From d742e55c3f7deae42ab006da09b3d810c8316cb0 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 7 Apr 2024 22:03:32 +0000 Subject: [PATCH] Auto Generate Syntax Docs + JSONSchema [Sun Apr 7 22:03:32 UTC 2024] :robot: --- nuclei-jsonschema.json | 1875 ++++++++++++++++++++++++++++++---------- 1 file changed, 1397 insertions(+), 478 deletions(-) diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index 0f4c2a8f6..9e14e531e 100644 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -1,77 +1,269 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://template", - "$ref": "#/$defs/Template", + "$id": "https://templates.-template", + "$ref": "#/$defs/templates.Template", "$defs": { - "AttackTypeHolder": { + "code.Request": { "properties": { - "Value": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Value" - ] - }, - "Classification": { - "properties": { - "cve-id": { - "$ref": "#/$defs/StringOrSlice", - "title": "cve ids for the template", - "description": "CVE IDs for the template" + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" }, - "cwe-id": { - "$ref": "#/$defs/StringOrSlice", - "title": "cwe ids for the template", - "description": "CWE IDs for the template" + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" }, - "cvss-metrics": { + "matchers-condition": { "type": "string", - "title": "cvss metrics for the template", - "description": "CVSS Metrics for the template", - "examples": [ - "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - ] + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" }, - "cvss-score": { - "type": "number", - "title": "cvss score for the template", - "description": "CVSS Score for the template", - "examples": [ - 9.8 - ] - }, - "epss-score": { - "type": "number", - "title": "epss score for the template", - "description": "EPSS Score for the template", - "examples": [ - 0.42509 - ] - }, - "epss-percentile": { - "type": "number", - "title": "epss percentile for the template", - "description": "EPSS Percentile for the template", - "examples": [ - 0.42509 - ] - }, - "cpe": { + "id": { "type": "string", - "title": "cpe for the template", - "description": "CPE for the template", - "examples": [ - "cpe:/a:vendor:product:version" - ] + "title": "id of the request", + "description": "ID is the optional ID of the Request" + }, + "engine": { + "items": { + "type": "string" + }, + "type": "array", + "title": "engine", + "description": "Engine" + }, + "pre-condition": { + "type": "string", + "title": "pre-condition for the request", + "description": "PreCondition is a condition which is evaluated before sending the request" + }, + "args": { + "items": { + "type": "string" + }, + "type": "array", + "title": "args", + "description": "Args" + }, + "pattern": { + "type": "string", + "title": "pattern", + "description": "Pattern" + }, + "source": { + "type": "string", + "title": "source file/snippet", + "description": "Source snippet" } }, "additionalProperties": false, "type": "object" }, - "Extractor": { + "dns.DNSRequestTypeHolder": { + "type": "string", + "enum": [ + "A", + "NS", + "DS", + "CNAME", + "SOA", + "PTR", + "MX", + "TXT", + "AAAA", + "CAA", + "TLSA", + "ANY" + ], + "title": "type of DNS request to make", + "description": "Type is the type of DNS request to make" + }, + "dns.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the dns request", + "description": "ID is the optional ID of the DNS Request" + }, + "name": { + "type": "string", + "title": "hostname to make dns request for", + "description": "Name is the Hostname to make DNS request for" + }, + "type": { + "$ref": "#/$defs/dns.DNSRequestTypeHolder", + "title": "type of dns request to make", + "description": "Type is the type of DNS request to make" + }, + "class": { + "type": "string", + "enum": [ + "inet", + "csnet", + "chaos", + "hesiod", + "none", + "any" + ], + "title": "class of DNS request", + "description": "Class is the class of the DNS request" + }, + "retries": { + "type": "integer", + "title": "retries for dns request", + "description": "Retries is the number of retries for the DNS request" + }, + "trace": { + "type": "boolean", + "title": "trace operation", + "description": "Trace performs a trace operation for the target." + }, + "trace-max-recursion": { + "type": "integer", + "title": "trace-max-recursion level for dns request", + "description": "TraceMaxRecursion is the number of max recursion allowed for trace operations" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the network request", + "description": "Payloads contains any payloads for the current request" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "recursion": { + "type": "boolean", + "title": "recurse all servers", + "description": "Recursion determines if resolver should recurse all records to get fresh results" + }, + "resolvers": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Resolvers", + "description": "Define resolvers to use within the template" + } + }, + "additionalProperties": false, + "type": "object" + }, + "engine.Action": { + "properties": { + "args": { + "patternProperties": { + ".*": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + }, + "title": "arguments for headless action", + "description": "Args contain arguments for the headless action" + }, + "name": { + "type": "string", + "title": "name for headless action", + "description": "Name is the name assigned to the headless action" + }, + "description": { + "type": "string", + "title": "description for headless action", + "description": "Description of the headless action" + }, + "action": { + "$ref": "#/$defs/engine.ActionTypeHolder", + "title": "action to perform", + "description": "Type of actions to perform" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "action" + ] + }, + "engine.ActionTypeHolder": { + "type": "string", + "enum": [ + "navigate", + "script", + "click", + "rightclick", + "text", + "screenshot", + "time", + "select", + "files", + "waitload", + "getresource", + "extract", + "setmethod", + "addheader", + "setheader", + "deleteheader", + "setbody", + "waitevent", + "keyboard", + "debug", + "sleep", + "waitvisible" + ], + "title": "action to perform", + "description": "Type of actions to perform" + }, + "extractors.Extractor": { "properties": { "name": { "type": "string", @@ -79,7 +271,7 @@ "description": "Name of the extractor" }, "type": { - "$ref": "#/$defs/ExtractorTypeHolder" + "$ref": "#/$defs/extractors.ExtractorTypeHolder" }, "regex": { "items": { @@ -153,132 +345,627 @@ "type" ] }, - "ExtractorTypeHolder": { - "properties": { - "ExtractorType": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "ExtractorType" - ] - }, - "HTTPMethodTypeHolder": { - "properties": { - "MethodType": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "MethodType" - ] - }, - "Holder": { + "extractors.ExtractorTypeHolder": { "type": "string", "enum": [ - "info", - "low", - "medium", - "high", - "critical", - "unknown" + "regex", + "kval", + "xpath", + "json", + "dsl" ], - "title": "severity of the template", - "description": "Seriousness of the implications of the template" + "title": "type of the extractor", + "description": "Type of the extractor" }, - "Info": { + "file.Request": { "properties": { - "name": { - "type": "string", - "title": "name of the template", - "description": "Name is a short summary of what the template does", - "examples": [ - "Nagios Default Credentials Check" - ] + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" }, - "author": { - "$ref": "#/$defs/StringOrSlice", - "oneOf": [ - { - "type": "string", - "examples": [ - "pdteam" - ] - }, - { - "type": "array", - "examples": [ - "pdteam,mr.robot" - ] - } + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" ], - "title": "author of the template", - "description": "Author is the author of the template" + "title": "condition between the matchers", + "description": "Conditions between the matchers" }, - "tags": { - "$ref": "#/$defs/StringOrSlice", - "title": "tags of the template", - "description": "Any tags for the template" + "extensions": { + "items": { + "type": "string" + }, + "type": "array", + "title": "extensions to match", + "description": "List of extensions to perform matching on" }, - "description": { + "denylist": { + "items": { + "type": "string" + }, + "type": "array", + "title": "denylist", + "description": "List of files" + }, + "id": { "type": "string", - "title": "description of the template", - "description": "In-depth explanation on what the template does", - "examples": [ - "Bower is a package manager which stores package information in the bower.json file" - ] + "title": "id of the request", + "description": "ID is the optional ID for the request" }, - "impact": { + "max-size": { "type": "string", - "title": "impact of the template", - "description": "In-depth explanation on the impact of the issue found by the template", - "examples": [ - "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries" - ] + "title": "max size data to run request on", + "description": "Maximum size of the file to run request on" }, - "reference": { - "$ref": "#/$defs/StringOrSlice", - "title": "references for the template", - "description": "Links relevant to the template" + "archive": { + "type": "boolean", + "title": "enable archives", + "description": "Process compressed archives without unpacking" }, - "severity": { - "$ref": "#/$defs/Holder" + "mime-type": { + "type": "boolean", + "title": "enable filtering by mime-type", + "description": "Filter files by mime-type" }, - "metadata": { - "type": "object", - "title": "additional metadata for the template", - "description": "Additional metadata fields for the template" - }, - "classification": { - "$ref": "#/$defs/Classification", - "type": "object", - "title": "classification info for the template", - "description": "Classification information for the template" - }, - "remediation": { - "type": "string", - "title": "remediation steps for the template", - "description": "In-depth explanation on how to fix the issues found by the template", - "examples": [ - "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties" - ] + "no-recursive": { + "type": "boolean", + "title": "do not perform recursion", + "description": "Specifies whether to not do recursive checks if folders are provided" } }, "additionalProperties": false, - "type": "object", - "required": [ - "name", - "author" - ] + "type": "object" }, - "Matcher": { + "fuzz.Rule": { "properties": { "type": { - "$ref": "#/$defs/MatcherTypeHolder", + "type": "string", + "enum": [ + "replace", + "prefix", + "postfix", + "infix", + "replace-regex" + ], + "title": "type of rule", + "description": "Type of fuzzing rule to perform" + }, + "part": { + "type": "string", + "enum": [ + "query", + "header", + "path", + "body", + "cookie", + "request" + ], + "title": "part of rule", + "description": "Part of request rule to fuzz" + }, + "mode": { + "type": "string", + "enum": [ + "single", + "multiple" + ], + "title": "mode of rule", + "description": "Mode of request rule to fuzz" + }, + "keys": { + "items": { + "type": "string" + }, + "type": "array", + "title": "keys of parameters to fuzz", + "description": "Keys of parameters to