback failed

* remove debug statement

* remove fallback errors

* print warning for deprecated paths

* add warnings for  deprecated paths/protocol names

* misc update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-05-04 01:43:41 +05:30
Keith Chason
dcb003211c
Gitlab Custom Templates (#3570) 
* Configuration options for GitLab template pulls

* GitLab client creation

* GitLab hooks and property renames

* Fix filesystem writing and update environment variables

* Fix type error in formatted error message

* Migrate directory config to new nucleiconfig file

* refactor + add custom templates to tm

* typo fix + only show installed ct with -tv

* add default gitlab url if not given

* fix template valid failure

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-04-20 03:12:52 +05:30
Tarun Koyalwar
bf08913cd0
update logic + config management refactor (#3567) 
* adds template manager

* refactor: checkpoint

* centrailized config & template download logic

* refactor removed unused code

* use global template directory

* update related bug fixes

* bug fix create cfg dir if missing

* fix lint error

* bug fix skip writing template dir in callback

* misc update

* remove unused code

* use strings.equalfold for comparison

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-04-19 21:58:48 +05:30
Keith Chason
786ee982ed
Azure Blob Storage Custom Template Provider (#3542) 
* Initial library creation for downloading blobs from Azure

* Environment variable hooks for Azure config values

* Missing configuration checks for Azure blob connection

* Package dependencies for Azure client library

* Make output directory if it doesn't exist, add log for downloaded templates

* Add example formats for Azure properties

* Add path to the output after download

* Only download .yaml files instead of also .yml .json
 2023-04-17 13:48:06 +05:30
Mzack9999
6f4b1ae48a
Replacing ccache with generic gcache (#3523) 
* Replacing ccache with generic gcache

* fixing lint issues

* removing unecessary hashing + using errorutils

* making test more tolerant

* removing dead code + refactor

* removing redundant code

* removing race

* maint

* moving code

* adding more iterations

* note + typo

* temporary fixing stop-at-first-match with interact

* wrapping internal map with mux

* sort before running integration test

* fix deadlock in requestShouldStopAtFirstMatch

* add timeout to integration_test workflow

* attempting to remove outer lock

* adds interactsh protocol tests in integration_test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-04-16 23:19:35 +05:30
Tarun Koyalwar
ece20ec15c
use proxyutils + fix proxy panic (#3526) 2023-04-12 12:49:58 +05:30
Keith Chason
3476f4d1d6
JSONL(ine) Export (#3504) (#3505) 
* Add initial hooks for JSONL export

* Add newline character after each result

* fix integration test (#3506)

* fix integration test

* fix interactsh fatal error

* fix default report-config.yaml

---------

Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-04-08 17:44:41 +05:30
Keith Chason
4d96025bec
JSON Export Handling Updates (#3466) 
* Switch -json to -jsonl

* Add JSON output file

* Update docs for EN and ID

* Fix linting issue with error wrap

* Add -j flag

* Fix call for short flag

* Correct typo "Ciper" to "Cipher" (#3468)

* migrate dsl helper functions to dsl repo (#3461)

* migrate dsl pkg code to dsl repo

* fix lint error

* upgrade dsl dependency

* upgrade deps

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>

* chore(deps): bump github.com/projectdiscovery/httpx in /v2 (#3469)

Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.2.7 to 1.2.9.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.2.7...v1.2.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/weppos/publicsuffix-go in /v2 (#3472)

Bumps [github.com/weppos/publicsuffix-go](https://github.com/weppos/publicsuffix-go) from 0.20.0 to 0.30.0.
- [Release notes](https://github.com/weppos/publicsuffix-go/releases)
- [Changelog](https://github.com/weppos/publicsuffix-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-go/compare/v0.20.0...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/weppos/publicsuffix-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/wappalyzergo in /v2 (#3473)

Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.0.81 to 0.0.88.
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.0.81...v0.0.88)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3470)

Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.10 to 0.0.11.
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.10...v0.0.11)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* debug catalog path

* use paths instead of filepath for aws path

* deps update (#3477)

* deps update

* fixing gologger via callback

* Moved `json-export` flag to the other exporters

* Switch "json[-_]exporter to jsonexporter"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
 2023-03-31 15:29:29 +05:30
Tarun Koyalwar
f8c5a45966
add mkdir support in headless screenshot (#3457) 
* add mkdir support in headless screenshot

* use filepath to join paths

* print info when screenshot is saved

* change version to v2.9.1-dev

* minor fixings on windows path

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2023-03-24 00:44:32 +05:30
Mzack9999
c182434130
json templates support (load with flags, run & validate ) (#3424) 
* extending template identification logic

* removing test code

* local debug

* json template loading support using flags

* blacklist meta json files

* minor changes

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-03-16 13:33:59 +05:30
Mzack9999
0bf8fc027d
Fixing nil pointer reference + use map helper (#3421) 
* Fixing nil pointer reference + use map helper

