External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-19 13:45:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,663 Commits 49 Branches 135 Tags
Commit Graph

498 Commits

Author SHA1 Message Date
Tarun Koyalwar
a5b39dcaa5
automerge url parameters from input and templates (#3010) 
* fix automerge url parameters

* fix url encoding & refactor raw request

* handle trailing slash edgecases

* minor code refactoring
 2022-12-13 12:09:31 +05:30
Mzack9999
96c1dd3720
Adding custom ip to protocol generated variables (#3011) 
* lint errors

* Extending context args support

* Ip => ip
 2022-12-10 00:17:03 +05:30
Ice3man
30f26a32ed Do not consider fuzzing template during clustering 2022-12-05 23:07:38 +05:30
xm1k3
628b96f768
added force http2 option (#2919) 
* added force http2 option

* implemented http2 with transport method

* fix and added forcehttp on clientpool

* updated readme with new flag

* option update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-04 22:32:01 +05:30
Ice3man
514c6e2d1e
Added timestamp optional flag + user-agent to probing (#2962) 
* Added timestamp optional flag + user-agent to probing

* fix typo

* misc update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-04 22:16:55 +05:30
Tarun Koyalwar
3b31799847
Issue 2840 aws signature (#2924) 
* docker go version update

* docker fix

* version update

* update chinese readme and typo fixes. (#2862)

* fix aws request signer

* fix reader by upgrading retryablehttp-go

* go mod tidy

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com>
 2022-12-03 07:10:57 +05:30
Ice3man
e7fb40a413 Added sandboxing for payload files and requests 2022-11-16 13:49:24 +05:30
Mzack9999
1fbbca66f9
Adding support to scan all v4/v6 IPs (#2709) 
* Adding support to scan all v4/v6 IPs

* adding tests

* metainput prototype

* using new signature

* fixing nil pointer

* adding request context with metadata

* removing log instruction

* fixing merge conflicts

* adding clone helpers

* attempting to fix ipv6 square parenthesis wrap

* fixing dialed ip info

* fixing syntax

* fixing output ip selection

* adding integration tests

* disabling test due to gh ipv6 issue

* using ipv4 only due to GH limited networking

* extending metainput marshaling

* fixing hmap key

* adding test for httpx integration

* fixing lint error

* reworking marshaling/id-calculation

* adding ip version validation

* improving handling non url targets

* fixing condition check
 2022-11-09 18:48:56 +05:30
vrenzolaverace
2aaf2a2158
Use utils helpers libraries (#2809) (#2810) 
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
 2022-11-07 01:54:23 +05:30
Ice3man
b9472cf7e1
Added fuzzing support for query params + var dump feature (#2679) 
* Added fuzzing support for query params + var dump feature

* Added query-fuzz integration test

* Fixed payloads + added keys-regex fuzz parameter

* Fixed interactsh not working + misc

* Fixed evaluation + added global variables/dsl support to payloads

* Misc fixes related to variables evaluations

* Added http variables support to fuzz

* misc

* Misc

* Added testing playground + misc renaming

* Added support for path and raw request to fuzzing

* Fixed fuzz integration test

* Fixed variable unresolved issue

* Add multiple parameter support with same name

* Added parameter value as 'value' dsl variable for parts

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-11-01 20:28:50 +05:30
Mzack9999
cc0c20053a
Improving unsafe uri path (#2722) 
* Improving unsafe uri path

* fixing raw path output
 2022-10-27 20:09:38 +02:00
Sajad
928f082109
set content_length as len(body) if response ContentLength is -1 (#2407) 
* set content_length as len(body) if response ContentLength is -1

* move content-length calculation to utils

* adding basic tests

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-10-24 16:37:09 +02:00
Ice3man
d956f08cb9
Added attack-type option to override template attack-type (#2724) 
* Added attack-type option to override template attack-type