fuzz" + }, + "keys-regex": { + "items": { + "type": "string" + }, + "type": "array", + "title": "keys regex to fuzz", + "description": "Regex of parameter keys to fuzz" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "title": "values regex to fuzz", + "description": "Regex of parameter values to fuzz" + }, + "fuzz": { + "$ref": "#/$defs/fuzz.SliceOrMapSlice", + "title": "payloads of fuzz rule", + "description": "Payloads to perform fuzzing substitutions with" + }, + "replace-regex": { + "type": "string", + "title": "replace regex of rule", + "description": "Regex for regex-replace rule type" + } + }, + "additionalProperties": false, + "type": "object" + }, + "fuzz.SliceOrMapSlice": { + "items": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] + }, + "type": "array", + "title": "Payloads of Fuzz Rule", + "description": "Payloads to perform fuzzing substitutions with." + }, + "generators.AttackTypeHolder": { + "type": "string", + "enum": [ + "batteringram", + "pitchfork", + "clusterbomb" + ], + "title": "type of the attack", + "description": "Type of the attack" + }, + "headless.Request": { + "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "Optional ID of the headless request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the headless request", + "description": "Payloads contains any payloads for the current request" + }, + "steps": { + "items": { + "$ref": "#/$defs/engine.Action" + }, + "type": "array", + "title": "list of actions for headless request", + "description": "List of actions to run for headless request" + }, + "user_agent": { + "$ref": "#/$defs/userAgent.UserAgentHolder", + "title": "user agent for the headless request", + "description": "User agent for the headless request" + }, + "custom_user_agent": { + "type": "string", + "title": "custom user agent for the headless request", + "description": "Custom user agent for the headless request" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "fuzzing": { + "items": { + "$ref": "#/$defs/fuzz.Rule" + }, + "type": "array", + "title": "fuzzin rules for http fuzzing", + "description": "Fuzzing describes rule schema to fuzz headless requests" + }, + "cookie-reuse": { + "type": "boolean", + "title": "optional cookie reuse enable", + "description": "Optional setting that enables cookie reuse" + }, + "disable-cookie": { + "type": "boolean", + "title": "optional disable cookie reuse", + "description": "Optional setting that disables cookie reuse" + } + }, + "additionalProperties": false, + "type": "object" + }, + "http.HTTPMethodTypeHolder": { + "type": "string", + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH", + "PURGE", + "DEBUG" + ], + "title": "method is the HTTP request method", + "description": "Method is the HTTP Request Method" + }, + "http.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "path": { + "items": { + "type": "string" + }, + "type": "array", + "title": "path(s) for the http request", + "description": "Path(s) to send http requests to" + }, + "raw": { + "items": { + "type": "string" + }, + "type": "array", + "description": "HTTP Requests in Raw Format" + }, + "id": { + "type": "string", + "title": "id for the http request", + "description": "ID for the HTTP Request" + }, + "name": { + "type": "string", + "title": "name for the http request", + "description": "Optional name for the HTTP Request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "method": { + "$ref": "#/$defs/http.HTTPMethodTypeHolder", + "title": "method is the http request method", + "description": "Method is the HTTP Request Method" + }, + "body": { + "type": "string", + "title": "body is the http request body", + "description": "Body is an optional parameter which contains HTTP Request body" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the http request", + "description": "Payloads contains any payloads for the current request" + }, + "headers": { + "patternProperties": { + ".*": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + }, + { + "type": "boolean" + } + ] + } + }, + "title": "headers to send with the http request", + "description": "Headers contains HTTP Headers to send with the request" + }, + "race_count": { + "type": "integer", + "title": "number of times to repeat request in race condition", + "description": "Number of times to send a request in Race Condition Attack" + }, + "max-redirects": { + "type": "integer", + "title": "maximum number of redirects to follow", + "description": "Maximum number of redirects that should be followed" + }, + "pipeline-concurrent-connections": { + "type": "integer", + "title": "number of pipelining connections", + "description": "Number of connections to create during pipelining" + }, + "pipeline-requests-per-connection": { + "type": "integer", + "title": "number of requests to send per pipelining connections", + "description": "Number of requests to send per connection when pipelining" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "max-size": { + "type": "integer", + "title": "maximum http response body size", + "description": "Maximum size of http response body to read in bytes" + }, + "fuzzing": { + "items": { + "$ref": "#/$defs/fuzz.Rule" + }, + "type": "array", + "title": "fuzzin rules for http fuzzing", + "description": "Fuzzing describes rule schema to fuzz http requests" + }, + "self-contained": { + "type": "boolean" + }, + "signature": { + "$ref": "#/$defs/http.SignatureTypeHolder", + "title": "signature is the http request signature method", + "description": "Signature is the HTTP Request signature Method" + }, + "cookie-reuse": { + "type": "boolean", + "title": "optional