External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-20 20:55:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,663 Commits 49 Branches 135 Tags
Commit Graph

953 Commits

Author SHA1 Message Date
M. Ángel Jimeno
ecb3f21076
http: prevent HTTP 'connection' header from being added twice (#2480) 
* http: prevent HTTP 'connection' header from being added twice

* misc fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-25 00:25:02 +05:30
Ice3man
8165db2633
Fixed fatal panic in http header map read (#2488) 2022-08-24 23:29:22 +05:30
Ice3man
8f313629b8
Memory usage optimizations (#2350) 
* Replaced strings.Replaced with fasttemplate reducing allocations

Custom template parsing logic was replaced with fasttemplate package for reducing
allocations in the replacer.Replace hotpath leading to allocation reduction which
accounted for 30% of total nuclei allocations.

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
BenchmarkReplacer-8               837232              1422 ns/op            2112 B/op         31 allocs/op
BenchmarkReplacerNew-8           3672765               320.3 ns/op            48 B/op          4 allocs/op

* Fixed tests failing

* Use pre-compiled map of DSL expressions

* Reworked expression parsing logic to reduce memory allocations

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions
BenchmarkEvaluate-8        31560             37769 ns/op           31731 B/op        265 allocs/op
BenchmarkEvaluateNew-8       109144              9621 ns/op            6253 B/op        116 allocs/op
 2022-08-23 13:16:41 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30
Dani Goland
8670c8b20d
Modified "xpath" extractor to support XML XPath in addition to HTML XPath (#2471) 
* Modified "xpath" extractor to support XML XPath in addition to HTML XPath

* Updated function docs
 2022-08-22 15:27:32 +05:30
xixijun
2ae7e58c83
Fix socks5 proxy not working on tor proxy (#2455) 
* fix: socks5 proxy not working on tor proxy

* fix: socks5 proxy not working on tor proxy

* minor refactoring

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-22 15:18:45 +05:30
Ice3man
9e531727a7
Fixed a bug with numerical regex in unresolved var detection (#2431) 2022-08-17 03:59:51 +04:00
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Ice3man
4dc98a1d95
Added support for blank Request-URI which specifies no slash suffix (#2414) 2022-08-10 10:15:09 -07:00
forgedhallpass
d24736f655 fix typo in the headless setmethod function #2365 2022-07-29 14:38:07 +03:00
Mzack9999
b942ddc6ad
Fixing map race condition (#2340) 2022-07-26 18:30:15 +05:30
Sami
4da4ca5a16
missing ip in json (#2310) 
* missing ip in json

* using GetDNSData in place of GetDialedIP

* updated go mod

* bumping rawhttp test version

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-26 17:08:53 +05:30
Ice3man
7d7314e3f3
Added global variables support to SSL protocol (#2325) 2022-07-22 01:35:21 +05:30
Ice3man
2873e6ebc8
Added timeout context cancellation to http requests (#2319) 2022-07-21 21:29:34 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface (#2291) 
* expose hosterrorscache as an interface, change signature to capture the error reason

* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation

Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
 2022-07-19 02:05:53 +05:30
Ice3man
07d5beb73a
Fixed race condition with raw http options (#2306) 2022-07-19 01:08:30 +05:30
Mzack9999
cf1039f49c
Adding prototype of request flow override annotations (#2161) 
* Adding prototype of request flow override annotations

* reworking iteration engine

* adding directory to .gitignore
 2022-07-18 14:16:03 +05:30
dependabot[bot]
85ca247d26
chore(deps): bump github.com/go-rod/rod from 0.107.3 to 0.108.1 in /v2 (#2272) 
* chore(deps): bump github.com/go-rod/rod from 0.107.3 to 0.108.1 in /v2

Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod) from 0.107.3 to 0.108.1.
- [Release notes](https://github.com/go-rod/rod/releases)
- [Commits](https://github.com/go-rod/rod/compare/v0.107.3...v0.108.1)

---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* increasing page timeout

* further increasing timeout

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-14 03:14:13 +05:30
Sami
6c2fdd3387
Issue 2227 ntv flag run new templates added in specific version (#2275) 
* ntv flag to run templates added in specified version

* added missing arguments

* misc update

* added functional test and err check

* updated the min version

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-07-13 16:49:06 +05:30
Mzack9999
1c332bb85b
Improving RFC request/response passive parsing (#2192) 
* Improving RFC request/response passive parsing

* adding test
 2022-07-11 22:43:10 +05:30
Ice3man
5b3c2861c2
Added interact-url placeholder support to variables in http requests (#2237) 
* Added interact-url placeholder support to variables in http requests

* Fixed variable errors

* Fixed issue with interactsh in req
 2022-07-11 22:18:13 +05:30
anykno
73a0043f2d
fix: socks5 proxy not working on https target (#2228) 
* fix: socks5 proxy not working on https target

* small name refactor

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-01 15:31:00 +05:30
Ice3man
f3de611b49
Added enhancements for http variables support (#2223) 2022-06-28 20:20:18 +05:30
Ice3man
8040b66370
Added http request timeout support with annotations (#2233) 
* Added http request timeout support with annotations

* Added nolint statements for lostcontext

* misc

* misc
 2022-06-27 18:36:46 +05:30
Ice3man
7875b06fc8
Added exclude-matchers support for template & matchers (#2218) 
* Added exclude-matchers support for template & matchers

