External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-29 22:23:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,356 Commits 49 Branches 135 Tags
Commit Graph

72 Commits

Author SHA1 Message Date
Tarun Koyalwar
eec907a370 resolve merge conflicts 2023-09-13 20:28:48 +05:30
Ice3man
592a8a2fd5
feat: added template-url support in template flag feature (#4089) 
* misc docs update

* feat: added template-url support in template flag feature

* bugfix: added check URL condition

* template domain update

* editor host update

* misc update

* handle -turl template editor urls

* view remote templates using -td

* remove warning

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-08-26 02:33:45 +05:30
Tarun Koyalwar
8125b6805c resolve merge conflicts with dev 2023-08-04 20:21:22 +05:30
Josh Soref
4c1c5301b9
Spelling (#4008) 
* spelling: addresses

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: asynchronous

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: basic

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: brute force

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: constant

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: disables

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: engine

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: every time

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: execution

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: false positives

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: from

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: further

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: github

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: gitlab

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: highlight

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: hygiene

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: ignore

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: input

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: item

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: itself

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: latestxxx

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: navigation

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: negative

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: nonexistent

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: occurred

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: override

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: overrides

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: payload

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: performed

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: respective

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: retrieve

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: scanlist

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: separated

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: separator

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: severity

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: source

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: strategy

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: string

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: templates

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: terminal

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: timeout

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: trailing slash

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: trailing

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: websocket

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2023-08-02 00:03:43 +05:30
Mzack9999
a7fb15d0bd
Adding support for code templates (#2930) 
* Adding support for code templates

* adding support for python, powershell and echo (test)

* removing debug code

* introducing command + trivial trust store mechanism

* updating tests

* adding basic tests

* removing deprecated oracle

* mod tidy

* adding signature proto with debug prints

* removing debug code

* fixing test

* fixing param order

* improving test conditional build

* disable file+offlinehttp+code with cloud

* adding env vars

* removing debug code

* reorganizing test folders

* adding code template test prototype with dummy priv/pub keys

* bump go to 1.20

* fixing go version

* fixing lint errors

* adding fatal on pub-key test failure

* switching to ecdsa asn1

* removing unused signature

* fixing signature

* adding more tests

* extending core with engine args + powershell win test

* adding unsigned code test

* skip template signing in particular test case

* improving test coverage

* refactoring key names + adding already signed algo

* removing debug code

* fixing syntax

* fixing lint issues

* removing test template

* fixing dns tests path

* output fmt

* adding interact

* fixing lint issues

* adding -sign cli helper

* fixing nil pointer + parse inline keys

* making rsa default

* adding code prot. ref

* moving file to correct loc

* moving test

* Issue 3339 headless fuzz (#3790)

* Basic headless fuzzing

* Remove debug statements

* Add integration tests

* Update template

* Fix recognize payload value in matcher

* Update tempalte

* use req.SetURL()

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Auto Generate Syntax Docs + JSONSchema [Fri Jun  9 00:23:32 UTC 2023] 🤖

* Add headless header and status matchers (#3794)

* add headless header and status matchers

* rename headers as header

* add integration test for header+status

* fix typo

* add retry to py-interactsh integration test

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
 2023-06-09 20:54:24 +05:30
Keith Chason
4d6080f3bc
"Executer" to "Executor" (#3760) 
* Fix spelling of "executer" to "executor"

* minor change: use defer file.Close()

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-06-01 02:28:10 +05:30
Dogan Can Bakir
4e0ccb38be
Check severity att while validating (#3540) 
* Make severity attribute required

* Update test err msg

* minor

* Do not strict check serverity

* Fix failing test

* Don't print warning in workflow loader

- workflow loader that contains tags load all the template and parse it
- i.e it iw printing warning recursively, ignore as the templates
  already getting valiated

* Fix error typo

* Resolve comments

- split the function into two diff

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
 2023-04-27 15:27:30 +05:30
Tarun Koyalwar
bf08913cd0
update logic + config management refactor (#3567) 
* adds template manager

* refactor: checkpoint

* centrailized config & template download logic

* refactor removed unused code

* use global template directory

* update related bug fixes

* bug fix create cfg dir if missing

* fix lint error

* bug fix skip writing template dir in callback

* misc update

* remove unused code

* use strings.equalfold for comparison

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2023-04-19 21:58:48 +05:30
xm1k3
1e5358b1fa
Improve passive templates error handling (#3098) 
* fixes on passive templates

* Auto Generate Syntax Docs + JSONSchema [Thu Dec 29 08:47:22 UTC 2022] 🤖

* removed empty line

* warning management

When passive flag is provided we ignore all templates which are not compatible, without posting misleading errors

