types

package
v3.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2024 License: MIT Imports: 22 Imported by: 59

Documentation

Index

Constants

View Source
const DefaultResumeFileName = "resume-%s.cfg"

Default resume file

View Source
const (
	HTTP_PROXY_ENV = "HTTP_PROXY"
)

Variables

View Source
var (
	// ProxyURL is the URL for the proxy server
	ProxyURL string
	// ProxySocksURL is the URL for the proxy socks server
	ProxySocksURL string
)
View Source
var (
	// ErrNoMoreRequests is internal error to indicate that generator has no more requests to generate
	ErrNoMoreRequests = io.EOF
)

Functions

func DefaultResumeFilePath

func DefaultResumeFilePath() string

func JSONScalarToString

func JSONScalarToString(input interface{}) (string, error)

JSONScalarToString converts an interface coming from json to string Inspired from: https://github.com/cli/cli/blob/09b09810dd812e3ede54b59ad9d6912b946ac6c5/pkg/export/template.go#L72

func ToByteSlice

func ToByteSlice(i interface{}) []byte

ToByteSlice casts an interface to a []byte type.

func ToHexOrString

func ToHexOrString(data interface{}) string

func ToString

func ToString(data interface{}) string

ToString converts an interface to string in a quick way

func ToStringMap

func ToStringMap(i interface{}) map[string]interface{}

ToStringMap casts an interface to a map[string]interface{} type.

func ToStringNSlice

func ToStringNSlice(data interface{}) interface{}

ToStringNSlice converts an interface to string in a quick way or to a slice with strings if the input is a slice of interfaces.

func ToStringSlice

func ToStringSlice(i interface{}) []string

ToStringSlice casts an interface to a []string type.

Types

type LoadHelperFileFunction added in v3.3.3

type LoadHelperFileFunction func(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error)

LoadHelperFileFunction can be used to load a helper file.

