External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-26 18:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,550 Commits 49 Branches 135 Tags
Commit Graph

936 Commits

Author SHA1 Message Date
Mzack9999
1fbbca66f9
Adding support to scan all v4/v6 IPs (#2709) 
* Adding support to scan all v4/v6 IPs

* adding tests

* metainput prototype

* using new signature

* fixing nil pointer

* adding request context with metadata

* removing log instruction

* fixing merge conflicts

* adding clone helpers

* attempting to fix ipv6 square parenthesis wrap

* fixing dialed ip info

* fixing syntax

* fixing output ip selection

* adding integration tests

* disabling test due to gh ipv6 issue

* using ipv4 only due to GH limited networking

* extending metainput marshaling

* fixing hmap key

* adding test for httpx integration

* fixing lint error

* reworking marshaling/id-calculation

* adding ip version validation

* improving handling non url targets

* fixing condition check
 2022-11-09 18:48:56 +05:30
Mzack9999
6ac669eb43
Replacing rdap with fixed fork (#2819) 
* Replacing rdap with pd fixed fork

* mod tidy

* updating rdap commit ref

* reworking rdap client pool

* removing unused code
 2022-11-08 17:27:18 +05:30
vrenzolaverace
2aaf2a2158
Use utils helpers libraries (#2809) (#2810) 
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
 2022-11-07 01:54:23 +05:30
Ice3man
e1b0564c0a
Fixed nested expression replacement using fasttemplate (#2790) 2022-11-03 18:31:04 +05:30
Ice3man
b9472cf7e1
Added fuzzing support for query params + var dump feature (#2679) 
* Added fuzzing support for query params + var dump feature

* Added query-fuzz integration test

* Fixed payloads + added keys-regex fuzz parameter

* Fixed interactsh not working + misc

* Fixed evaluation + added global variables/dsl support to payloads

* Misc fixes related to variables evaluations

* Added http variables support to fuzz

* misc

* Misc

* Added testing playground + misc renaming

* Added support for path and raw request to fuzzing

* Fixed fuzz integration test

* Fixed variable unresolved issue

* Add multiple parameter support with same name

* Added parameter value as 'value' dsl variable for parts

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-11-01 20:28:50 +05:30
Sajad
e163a301b9
add dns protocol ratelimit (#2763) 
* add dns protocol ratelimit

* move dns ratelimit to just before sending the request
 2022-10-29 04:29:13 +02:00
Mzack9999
cc0c20053a
Improving unsafe uri path (#2722) 
* Improving unsafe uri path

* fixing raw path output
 2022-10-27 20:09:38 +02:00
mzack
fe798c07eb fixing function syntax 2022-10-25 21:01:42 +02:00
Sajad
928f082109
set content_length as len(body) if response ContentLength is -1 (#2407) 
* set content_length as len(body) if response ContentLength is -1

* move content-length calculation to utils

* adding basic tests

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-10-24 16:37:09 +02:00
Ice3man
363ffb75db
Added probing for URL + input based on protocol (#2614) 
* Added workflow names based condition

* Added conditional filtering to workflow executor

* Replaced names with single name stringslice

* Added probing for URL + input based on protocol

* Remove debug comments

* Fixed typo

* Fixed failing tests

* Fixed workflow matcher condition + tests

* Fixed workflow item name

* Switch to if-else

* Fixed review comment strict

* Increase bulk size

* Added default port for SSL protocol + misc changes

* Fixed failing tests

* Fixed misc changes to executer

* Fixed failing self-contained and offlinehttp tests

* Fixed atomic increment operation

* misc update

* Fixed failing builds

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-20 17:23:00 +05:30
Ice3man
d956f08cb9
Added attack-type option to override template attack-type (#2724) 
* Added attack-type option to override template attack-type

* Added docs + integration tests
 2022-10-19 03:51:45 +05:30
Mzack9999
9493dfdb20
Adding automatic request condition detection (#2707) 
* Adding automatic request condition detection