* removing redundant code

* skip offline errors with err var

* remove check on debug flag + used errors.Is() to check errors

important note for future refactoring: use errorsutil.Is() instead of errors.Is()

---------

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2023-02-07 05:10:38 +05:30
Sandeep Singh
96646c8f53
cloud templates targets sync (#2959) 
* Add s3 bucket template provider

- Refactor the custom github template code
- add interface for template provider

* Validate if aws creds are passed if bucket flag

- refactor s3 provider struct to take client
- add function which returns the aws s3 client
- update error messages

* Add aws s3 bucket flags documentation in README.md

- Rename the github_test.go to customTemplate_test.go

* go mod update

* Move template provider code to pkg/external/customtemplates dir

* Added initial data_source sync to cloud

* Misc

* Add pagination to scan output and scan list (#2858)

* Add pagination to scan output and scan list

* Use time based parameters instead of page numbers

* Fix linting errors

* Do not check limits at client, check at server

* Remove unused constant

* Misc update

* Removed unnecessary flags

* Misc

* Misc

* Misc endpoint additions

* Added more routes

* Typo fix

* Misc fixes

* Misc

* Misc fixes to cloud target logic + use int for IDs

* Misc

* Misc fixes

* Misc

* Misc fixes

* readme update

* Add JSON output support for list-scan option (#2876)

* Add JSON output support for list-scan option

* Fix typo in cloud JSON output description

* Following changes

- Update status(finished, running) to be lower-case by default
- Convert status to upper-case in DisplayScanList()

* Update status to be lower-case by default

* Remove additional json flag, instead use existing

* Merge conflict

* Accomodate comment changes and restructure code

Co-authored-by: Jaideep K <jaideep@one2n.in>

* Use integer IDs for scan tasks

* Added get-templates-targets endpoint + JSON + validation

* Added target count list

* misc option / description updates

* Added changes as per code review

* duplicate options + typo updates

* Added tablewriter for tabular data writing by default

* Fixed list scan endpoint

* Review changes

* workflow fix

* Added cloud tags etc based filtering (#3070)

* Added omitempty for filtering request

* go mod tidy

* misc format update

Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com>
Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com>
Co-authored-by: Jaideep K <jaideep@one2n.in>
 2022-12-21 22:48:43 +05:30
Owen Rumney
b3d6155f57
fix: Check workflow templates when creating inputhttp helper (#3049) 
* go mod update

* fix: Take workflow templates into account when building input helper

- when input helper is created, workflow templates aren't taken into account when deciding if http/https should be added to the inputsHTTP
- include the store.Workflows into the slice of templates that is checked for HTTP Protocol

Resolves #3048

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-19 17:04:09 +05:30
Víctor
9c17284616
Display tpl contents (#2906) 
* New "td" flag, displays the highlighted template contents
New verboseTemplate method to avoid duplicate code
Grouped (and sorted) template list per directory

* Updated README about the td flag

* Going back to the previous template list format

The new one can't be pipelined

* Implicit template list on template display
Respect --no-color option to disable colors when -td is used

* misc option update

Co-authored-by: Víctor Zamanillo <victor.zamanillo@cifraeducacion.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-11-29 17:48:44 +05:30
Ice3man
363ffb75db
Added probing for URL + input based on protocol (#2614) 
* Added workflow names based condition

* Added conditional filtering to workflow executor

* Replaced names with single name stringslice

* Added probing for URL + input based on protocol

* Remove debug comments

* Fixed typo

* Fixed failing tests

* Fixed workflow matcher condition + tests

* Fixed workflow item name

* Switch to if-else

* Fixed review comment strict

* Increase bulk size

* Added default port for SSL protocol + misc changes

* Fixed failing tests

* Fixed misc changes to executer

* Fixed failing self-contained and offlinehttp tests

* Fixed atomic increment operation

* misc update

* Fixed failing builds

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-10-20 17:23:00 +05:30
Mzack9999
30054d1fb6
Adding advanced template filtering (#2374) 
* Adding advanced template filtering

* fixing bug in slice

* refactoring tests

* adding test cases

* increasing error verbosity

* fixing quoted fields with spaces

* adding more test cases

* fixing merge error

* fixing lint errors

* switching to []string

* updating tag filter tests

* updating functional tests

* fixing functional test cases

* updating syntax
 2022-08-25 16:52:08 +05:30
Sami
d14c00fc6f
added validation for headless templates (#2423) 
* added validation for headless templates

* minor update in log msg
 2022-08-17 17:10:27 +04:00
Ice3man
67d5769cd9
Added initial catalog interface implementation (#2318) 
* Added initial catalog interface implementation