* Added docs + integration tests
 2022-10-19 03:51:45 +05:30
Mzack9999
9493dfdb20
Adding automatic request condition detection (#2707) 
* Adding automatic request condition detection

* adding missing checks on part

* test update as per latest change

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-15 15:19:04 +05:30
mzack
70cecf83fb Adding custom cancel function 2022-10-10 08:10:07 +02:00
Ice3man
9944f5e94e
Added response truncation support with flags (#2688) 
* Added response truncation support with flags

* Fixed failing tests for no size
 2022-10-07 20:10:00 +05:30
Mzack9999
781e4e6105
Shared Execution Context Prototype (#2576) 
* renaming var

* Introducing shared execution context prototype

* fixing field name

* adding shared values propagation

* adding shared context lock

* add slice values normalization

* adding integration tests

* adding metadata support for dns

* adding multi-protocol context sharing test

* removing debug test files

* moving contextargs around

* adding comments

* refactoring code

- getter/setter for complex types
- using pointers to avoid heap allocations
 2022-10-03 15:42:20 +05:30
Mzack9999
0b1ff2bfa4
Forcing conns to be gc-ed by default disabling keep-alive (#2642) 
* Forcing conns to be gc-ed with keep-alive

* removing redundant code

keep-alive are disabled by default

* fixing merge conflict

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-09-30 04:25:56 +05:30
Mzack9999
18f14b631c
Adding same host redirect support (#2655) 
* simplifying test syntax

* adding same host redirect + refactoring redirect handling

* adding missing file

* adding support for template syntax

* adding integration test

* updating options

* fixing issue on same host redirect
 2022-09-29 04:11:28 +05:30
Mzack9999
99c14f4c9c
implementation of rate limiter with bucket refill and unrestricted token burst (#2536) 
* implementation of rate limiter with interval burst

* fixing import path

* fixing syntax

* adding tests

* fixing lint errors

* adding support for context

* moving rate limiter earlier to avoid hitting timeout
 2022-09-19 17:09:28 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering (#2374) 
* Adding advanced template filtering

* fixing bug in slice

* refactoring tests

* adding test cases

* increasing error verbosity

* fixing quoted fields with spaces

* adding more test cases

* fixing merge error

* fixing lint errors

* switching to []string

* updating tag filter tests

* updating functional tests

* fixing functional test cases

* updating syntax
 2022-08-25 16:52:08 +05:30
51pwn
606c361b2a
Add substr and aes_cbc DSL functions (#2361) 
* 1、add DSL substr for #2304 By @hktalent
substr('xxtestxxx',2)。   testxxx
substr('xxtestxxx',2,-2)  testx
substr('xxtestxxx',2,6)   test

2、add DSL aes_cbc for #2243 By @hktalent
aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")

3、fixed An error occurs when running nuclei with multiple instances #2301 By @hktalent

* refactoring helpers

* removing unwanted mutex

* commenting out test

* removing aes_cbc test due to random iv

Co-authored-by: 51pwn <51pwn@51pwn.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-25 15:50:08 +05:30
Ice3man
0be596efb4
Added variable debug support with debug mode (#2442) 
* Added variable debug support with debug mode

* Added changes as per review comments

* Fixed debug request condition
 2022-08-25 15:37:03 +05:30
M. Ángel Jimeno
ecb3f21076
http: prevent HTTP 'connection' header from being added twice (#2480) 
* http: prevent HTTP 'connection' header from being added twice

* misc fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-25 00:25:02 +05:30
Ice3man
8165db2633
Fixed fatal panic in http header map read (#2488) 2022-08-24 23:29:22 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30
Dani Goland
8670c8b20d
Modified "xpath" extractor to support XML XPath in addition to HTML XPath (#2471) 
* Modified "xpath" extractor to support XML XPath in addition to HTML XPath

* Updated function docs
 2022-08-22 15:27:32 +05:30
xixijun
2ae7e58c83
Fix socks5 proxy not working on tor proxy (#2455) 
* fix: socks5 proxy not working on tor proxy

