mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-14 14:33:14 +08:00
fa56800fcc
* feat: move fuzz package to root directory * feat: added support for input providers like openapi,postman,etc * feat: integration of new fuzzing logic in engine * bugfix: use and instead of or * fixed lint errors * go mod tidy * add new reqresp type + bump utils * custom http request parser * use new struct type RequestResponse * introduce unified input/target provider * abstract input formats via new inputprovider * completed input provider refactor * remove duplicated code * add sdk method to load targets * rename component url->path * add new yaml format + remove duplicated code * use gopkg.in/yaml.v3 for parsing * update .gitignore * refactor/move + docs fuzzing in http protocol * fuzz: header + query integration test using fuzzplayground * fix integration test runner in windows * feat add support for filter in http fuzz * rewrite header/query integration test with filter * add replace regex rule * support kv fuzzing + misc updates * add path fuzzing example + misc improvements * fix matchedURL + skip httpx on multi formats * cookie fuzz integration test * add json body + params body tests * feat add multipart/form-data fuzzing support * add all fuzz body integration test * misc bug fixes + minor refactor * add multipart form + body form unit tests * only run fuzzing templates if -fuzz flag is given * refactor/move fuzz playground server to pkg * fix integration test + refactor * add auth types and strategies * add file auth provider * start implementing auth logic in http * add logic in http protocol * static auth implemented for http * default :80,:443 normalization * feat: dynamic auth init * feat: dynamic auth using templates * validate targets count in openapi+swagger * inputformats: add support to accept variables * fix workflow integration test * update lazy cred fetch logic * fix unit test * drop postman support * domain related normalization * update secrets.yaml file format + misc updates * add auth prefetch option * remove old secret files * add fuzzing+auth related sdk options * fix/support multiple mode in kv header fuzzing * rename 'headers' -> 'header' in fuzzing rules * fix deadlock due to merge conflict resolution * misc update * add bool type in parsed value * add openapi validation+override+ new flags * misc updates * remove optional path parameters when unavailable * fix swagger.yaml file * misc updates * update print msg * multiple openapi validation enchancements + appMode * add optional params in required_openapi_vars.yaml file * improve warning/verbose msgs in format * fix skip-format-validation not working * use 'params/parameter' instead of 'variable' in openapi * add retry support for falky tests * fix nuclei loading ignored templates (#4849) * fix tag include logic * fix unit test * remove quoting in extractor output * remove quote in debug code command * feat: issue tracker URLs in JSON + misc fixes (#4855) * feat: issue tracker URLs in JSON + misc fixes * misc changes * feat: status update support for issues * feat: report metadata generation hook support * feat: added CLI summary of tickets created * misc changes * introduce `disable-unsigned-templates` flag (#4820) * introduce `disable-unsigned-templates` flag * minor * skip instead of exit * remove duplicate imports * use stats package + misc enhancements * force display warning + adjust skipped stats in unsigned count * include unsigned skipped templates without -dut flag --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * Purge cache on global callback set (#4840) * purge cache on global callback set * lint * purging cache * purge cache in runner after loading templates * include internal cache from parsers + add global cache register/purge via config * remove disable cache purge option --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * misc update * add application/octet-stream support * openapi: support path specific params * misc option + readme update --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
133 lines
4.3 KiB
Go
133 lines
4.3 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/logrusorgru/aurora"
|
|
"github.com/pkg/errors"
|
|
"github.com/projectdiscovery/goflags"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/loader"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/core"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/input/provider"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/parsers"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/hosterrorscache"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolinit"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/reporting"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/testutils"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
|
"github.com/projectdiscovery/ratelimit"
|
|
)
|
|
|
|
var libraryTestcases = []TestCaseInfo{
|
|
{Path: "library/test.yaml", TestCase: &goIntegrationTest{}},
|
|
{Path: "library/test.json", TestCase: &goIntegrationTest{}},
|
|
}
|
|
|
|
type goIntegrationTest struct{}
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
//
|
|
// Execute the docs at ../DESIGN.md if the code stops working for integration.
|
|
func (h *goIntegrationTest) Execute(templatePath string) error {
|
|
router := httprouter.New()
|
|
|
|
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
fmt.Fprintf(w, "This is test matcher text")
|
|
if strings.EqualFold(r.Header.Get("test"), "nuclei") {
|
|
fmt.Fprintf(w, "This is test headers matcher text")
|
|
}
|
|
})
|
|
ts := httptest.NewServer(router)
|
|
defer ts.Close()
|
|
|
|
results, err := executeNucleiAsLibrary(templatePath, ts.URL)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 1)
|
|
}
|
|
|
|
// executeNucleiAsLibrary contains an example
|
|
func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error) {
|
|
cache := hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount, nil)
|
|
defer cache.Close()
|
|
|
|
mockProgress := &testutils.MockProgressClient{}
|
|
reportingClient, err := reporting.New(&reporting.Options{}, "", false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer reportingClient.Close()
|
|
|
|
defaultOpts := types.DefaultOptions()
|
|
_ = protocolstate.Init(defaultOpts)
|
|
_ = protocolinit.Init(defaultOpts)
|
|
|
|
defaultOpts.Templates = goflags.StringSlice{templatePath}
|
|
defaultOpts.ExcludeTags = config.ReadIgnoreFile().Tags
|
|
|
|
outputWriter := testutils.NewMockOutputWriter(defaultOpts.OmitTemplate)
|
|
var results []string
|
|
outputWriter.WriteCallback = func(event *output.ResultEvent) {
|
|
results = append(results, fmt.Sprintf("%v\n", event))
|
|
}
|
|
|
|
interactOpts := interactsh.DefaultOptions(outputWriter, reportingClient, mockProgress)
|
|
interactClient, err := interactsh.New(interactOpts)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create interact client")
|
|
}
|
|
defer interactClient.Close()
|
|
|
|
home, _ := os.UserHomeDir()
|
|
catalog := disk.NewCatalog(path.Join(home, "nuclei-templates"))
|
|
ratelimiter := ratelimit.New(context.Background(), 150, time.Second)
|
|
defer ratelimiter.Stop()
|
|
executerOpts := protocols.ExecutorOptions{
|
|
Output: outputWriter,
|
|
Options: defaultOpts,
|
|
Progress: mockProgress,
|
|
Catalog: catalog,
|
|
IssuesClient: reportingClient,
|
|
RateLimiter: ratelimiter,
|
|
Interactsh: interactClient,
|
|
HostErrorsCache: cache,
|
|
Colorizer: aurora.NewAurora(true),
|
|
ResumeCfg: types.NewResumeCfg(),
|
|
}
|
|
engine := core.New(defaultOpts)
|
|
engine.SetExecuterOptions(executerOpts)
|
|
|
|
workflowLoader, err := parsers.NewLoader(&executerOpts)
|
|
if err != nil {
|
|
log.Fatalf("Could not create workflow loader: %s\n", err)
|
|
}
|
|
executerOpts.WorkflowLoader = workflowLoader
|
|
|
|
store, err := loader.New(loader.NewConfig(defaultOpts, catalog, executerOpts))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create loader")
|
|
}
|
|
store.Load()
|
|
|
|
_ = engine.Execute(store.Templates(), provider.NewSimpleInputProviderWithUrls(templateURL))
|
|
engine.WorkPool().Wait() // Wait for the scan to finish
|
|
|
|
return results, nil
|
|
}
|