mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 05:35:27 +00:00
180 lines
6.3 KiB
Go
180 lines
6.3 KiB
Go
package engine
|
|
|
|
import "strings"
|
|
|
|
// ActionType defines the action type for a browser action
|
|
type ActionType int8
|
|
|
|
// Types to be executed by the user.
|
|
const (
|
|
// ActionNavigate performs a navigation to the specified URL
|
|
// URL can include nuclei payload data such as URL, Hostname, etc.
|
|
ActionNavigate ActionType = iota + 1
|
|
// ActionScript executes a JS snippet on the page.
|
|
ActionScript
|
|
// ActionClick performs the left-click action on an Element.
|
|
ActionClick
|
|
// ActionRightClick performs the right-click action on an Element.
|
|
ActionRightClick
|
|
// ActionTextInput performs an action for a text input
|
|
ActionTextInput
|
|
// ActionScreenshot performs the screenshot action writing to a file.
|
|
ActionScreenshot
|
|
// ActionTimeInput performs an action on a time input.
|
|
ActionTimeInput
|
|
// ActionSelectInput performs an action on a select input.
|
|
ActionSelectInput
|
|
// ActionFilesInput performs an action on a file input.
|
|
ActionFilesInput
|
|
// ActionWaitLoad waits for the page to stop loading.
|
|
ActionWaitLoad
|
|
// ActionGetResource performs a get resource action on an element
|
|
ActionGetResource
|
|
// ActionExtract performs an extraction on an element
|
|
ActionExtract
|
|
// ActionSetMethod sets the request method
|
|
ActionSetMethod
|
|
// ActionAddHeader adds a header to the request
|
|
ActionAddHeader
|
|
// ActionSetHeader sets a header in the request
|
|
ActionSetHeader
|
|
// ActionDeleteHeader deletes a header from the request
|
|
ActionDeleteHeader
|
|
// ActionSetBody sets the value of the request body
|
|
ActionSetBody
|
|
// ActionWaitEvent waits for a specific event.
|
|
ActionWaitEvent
|
|
// ActionKeyboard performs a keyboard action event on a page.
|
|
ActionKeyboard
|
|
// ActionDebug debug slows down headless and adds a sleep to each page.
|
|
ActionDebug
|
|
// ActionSleep executes a sleep for a specified duration
|
|
ActionSleep
|
|
)
|
|
|
|
// ActionStringToAction converts an action from string to internal representation
|
|
var ActionStringToAction = map[string]ActionType{
|
|
"navigate": ActionNavigate,
|
|
"script": ActionScript,
|
|
"click": ActionClick,
|
|
"rightclick": ActionRightClick,
|
|
"text": ActionTextInput,
|
|
"screenshot": ActionScreenshot,
|
|
"time": ActionTimeInput,
|
|
"select": ActionSelectInput,
|
|
"files": ActionFilesInput,
|
|
"waitload": ActionWaitLoad,
|
|
"getresource": ActionGetResource,
|
|
"extract": ActionExtract,
|
|
"setmethod": ActionSetMethod,
|
|
"addheader": ActionAddHeader,
|
|
"setheader": ActionSetHeader,
|
|
"deleteheader": ActionDeleteHeader,
|
|
"setbody": ActionSetBody,
|
|
"waitevent": ActionWaitEvent,
|
|
"keyboard": ActionKeyboard,
|
|
"debug": ActionDebug,
|
|
"sleep": ActionSleep,
|
|
}
|
|
|
|
// ActionToActionString converts an action from internal representation to string
|
|
var ActionToActionString = map[ActionType]string{
|
|
ActionNavigate: "navigate",
|
|
ActionScript: "script",
|
|
ActionClick: "click",
|
|
ActionRightClick: "rightclick",
|
|
ActionTextInput: "text",
|
|
ActionScreenshot: "screenshot",
|
|
ActionTimeInput: "time",
|
|
ActionSelectInput: "select",
|
|
ActionFilesInput: "files",
|
|
ActionWaitLoad: "waitload",
|
|
ActionGetResource: "getresource",
|
|
ActionExtract: "extract",
|
|
ActionSetMethod: "set-method",
|
|
ActionAddHeader: "addheader",
|
|
ActionSetHeader: "setheader",
|
|
ActionDeleteHeader: "deleteheader",
|
|
ActionSetBody: "setbody",
|
|
ActionWaitEvent: "waitevent",
|
|
ActionKeyboard: "keyboard",
|
|
ActionDebug: "debug",
|
|
ActionSleep: "sleep",
|
|
}
|
|
|
|
// Action is an action taken by the browser to reach a navigation
|
|
//
|
|
// Each step that the browser executes is an action. Most navigations
|
|
// usually start from the ActionLoadURL event, and further navigations
|
|
// are discovered on the found page. We also keep track and only
|
|
// scrape new navigation from pages we haven't crawled yet.
|
|
type Action struct {
|
|
// description:
|
|
// Args contain arguments for the headless action.
|
|
//
|
|
// Per action arguments are described in detail [here](https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/).
|
|
Data map[string]string `yaml:"args,omitempty" jsonschema:"title=arguments for headless action,description=Args contain arguments for the headless action"`
|
|
// description: |
|
|
// Name is the name assigned to the headless action.
|
|
//
|
|
// This can be used to execute code, for instance in browser
|
|
// DOM using script action, and get the result in a variable
|
|
// which can be matched upon by nuclei. An Example template [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml).
|
|
Name string `yaml:"name,omitempty" jsonschema:"title=name for headless action,description=Name is the name assigned to the headless action"`
|
|
// description: |
|
|
// Description is the optional description of the headless action
|
|
Description string `yaml:"description,omitempty" jsonschema:"title=description for headless action,description=Description of the headless action"`
|
|
// description: |
|
|
// Action is the type of the action to perform.
|
|
// values:
|
|
// - "navigate"
|
|
// - "script"
|
|
// - "click"
|
|
// - "rightclick"
|
|
// - "text"
|
|
// - "screenshot"
|
|
// - "time"
|
|
// - "select"
|
|
// - "files"
|
|
// - "waitload"
|
|
// - "getresource"
|
|
// - "extract"
|
|
// - "setmethod"
|
|
// - "addheader"
|
|
// - "setheader"
|
|
// - "deleteheader"
|
|
// - "setbody"
|
|
// - "waitevent"
|
|
// - "keyboard"
|
|
// - "debug"
|
|
// - "sleep"
|
|
ActionType string `yaml:"action" jsonschema:"title=action to perform,description=Type of actions to perform,enum=navigate,enum=script,enum=click,enum=rightclick,enum=text,enum=screenshot,enum=time,enum=select,enum=files,enum=waitload,enum=getresource,enum=extract,enum=setmethod,enum=addheader,enum=setheader,enum=deleteheader,enum=setbody,enum=waitevent,enum=keyboard,enum=debug,enum=sleep"`
|
|
}
|
|
|
|
// String returns the string representation of an action
|
|
func (a *Action) String() string {
|
|
builder := &strings.Builder{}
|
|
builder.WriteString(a.ActionType)
|
|
if a.Name != "" {
|
|
builder.WriteString(" Name:")
|
|
builder.WriteString(a.Name)
|
|
}
|
|
builder.WriteString(" ")
|
|
for k, v := range a.Data {
|
|
builder.WriteString(k)
|
|
builder.WriteString(":")
|
|
builder.WriteString(v)
|
|
builder.WriteString(",")
|
|
}
|
|
return strings.TrimSuffix(builder.String(), ",")
|
|
}
|
|
|
|
// GetArg returns an arg for a name
|
|
func (a *Action) GetArg(name string) string {
|
|
v, ok := a.Data[name]
|
|
if !ok {
|
|
return ""
|
|
}
|
|
return v
|
|
}
|