type Options

type Options struct {
	// Tags contains a list of tags to execute templates for. Multiple paths
	// can be specified with -l flag and -tags can be used in combination with
	// the -l flag.
	Tags goflags.StringSlice
	// ExcludeTags is the list of tags to exclude
	ExcludeTags goflags.StringSlice
	// Workflows specifies any workflows to run by nuclei
	Workflows goflags.StringSlice
	// WorkflowURLs specifies URLs to a list of workflows to use
	WorkflowURLs goflags.StringSlice
	// Templates specifies the template/templates to use
	Templates goflags.StringSlice
	// TemplateURLs specifies URLs to a list of templates to use
	TemplateURLs goflags.StringSlice
	// RemoteTemplates specifies list of allowed URLs to load remote templates from
	RemoteTemplateDomainList goflags.StringSlice
	// 	ExcludedTemplates  specifies the template/templates to exclude
	ExcludedTemplates goflags.StringSlice
	// ExcludeMatchers is a list of matchers to exclude processing
	ExcludeMatchers goflags.StringSlice
	// CustomHeaders is the list of custom global headers to send with each request.
	CustomHeaders goflags.StringSlice
	// Vars is the list of custom global vars
	Vars goflags.RuntimeMap
	// Severities filters templates based on their severity and only run the matching ones.
	Severities severity.Severities
	// ExcludeSeverities specifies severities to exclude
	ExcludeSeverities severity.Severities
	// Authors filters templates based on their author and only run the matching ones.
	Authors goflags.StringSlice
	// Protocols contains the protocols to be allowed executed
	Protocols types.ProtocolTypes
	// ExcludeProtocols contains protocols to not be executed
	ExcludeProtocols types.ProtocolTypes
	// IncludeTags includes specified tags to be run even while being in denylist
	IncludeTags goflags.StringSlice
	// IncludeTemplates includes specified templates to be run even while being in denylist
	IncludeTemplates goflags.StringSlice
	// IncludeIds includes specified ids to be run even while being in denylist
	IncludeIds goflags.StringSlice
	// ExcludeIds contains templates ids to not be executed
	ExcludeIds goflags.StringSlice
	// InternalResolversList is the list of internal resolvers to use
	InternalResolversList []string
	// ProjectPath allows nuclei to use a user defined project folder
	ProjectPath string
	// InteractshURL is the URL for the interactsh server.
	InteractshURL string
	// Interactsh Authorization header value for self-hosted servers
	InteractshToken string
	// Target URLs/Domains to scan using a template
	Targets goflags.StringSlice
	// ExcludeTargets URLs/Domains to exclude from scanning
	ExcludeTargets goflags.StringSlice
	// TargetsFilePath specifies the targets from a file to scan using templates.
	TargetsFilePath string
	// Resume the scan from the state stored in the resume config file
	Resume string
	// Output is the file to write found results to.
	Output string
	// ProxyInternal requests
	ProxyInternal bool
	// Show all supported DSL signatures
	ListDslSignatures bool
	// List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)
	Proxy goflags.StringSlice
	// TemplatesDirectory is the directory to use for storing templates
	NewTemplatesDirectory string
	// TraceLogFile specifies a file to write with the trace of all requests
	TraceLogFile string
	// ErrorLogFile specifies a file to write with the errors of all requests
	ErrorLogFile string
	// ReportingDB is the db for report storage as well as deduplication
	ReportingDB string
	// ReportingConfig is the config file for nuclei reporting module
	ReportingConfig string
	// MarkdownExportDirectory is the directory to export reports in Markdown format
	MarkdownExportDirectory string
	// MarkdownExportSortMode is the method to sort the markdown reports (options: severity, template, host, none)
	MarkdownExportSortMode string
	// SarifExport is the file to export sarif output format to
	SarifExport string
	// ResolversFile is a file containing resolvers for nuclei.
	ResolversFile string
	// StatsInterval is the number of seconds to display stats after
	StatsInterval int
	// MetricsPort is the port to show metrics on
	MetricsPort int
	// MaxHostError is the maximum number of errors allowed for a host
	MaxHostError int
	// TrackError contains additional error messages that count towards the maximum number of errors allowed for a host
	TrackError goflags.StringSlice
	// NoHostErrors disables host skipping after maximum number of errors
	NoHostErrors bool