cookie reuse enable", + "description": "Optional setting that enables cookie reuse" + }, + "disable-cookie": { + "type": "boolean", + "title": "optional disable cookie reuse", + "description": "Optional setting that disables cookie reuse" + }, + "read-all": { + "type": "boolean", + "title": "force read all body", + "description": "Enables force reading of entire unsafe http request body" + }, + "redirects": { + "type": "boolean", + "title": "follow http redirects", + "description": "Specifies whether redirects should be followed by the HTTP Client" + }, + "host-redirects": { + "type": "boolean", + "title": "follow same host http redirects", + "description": "Specifies whether redirects to the same host should be followed by the HTTP Client" + }, + "pipeline": { + "type": "boolean", + "title": "perform HTTP 1.1 pipelining", + "description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + }, + "unsafe": { + "type": "boolean", + "title": "use rawhttp non-strict-rfc client", + "description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests" + }, + "race": { + "type": "boolean", + "title": "perform race-http request coordination attack", + "description": "Race determines if all the request have to be attempted at the same time (Race Condition)" + }, + "req-condition": { + "type": "boolean", + "title": "preserve request history", + "description": "Automatically assigns numbers to requests and preserves their history" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "skip-variables-check": { + "type": "boolean", + "title": "skip variable checks", + "description": "Skips the check for unresolved variables in request" + }, + "iterate-all": { + "type": "boolean", + "title": "iterate all the values", + "description": "Iterates all the values extracted from internal extractors" + }, + "digest-username": { + "type": "string", + "title": "specifies the username for digest authentication", + "description": "Optional parameter which specifies the username for digest auth" + }, + "digest-password": { + "type": "string", + "title": "specifies the password for digest authentication", + "description": "Optional parameter which specifies the password for digest auth" + }, + "disable-path-automerge": { + "type": "boolean", + "title": "disable auto merging of path", + "description": "Disable merging target url path with raw request path" + }, + "pre-condition": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "pre-condition for fuzzing/dast", + "description": "PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" + }, + "pre-condition-operator": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the filters", + "description": "Operator to use between multiple per-conditions" + } + }, + "additionalProperties": false, + "type": "object" + }, + "http.SignatureTypeHolder": { + "type": "string", + "enum": [ + "AWS" + ], + "title": "type of the signature", + "description": "Type of the signature" + }, + "javascript.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID is the optional ID of the Request" + }, + "init": { + "type": "string", + "title": "init javascript code", + "description": "Init is the javascript code to execute after compiling template" + }, + "pre-condition": { + "type": "string", + "title": "pre-condition for the request", + "description": "PreCondition is a condition which is evaluated before sending the request" + }, + "args": { + "$ref": "#/$defs/map[string]interface {}" + }, + "code": { + "type": "string", + "title": "code to execute in javascript", + "description": "Executes inline javascript code for the request" + }, + "timeout": { + "type": "integer", + "title": "timeout for javascript execution", + "description": "Timeout in seconds is optional timeout for entire javascript script execution" + }, + "stop-at-first-match": { + "type": "boolean", + "title": "stop at first match", + "description": "Stop the execution after a match is found" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the webosocket request", + "description": "Payloads contains any payloads for the current request" + } + }, + "additionalProperties": false, + "type": "object" + }, + "map[string]interface {}": { + "type": "object" + }, + "map[string]string": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "matchers.Matcher": { + "properties": { + "type": { + "$ref": "#/$defs/matchers.MatcherTypeHolder", "title": "type of matcher", "description": "Type of the matcher" }, @@ -392,28 +1079,272 @@ "type" ] }, - "MatcherTypeHolder": { + "matchers.MatcherTypeHolder": { + "type": "string", + "enum": [ + "word", + "regex", + "binary", + "status", + "size", + "dsl", + "xpath" + ], + "title": "type of the matcher", + "description": "Type of the matcher" + }, + "model.Classification": { "properties": { - "MatcherType": { - "type": "integer" + "cve-id": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "cve ids for the template", + "description": "CVE IDs for the template" + }, + "cwe-id": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "cwe ids for the template", + "description": "CWE IDs for the template" + }, + "cvss-metrics": { + "type": "string", + "title": "cvss metrics for the template", + "description": "CVSS Metrics for the template", + "examples": [ + "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + ] + }, + "cvss-score": { + "type": "number", + "title": "cvss score for the template", + "description": "CVSS Score for the template", + "examples": [ + 9.8 + ] + }, + "epss-score": { + "type": "number", + "title": "epss score for the template", + "description": "EPSS Score for the