* Fixed panics due to typo

* Added support for only template ID + misc cleanup
 2022-06-24 23:09:27 +05:30
dependabot[bot]
1047047790
chore(deps): bump github.com/go-rod/rod from 0.106.8 to 0.107.1 in /v2 (#2114) 
* chore(deps): bump github.com/go-rod/rod from 0.106.8 to 0.107.1 in /v2

Bumps [github.com/go-rod/rod](https://github.com/go-rod/rod) from 0.106.8 to 0.107.1.
- [Release notes](https://github.com/go-rod/rod/releases)
- [Commits](https://github.com/go-rod/rod/compare/v0.106.8...v0.107.1)

---
updated-dependencies:
- dependency-name: github.com/go-rod/rod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fixing function call

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-06-22 00:31:08 +05:30
Mzack9999
112762f024
Adding http request validation at compile time (#2193) 
* Adding http request validation at compile time

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-06-22 00:26:06 +05:30
Sajad
644c951449
use formedURL instead reqURL in http request dump message (#2174) 2022-06-16 17:24:21 +05:30
Mzack9999
a4cdba0691
Improving literals detection in expression engine (#2148) 
* Improving literals detection in expression engine

* fixing lint errors

* re-add accidentally deleted test
 2022-06-13 13:55:06 +05:30
Sajad
e7591ec8b3
use request numbering as per template definition in req-condition (#2135) 
* use original request number instead of current iteration in request-condition

* add previousEvent tracking back for request condition

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-06-11 14:29:05 +05:30
Sandeep Singh
5281d342c0
Merge pull request #2138 from mikerott/dev 
protect against multiple unnecessary Init calls
 2022-06-10 18:12:31 +05:30
Mike Rheinheimer
22a8d72c65 protect against multiple unnecessary Init calls 2022-06-09 17:18:49 -05:00
forgedhallpass
04e7e053de refactor: replace date, time, time_format, time_to_string DSL functions to date_time 2022-06-08 20:41:32 +03:00
Mzack9999
cc37382519
Adding Client TLS1.0 (#2091) 
* Adding Client TLS1.0

* bumping fastdialer version
 2022-06-04 17:45:16 +05:30
Sami
fa369b728e
ssl protocol with ms flag crash (#2101) 
* crash with ssl protocol when used with ms flag fix

* added missing template info in case of failure
 2022-06-03 13:32:45 +05:30
Ice3man
2b631e8e95
Add optional line number for file templates by default (#1966) 
* Add optional line number for file templates by default

* updating docs

* misc flag update

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-06-02 17:06:50 +05:30
Mzack9999
4bcb94e4df
Increasing timeout and fixed error msg (#2092) 
* Increasing timeout and fixed error msg

* increasing timeout
 2022-06-02 00:00:18 +05:30
Ice3man
be5f1a7623
Added redirected matched URL + stop-at-first-match for redirect chains (#2050) 
* Added redirected matched URL + stop-at-first-match for redirect chains

* Pleasing go-linter
 2022-05-30 15:19:09 +05:30
Ice3man
8723a1fd70
Added header as DSL part value (#2052) 
* Added header as DSL part value

* Fixed failing DSL part test cases
 2022-05-30 15:16:27 +05:30
Mzack9999
dd3b0a3cfc
Increasing buffer size on AND condition (#2030) 
* Increasing buffer size on AND condition

* adding integration tests

* fixing tests data path
 2022-05-30 13:45:28 +05:30
Ice3man
f53f360c74
Fixed websocket status-101 response reading for http (#2081) 2022-05-27 22:36:42 +05:30
Mzack9999
16a05d0aa2
Adding CLI SNI support to unsafe http (#2077) 
* Adding CLI SNI support to unsafe http

* adding http unsafe sni test
 2022-05-27 21:53:07 +05:30
Mzack9999
02eaf91e6a
Adding variables support for headless templates (#2064) 2022-05-27 21:31:56 +05:30
Ice3man
80f3cec293
Disable printing variables in http protocol output (#2037) 2022-05-23 20:50:51 +05:30
Sajad
4f834f1f33
store vars in values instead of payloads to fix #1882 for self contained http templates (#1924) 
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-05-23 15:12:58 +05:30
Mzack9999
d5e4516829
Iterating payloads over HTTP path/raw sequence (#1981) 
* Iterating payloads over path/raw sequence

* fixing logic check
 2022-05-17 15:22:00 +05:30
Ice3man
062fe6d01e
Added urldns gadget from ysoserial (#1985) 2022-05-17 14:33:17 +05:30
Mzack9999
39c7317ec3
Adding SNI override via request annotations (#1970) 
* Adding SNI override via request annotations

* adding cli flag priority
 2022-05-12 16:43:56 +05:30
Sami
6ca4374f91
sonar category: String literals should not be duplicated (#1944) 
* sonar category: String literals should not be duplicated

* lint error fix

* better naming conventions for constants

* improved naming conventions and methods
 2022-05-12 15:40:14 +05:30
Mzack9999
2f1330345f
Adding global SNI support for HTTP protocol via CLI (#1964) 
* Adding global SNI support via CLI

* adding integration test

* adding cli option to docs

* reverting deleted test
 2022-05-11 16:00:39 +05:30