Documentation
¶
Index ¶
- Variables
- func ExecuteNucleiTags(tags []*NucleiTagData, sandbox *NucleiDSL, vars map[string]interface{}) (string, bool, []string)
- func ExpandPreprocessor(data string) string
- func ExtractKValFromResponse(rsp []byte) map[string]interface{}
- func FuzzCalcExpr() map[string]interface{}
- func GetNucleiDSLFunctions() map[string]interface{}
- func IsExprReady(expr string, m map[string]interface{}) (bool, []string)
- func LoadVarFromRawResponse(rsp []byte, duration float64, sufs ...string) map[string]interface{}
- func ScanAuto(items any, opt ...interface{})
- func ScanPacket(req []byte, opts ...interface{})
- func ScanUrl(u string, opt ...interface{})
- type Config
- type ConfigOption
- func WithConcurrentInTemplates(i int) ConfigOption
- func WithConcurrentTarget(i int) ConfigOption
- func WithConcurrentTemplates(i int) ConfigOption
- func WithDebug(b bool) ConfigOption
- func WithDebugRequest(b bool) ConfigOption
- func WithDebugResponse(b bool) ConfigOption
- func WithEnableReverseConnectionFeature(b bool) ConfigOption
- func WithExcludeTemplates(s ...string) ConfigOption
- func WithFuzzQueryTemplate(s ...string) ConfigOption
- func WithMode(s string) ConfigOption
- func WithResultCallback(f ResultCallback) ConfigOption
- func WithTags(f ...string) ConfigOption
- func WithTemplateName(s ...string) ConfigOption
- func WithTemplateRaw(b string) ConfigOption
- func WithVerbose(b bool) ConfigOption
- type NucleiDSL
- type NucleiTagData
- type RequestBulk
- type ResultCallback
- type Var
- type YakExtractor
- type YakHTTPRequestPacket
- type YakMatcher
- type YakPayload
- type YakPayloads
- type YakRequestBulkConfig
- type YakTemplate
- type YakVariables
Constants ¶
This section is empty.
Variables ¶
View Source
var Exports = map[string]interface{}{ "Scan": func(target any, opt ...interface{}) (chan *tools.PocVul, error) { var vCh = make(chan *tools.PocVul) filterVul := filter.NewFilter() opt = append(opt, _callback(func(i map[string]interface{}) { if i["match"].(bool) { tpl := i["template"].(*YakTemplate) resp := i["responses"].([]*lowhttp.LowhttpResponse) reqBulk := i["requests"].(*YakRequestBulkConfig) calcSha1 := utils.CalcSha1(tpl.Name, resp[0].RawRequest, target) details := make(map[string]interface{}) if len(resp) == 1 { details["request"] = string(resp[0].RawRequest) details["response"] = string(resp[0].RawPacket) } else { for idx, r := range resp { details[fmt.Sprintf("request_%d", idx+1)] = string(r.RawRequest) details[fmt.Sprintf("response_%d", idx+1)] = string(r.RawPacket) } } payloads, err := payloadsToString(reqBulk.Payloads) if err != nil { log.Errorf("payloadsToString failed: %v", err) } pv := &tools.PocVul{ Source: "nuclei", Target: resp[0].RemoteAddr, PocName: tpl.Name, MatchedAt: utils.DatetimePretty(), Tags: strings.Join(tpl.Tags, ","), Timestamp: time.Now().Unix(), Severity: tpl.Severity, Details: details, CVE: tpl.CVE, DescriptionZh: tpl.DescriptionZh, Description: tpl.Description, Payload: payloads, } if !filterVul.Exist(calcSha1) { filterVul.Insert(calcSha1) risk := tools.PocVulToRisk(pv) err = yakit.SaveRisk(risk) if err != nil { log.Errorf("save risk failed: %s", err) } vCh <- pv } } })) go func() { defer close(vCh) ScanAuto(target, opt...) }() return vCh, nil }, "ScanAuto": ScanAuto, "tags": WithTags, "excludeTags": nucleiOptionDummy("excludeTags"), "workflows": nucleiOptionDummy("workflows"), "templates": WithTemplateName, "excludeTemplates": WithExcludeTemplates, "templatesDir": nucleiOptionDummy("templatesDir"), "headers": nucleiOptionDummy("headers"), "severity": nucleiOptionDummy("severity"), "output": nucleiOptionDummy("output"), "proxy": lowhttp.WithProxy, "logFile": nucleiOptionDummy("logFile"), "reportingDB": nucleiOptionDummy("reportingDB"), "reportingConfig": nucleiOptionDummy("reportingConfig"), "bulkSize": WithConcurrentTemplates, "templatesThreads": WithConcurrentInTemplates, "timeout": _timeout, "pageTimeout": _timeout, "retry": lowhttp.WithRetryTimes, "rateLimit": rateLimit, "headless": nucleiOptionDummy("headless"), "showBrowser": nucleiOptionDummy("showBrowser"), "dnsResolver": lowhttp.WithDNSServers, "systemDnsResolver": nucleiOptionDummy("systemDnsResolver"), "metrics": nucleiOptionDummy("metrics"), "debug": WithDebug, "debugRequest": WithDebugRequest, "debugResponse": WithDebugResponse, "silent": nucleiOptionDummy("silent"), "version": nucleiOptionDummy("version"), "verbose": WithVerbose, "noColor": nucleiOptionDummy("noColor"), "updateTemplates": nucleiOptionDummy("updateTemplates"), "templatesVersion": nucleiOptionDummy("templatesVersion"), "templateList": nucleiOptionDummy("templateList"), "stopAtFirstMatch": nucleiOptionDummy("stopAtFirstMatch"), "noMeta": nucleiOptionDummy("noMeta"), "newTemplates": nucleiOptionDummy("newTemplates"), "noInteractsh": noInteractsh, "reverseUrl": nucleiOptionDummy("reverseUrl"), "enableReverseConnection": WithEnableReverseConnectionFeature, "targetConcurrent": WithConcurrentTarget, "rawTemplate": WithTemplateRaw, "fuzzQueryTemplate": WithFuzzQueryTemplate, "mode": WithMode, "resultCallback": _callback, "https": lowhttp.WithHttps, "http2": lowhttp.WithHttp2, }
Functions ¶
func ExecuteNucleiTags ¶
func ExpandPreprocessor ¶
ExpandPreprocessor expands the pre-processors if any for a template data.
func ExtractKValFromResponse ¶
func FuzzCalcExpr ¶
func FuzzCalcExpr() map[string]interface{}
func GetNucleiDSLFunctions ¶
func GetNucleiDSLFunctions() map[string]interface{}
func LoadVarFromRawResponse ¶
func ScanPacket ¶
func ScanPacket(req []byte, opts ...interface{})
Types ¶
type Config ¶
type Config struct {
// Templates 内部 HTTP 网络并发
ConcurrentInTemplates int
// Templates 外部 HTTP 网络并发
ConcurrentTemplates int
// ConcurrentTarget 批量扫描的并发
ConcurrentTarget int
Callback ResultCallback
// nuclei / xray
Mode string
EnableReverseConnectionFeature bool
// 搜索 yakit.YakScript
SingleTemplateRaw string
TemplateName []string
FuzzQueryTemplate []string
ExcludeTemplates []string
Tags []string
// DebugMode
Debug bool
DebugRequest bool
DebugResponse bool
Verbose bool
}
func NewConfig ¶
func NewConfig(opts ...ConfigOption) *Config
func (*Config) AppendResultCallback ¶
func (c *Config) AppendResultCallback(handler ResultCallback)
func (*Config) ExecuteResultCallback ¶
func (c *Config) ExecuteResultCallback(y *YakTemplate, bulk *YakRequestBulkConfig, rsp []*lowhttp.LowhttpResponse, result bool, extractor map[string]interface{})
func (*Config) GenerateYakTemplate ¶
func (c *Config) GenerateYakTemplate() (chan *YakTemplate, error)
type ConfigOption ¶
type ConfigOption func(*Config)
func WithConcurrentInTemplates ¶
func WithConcurrentInTemplates(i int) ConfigOption
func WithConcurrentTarget ¶
func WithConcurrentTarget(i int) ConfigOption
func WithConcurrentTemplates ¶
func WithConcurrentTemplates(i int) ConfigOption
func WithDebug ¶
func WithDebug(b bool) ConfigOption
func WithDebugRequest ¶
func WithDebugRequest(b bool) ConfigOption
func WithDebugResponse ¶
func WithDebugResponse(b bool) ConfigOption
func WithEnableReverseConnectionFeature ¶
func WithEnableReverseConnectionFeature(b bool) ConfigOption
func WithExcludeTemplates ¶
func WithExcludeTemplates(s ...string) ConfigOption
func WithFuzzQueryTemplate ¶
func WithFuzzQueryTemplate(s ...string) ConfigOption
func WithMode ¶
func WithMode(s string) ConfigOption
func WithResultCallback ¶
func WithResultCallback(f ResultCallback) ConfigOption
func WithTags ¶
func WithTags(f ...string) ConfigOption
func WithTemplateName ¶
func WithTemplateName(s ...string) ConfigOption
func WithTemplateRaw ¶
func WithTemplateRaw(b string) ConfigOption
func WithVerbose ¶
func WithVerbose(b bool) ConfigOption
type NucleiDSL ¶
type NucleiDSL struct {
Functions map[string]interface{}
}
func NewNucleiDSLYakSandbox ¶
func NewNucleiDSLYakSandbox() *NucleiDSL
