mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 02:25:25 +00:00
a7fb15d0bd
* Adding support for code templates * adding support for python, powershell and echo (test) * removing debug code * introducing command + trivial trust store mechanism * updating tests * adding basic tests * removing deprecated oracle * mod tidy * adding signature proto with debug prints * removing debug code * fixing test * fixing param order * improving test conditional build * disable file+offlinehttp+code with cloud * adding env vars * removing debug code * reorganizing test folders * adding code template test prototype with dummy priv/pub keys * bump go to 1.20 * fixing go version * fixing lint errors * adding fatal on pub-key test failure * switching to ecdsa asn1 * removing unused signature * fixing signature * adding more tests * extending core with engine args + powershell win test * adding unsigned code test * skip template signing in particular test case * improving test coverage * refactoring key names + adding already signed algo * removing debug code * fixing syntax * fixing lint issues * removing test template * fixing dns tests path * output fmt * adding interact * fixing lint issues * adding -sign cli helper * fixing nil pointer + parse inline keys * making rsa default * adding code prot. ref * moving file to correct loc * moving test * Issue 3339 headless fuzz (#3790) * Basic headless fuzzing * Remove debug statements * Add integration tests * Update template * Fix recognize payload value in matcher * Update tempalte * use req.SetURL() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * Auto Generate Syntax Docs + JSONSchema [Fri Jun 9 00:23:32 UTC 2023] 🤖 * Add headless header and status matchers (#3794) * add headless header and status matchers * rename headers as header * add integration test for header+status * fix typo * add retry to py-interactsh integration test --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
135 lines
4.4 KiB
Go
135 lines
4.4 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/logrusorgru/aurora"
|
|
"github.com/pkg/errors"
|
|
"github.com/projectdiscovery/goflags"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/disk"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/core"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/core/inputs"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/output"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/parsers"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/contextargs"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/hosterrorscache"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/types"
|
|
"github.com/projectdiscovery/ratelimit"
|
|
)
|
|
|
|
var libraryTestcases = map[string]testutils.TestCase{
|
|
"library/test.yaml": &goIntegrationTest{},
|
|
"library/test.json": &goIntegrationTest{},
|
|
}
|
|
|
|
type goIntegrationTest struct{}
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
//
|
|
// Execute the docs at ../DESIGN.md if the code stops working for integration.
|
|
func (h *goIntegrationTest) Execute(templatePath string) error {
|
|
router := httprouter.New()
|
|
|
|
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
fmt.Fprintf(w, "This is test matcher text")
|
|
if strings.EqualFold(r.Header.Get("test"), "nuclei") {
|
|
fmt.Fprintf(w, "This is test headers matcher text")
|
|
}
|
|
})
|
|
ts := httptest.NewServer(router)
|
|
defer ts.Close()
|
|
|
|
results, err := executeNucleiAsLibrary(templatePath, ts.URL)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 1)
|
|
}
|
|
|
|
// executeNucleiAsLibrary contains an example
|
|
func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error) {
|
|
cache := hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount, nil)
|
|
defer cache.Close()
|
|
|
|
mockProgress := &testutils.MockProgressClient{}
|
|
reportingClient, err := reporting.New(&reporting.Options{}, "")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer reportingClient.Close()
|
|
|
|
outputWriter := testutils.NewMockOutputWriter()
|
|
var results []string
|
|
outputWriter.WriteCallback = func(event *output.ResultEvent) {
|
|
results = append(results, fmt.Sprintf("%v\n", event))
|
|
}
|
|
|
|
defaultOpts := types.DefaultOptions()
|
|
_ = protocolstate.Init(defaultOpts)
|
|
_ = protocolinit.Init(defaultOpts)
|
|
|
|
defaultOpts.Templates = goflags.StringSlice{templatePath}
|
|
defaultOpts.ExcludeTags = config.ReadIgnoreFile().Tags
|
|
|
|
interactOpts := interactsh.DefaultOptions(outputWriter, reportingClient, mockProgress)
|
|
interactClient, err := interactsh.New(interactOpts)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create interact client")
|
|
}
|
|
defer interactClient.Close()
|
|
|
|
home, _ := os.UserHomeDir()
|
|
catalog := disk.NewCatalog(path.Join(home, "nuclei-templates"))
|
|
ratelimiter := ratelimit.New(context.Background(), 150, time.Second)
|
|
defer ratelimiter.Stop()
|
|
executerOpts := protocols.ExecutorOptions{
|
|
Output: outputWriter,
|
|
Options: defaultOpts,
|
|
Progress: mockProgress,
|
|
Catalog: catalog,
|
|
IssuesClient: reportingClient,
|
|
RateLimiter: ratelimiter,
|
|
Interactsh: interactClient,
|
|
HostErrorsCache: cache,
|
|
Colorizer: aurora.NewAurora(true),
|
|
ResumeCfg: types.NewResumeCfg(),
|
|
}
|
|
engine := core.New(defaultOpts)
|
|
engine.SetExecuterOptions(executerOpts)
|
|
|
|
workflowLoader, err := parsers.NewLoader(&executerOpts)
|
|
if err != nil {
|
|
log.Fatalf("Could not create workflow loader: %s\n", err)
|
|
}
|
|
executerOpts.WorkflowLoader = workflowLoader
|
|
|
|
store, err := loader.New(loader.NewConfig(defaultOpts, catalog, executerOpts))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create loader")
|
|
}
|
|
store.Load()
|
|
|
|
input := &inputs.SimpleInputProvider{Inputs: []*contextargs.MetaInput{{Input: templateURL}}}
|
|
_ = engine.Execute(store.Templates(), input)
|
|
engine.WorkPool().Wait() // Wait for the scan to finish
|
|
|
|
return results, nil
|
|
}
|