template", + "examples": [ + 0.42509 + ] + }, + "epss-percentile": { + "type": "number", + "title": "epss percentile for the template", + "description": "EPSS Percentile for the template", + "examples": [ + 0.42509 + ] + }, + "cpe": { + "type": "string", + "title": "cpe for the template", + "description": "CPE for the template", + "examples": [ + "cpe:/a:vendor:product:version" + ] + } + }, + "additionalProperties": false, + "type": "object" + }, + "model.Info": { + "properties": { + "name": { + "type": "string", + "title": "name of the template", + "description": "Name is a short summary of what the template does", + "examples": [ + "Nagios Default Credentials Check" + ] + }, + "author": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "oneOf": [ + { + "type": "string", + "examples": [ + "pdteam" + ] + }, + { + "type": "array", + "examples": [ + "pdteam,mr.robot" + ] + } + ], + "title": "author of the template", + "description": "Author is the author of the template" + }, + "tags": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "tags of the template", + "description": "Any tags for the template" + }, + "description": { + "type": "string", + "title": "description of the template", + "description": "In-depth explanation on what the template does", + "examples": [ + "Bower is a package manager which stores package information in the bower.json file" + ] + }, + "impact": { + "type": "string", + "title": "impact of the template", + "description": "In-depth explanation on the impact of the issue found by the template", + "examples": [ + "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries" + ] + }, + "reference": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "references for the template", + "description": "Links relevant to the template" + }, + "severity": { + "$ref": "#/$defs/severity.Holder" + }, + "metadata": { + "$ref": "#/$defs/map[string]interface {}", + "type": "object", + "title": "additional metadata for the template", + "description": "Additional metadata fields for the template" + }, + "classification": { + "$ref": "#/$defs/model.Classification", + "type": "object", + "title": "classification info for the template", + "description": "Classification information for the template" + }, + "remediation": { + "type": "string", + "title": "remediation steps for the template", + "description": "In-depth explanation on how to fix the issues found by the template", + "examples": [ + "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties" + ] } }, "additionalProperties": false, "type": "object", "required": [ - "MatcherType" + "name", + "author" ] }, - "OrderedMap[string,string]": { - "properties": {}, + "network.Input": { + "properties": { + "data": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "data to send as input", + "description": "Data is the data to send as the input" + }, + "type": { + "$ref": "#/$defs/network.NetworkInputTypeHolder", + "title": "type is the type of input data", + "description": "Type of input specified in data field" + }, + "read": { + "type": "integer", + "title": "bytes to read from socket", + "description": "Number of bytes to read from socket" + }, + "name": { + "type": "string", + "title": "optional name for data read", + "description": "Optional name of the data read to provide matching on" + } + }, "additionalProperties": false, "type": "object" }, - "Request": { + "network.NetworkInputTypeHolder": { + "type": "string", + "enum": [ + "hex", + "text" + ], + "title": "type is the type of input data", + "description": "description=Type of input specified in data field" + }, + "network.Request": { "properties": { + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "host": { + "items": { + "type": "string" + }, + "type": "array", + "title": "host to send requests to", + "description": "Host to send network requests to" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the network request", + "description": "Payloads contains any payloads for the current request" + }, + "threads": { + "type": "integer", + "title": "threads for sending requests", + "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" + }, + "inputs": { + "items": { + "$ref": "#/$defs/network.Input" + }, + "type": "array", + "title": "inputs for the network request", + "description": "Inputs contains any input/output for the current request" + }, + "port": { + "oneOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ], + "title": "port to send requests to", + "description": "Port to send network requests to" + }, + "exclude-ports": { + "type": "string", + "title": "exclude ports from being scanned", + "description": "Exclude ports from being scanned" + }, + "read-size": { + "type": "integer", + "title": "size of network response to read", + "description": "Size of response to read at the end. Default is 1024 bytes" + }, + "read-all": { + "type": "boolean", + "title": "read all response stream", + "description": "Read all response stream till the server stops sending" + }, "matchers": { "items": { - "$ref": "#/$defs/Matcher" + "$ref": "#/$defs/matchers.Matcher" }, "type": "array", "title": "matchers to run on response", @@ -421,7 +1352,51 @@ }, "extractors": { "items": { - "$ref": "#/$defs/Extractor" + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + } + }, + "additionalProperties": false, + "type": "object" + }, + "severity.Holder": { + "type": "string", + "enum": [ + "info", + "low", + "medium", + "high", + "critical", + "unknown" + ], + "title": "severity of the template", + "description": "Seriousness of the implications of the template" + }, + "ssl.