External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-27 10:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,298 Commits 49 Branches 135 Tags
Commit Graph

74 Commits

Author SHA1 Message Date
Tarun Koyalwar
2d88c21923
fix duplicated result event in cli & SDK (#4059) 
* fix duplicated result in cli

* bump default interactsh httpclient timeout

* use .Store() instead of CompareandSwap()

* debug logging for interactsh in gh actions
 2023-08-18 01:01:16 +05:30
seeyarh
1ee108ed13
include request and response when matcher status is false (#3986) 
* include request and response when matcher status is false

* use failed result event to write failure

---------

Co-authored-by: Collins Huff <collins.huff@Collinss-MacBook-Pro-2.local>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-08-17 23:05:15 +05:30
Keith Chason
fd13225b27
Omit Empty Fields (#3977) 
* Don't show Lines/matched-line on null

* Remove unused "info.references" property

* Revert "Remove unused "info.references" property"

This reverts commit 6466644bcac6952ece8d2bc880ea9157f2e10c16.

* Switch to pointer so omitempty works properly

* keeping matcher status output in jsonl output always

* rename function to NewRawStringSlice

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-07-28 19:48:15 +05:30
Keith Chason
b3ccb9a6e5
Exclude Raw Request Payloads (#3710) 
* Add command docs and CLI hook

* Add configurable exclusion from reports

* Register the CLI argument with exporter configuration

* Switch to inverted logic with JSONRequest flag

* Switch variable name for the -include-rr/-irr flag

* Remove flags from README

* Update call for -irr and -or

* convert -irr to no-op

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-07-05 02:07:56 +05:30
Ramana Reddy
6707bc777a
fix showing multiple failure matches per template on -ms set (#3770) 
* fix showing multiple failure matchers per template
add integration test

* exclude AS134029 from unit test

* Add flag for match status per request

* chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#3777)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/xanzy/go-gitlab in /v2 (#3778)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 in /v2 (#3780)

Bumps [github.com/spf13/cast](https://github.com/spf13/cast) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/spf13/cast/releases)
- [Commits](https://github.com/spf13/cast/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cast
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* enable no-httpx when passive scan is launched (#3789)

* chore(deps): bump github.com/projectdiscovery/fastdialer from 0.0.26 to 0.0.28 in /v2 (#3779)

* chore(deps): bump github.com/projectdiscovery/fastdialer in /v2

Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.26 to 0.0.28.
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.0.26...v0.0.28)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump retryabledns to 0.28

* Update the retryabledns

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>

* deprecatedProtocolNameTemplates concurrent map writes (#3785)

* deprecatedProtocolNameTemplates

* use syncLock

* fix lint error

* change version in deprecated warning msg

* comment asnmap expand unit test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>

* Issue 3339 headless fuzz (#3790)

* Basic headless fuzzing

* Remove debug statements

* Add integration tests

* Update template

* Fix recognize payload value in matcher

* Update tempalte

* use req.SetURL()

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Auto Generate Syntax Docs + JSONSchema [Fri Jun  9 00:23:32 UTC 2023] 🤖

* Add headless header and status matchers (#3794)

* add headless header and status matchers

* rename headers as header

* add integration test for header+status

* fix typo

* chore(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine (#3809)

Bumps golang from 1.20.4-alpine to 1.20.5-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/go-playground/validator/v10 in /v2 (#3810)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.2 to 10.14.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.11.2...v10.14.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/rawhttp in /v2 (#3811)

Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.11 to 0.1.13.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases)
- [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.11...v0.1.13)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 in /v2 (#3812)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3781)

Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.11 to 0.0.13.
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.11...v0.0.13)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Using safe dereferencing

* adding comment

* fixing and condition

* fixing test id

* adding integration test

* update goflags dependency

* update goflags dependency

* bump goflags v0.1.9 => v0.1.10

* handle failure matcher flags logic at executor itself

* add integration test to matcher status per request

* Adding random tls impersonate (#3844)

* adding random tls impersonate

* dep update

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>

* Use templateman enhance api to populate CVE info (#3788)

* use templateman enhance api to populate cve info

* rename cve-annotate => tmc
add additional flags to format, lint and enhance template using templateman apis

* minior changes

* remove duplicate code

* misc update

* Add validate and error log option

* print if updated

* print format and enhance only if updated

* make max-request optional

* fix reference unmarshal error

* fix removing self-contained tag

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>

* fix matcher status with network protocol

* fix test

* remove -msr flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
Co-authored-by: 三米前有蕉皮 <kali-team@qq.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2023-06-30 23:32:00 +05:30
Mzack9999
6f4b1ae48a
Replacing ccache with generic gcache (#3523) 
* Replacing ccache with generic gcache

