README
¶
L9 Nuclei plugin
This L9 plugin re-implements a limited Nuclei template parser and runner.
Checkout ProjectDiscovery's awesome network tools for more information.
This allows for l9explore to stick to deep-protocol inspections while taking advantage of well maintained templates for
web application scanning.
Features
- Uses upstream tag fields from
l9eventsto match against nuclei template tags (wordpress,php)
POC
This is currently a proof-of-concept and design may change.
There's a pre-release version of l9explore including this plugin.
Settings
# Nuclei template directory location :
export NUCLEI_TEMPLATES=/home/user/nuclei-templates
# Tags to ALWAYS run during scans :
export NUCLEI_DEFAULT_TAGS=exposure
# List of template IDs to disable :
export NUCLEI_DISABLED_TEMPLATES=git-config,CVE-2017-5487,default-nginx-page
Usage
NUCLEI_TEMPLATES=/home/user/nuclei-templates ./l9explore service --debug
Documentation
¶
Index ¶
- type Info
- type Matcher
- type NucleiPlugin
- func (plugin NucleiPlugin) DoRequest(httpClient *http.Client, method, url string, body io.Reader, ...) (http.Header, string, int, error)
- func (NucleiPlugin) GetName() string
- func (NucleiPlugin) GetProtocols() []string
- func (NucleiPlugin) GetStage() string
- func (NucleiPlugin) GetVersion() (int, int, int)
- func (plugin NucleiPlugin) Init() error
- func (plugin NucleiPlugin) Run(ctx context.Context, event *l9format.L9Event, options map[string]string) bool
- func (plugin NucleiPlugin) RunTemplate(template *NucleiTemplate, event *l9format.L9Event, hostHttpClient *http.Client) bool
- type NucleiTemplate
- type Request
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Matcher ¶
type Matcher struct {
Type string `json:"type" yaml:"type"`
Words []string `json:"words" yaml:"words"`
Status []int `json:"status" yaml:"status"`
Condition string `json:"condition" yaml:"condition"`
Part string `json:"part" yaml:"part"`
Dsn string `json:"dsn" yaml:"dns"`
Negative bool `json:"negative" yaml:"negative"`
}
type NucleiPlugin ¶
type NucleiPlugin struct {
l9format.ServicePluginBase
}
func (NucleiPlugin) DoRequest ¶
func (plugin NucleiPlugin) DoRequest(httpClient *http.Client, method, url string, body io.Reader, headers map[string]string) (http.Header, string, int, error)
DoRequest Boring HTTP logic
func (NucleiPlugin) GetName ¶
func (NucleiPlugin) GetName() string
func (NucleiPlugin) GetProtocols ¶
func (NucleiPlugin) GetProtocols() []string
func (NucleiPlugin) GetStage ¶
func (NucleiPlugin) GetStage() string
func (NucleiPlugin) GetVersion ¶
func (NucleiPlugin) GetVersion() (int, int, int)
func (NucleiPlugin) Init ¶
func (plugin NucleiPlugin) Init() error
func (NucleiPlugin) RunTemplate ¶
func (plugin NucleiPlugin) RunTemplate(template *NucleiTemplate, event *l9format.L9Event, hostHttpClient *http.Client) bool
type NucleiTemplate ¶
type NucleiTemplate struct {
Id string `json:"id" yaml:"id"`
Info Info `json:"info" yaml:"info"`
Requests []Request `json:"requests" yaml:"requests"`
Headless []interface{}
Dns []interface{}
File []interface{}
Network []interface{}
}
func (NucleiTemplate) GetTags ¶
func (nTemplate NucleiTemplate) GetTags() []string
func (NucleiTemplate) HasTag ¶
func (nTemplate NucleiTemplate) HasTag(tag string) bool
func (NucleiTemplate) IsSupported ¶
func (nTemplate NucleiTemplate) IsSupported() bool
IsSupported Check that we only have base http request template without DSL, still 90%
type Request ¶
type Request struct {
Raw []interface{} `json:"raw" yaml:"raw"`
Method string `json:"method" yaml:"method"`
Path []string `json:"path" yaml:"path"`
MatchersCondition string `json:"matchers-condition" yaml:"matchers-condition"`
Matchers []Matcher `json:"matchers" yaml:"matchers"`
ReqCondition bool `json:"req-condition" yaml:"req-condition"`
Payloads map[string]interface{} `json:"payloads" yaml:"payloads"`
Body string `json:"body" yaml:"body"`
Headers map[string]string `json:"headers" yaml:"headers"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.