* adding missing checks on part

* test update as per latest change

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-15 15:19:04 +05:30
LuitelSamikshya
cb0da81a14 ratelimit library 2022-10-12 22:04:37 -05:00
Bertold Kolics
1af96fc679
Issue 2460: extended unit tests for replacer (#2691) 2022-10-10 22:00:43 +05:30
mzack
70cecf83fb Adding custom cancel function 2022-10-10 08:10:07 +02:00
Ice3man
9944f5e94e
Added response truncation support with flags (#2688) 
* Added response truncation support with flags

* Fixed failing tests for no size
 2022-10-07 20:10:00 +05:30
Mzack9999
33ed5e7c93
Merge pull request #2671 from bertold/bk/randomip-unittest 
Unit test for GetRandomIPWithCidr and fixes
 2022-10-04 12:29:41 +02:00
Bertold Kolics
087be32ae0 Added unit test for GetRandomIPWithCidr 
Fixed an issue with handling non-zero based networks
Fixed an issue handling network addresses with single IPs
 2022-10-03 18:30:55 -05:00
Mzack9999
781e4e6105
Shared Execution Context Prototype (#2576) 
* renaming var

* Introducing shared execution context prototype

* fixing field name

* adding shared values propagation

* adding shared context lock

* add slice values normalization

* adding integration tests

* adding metadata support for dns

* adding multi-protocol context sharing test

* removing debug test files

* moving contextargs around

* adding comments

* refactoring code

- getter/setter for complex types
- using pointers to avoid heap allocations
 2022-10-03 15:42:20 +05:30
Mzack9999
0b1ff2bfa4
Forcing conns to be gc-ed by default disabling keep-alive (#2642) 
* Forcing conns to be gc-ed with keep-alive

* removing redundant code

keep-alive are disabled by default

* fixing merge conflict

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-09-30 04:25:56 +05:30
Mzack9999
18f14b631c
Adding same host redirect support (#2655) 
* simplifying test syntax

* adding same host redirect + refactoring redirect handling

* adding missing file

* adding support for template syntax

* adding integration test

* updating options

* fixing issue on same host redirect
 2022-09-29 04:11:28 +05:30
mzack
2cf0005eaa updating syntax 2022-09-28 01:51:47 +02:00
Mzack9999
99c14f4c9c
implementation of rate limiter with bucket refill and unrestricted token burst (#2536) 
* implementation of rate limiter with interval burst

* fixing import path

* fixing syntax

* adding tests

* fixing lint errors

* adding support for context

* moving rate limiter earlier to avoid hitting timeout
 2022-09-19 17:09:28 +05:30
Sajad
5377ee3f36
add proxy support at dialer level (#2549) 
* add proxy support at dailer level

* add forward dialer to proxy
 2022-09-16 21:36:17 +05:30
Mzack9999
7ce03bcc5b
Optional use of local chrome for headless tests via tags (#2568) 2022-09-07 16:09:22 +05:30
Ice3man
e193e7c87e
Added tlsx integration to nuclei (#2522) 
* Added tlsx integration to nuclei

* tls tests fix

* Added helper functions + upgrade tlsx to fix

* go mod update

* workflow fix to race test on windows

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-09-01 23:56:55 +05:30
Ice3man
466176e9e8
Merge pull request #2500 from projectdiscovery/goflags-update 
Updated goflags to latest + misc
 2022-08-30 11:52:25 +05:30
M. Ángel Jimeno
62a4e0aa52
Return wrapped errors for DSL compilation problems (#2492) 
This allows the DSL help information to be printed when in debug mode.

Fixes #2481
 2022-08-29 13:41:32 +05:30
Ice3man
8892250583 Updated goflags to latest + misc 2022-08-27 19:35:17 +05:30
Sajad
011da1388d
add option to specify network interface (#2384) 
* add option to specify network interface

* add source-ip flag

* fix typo

* fix err return

* readme update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-08-25 17:42:35 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering (#2374) 
* Adding advanced template filtering

* fixing bug in slice

* refactoring tests

* adding test cases

* increasing error verbosity

* fixing quoted fields with spaces

* adding more test cases

* fixing merge error

* fixing lint errors

* switching to []string

* updating tag filter tests

* updating functional tests

* fixing functional test cases

* updating syntax
 2022-08-25 16:52:08 +05:30
51pwn
606c361b2a
Add substr and aes_cbc DSL functions (#2361) 
* 1、add DSL substr for #2304 By @hktalent
substr('xxtestxxx',2)。   testxxx
substr('xxtestxxx',2,-2)  testx
substr('xxtestxxx',2,6)   test