* fix: socks5 proxy not working on tor proxy

* minor refactoring

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-22 15:18:45 +05:30
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Ice3man
4dc98a1d95
Added support for blank Request-URI which specifies no slash suffix (#2414) 2022-08-10 10:15:09 -07:00
Sami
4da4ca5a16
missing ip in json (#2310) 
* missing ip in json

* using GetDNSData in place of GetDialedIP

* updated go mod

* bumping rawhttp test version

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-26 17:08:53 +05:30
Ice3man
2873e6ebc8
Added timeout context cancellation to http requests (#2319) 2022-07-21 21:29:34 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface (#2291) 
* expose hosterrorscache as an interface, change signature to capture the error reason

* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation

Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
 2022-07-19 02:05:53 +05:30
Ice3man
07d5beb73a
Fixed race condition with raw http options (#2306) 2022-07-19 01:08:30 +05:30
Mzack9999
cf1039f49c
Adding prototype of request flow override annotations (#2161) 
* Adding prototype of request flow override annotations

* reworking iteration engine

* adding directory to .gitignore
 2022-07-18 14:16:03 +05:30
Ice3man
5b3c2861c2
Added interact-url placeholder support to variables in http requests (#2237) 
* Added interact-url placeholder support to variables in http requests

* Fixed variable errors

* Fixed issue with interactsh in req
 2022-07-11 22:18:13 +05:30
anykno
73a0043f2d
fix: socks5 proxy not working on https target (#2228) 
* fix: socks5 proxy not working on https target

* small name refactor

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-01 15:31:00 +05:30
Ice3man
f3de611b49
Added enhancements for http variables support (#2223) 2022-06-28 20:20:18 +05:30
Ice3man
8040b66370
Added http request timeout support with annotations (#2233) 
* Added http request timeout support with annotations

* Added nolint statements for lostcontext

* misc

* misc
 2022-06-27 18:36:46 +05:30
Ice3man
7875b06fc8
Added exclude-matchers support for template & matchers (#2218) 
* Added exclude-matchers support for template & matchers

* Fixed panics due to typo

* Added support for only template ID + misc cleanup
 2022-06-24 23:09:27 +05:30
Mzack9999
112762f024
Adding http request validation at compile time (#2193) 
* Adding http request validation at compile time

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-06-22 00:26:06 +05:30
Sajad
644c951449
use formedURL instead reqURL in http request dump message (#2174) 2022-06-16 17:24:21 +05:30
Sajad
e7591ec8b3
use request numbering as per template definition in req-condition (#2135) 
* use original request number instead of current iteration in request-condition

* add previousEvent tracking back for request condition

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-06-11 14:29:05 +05:30
Mzack9999
cc37382519
Adding Client TLS1.0 (#2091) 
* Adding Client TLS1.0

* bumping fastdialer version
 2022-06-04 17:45:16 +05:30
Ice3man
be5f1a7623
Added redirected matched URL + stop-at-first-match for redirect chains (#2050) 
* Added redirected matched URL + stop-at-first-match for redirect chains

* Pleasing go-linter
 2022-05-30 15:19:09 +05:30
Ice3man
8723a1fd70
Added header as DSL part value (#2052) 
* Added header as DSL part value

* Fixed failing DSL part test cases
 2022-05-30 15:16:27 +05:30
Ice3man
f53f360c74
Fixed websocket status-101 response reading for http (#2081) 2022-05-27 22:36:42 +05:30
Mzack9999
16a05d0aa2
Adding CLI SNI support to unsafe http (#2077) 
* Adding CLI SNI support to unsafe http

* adding http unsafe sni test
 2022-05-27 21:53:07 +05:30
Mzack9999
02eaf91e6a
Adding variables support for headless templates (#2064) 2022-05-27 21:31:56 +05:30
Ice3man
80f3cec293
Disable printing variables in http protocol output (#2037) 2022-05-23 20:50:51 +05:30