	// BulkSize is the of targets analyzed in parallel for each template
	BulkSize int
	// TemplateThreads is the number of templates executed in parallel
	TemplateThreads int
	// HeadlessBulkSize is the of targets analyzed in parallel for each headless template
	HeadlessBulkSize int
	// HeadlessTemplateThreads is the number of headless templates executed in parallel
	HeadlessTemplateThreads int
	// Timeout is the seconds to wait for a response from the server.
	Timeout int
	// Retries is the number of times to retry the request
	Retries int
	// Rate-Limit is the maximum number of requests per specified target
	RateLimit int
	// Rate Limit Duration interval between burst resets
	RateLimitDuration time.Duration
	// Rate-Limit is the maximum number of requests per minute for specified target
	// Deprecated: Use RateLimitDuration - automatically set Rate Limit Duration to 60 seconds
	RateLimitMinute int
	// PageTimeout is the maximum time to wait for a page in seconds
	PageTimeout int
	// InteractionsCacheSize is the number of interaction-url->req to keep in cache at a time.
	InteractionsCacheSize int
	// InteractionsPollDuration is the number of seconds to wait before each interaction poll
	InteractionsPollDuration int
	// Eviction is the number of seconds after which to automatically discard
	// interaction requests.
	InteractionsEviction int
	// InteractionsCoolDownPeriod is additional seconds to wait for interactions after closing
	// of the poller.
	InteractionsCoolDownPeriod int
	// MaxRedirects is the maximum numbers of redirects to be followed.
	MaxRedirects int
	// FollowRedirects enables following redirects for http request module
	FollowRedirects bool
	// FollowRedirects enables following redirects for http request module only on the same host
	FollowHostRedirects bool
	// OfflineHTTP is a flag that specific offline processing of http response
	// using same matchers/extractors from http protocol without the need
	// to send a new request, reading responses from a file.
	OfflineHTTP bool
	// Force HTTP2 requests
	ForceAttemptHTTP2 bool
	// StatsJSON writes stats output in JSON format
	StatsJSON bool
	// Headless specifies whether to allow headless mode templates
	Headless bool
	// ShowBrowser specifies whether the show the browser in headless mode
	ShowBrowser bool
	// HeadlessOptionalArguments specifies optional arguments to pass to Chrome
	HeadlessOptionalArguments goflags.StringSlice
	// DisableClustering disables clustering of templates
	DisableClustering bool
	// UseInstalledChrome skips chrome install and use local instance
	UseInstalledChrome bool
	// SystemResolvers enables override of nuclei's DNS client opting to use system resolver stack.
	SystemResolvers bool
	// ShowActions displays a list of all headless actions
	ShowActions bool
	// Deprecated: Enabled by default through clistats . Metrics enables display of metrics via an http endpoint
	Metrics bool
	// Debug mode allows debugging request/responses for the engine
	Debug bool
	// DebugRequests mode allows debugging request for the engine
	DebugRequests bool
	// DebugResponse mode allows debugging response for the engine
	DebugResponse bool
	// DisableHTTPProbe disables http probing feature of input normalization
	DisableHTTPProbe bool
	// LeaveDefaultPorts skips normalization of default ports
	LeaveDefaultPorts bool
	// AutomaticScan enables automatic tech based template execution
	AutomaticScan bool
	// Silent suppresses any extra text and only writes found URLs on screen.
	Silent bool
	// Validate validates the templates passed to nuclei.
	Validate bool
	// NoStrictSyntax disables strict syntax check on nuclei templates (allows custom key-value pairs).
	NoStrictSyntax bool
	// Verbose flag indicates whether to show verbose output or not
	Verbose        bool
	VerboseVerbose bool
	// ShowVarDump displays variable dump
	ShowVarDump bool
	// VarDumpLimit limits the number of characters displayed in var dump
	VarDumpLimit int
	// No-Color disables the colored output.
	NoColor bool
	// UpdateTemplates updates the templates installed at startup (also used by cloud to update datasources)
	UpdateTemplates bool
	// JSON writes json line output to files
	JSONL bool
	// JSONRequests writes requests/responses for matches in JSON output
	// Deprecated: use OmitRawRequests instead as of now JSONRequests(include raw requests) is always true
	JSONRequests bool
	// OmitRawRequests omits requests/responses for matches in JSON output
	OmitRawRequests bool