* bump tlsx version to v1.0.6

* increase interactsh polling in integration_test

* fix nil pointer dereference in integration_test

* fix lint error

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-03-14 21:27:48 +05:30
Austin Traver
0d90a555f6
adds -track-error option to add custom errors to max-host-error watchlist (#3399) 
* Allow user to specify for "context deadline exceeded" errors to count toward the max host error count

* Convert flag to a string slice `--track-error`

* Minimize diff

* Add documentation for `-track-error`

* adds unit test & minor improvements

* update flag description

---------

Co-authored-by: Austin Traver <austin_traver@intuit.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-03-14 13:59:42 +05:30
sullo
62bc659914
Change "Operative System" to "Operating System" (#3400) 2023-03-09 12:36:55 +05:30
Tarun Koyalwar
d9e953acfa
fix file input in custom vars for self contained http template (#3385) 
* fix file input in variables(-V)

* fix lint error

* fix nuclei-ignore file failures
 2023-03-04 04:57:27 +05:30
xm1k3
bab15e122b http.DefaultClient replaced with retryablehttp 2023-03-02 21:21:04 +01:00
xm1k3
886fdcf0a9 started move to retryablehttp 2023-03-02 14:54:01 +01:00
xm1k3
ffd758dcb1 added InitNucleiVersion 2023-03-02 09:37:42 +01:00
xm1k3
5959daa58f removed nucleiVersion var as unused 2023-03-01 18:05:56 +01:00
Mzack9999
d57aec5ec7 converting reporting client to interface 2023-02-07 09:45:49 +01:00
xm1k3
1e5358b1fa
Improve passive templates error handling (#3098) 
* fixes on passive templates

* Auto Generate Syntax Docs + JSONSchema [Thu Dec 29 08:47:22 UTC 2022] 🤖

* removed empty line

* warning management

When passive flag is provided we ignore all templates which are not compatible, without posting misleading errors

* removing redundant code

* skip offline errors with err var

* remove check on debug flag + used errors.Is() to check errors

important note for future refactoring: use errorsutil.Is() instead of errors.Is()

---------

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2023-02-07 05:10:38 +05:30
Ice3man
197d055c5e
Use httpx as library for http probing (#3261) 
* Use httpx as library for http probing

* Changed HTTP method to HEAD for probing
 2023-02-06 23:34:33 +05:30
xm1k3
a81c754db5
support env var from report yaml (#3188) 
* added support yaml for report options

* better to use .HasPrefix()

* wip: working on unmarshal YAML optimization

* managed yaml tag + nil pointers + unit test

* implemented tests

* removed unused code from reporting + code refactoring

* WIP: code refactoring and tests

* check on env var

* more test coverage and added callback func

* docs + renaming func

* moved callback logic + removed yaml validation

* used yaml decoder

* struct typo

* refactoring walk method with generic signature

* removed yamlwrapper refs, used yaml2 + docs

implemented test to check also fields without yaml tag

* used DecodeAndValidate()

* removed double import reference

---------

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2023-02-01 02:38:17 +05:30
Tarun Koyalwar
68d1b2f3f3
fix nuclei panic with ratelimit v0.0.5 (#3257) 
* fix ratelimit panic

* fix race conditions in ratelimit

* bump ratelimit to v0.0.6
 2023-01-31 21:27:13 +05:30
Mzack9999
6c56a20544
Adding support for nmhe (#3219) 
* adding support for nmhe

* updating docs
 2023-01-22 15:08:50 +05:30
Tarun Koyalwar
6ebf5a789e
fix host spray race condition (#3213) 
* core: bug fixes

* best practices: uniform comments
 2023-01-20 23:49:04 +05:30
Ice3man
dbb4de028e
Added clustering support for DNS protocol templates (#3204) 2023-01-17 13:01:20 +05:30
Ice3man
7200e83d47 Fixed panic with non-existent target and no cloud flag typo 2023-01-16 19:06:04 +05:30
Jaideep Khandelwal
a1642be911
Enable/Disable a reporting source (#3183) 
* Enable/Disable a reporting source

* misc options update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-01-15 22:21:16 +05:30
Ice3man
67c094444e
Added cloud scan progress tracking using stats (#3180) 
* Added cloud scan progress tracking using stats

* Changed log messsage

* Fixed linting error

* Fixed bug in progress calculation logic

* Changed requests to input with cloud flag

* Changed progress name + removed redundant fields
 2023-01-13 13:41:05 +05:30
Siddharth Shashikar
924da4197b
Use target filepath instead of target dir path to upload targets (#3182) 2023-01-12 01:34:58 +05:30
Shubham Rasal
25fcae1493
add reporting source in nuclei-cloud (#3151) 
* add reporting source in nuclei-cloud

- `nuclei -cloud -rc reporting-config.yaml`

* update error message

* add severity options for jira,(used for cloud only)
 2023-01-10 22:49:01 +05:30
Jaideep Khandelwal
eabd4954cf
Fix panic when when nuclei server is shutdown (#3139) 2023-01-03 23:56:33 +05:30