2、add DSL aes_cbc for #2243 By @hktalent
aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")

3、fixed An error occurs when running nuclei with multiple instances #2301 By @hktalent

* refactoring helpers

* removing unwanted mutex

* commenting out test

* removing aes_cbc test due to random iv

Co-authored-by: 51pwn <51pwn@51pwn.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-25 15:50:08 +05:30
Ice3man
0be596efb4
Added variable debug support with debug mode (#2442) 
* Added variable debug support with debug mode

* Added changes as per review comments

* Fixed debug request condition
 2022-08-25 15:37:03 +05:30
M. Ángel Jimeno
ecb3f21076
http: prevent HTTP 'connection' header from being added twice (#2480) 
* http: prevent HTTP 'connection' header from being added twice

* misc fix

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-25 00:25:02 +05:30
Ice3man
8165db2633
Fixed fatal panic in http header map read (#2488) 2022-08-24 23:29:22 +05:30
Ice3man
8f313629b8
Memory usage optimizations (#2350) 
* Replaced strings.Replaced with fasttemplate reducing allocations

Custom template parsing logic was replaced with fasttemplate package for reducing
allocations in the replacer.Replace hotpath leading to allocation reduction which
accounted for 30% of total nuclei allocations.

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
BenchmarkReplacer-8               837232              1422 ns/op            2112 B/op         31 allocs/op
BenchmarkReplacerNew-8           3672765               320.3 ns/op            48 B/op          4 allocs/op

* Fixed tests failing

* Use pre-compiled map of DSL expressions

* Reworked expression parsing logic to reduce memory allocations

$ go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions
BenchmarkEvaluate-8        31560             37769 ns/op           31731 B/op        265 allocs/op
BenchmarkEvaluateNew-8       109144              9621 ns/op            6253 B/op        116 allocs/op
 2022-08-23 13:16:41 +05:30
Ice3man
e7cffad312
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30
Dani Goland
8670c8b20d
Modified "xpath" extractor to support XML XPath in addition to HTML XPath (#2471) 
* Modified "xpath" extractor to support XML XPath in addition to HTML XPath

* Updated function docs
 2022-08-22 15:27:32 +05:30
xixijun
2ae7e58c83
Fix socks5 proxy not working on tor proxy (#2455) 
* fix: socks5 proxy not working on tor proxy

* fix: socks5 proxy not working on tor proxy

* minor refactoring

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2022-08-22 15:18:45 +05:30
Ice3man
9e531727a7
Fixed a bug with numerical regex in unresolved var detection (#2431) 2022-08-17 03:59:51 +04:00
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Ice3man
4dc98a1d95
Added support for blank Request-URI which specifies no slash suffix (#2414) 2022-08-10 10:15:09 -07:00
forgedhallpass
d24736f655 fix typo in the headless setmethod function #2365 2022-07-29 14:38:07 +03:00
Mzack9999
b942ddc6ad
Fixing map race condition (#2340) 2022-07-26 18:30:15 +05:30
Sami
4da4ca5a16
missing ip in json (#2310) 
* missing ip in json

* using GetDNSData in place of GetDialedIP

* updated go mod

* bumping rawhttp test version

Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
 2022-07-26 17:08:53 +05:30
Ice3man
7d7314e3f3
Added global variables support to SSL protocol (#2325) 2022-07-22 01:35:21 +05:30
Ice3man
2873e6ebc8
Added timeout context cancellation to http requests (#2319) 2022-07-21 21:29:34 +05:30
Mike Rheinheimer
9efba05e0c
expose hosterrorscache.Cache as an interface (#2291) 
* expose hosterrorscache as an interface, change signature to capture the error reason

* use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation

Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com>
 2022-07-19 02:05:53 +05:30
Ice3man
07d5beb73a
Fixed race condition with raw http options (#2306) 2022-07-19 01:08:30 +05:30
Mzack9999
cf1039f49c
Adding prototype of request flow override annotations (#2161) 
* Adding prototype of request flow override annotations

* reworking iteration engine

* adding directory to .gitignore
 2022-07-18 14:16:03 +05:30