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" }, "type": "array", "title": "extractors to run on response", @@ -436,307 +1411,85 @@ "title": "condition between the matchers", "description": "Conditions between the matchers" }, - "path": { - "items": { - "type": "string" - }, - "type": "array", - "title": "path(s) for the http request", - "description": "Path(s) to send http requests to" - }, - "raw": { - "items": { - "type": "string" - }, - "type": "array", - "description": "HTTP Requests in Raw Format" - }, "id": { "type": "string", - "title": "id for the http request", - "description": "ID for the HTTP Request" + "title": "id of the request", + "description": "ID of the request" }, - "name": { + "address": { "type": "string", - "title": "name for the http request", - "description": "Optional name for the HTTP Request" + "title": "address for the ssl request", + "description": "Address contains address for the request" }, - "attack": { - "$ref": "#/$defs/AttackTypeHolder", - "title": "attack is the payload combination", - "description": "Attack is the type of payload combinations to perform" - }, - "method": { - "$ref": "#/$defs/HTTPMethodTypeHolder", - "title": "method is the http request method", - "description": "Method is the HTTP Request Method" - }, - "body": { - "type": "string", - "title": "body is the http request body", - "description": "Body is an optional parameter which contains HTTP Request body" - }, - "payloads": { - "type": "object", - "title": "payloads for the http request", - "description": "Payloads contains any payloads for the current request" - }, - "headers": { - "additionalProperties": { - "type": "string" - }, - "type": "object", - "title": "headers to send with the http request", - "description": "Headers contains HTTP Headers to send with the request" - }, - "race_count": { - "type": "integer", - "title": "number of times to repeat request in race condition", - "description": "Number of times to send a request in Race Condition Attack" - }, - "max-redirects": { - "type": "integer", - "title": "maximum number of redirects to follow", - "description": "Maximum number of redirects that should be followed" - }, - "pipeline-concurrent-connections": { - "type": "integer", - "title": "number of pipelining connections", - "description": "Number of connections to create during pipelining" - }, - "pipeline-requests-per-connection": { - "type": "integer", - "title": "number of requests to send per pipelining connections", - "description": "Number of requests to send per connection when pipelining" - }, - "threads": { - "type": "integer", - "title": "threads for sending requests", - "description": "Threads specifies number of threads to use sending requests. This enables Connection Pooling" - }, - "max-size": { - "type": "integer", - "title": "maximum http response body size", - "description": "Maximum size of http response body to read in bytes" - }, - "fuzzing": { - "items": { - "$ref": "#/$defs/Rule" - }, - "type": "array", - "title": "fuzzin rules for http fuzzing", - "description": "Fuzzing describes rule schema to fuzz http requests" - }, - "self-contained": { - "type": "boolean" - }, - "signature": { - "$ref": "#/$defs/SignatureTypeHolder", - "title": "signature is the http request signature method", - "description": "Signature is the HTTP Request signature Method" - }, - "cookie-reuse": { - "type": "boolean", - "title": "optional cookie reuse enable", - "description": "Optional setting that enables cookie reuse" - }, - "disable-cookie": { - "type": "boolean", - "title": "optional disable cookie reuse", - "description": "Optional setting that disables cookie reuse" - }, - "read-all": { - "type": "boolean", - "title": "force read all body", - "description": "Enables force reading of entire unsafe http request body" - }, - "redirects": { - "type": "boolean", - "title": "follow http redirects", - "description": "Specifies whether redirects should be followed by the HTTP Client" - }, - "host-redirects": { - "type": "boolean", - "title": "follow same host http redirects", - "description": "Specifies whether redirects to the same host should be followed by the HTTP Client" - }, - "pipeline": { - "type": "boolean", - "title": "perform HTTP 1.1 pipelining", - "description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" - }, - "unsafe": { - "type": "boolean", - "title": "use rawhttp non-strict-rfc client", - "description": "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests" - }, - "race": { - "type": "boolean", - "title": "perform race-http request coordination attack", - "description": "Race determines if all the request have to be attempted at the same time (Race Condition)" - }, - "req-condition": { - "type": "boolean", - "title": "preserve request history", - "description": "Automatically assigns numbers to requests and preserves their history" - }, - "stop-at-first-match": { - "type": "boolean", - "title": "stop at first match", - "description": "Stop the execution after a match is found" - }, - "skip-variables-check": { - "type": "boolean", - "title": "skip variable checks", - "description": "Skips the check for unresolved variables in request" - }, - "iterate-all": { - "type": "boolean", - "title": "iterate all the values", - "description": "Iterates all the values extracted from internal extractors" - }, - "digest-username": { - "type": "string", - "title": "specifies the username for digest authentication", - "description": "Optional parameter which specifies the username for digest auth" - }, - "digest-password": { - "type": "string", - "title": "specifies the password for