func (*NucleiDSL) ExecuteAsBool ¶
type NucleiTagData ¶
func ParseNucleiTag ¶
func ParseNucleiTag(raw string) []*NucleiTagData
type RequestBulk ¶
type RequestBulk struct {
Requests []*requestRaw
RequestConfig *YakRequestBulkConfig
}
type ResultCallback ¶
type ResultCallback func(y *YakTemplate, reqBulk *YakRequestBulkConfig, rsp []*lowhttp.LowhttpResponse, result bool, extractor map[string]interface{})
type Var ¶
type Var struct {
Type string
Data string
Tags []*NucleiTagData
}
type YakExtractor ¶
type YakExtractor struct {
Name string // name or index
// regexp
// json
// kval
// xpath
// nuclei-dsl
Type string
// body
// header
// all
Scope string // header body all
Groups []string
RegexpMatchGroup []int
XPathAttribute string
}
func NewExtractorFromGRPCModel ¶
func NewExtractorFromGRPCModel(m *ypb.HTTPResponseExtractor) *YakExtractor
type YakHTTPRequestPacket ¶
type YakHTTPRequestPacket struct {
Request string
// @SNI
SNI string
// @Timeout
Timeout time.Duration
// @Host
OverrideHost string
}
func (*YakHTTPRequestPacket) GenerateRaw ¶
func (s *YakHTTPRequestPacket) GenerateRaw() []*requestRaw
type YakMatcher ¶
type YakMatcher struct {
// status
// content_length
// binary
// word
// regexp
// expr
MatcherType string
/*
nuclei-dsl
all_headers
status_code
content_length
body
raw
*/
ExprType string
// status
// header
// body
// raw
Scope string
// or
// and
Condition string
Group []string
GroupEncoding string
Negative bool
// or / and
SubMatcherCondition string
SubMatchers []*YakMatcher
}
func NewMatcherFromGRPCModel ¶
func NewMatcherFromGRPCModel(m *ypb.HTTPResponseMatcher) *YakMatcher
func (*YakMatcher) Execute ¶
func (y *YakMatcher) Execute(rsp *lowhttp.LowhttpResponse, vars map[string]interface{}, suf ...string) (bool, error)
func (*YakMatcher) ExecuteRawResponse ¶
type YakPayload ¶
type YakPayloads ¶
type YakPayloads struct {
// contains filtered or unexported fields
}
type YakRequestBulkConfig ¶
type YakRequestBulkConfig struct {
Matcher *YakMatcher
Extractor []*YakExtractor
HTTPRequests []*YakHTTPRequestPacket
EnableRedirect bool
MaxRedirects int
StopAtFirstMatch bool
CookieInherit bool
MaxSize int
NoFixContentLength bool
Payloads *YakPayloads
// req-condition - 为 true 的时候,要等所有的请求发送完在执行 Matcher
AfterRequested bool
// batteringram is not valid!
// pitchfork means sync
// cluster bomb means cartesian product
AttackMode string // sync // cartesian
}
func (*YakRequestBulkConfig) GenerateRaw ¶
func (c *YakRequestBulkConfig) GenerateRaw() []*RequestBulk
type YakTemplate ¶
type YakTemplate struct {
Id string `json:"id"`
Name string `json:"name"`
NameZh string `json:"nameZh,omitempty"`
Author string `json:"author"`
Severity string `json:"severity,omitempty"`
Description string `json:"description"`
DescriptionZh string `json:"descriptionZh"`
Reference []string `json:"reference"`
Tags []string `json:"tags"`
CVE string
ShodanQuery string
Verified string
// interactsh
ReverseConnectionNeed bool `json:"reverseConnectionNeed"`
HTTPRequestSequences []*YakRequestBulkConfig
Variables *YakVariables
}
func CreateYakTemplateFromNucleiTemplateRaw ¶
func CreateYakTemplateFromNucleiTemplateRaw(raw string) (*YakTemplate, error)
func (*YakTemplate) Exec ¶
func (y *YakTemplate) Exec(config *Config, isHttps bool, reqOrigin []byte, opts ...lowhttp.LowhttpOpt) (int, error)
type YakVariables ¶
type YakVariables struct {
// contains filtered or unexported fields
}
func NewVars ¶
func NewVars() *YakVariables
func (*YakVariables) AutoSet ¶
func (v *YakVariables) AutoSet(key string, value string)
func (*YakVariables) Set ¶
func (v *YakVariables) Set(key string, value string)
func (*YakVariables) SetNucleiDSL ¶
func (v *YakVariables) SetNucleiDSL(key string, items []*NucleiTagData)
func (*YakVariables) ToMap ¶
func (v *YakVariables) ToMap() map[string]interface{}
Source Files
Click to show internal directories.
Click to hide internal directories.