* Added OpenFile to Catalog + disk catalog implementation

* Fixed merge issues

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-08-10 11:05:58 -07:00
Ice3man
ffe6ab04b3
Added include-templates force-loading for templates (#2232) 
* Added include-templates force-loading for templates

* Fixed loader case with include-templates

* Added integration test for excluded-template in loader
 2022-06-27 18:09:29 +05:30
Ice3man
3648c47e35
Fixed template validation edge cases (#2051) 2022-05-25 11:26:05 +05:30
Ice3man
14dab085ac Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into automatic-workflows 2022-03-14 12:17:39 +05:30
sandeep
8096737e1a Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into update-custom-dir 2022-03-09 01:52:08 +05:30
Ice3man
d9a121344c Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into automatic-workflows 2022-03-07 13:19:37 +05:30
Ice3man
a1dbbc5e88 Renamed variables to be more appropriate + changed return message 2022-03-03 19:01:46 +05:30
Sajad Parra
bdc1b337e0 fix setting custom nuclei-templates directory #1611 2022-03-02 16:50:20 +05:30
Ice3man
04b1e43780 Added duplicate ID detection to validate + misc fixes 2022-02-28 15:37:51 +05:30
Sandeep Singh
8566bc0374
Merge pull request #1472 from projectdiscovery/remote-templates 
Add support to run remote template
 2022-01-27 18:02:52 +05:30
Ice3man
be75480256 Added initial smart workflow implementation 2022-01-18 20:59:37 +05:30
Sajad Parra
7af556c36c return validation result instead of continue in the loop 2022-01-18 14:44:58 +05:30
Sajad Parra
09893539d2 update validation logic to validate workflow templates and subtemplates 2022-01-14 16:27:54 +05:30
Sajad Parra
d1303797c0 * Add support to run remote template 
* Add remote-template-domain config only flag to specify allowed domain list to load remote templates from
 2022-01-12 18:33:17 +05:30
Mzack9999
39519c01a6
Adding support for template id based execution (#1448) 2022-01-07 17:30:20 +05:30
Mzack9999
3c88afac0c
Fixing payloads path during validation (#1320) 
* Fixing payloads path during validation

* Added GH Action for public template parsing / validation

* tracking payload errors as syntax warnings

* improving path parsing + introducing hard failure for runtime errors on validation

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-05 19:41:14 +05:30
Sandeep Singh
a0da7452e3
Merge pull request #1315 from projectdiscovery/validate-flag 
validate flag updates
 2021-12-02 17:23:34 +05:30
LuitelSamikshya
6d5146e540 validate flag updates 2021-12-01 10:35:18 -06:00
forgedhallpass
7e22d70ded refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00
Ice3man543
e8197f127f Fixed rmeote url loader test cases 2021-11-05 17:24:23 +05:30
Ice3man543
390ca8b3c6 Merge from dev 2021-11-03 18:58:00 +05:30
Sandeep Singh
0f897a3977
Merge pull request #1186 from projectdiscovery/protocol-types 
Added new type and exclude-type flag
 2021-11-03 18:47:26 +05:30
Ice3man543
47949c0b52 Use separate type enum for protocol types 2021-11-03 17:18:35 +05:30
Ice3man543
bdb415b0c7 Misc changes as per review 2021-11-03 02:23:48 +05:30
Ice3man543
1ca2cf3bea Misc 2021-10-28 23:17:05 +05:30
Ice3man543
6541b04f4c Added new type and exclude-type flag 2021-10-25 23:24:42 +05:30
Jop Zitman
14bb1b7b21 Implement -template-url and -workflow-url for retrieving lists of templates/workflows to run. 2021-10-14 23:33:08 +02:00
Alexey Zhuchkov
3e8a0af36f Add exclude severity filter 2021-10-08 22:27:27 +03:00
forgedhallpass
555e609173 Merge remote-tracking branch 'origin/dev' into code_smells 2021-09-07 17:36:34 +03:00
forgedhallpass
16a54e3b98 YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00
forgedhallpass
0cabce518f Merge branch 'dev' into code_smells 2021-09-02 12:30:43 +03:00
Ice3man543
7bdb826c43 Misc fix 2021-08-31 23:58:43 +05:30
Ice3man543
60904cadd4 Fixed workflow running without being specified during balidation 2021-08-31 23:30:07 +05:30
forgedhallpass
f36ed8df64 Removed unused parameter 2021-08-31 13:21:15 +03:00
Ice3man543
30f6498fe2 Replace error constant with an error type 2021-08-28 00:21:07 +05:30