	// OmitTemplate omits encoded template from JSON output
	OmitTemplate bool
	// JSONExport is the file to export JSON output format to
	JSONExport string
	// JSONLExport is the file to export JSONL output format to
	JSONLExport string
	// Redact redacts given keys in
	Redact goflags.StringSlice
	// EnableProgressBar enables progress bar
	EnableProgressBar bool
	// TemplateDisplay displays the template contents
	TemplateDisplay bool
	// TemplateList lists available templates
	TemplateList bool
	// TemplateList lists available tags
	TagList bool
	// HangMonitor enables nuclei hang monitoring
	HangMonitor bool
	// Stdin specifies whether stdin input was given to the process
	Stdin bool
	// StopAtFirstMatch stops processing template at first full match (this may break chained requests)
	StopAtFirstMatch bool
	// Stream the input without sorting
	Stream bool
	// NoMeta disables display of metadata for the matches
	NoMeta bool
	// Timestamp enables display of timestamp for the matcher
	Timestamp bool
	// Project is used to avoid sending same HTTP request multiple times
	Project bool
	// NewTemplates only runs newly added templates from the repository
	NewTemplates bool
	// NewTemplatesWithVersion runs new templates added in specific version
	NewTemplatesWithVersion goflags.StringSlice
	// NoInteractsh disables use of interactsh server for interaction polling
	NoInteractsh bool
	// EnvironmentVariables enables support for environment variables
	EnvironmentVariables bool
	// MatcherStatus displays optional status for the failed matches as well
	MatcherStatus bool
	// ClientCertFile client certificate file (PEM-encoded) used for authenticating against scanned hosts
	ClientCertFile string
	// ClientKeyFile client key file (PEM-encoded) used for authenticating against scanned hosts
	ClientKeyFile string
	// ClientCAFile client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
	ClientCAFile string
	// Deprecated: Use ZTLS library
	ZTLS bool
	// AllowLocalFileAccess allows local file access from templates payloads
	AllowLocalFileAccess bool
	// RestrictLocalNetworkAccess restricts local network access from templates requests
	RestrictLocalNetworkAccess bool
	// ShowMatchLine enables display of match line number
	ShowMatchLine bool
	// EnablePprof enables exposing pprof runtime information with a webserver.
	EnablePprof bool
	// StoreResponse stores received response to output directory
	StoreResponse bool
	// StoreResponseDir stores received response to custom directory
	StoreResponseDir string
	// DisableRedirects disables following redirects for http request module
	DisableRedirects bool
	// SNI custom hostname
	SNI string
	// InputFileMode specifies the mode of input file (jsonl, burp, openapi, swagger, etc)
	InputFileMode string
	// DialerKeepAlive sets the keep alive duration for network requests.
	DialerKeepAlive time.Duration
	// Interface to use for network scan
	Interface string
	// SourceIP sets custom source IP address for network requests
	SourceIP string
	// AttackType overrides template level attack-type configuration
	AttackType string
	// ResponseReadSize is the maximum size of response to read
	ResponseReadSize int
	// ResponseSaveSize is the maximum size of response to save
	ResponseSaveSize int
	// Health Check
	HealthCheck bool
	// Time to wait between each input read operation before closing the stream
	InputReadTimeout time.Duration
	// Disable stdin for input processing
	DisableStdin bool
	// IncludeConditions is the list of conditions templates should match
	IncludeConditions goflags.StringSlice
	// Enable uncover engine
	Uncover bool
	// Uncover search query
	UncoverQuery goflags.StringSlice
	// Uncover search engine
	UncoverEngine goflags.StringSlice
	// Uncover search field
	UncoverField string
	// Uncover search limit
	UncoverLimit int
	// Uncover search delay
	UncoverRateLimit int
	// ScanAllIPs associated to a dns record
	ScanAllIPs bool
	// IPVersion to scan (4,6)
	IPVersion goflags.StringSlice
	// PublicTemplateDisableDownload disables downloading templates from the nuclei-templates public repository
	PublicTemplateDisableDownload bool
	// GitHub token used to clone/pull from private repos for custom templates
	GitHubToken string
	// GitHubTemplateRepo is the list of custom public/private templates GitHub repos
	GitHubTemplateRepo []string
	// GitHubTemplateDisableDownload disables downloading templates from custom GitHub repositories
	GitHubTemplateDisableDownload bool
