nuclei

mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-29 14:03:02 +00:00

Author	SHA1	Message	Date
Daniil Morozov	c377221a78	header fuzzing support in http templates (#4114 ) * Add headersPartType for fuzzing * fix nil pointer dereference for headless mode * minor changes+ add integration test * update template in fuzz-header-multiple --------- Co-authored-by: 0x123456789 <0x123456789> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-09-19 00:01:32 +05:30
DoI	f520d7e843	XPath matcher support (#4087 ) * Added xpath response matching support * Add validation for user-supplied XPath * xpath matcher comment fix * Added XPath matched documentation * minor changes: remove warnings --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-08-25 22:41:51 +05:30
Sandeep Singh	d3928e080d	optional file read in headless protocol (#4055 ) * use -lfa and -lna in headless * fix lna in headless * misc update * fix nil pointer dereference in test * fix lint & unit test * use urlutil * headless protocol scheme improvements * add unit and integration tests * run unit test from binary --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-08-25 18:30:46 +05:30
Tarun Koyalwar	430e2b92c1	fix broken image link in TestActionGetResource (#4075 )	2023-08-21 20:33:52 +05:30
Josh Soref	4c1c5301b9	Spelling (#4008 ) * spelling: addresses Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: asynchronous Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: basic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: brute force Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: constant Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: engine Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: execution Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: false positives Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: from Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: further Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: highlight Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: hygiene Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignore Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: input Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: item Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: itself Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: latestxxx Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: navigation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: negative Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: occurred Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: override Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: overrides Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: payload Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: performed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: respective Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: retrieve Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scanlist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separated Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: severity Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: source Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: strategy Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: templates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: terminal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: timeout Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing slash Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: websocket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2023-08-02 00:03:43 +05:30
Dogan Can Bakir	163bc22281	add headless options flag (#3951 ) * add headless options flag * disable some tests for windows * disable interactsh tests on darwin * disable network/hex.yaml on windows * make DisableOn func	2023-07-28 21:20:57 +05:30
Tarun Koyalwar	beb1bf6d2c	headless: automerge and other improvements (#3958 ) * headless: automerge and other improvements * fix typo in function signature	2023-07-28 19:28:20 +05:30
Mzack9999	e5154d362a	fixing payload load (#3927 ) * fixing payload load * Added tests for load payloads edge-case + fixed error * Added separate flags for network and file sandbox * Fixed tests for payload loader * Fixed integration tests locally * readme update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-07-14 19:39:32 +05:30
Tarun Koyalwar	d51e058791	add ErrNoMoreRequests for generator (#3918 ) * add ErrNoMoreRequests for generator * fix gh repo name convention * fix dirname in unit test	2023-07-13 00:51:06 +05:30
Mzack9999	c9d0942bc1	Extend headless contextargs (#3850 ) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-06-26 22:55:51 +05:30
Mzack9999	2a32ed9cba	Adding random tls impersonate (#3844 ) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-06-21 17:17:18 +05:30
Dogan Can Bakir	a4ca2021cd	Add headless header and status matchers (#3794 ) * add headless header and status matchers * rename headers as header * add integration test for header+status * fix typo	2023-06-09 15:03:03 +05:30
Shubham Rasal	a34b94e62f	Issue 3339 headless fuzz (#3790 ) * Basic headless fuzzing * Remove debug statements * Add integration tests * Update template * Fix recognize payload value in matcher * Update tempalte * use req.SetURL() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-06-09 05:50:44 +05:30
Keith Chason	4d6080f3bc	"Executer" to "Executor" (#3760 ) * Fix spelling of "executer" to "executor" * minor change: use defer file.Close() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-06-01 02:28:10 +05:30
Mzack9999	0d2d510689	Adding support for constants (#3692 ) * adding support for constants * fixing typo * adding integration test * fixing lint issues * fixing template syntax	2023-05-25 22:02:35 +05:30
lu4nx	027880af34	update rod to v0.112.9 #3552 (#3637 ) * update rod to v0.112.9 * removed unused reflection --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-05-03 14:40:58 +05:30
Shubham Rasal	449afc0c5c	Issue 3564 var override (#3599 ) * Check if the variables are override by other means - you can override the template variable value using command line flags * Update lazy eval logic - previously, we were checking any function/expression in variable - now, update the logic, lazy eval only if variable contains any protocol variable(global) * add integration tests * Add test to check the dsl function working in variable * gather all generate variables logic in utils * go mod update * Refactor the generate variables function * go mod update+ fix typo --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>	2023-05-02 23:49:56 +05:30
Suraj Kamath	537814bae8	Fix check for OS made in MustDisableSandbox() (#3631 ) Signed-off-by: iamargus95 <kamathsuraj95@gmail.com>	2023-05-02 15:04:24 +05:30
Mzack9999	64adad131f	Removing redundant code with utils	2023-04-23 21:37:25 +02:00
Mzack9999	978d0bcc23	Replacing goos with osutils (#3571 ) * Replacing goos with osutils * pleasing his majesty the linter	2023-04-19 23:00:15 +05:30
Tarun Koyalwar	bf08913cd0	update logic + config management refactor (#3567 ) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2023-04-19 21:58:48 +05:30
mlec	ed31fc4449	fix(links): Replace Master to Main in links 🩹 (#3485 ) Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2023-03-31 16:27:15 +05:30
Tarun Koyalwar	f8c5a45966	add mkdir support in headless screenshot (#3457 ) * add mkdir support in headless screenshot * use filepath to join paths * print info when screenshot is saved * change version to v2.9.1-dev * minor fixings on windows path --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2023-03-24 00:44:32 +05:30
Mzack9999	d7ac306bdf	Adding one-time method override (#3373 )	2023-03-04 12:27:26 +05:30
Tarun Koyalwar	d9e953acfa	fix file input in custom vars for self contained http template (#3385 ) * fix file input in variables(-V) * fix lint error * fix nuclei-ignore file failures	2023-03-04 04:57:27 +05:30
王一之	27fefe59d3	fix json deserialization issues	2023-02-27 14:29:49 +08:00
王一之	85090b7531	fix some json deserialization issues	2023-02-17 14:21:25 +08:00
Mzack9999	518944f6e8	Adding proxy use in headless binary download (#3290 ) * Adding proxy use in headless binary download * bumping utils	2023-02-09 20:01:49 +05:30
Mzack9999	7556416e5b	adding interactsh support to sni (#3276 )	2023-02-07 14:02:10 +05:30
Tarun Koyalwar	0b2a3e296a	fix url encoding issues and inconsistencies (#3211 ) * fix url encoding issues * complete requested changes and improvements * fix missing issue-tracker-config.yaml * fuzz: deepcopy and use urlutil.Params	2023-01-24 22:04:52 +05:30
Mzack9999	a96f764959	extending request/response hijacking with native calls (#3091 ) * extending request/response hijacking with native calls * fixing tests	2023-01-05 17:26:18 +05:30
Mzack9999	093d691c16	Issue 3033 deny list (#3037 ) * fixing file deny list + refactoring * err variable renaming * removing redundant function * removing unused code * adding check on empty operator * updating tests	2022-12-21 02:29:28 +05:30
xm1k3	aaae68ee50	The debug flags do not work correctly with headless templates (#3030 ) * added check on BaseURL * added debug flag instead on info * added also debug response flag * code refactoring	2022-12-20 17:30:34 +05:30
Tarun Koyalwar	63150a8ee4	add stop-at-first-match for headless protocol (#3034 ) * headless: adds stop-at-first-match * GH workflow fix * misc fix * headless use spm option Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2022-12-19 19:52:17 +05:30
Mzack9999	96c1dd3720	Adding custom ip to protocol generated variables (#3011 ) * lint errors * Extending context args support * Ip => ip	2022-12-10 00:17:03 +05:30
xm1k3	628b96f768	added force http2 option (#2919 ) * added force http2 option * implemented http2 with transport method * fix and added forcehttp on clientpool * updated readme with new flag * option update Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>	2022-12-04 22:32:01 +05:30
Ice3man	291a0fea94	Merge pull request #2856 from projectdiscovery/sandbox-pr Added sandboxing for payload files and requests	2022-11-24 14:07:33 +05:30
Parth Malhotra	3014b40ac6	Fixes #2885 (#2886 ) * docker go version update * docker fix * version update * update chinese readme and typo fixes. (#2862) * Fixes #2885 Fixes #2885 Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>	2022-11-23 18:21:22 +05:30
Ice3man	e7fb40a413	Added sandboxing for payload files and requests	2022-11-16 13:49:24 +05:30
Mzack9999	1fbbca66f9	Adding support to scan all v4/v6 IPs (#2709 ) * Adding support to scan all v4/v6 IPs * adding tests * metainput prototype * using new signature * fixing nil pointer * adding request context with metadata * removing log instruction * fixing merge conflicts * adding clone helpers * attempting to fix ipv6 square parenthesis wrap * fixing dialed ip info * fixing syntax * fixing output ip selection * adding integration tests * disabling test due to gh ipv6 issue * using ipv4 only due to GH limited networking * extending metainput marshaling * fixing hmap key * adding test for httpx integration * fixing lint error * reworking marshaling/id-calculation * adding ip version validation * improving handling non url targets * fixing condition check	2022-11-09 18:48:56 +05:30
vrenzolaverace	2aaf2a2158	Use utils helpers libraries (#2809 ) (#2810 ) * Use utils helpers libraries (#2809) * Use utils helpers libraries (#2809)	2022-11-07 01:54:23 +05:30
Ice3man	b9472cf7e1	Added fuzzing support for query params + var dump feature (#2679 ) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>	2022-11-01 20:28:50 +05:30
Ice3man	d956f08cb9	Added attack-type option to override template attack-type (#2724 ) * Added attack-type option to override template attack-type * Added docs + integration tests	2022-10-19 03:51:45 +05:30
Mzack9999	781e4e6105	Shared Execution Context Prototype (#2576 ) * renaming var * Introducing shared execution context prototype * fixing field name * adding shared values propagation * adding shared context lock * add slice values normalization * adding integration tests * adding metadata support for dns * adding multi-protocol context sharing test * removing debug test files * moving contextargs around * adding comments * refactoring code - getter/setter for complex types - using pointers to avoid heap allocations	2022-10-03 15:42:20 +05:30
mzack	2cf0005eaa	updating syntax	2022-09-28 01:51:47 +02:00
Mzack9999	7ce03bcc5b	Optional use of local chrome for headless tests via tags (#2568 )	2022-09-07 16:09:22 +05:30
Mzack9999	30054d1fb6	Adding advanced template filtering (#2374 ) * Adding advanced template filtering * fixing bug in slice * refactoring tests * adding test cases * increasing error verbosity * fixing quoted fields with spaces * adding more test cases * fixing merge error * fixing lint errors * switching to []string * updating tag filter tests * updating functional tests * fixing functional test cases * updating syntax	2022-08-25 16:52:08 +05:30
Ice3man	0be596efb4	Added variable debug support with debug mode (#2442 ) * Added variable debug support with debug mode * Added changes as per review comments * Fixed debug request condition	2022-08-25 15:37:03 +05:30
xixijun	2ae7e58c83	Fix socks5 proxy not working on tor proxy (#2455 ) * fix: socks5 proxy not working on tor proxy * fix: socks5 proxy not working on tor proxy * minor refactoring Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com>	2022-08-22 15:18:45 +05:30
forgedhallpass	d24736f655	fix typo in the headless `setmethod` function #2365	2022-07-29 14:38:07 +03:00

1 2 3 4

197 Commits