digest authentication", - "description": "Optional parameter which specifies the password for digest auth" - }, - "disable-path-automerge": { - "type": "boolean", - "title": "disable auto merging of path", - "description": "Disable merging target url path with raw request path" - }, - "pre-condition": { - "items": { - "$ref": "#/$defs/Matcher" - }, - "type": "array", - "title": "pre-condition for fuzzing/dast", - "description": "PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" - }, - "pre-condition-operator": { + "min_version": { "type": "string", "enum": [ - "and", - "or" + "sslv3", + "tls10", + "tls11", + "tls12", + "tls13" ], - "title": "condition between the filters", - "description": "Operator to use between multiple per-conditions" - } - }, - "additionalProperties": false, - "type": "object" - }, - "Rule": { - "properties": { - "type": { + "title": "Min. TLS version", + "description": "Minimum tls version - automatic if not specified." + }, + "max_version": { "type": "string", "enum": [ - "replace", - "prefix", - "postfix", - "infix", - "replace-regex" + "sslv3", + "tls10", + "tls11", + "tls12", + "tls13" ], - "title": "type of rule", - "description": "Type of fuzzing rule to perform" + "title": "Max. TLS version", + "description": "Max tls version - automatic if not specified." }, - "part": { - "type": "string", - "enum": [ - "query", - "header", - "path", - "body", - "cookie", - "request" - ], - "title": "part of rule", - "description": "Part of request rule to fuzz" - }, - "mode": { - "type": "string", - "enum": [ - "single", - "multiple" - ], - "title": "mode of rule", - "description": "Mode of request rule to fuzz" - }, - "keys": { - "items": { - "type": "string" - }, - "type": "array", - "title": "keys of parameters to fuzz", - "description": "Keys of parameters to fuzz" - }, - "keys-regex": { - "items": { - "type": "string" - }, - "type": "array", - "title": "keys regex to fuzz", - "description": "Regex of parameter keys to fuzz" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array", - "title": "values regex to fuzz", - "description": "Regex of parameter values to fuzz" - }, - "fuzz": { - "$ref": "#/$defs/SliceOrMapSlice", - "title": "payloads of fuzz rule", - "description": "Payloads to perform fuzzing substitutions with" - }, - "replace-regex": { - "type": "string", - "title": "replace regex of rule", - "description": "Regex for regex-replace rule type" - } - }, - "additionalProperties": false, - "type": "object" - }, - "SignatureTypeHolder": { - "properties": { - "Value": { - "type": "integer" - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "Value" - ] - }, - "SliceOrMapSlice": { - "properties": { - "Value": { + "cipher_suites": { "items": { "type": "string" }, "type": "array" }, - "KV": { - "$ref": "#/$defs/OrderedMap[string,string]" + "scan_mode": { + "type": "string", + "enum": [ + "ctls", + "ztls", + "auto" + ], + "title": "Scan Mode", + "description": "Scan Mode - auto if not specified." + }, + "tls_version_enum": { + "type": "boolean", + "title": "Enumerate Versions", + "description": "Enumerate Version - false if not specified" + }, + "tls_cipher_enum": { + "type": "boolean", + "title": "Enumerate Ciphers", + "description": "Enumerate Ciphers - false if not specified" + }, + "tls_cipher_types": { + "items": { + "type": "string", + "enum": [ + "weak", + "secure", + "insecure", + "all" + ] + }, + "type": "array", + "title": "TLS Cipher Types", + "description": "TLS Cipher Types to enumerate" } }, "additionalProperties": false, - "type": "object", - "required": [ - "Value", - "KV" - ] + "type": "object" }, - "StringOrSlice": { + "stringslice.StringOrSlice": { "oneOf": [ { "type": "string" @@ -746,7 +1499,7 @@ } ] }, - "Template": { + "templates.Template": { "properties": { "id": { "type": "string", @@ -758,7 +1511,7 @@ ] }, "info": { - "$ref": "#/$defs/Info", + "$ref": "#/$defs/model.Info", "type": "object", "title": "info for the template", "description": "Info contains metadata for the template" @@ -773,7 +1526,7 @@ }, "requests": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/http.Request" }, "type": "array", "title": "http requests to make", @@ -781,7 +1534,7 @@ }, "http": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/http.Request" }, "type": "array", "title": "http requests to make", @@ -789,7 +1542,7 @@ }, "dns": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/dns.Request" }, "type": "array", "title": "dns requests to make", @@ -797,7 +1550,7 @@ }, "file": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/file.Request" }, "type": "array", "title": "file requests to make", @@ -805,7 +1558,7 @@ }, "network": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/network.Request" }, "type": "array", "title": "network requests to make", @@ -813,7 +1566,7 @@ }, "tcp": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/network.Request" }, "type": "array", "title": "network(tcp) requests to make", @@ -821,7 +1574,7 @@ }, "headless": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/headless.Request" }, "type": "array", "title": "headless requests to make", @@ -829,7 +1582,7 @@ }, "ssl": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/ssl.Request" }, "type": "array", "title": "ssl requests to make", @@ -837,7 +1590,7 @@ }, "websocket": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/websocket.Request" }, "type": "array", "title": "websocket requests to make", @@ -845,7 +1598,7 @@ }, "whois": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/whois.Request" }, "type": "array", "title": "whois requests to make", @@ -853,7 +1606,7 @@ }, "code": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/code.Request" }, "type": "array", "title": "code snippets to make", @@ -861,7 +1614,7 @@ }, "javascript": { "items": { - "$ref": "#/$defs/Request" + "$ref": "#/$defs/javascript.Request" }, "type": "array", "title": "javascript requests to make", @@ -869,7 +1622,7 @@ }, "workflows": { "items": { - "$ref": "#/$defs/WorkflowTemplate" + "$ref": "#/$defs/workflows.WorkflowTemplate" }, "type": "array", "title": "list of workflows to execute", @@ -886,17 +1639,18 @@ "description": "Stop at first match for the template" }, "signature": { - "$ref": "#/$defs/SignatureTypeHolder", + "$ref": "#/$defs/http.SignatureTypeHolder", "title": "signature is the http request signature method", "description": "Signature is the HTTP Request signature Method" }, "variables": { - "$ref": "#/$defs/Variable", + "$ref": "#/$defs/variables.Variable", "type": "object", "title": "variables for the http request", "description": "Variables contains any variables for the current request" }, "constants": { + "$ref": "#/$defs/map[string]interface {}", "type": "object", "title": "constant for the template", "description": "constants contains any constant for the template" @@ -909,12 +1663,177 @@ "info" ] }, - "Variable": { - "properties": {}, + "userAgent.UserAgentHolder": { + "type": "string", + "enum": [ + "off", + "default", + "custom" + ], + "title": "userAgent for the headless", + "description": "userAgent for the headless http request" + }, + "variables.Variable": { + "additionalProperties": true, + "type": "object", + "title": "variables for the request", + "description": "Additional variables for the request" + }, + "websocket.Input": { + "properties": { + "data": { + "type": "string", + "title": "data to send as input", + "description": "Data is the data to send as the input" + }, + "name": { + "type": "string", + "title": "optional name for data read", + "description": "Optional name of the data read to provide matching on" + } + }, "additionalProperties": false, "type": "object" }, - "WorkflowTemplate": { + "websocket.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "address": { + "type": "string", + "title": "address for the websocket request", + "description": "Address contains address for the request" + }, + "inputs": { + "items": { + "$ref": "#/$defs/websocket.Input" + }, + "type": "array", + "title": "inputs for the websocket request", + "description": "Inputs contains any input/output for the current request" + }, + "headers": { + "$ref": "#/$defs/map[string]string", + "title": "headers contains the request headers", + "description": "Headers contains headers for the request" + }, + "attack": { + "$ref": "#/$defs/generators.AttackTypeHolder", + "title": "attack is the payload combination", + "description": "Attack is the type of payload combinations to perform" + }, + "payloads": { + "$ref": "#/$defs/map[string]interface {}", + "title": "payloads for the websocket request", + "description": "Payloads contains any payloads for the current request" + } + }, + "additionalProperties": false, + "type": "object" + }, + "whois.Request": { + "properties": { + "matchers": { + "items": { + "$ref": "#/$defs/matchers.Matcher" + }, + "type": "array", + "title": "matchers to run on response", + "description": "Detection mechanism to identify whether the request was successful by doing pattern matching" + }, + "extractors": { + "items": { + "$ref": "#/$defs/extractors.Extractor" + }, + "type": "array", + "title": "extractors to run on response", + "description": "Extractors contains the extraction mechanism for the request to identify and extract parts of the response" + }, + "matchers-condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between the matchers", + "description": "Conditions between the matchers" + }, + "id": { + "type": "string", + "title": "id of the request", + "description": "ID of the network request" + }, + "query": { + "type": "string", + "title": "query for the WHOIS request", + "description": "Query contains query for the request" + }, + "server": { + "type": "string", + "title": "server url to execute the WHOIS request on", + "description": "Server contains the server url to execute the WHOIS request on" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.Matcher": { + "properties": { + "name": { + "$ref": "#/$defs/stringslice.StringOrSlice", + "title": "name of items to match", + "description": "Name of items to match" + }, + "condition": { + "type": "string", + "enum": [ + "and", + "or" + ], + "title": "condition between names", + "description": "Condition between the names" + }, + "subtemplates": { + "items": { + "$ref": "#/$defs/workflows.WorkflowTemplate" + }, + "type": "array", + "title": "templates to run after match", + "description": "Templates to run after match" + } + }, + "additionalProperties": false, + "type": "object" + }, + "workflows.WorkflowTemplate": { "properties": { "template": { "type": "string", @@ -922,13 +1841,13 @@ "description": "Template or directory to execute as part of workflow" }, "tags": { - "$ref": "#/$defs/StringOrSlice", + "$ref": "#/$defs/stringslice.StringOrSlice", "title": "tags to execute", "description": "Tags to run template based on" }, "matchers": { "items": { - "$ref": "#/$defs/Matcher" + "$ref": "#/$defs/workflows.Matcher" }, "type": "array", "title": "name based template result matchers", @@ -936,7 +1855,7 @@ }, "subtemplates": { "items": { - "$ref": "#/$defs/WorkflowTemplate" + "$ref": "#/$defs/workflows.WorkflowTemplate" }, "type": "array", "title": "subtemplate based result matchers",