	// GitLabServerURL is the gitlab server to use for custom templates
	GitLabServerURL string
	// GitLabToken used to clone/pull from private repos for custom templates
	GitLabToken string
	// GitLabTemplateRepositoryIDs is the comma-separated list of custom gitlab repositories IDs
	GitLabTemplateRepositoryIDs []int
	// GitLabTemplateDisableDownload disables downloading templates from custom GitLab repositories
	GitLabTemplateDisableDownload bool
	// AWS access key for downloading templates from S3 bucket
	AwsAccessKey string
	// AWS secret key for downloading templates from S3 bucket
	AwsSecretKey string
	// AWS bucket name for downloading templates from S3 bucket
	AwsBucketName string
	// AWS Region name where AWS S3 bucket is located
	AwsRegion string
	// AwsTemplateDisableDownload disables downloading templates from AWS S3 buckets
	AwsTemplateDisableDownload bool
	// AzureContainerName for downloading templates from Azure Blob Storage. Example: templates
	AzureContainerName string
	// AzureTenantID for downloading templates from Azure Blob Storage. Example: 00000000-0000-0000-0000-000000000000
	AzureTenantID string
	// AzureClientID for downloading templates from Azure Blob Storage. Example: 00000000-0000-0000-0000-000000000000
	AzureClientID string
	// AzureClientSecret for downloading templates from Azure Blob Storage. Example: 00000000-0000-0000-0000-000000000000
	AzureClientSecret string
	// AzureServiceURL for downloading templates from Azure Blob Storage. Example: https://XXXXXXXXXX.blob.core.windows.net/
	AzureServiceURL string
	// AzureTemplateDisableDownload disables downloading templates from Azure Blob Storage
	AzureTemplateDisableDownload bool
	// Scan Strategy (auto,hosts-spray,templates-spray)
	ScanStrategy string
	// Fuzzing Type overrides template level fuzzing-type configuration
	FuzzingType string
	// Fuzzing Mode overrides template level fuzzing-mode configuration
	FuzzingMode string
	// TlsImpersonate enables TLS impersonation
	TlsImpersonate bool
	// DisplayFuzzPoints enables display of fuzz points for fuzzing
	DisplayFuzzPoints bool
	// FuzzAggressionLevel is the level of fuzzing aggression (low, medium, high.)
	FuzzAggressionLevel string
	// FuzzParamFrequency is the frequency of fuzzing parameters
	FuzzParamFrequency int
	// CodeTemplateSignaturePublicKey is the custom public key used to verify the template signature (algorithm is automatically inferred from the length)
	CodeTemplateSignaturePublicKey string
	// CodeTemplateSignatureAlgorithm specifies the sign algorithm (rsa, ecdsa)
	CodeTemplateSignatureAlgorithm string
	// SignTemplates enables signing of templates
	SignTemplates bool
	// EnableCodeTemplates enables code templates
	EnableCodeTemplates bool
	// DisableUnsignedTemplates disables processing of unsigned templates
	DisableUnsignedTemplates bool
	// EnableSelfContainedTemplates disables processing of self-contained templates
	EnableSelfContainedTemplates bool
	// EnableFileTemplates enables file templates
	EnableFileTemplates bool
	// Disables cloud upload
	EnableCloudUpload bool
	// ScanID is the scan ID to use for cloud upload
	ScanID string
	// ScanName is the name of the scan to be uploaded
	ScanName string
	// ScanUploadFile is the jsonl file to upload scan results to cloud
	ScanUploadFile string
	// TeamID is the team ID to use for cloud upload
	TeamID string
	// JsConcurrency is the number of concurrent js routines to run
	JsConcurrency int
	// SecretsFile is file containing secrets for nuclei
	SecretsFile goflags.StringSlice
	// PreFetchSecrets pre-fetches the secrets from the auth provider
	PreFetchSecrets bool
	// FormatUseRequiredOnly only uses required fields when generating requests
	FormatUseRequiredOnly bool
	// SkipFormatValidation is used to skip format validation
	SkipFormatValidation bool
	// PayloadConcurrency is the number of concurrent payloads to run per template
	PayloadConcurrency int
	// ProbeConcurrency is the number of concurrent http probes to run with httpx
	ProbeConcurrency int
	// Dast only runs DAST templates
	DAST bool
	// HttpApiEndpoint is the experimental http api endpoint
	HttpApiEndpoint string
	// ListTemplateProfiles lists all available template profiles
	ListTemplateProfiles bool
	// LoadHelperFileFunction is a function that will be used to execute LoadHelperFile.
	// If none is provided, then the default implementation will be used.
	LoadHelperFileFunction LoadHelperFileFunction
	// contains filtered or unexported fields
}