* fixing lint issues

* removing unecessary hashing + using errorutils

* making test more tolerant

* removing dead code + refactor

* removing redundant code

* removing race

* maint

* moving code

* adding more iterations

* note + typo

* temporary fixing stop-at-first-match with interact

* wrapping internal map with mux

* sort before running integration test

* fix deadlock in requestShouldStopAtFirstMatch

* add timeout to integration_test workflow

* attempting to remove outer lock

* adds interactsh protocol tests in integration_test

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
 2023-04-16 23:19:35 +05:30
Keith Chason
4d96025bec
JSON Export Handling Updates (#3466) 
* Switch -json to -jsonl

* Add JSON output file

* Update docs for EN and ID

* Fix linting issue with error wrap

* Add -j flag

* Fix call for short flag

* Correct typo "Ciper" to "Cipher" (#3468)

* migrate dsl helper functions to dsl repo (#3461)

* migrate dsl pkg code to dsl repo

* fix lint error

* upgrade dsl dependency

* upgrade deps

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>

* chore(deps): bump github.com/projectdiscovery/httpx in /v2 (#3469)

Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.2.7 to 1.2.9.
- [Release notes](https://github.com/projectdiscovery/httpx/releases)
- [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml)
- [Commits](https://github.com/projectdiscovery/httpx/compare/v1.2.7...v1.2.9)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/httpx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/weppos/publicsuffix-go in /v2 (#3472)

Bumps [github.com/weppos/publicsuffix-go](https://github.com/weppos/publicsuffix-go) from 0.20.0 to 0.30.0.
- [Release notes](https://github.com/weppos/publicsuffix-go/releases)
- [Changelog](https://github.com/weppos/publicsuffix-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/weppos/publicsuffix-go/compare/v0.20.0...v0.30.0)

---
updated-dependencies:
- dependency-name: github.com/weppos/publicsuffix-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/wappalyzergo in /v2 (#3473)

Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.0.81 to 0.0.88.
- [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases)
- [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.0.81...v0.0.88)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/wappalyzergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/projectdiscovery/hmap in /v2 (#3470)

Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.10 to 0.0.11.
- [Release notes](https://github.com/projectdiscovery/hmap/releases)
- [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.10...v0.0.11)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/hmap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* debug catalog path

* use paths instead of filepath for aws path

* deps update (#3477)

* deps update

* fixing gologger via callback

* Moved `json-export` flag to the other exporters

* Switch "json[-_]exporter to jsonexporter"

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com>
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
 2023-03-31 15:29:29 +05:30
Tarun Koyalwar
f8c5a45966
add mkdir support in headless screenshot (#3457) 
* add mkdir support in headless screenshot

* use filepath to join paths

* print info when screenshot is saved

* change version to v2.9.1-dev

* minor fixings on windows path

---------

Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
 2023-03-24 00:44:32 +05:30
Mzack9999
4c0d988a67 reworking interact mutex mechanism 2023-03-17 14:41:16 +01:00
Tarun Koyalwar
c3771e874d
fix data race in internal resultevent (#3432) 2023-03-16 23:20:38 +05:30
Tarun Koyalwar
f646e00c3d
fix unsafe raw request matchedUrl (#3155) 
* fix unsafe raw request matchedurl

* quote metadata in CLI output
 2023-01-05 21:02:36 +05:30
shubhamrasal
1df878fdd2 add template path in json output 2022-12-27 20:02:48 +05:30
xm1k3
0e3be82c72
Resuming rewriting the output file contents, so previous data removed (#2890) 
* used OpenFile instead of Create()

* reverted to original mode

* fixes and resume flag added

* fix on noTimestapt var

* fix on flag

* better code refactoring

* fix on debug error

* code refactoring on file management
 2022-12-15 21:11:23 +05:30
Ice3man
514c6e2d1e
Added timestamp optional flag + user-agent to probing (#2962) 
* Added timestamp optional flag + user-agent to probing

* fix typo

* misc update

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
 2022-12-04 22:16:55 +05:30
vrenzolaverace
2aaf2a2158
Use utils helpers libraries (#2809) (#2810) 
* Use utils helpers libraries (#2809)

* Use utils helpers libraries (#2809)
 2022-11-07 01:54:23 +05:30
M. Ángel Jimeno
af4854f90d
output: fix WriteStoreDebugData file permissions (#2187) 
Fixes #2180
 2022-06-20 17:10:22 +05:30
Sami
fa369b728e
ssl protocol with ms flag crash (#2101) 
* crash with ssl protocol when used with ms flag fix

* added missing template info in case of failure
 2022-06-03 13:32:45 +05:30
Ice3man
a2947192e2
Added mutex to output writing (#1969) 2022-05-10 18:47:22 +05:30
Sami
301307bb77
Issue 1705 save responses on disk (#1727) 
* save response on disk

* lint error check

* store raw request/response

* lint error fix

* file path

* mock test fix

* readme update

* .txt extension

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-04-02 00:59:02 +05:30
mzack
1551feda5a temporary line calculation with multiple file read 
todo: replace with one pass scan via io.reader
 2022-02-23 23:32:25 +01:00
Ice3man
7d83d3f8c9
Added line number for file results + stats fixes (#1495) 
* Added line number for file results + stats fixes

* Misc

* Improved file result line calculation as per review

* Added new match-all attribute for file template matcher line count
 2022-02-10 15:59:05 +05:30
Ice3man
1581c96e4e
Added matched-status flag + template-path and url to output (#1272) 
* Added matched-status flag + template-path and url to output
 2021-11-22 17:53:25 +05:30
Alexey Zhuchkov
bccc8e921b Add test for output 2021-10-30 15:04:16 +03:00
Alexey Zhuchkov
b8ebbc27f5 Use io.WriteCloser in output writer 2021-10-30 14:28:30 +03:00
Alexey Zhuchkov
cd2db280bf Move output mutex to fileWriter 2021-10-30 14:28:30 +03:00
Alexey Zhuchkov
1eb0378952 Unwrap errors in json log output 2021-10-30 14:28:30 +03:00
Alexey Zhuchkov
933ed2429d Update json log request format 2021-10-30 14:28:30 +03:00
Alexey Zhuchkov
3f1186da2b Add error log support 2021-10-30 14:12:21 +03:00
sandeep
2b9bd7e9c3 Uniform JSON output 2021-10-19 01:26:21 +05:30
Ice3man
0e3c656103
Added curl command to http request report (#1107) 
* Added curl command to http request report
 2021-10-15 11:25:50 +03:00
forgedhallpass
c762cc88aa Merge remote-tracking branch 'origin/dev' into code_smells 2021-09-10 15:33:09 +03:00
Ice3man543
e683212bb8 Made irr default for reporting + misc on new fields 2021-09-09 18:53:55 +05:30
forgedhallpass
555e609173 Merge remote-tracking branch 'origin/dev' into code_smells 2021-09-07 17:36:34 +03:00
forgedhallpass
0ce33927c7 Typo fixes. 2021-09-07 17:31:46 +03:00
forgedhallpass
16a54e3b98 YAML Unmarshal error in reporting template #995 2021-09-03 16:48:39 +03:00
forgedhallpass
40d88d2304 In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 12:55:52 +03:00
Ice3man543
b7e3eec8db Don't show timestamp with no-timestamp flag 2021-08-27 19:12:06 +05:30
forgedhallpass
5d89bb8056 RES-84 # Improve Nuclei CLI interface 
* fixed issues reported by the linter
 2021-07-19 21:04:08 +03:00
forgedhallpass
2635c65ce2 RES-84 # Improve Nuclei CLI interface (WIP) 
* moved the Severity "enum" back to Nuclei (1 unit test failing)
 2021-07-16 17:28:13 +03:00
forgedhallpass
2c7d8befcb RES-84 # Improve Nuclei CLI interface (WIP) 
* Rename of Info.Severity -> Info.SeverityHolder, Info.Author -> Info.Authors to reflect the underlying data
* extended the IsEmpty(interface{}) to handle maps
 2021-07-13 11:12:03 +03:00
forgedhallpass
ed1dc103fe RES-84 # Improve Nuclei CLI interface (WIP) 
* Merge from parent

# Conflicts:
#	v2/cmd/nuclei/main.go
#	v2/internal/runner/config.go
#	v2/internal/runner/templates.go
#	v2/internal/runner/update.go
#	v2/pkg/templates/compile.go
#	v2/pkg/templates/compile_test.go
#	v2/pkg/types/types.go
 2021-07-12 17:20:01 +03:00
Ice3man543
3a1c7eb317 Fixed output praser 2021-07-06 21:15:40 +05:30
Ice3man543
fa9195eacb Lint issues fixes 2021-06-14 17:14:16 +05:30
Ice3man543
b99f028a66 Enrich file output sarif with correct file metadata 2021-06-06 15:52:13 +05:30
Ice3man543
abc7063339 Work on sarif integration start 2021-06-05 18:01:08 +05:30
Ice3man543
4c594627a9 Started work on interact.sh support 2021-04-16 16:56:41 +05:30
Ice3man
39d57ea509
Fixed various post v2.3.1 release bugs (#636) 
* Don't print timestamp with no metadata

* Fixed all templates running with some inputs

* Upgraded clistats to fix crash

* Fixed crash with ignored payload file

* Fixed stats counter issue for network templates
 2021-03-19 22:13:41 +05:30
Ice3man543
b193e2af0e Misc 2021-03-08 11:43:23 +05:30
Ice3man543
908889ccb5 Fixed expression parser + misc 2021-03-05 19:25:09 +05:30
Ice3man543
616ed342ed Misc 2021-02-26 14:45:48 +05:30