Options contains the configuration options for nuclei scanner.

func DefaultOptions

func DefaultOptions() *Options

DefaultOptions returns default options for nuclei

func (*Options) GetTimeouts added in v3.3.0

func (eo *Options) GetTimeouts() *Timeouts

GetTimeouts returns the timeout variants to use for the executor

func (*Options) GetValidAbsPath

func (o *Options) GetValidAbsPath(helperFilePath, templatePath string) (string, error)

GetValidAbsPath returns absolute path of helper file if it is allowed to be loaded this respects the sandbox rules and only loads files from allowed directories

func (*Options) HasClientCertificates

func (options *Options) HasClientCertificates() bool

HasClientCertificates determines if any client certificate was specified

func (*Options) LoadHelperFile

func (options *Options) LoadHelperFile(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error)

LoadHelperFile loads a helper file needed for the template.

If LoadHelperFileFunction is set, then that function will be used. Otherwise, the default implementation will be used, which respects the sandbox rules and only loads files from allowed directories.

func (*Options) ParseHeadlessOptionalArguments

func (options *Options) ParseHeadlessOptionalArguments() map[string]string

func (*Options) SetTimeouts added in v3.3.0

func (opts *Options) SetTimeouts(t *Timeouts)

SetTimeouts sets the timeout variants to use for the executor

func (*Options) ShouldFollowHTTPRedirects

func (options *Options) ShouldFollowHTTPRedirects() bool

ShouldFollowHTTPRedirects determines if http redirects should be followed

func (*Options) ShouldLoadResume

func (options *Options) ShouldLoadResume() bool

ShouldLoadResume resume file

func (*Options) ShouldSaveResume

func (options *Options) ShouldSaveResume() bool

ShouldSaveResume file

func (*Options) ShouldUseHostError

func (options *Options) ShouldUseHostError() bool

type ResumeCfg

type ResumeCfg struct {
	sync.RWMutex
	ResumeFrom map[string]*ResumeInfo `json:"resumeFrom"`
	Current    map[string]*ResumeInfo `json:"-"`
}

ResumeCfg contains the scan progression

func NewResumeCfg

func NewResumeCfg() *ResumeCfg

NewResumeCfg creates a new scan progression structure

func (*ResumeCfg) Clone

func (resumeCfg *ResumeCfg) Clone() *ResumeCfg

Clone the resume structure

func (*ResumeCfg) Compile

func (resumeCfg *ResumeCfg) Compile()

Clone the resume structure

type ResumeInfo

type ResumeInfo struct {
	sync.RWMutex
	Completed bool                `json:"completed"`
	InFlight  map[uint32]struct{} `json:"inFlight"`
	SkipUnder uint32              `json:"-"`
	Repeat    map[uint32]struct{} `json:"-"`
	DoAbove   uint32              `json:"-"`
}

func (*ResumeInfo) Clone

func (resumeInfo *ResumeInfo) Clone() *ResumeInfo

Clone the ResumeInfo structure

type Timeouts added in v3.3.0

type Timeouts struct {
	// DialTimeout for fastdialer (default 10s)
	DialTimeout time.Duration
	// Tcp(Network Protocol) Read From Connection Timeout (default 5s)
	TcpReadTimeout time.Duration
	// Http Response Header Timeout (default 10s)
	// this timeout prevents infinite hangs started by server if any
	// this is temporarily overridden when using @timeout request annotation
	HttpResponseHeaderTimeout time.Duration
	// HttpTimeout for http client (default -> 3 x dial-timeout = 30s)
	HttpTimeout time.Duration
	// JsCompilerExec timeout/deadline (default -> 2 x dial-timeout = 20s)
	JsCompilerExecutionTimeout time.Duration
	// CodeExecutionTimeout for code execution (default -> 3 x dial-timeout = 30s)
	CodeExecutionTimeout time.Duration
}

Timeouts is a struct that contains all the timeout variants for nuclei dialer timeout is used to derive other timeouts

func NewTimeoutVariant added in v3.3.0

func NewTimeoutVariant(dialTimeoutSec int) *Timeouts

NewTimeoutVariant creates a new timeout variant with the given dial timeout in seconds

func (*Timeouts) ApplyDefaults added in v3.3.0

func (tv *Timeouts) ApplyDefaults()

ApplyDefaults applies default values to timeout variants when missing

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL