Merge branch 'dev'

projectdiscovery · May 28, 2023 · 74ab142 · 74ab142
2 parents 06f242e + 44f8f6b
commit 74ab142
Show file tree

Hide file tree

Showing 59 changed files with 871 additions and 1,226 deletions.
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -12,7 +12,7 @@ jobs:
     name: Test Builds
     strategy:
       matrix:
-        go-version: [1.19.x]
+        go-version: [1.20.x]
         os: [ubuntu-latest, windows-latest, macOS-13]
 
     runs-on: ${{ matrix.os }}

diff --git a/.github/workflows/functional-test.yml b/.github/workflows/functional-test.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.20.x
 
       - name: Check out code
         uses: actions/checkout@v3

diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
@@ -15,9 +15,11 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.20.x
+
       - name: Checkout code
         uses: actions/checkout@v3
+
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v3.4.0
         with:

diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml
@@ -18,7 +18,7 @@ jobs:
       - name: "Set up Go"
         uses: actions/setup-go@v4
         with: 
-          go-version: 1.19
+          go-version: 1.20.x
 
       - name: Generate YAML Syntax Documentation
         id: generate-docs

diff --git a/.github/workflows/release-binary.yml b/.github/workflows/release-binary.yml
@@ -17,7 +17,7 @@ jobs:
 
       - uses: actions/setup-go@v4
         with: 
-          go-version: 1.19
+          go-version: 1.20.x
 
       - uses: goreleaser/goreleaser-action@v4
         with: 

diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml
@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
         with: 
-          go-version: 1.19
+          go-version: 1.20.x
 
       - name: Template Validation
         run: |

diff --git a/.gitignore b/.gitignore
@@ -15,4 +15,4 @@ v2/pkg/protocols/common/helpers/deserialization/testdata/Deserialize.class
 v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class
 v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser
 *.exe
-
+v2/.gitignore
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.20.3-alpine AS build-env
+FROM golang:1.20.4-alpine AS build-env
 RUN apk add build-base
 WORKDIR /app
 COPY . /app
@@ -8,7 +8,7 @@ RUN go mod download
 RUN go build ./cmd/nuclei
 
 # Release
-FROM alpine:3.17.3
+FROM alpine:3.18.0
 RUN apk -U upgrade --no-cache \
     && apk add --no-cache bind-tools chromium ca-certificates
 COPY --from=build-env /app/v2/nuclei /usr/local/bin/

diff --git a/README.md b/README.md
@@ -53,7 +53,7 @@ We have a [dedicated repository](https://github.com/projectdiscovery/nuclei-temp
 
 # Install Nuclei
 
-Nuclei requires **go1.19** to install successfully. Run the following command to install the latest version -
+Nuclei requires **go1.20** to install successfully. Run the following command to install the latest version -
 
 ```sh
 go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
@@ -368,7 +368,7 @@ Nuclei immensely improve how you approach security assessment by augmenting the
 Pen-testers get the full power of our public templates and customization capabilities to speed up their assessment process, and specifically with the regression cycle where you can easily verify the fix.
 
 - Easily create your compliance, standards suite (e.g. OWASP Top 10) checklist.
-- With capabilities like [fuzz](https://nuclei.projectdiscovery.io/templating-guide/#advance-fuzzing) and [workflows](https://nuclei.projectdiscovery.io/templating-guide/#workflows), complex manual steps and repetitive assessment can be easily automated with Nuclei.
+- With capabilities like [fuzz](https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/) and [workflows](https://nuclei.projectdiscovery.io/templating-guide/workflows/), complex manual steps and repetitive assessment can be easily automated with Nuclei.
 - Easy to re-test vulnerability-fix by just re-running the template.
 
 </td>

diff --git a/README_CN.md b/README_CN.md
@@ -52,7 +52,7 @@ Nuclei使用零误报的定制模板向目标发送请求，同时可以对主
 
 # 安装Nuclei
 
-Nuclei需要**go1.19**才能安装成功。执行下列命令安装最新版本的Nuclei
+Nuclei需要**go1.20**才能安装成功。执行下列命令安装最新版本的Nuclei
 
 ```sh
 go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
@@ -303,7 +303,7 @@ Nuclei通过增加手动、自动的过程，极大地改变了安全评估的
 渗透测试员可以使用公共模板或者自定义模板来更快的完成渗透测试，特别是漏洞验证时，可以轻松的验证漏洞是否修复。
 
 - 轻松根据您的要求创建标准清单（例如：OWASP TOP 10）
-- 通过[FUZZ](https://nuclei.projectdiscovery.io/templating-guide/#advance-fuzzing)和[工作流](https://nuclei.projectdiscovery.io/templating-guide/#workflows)等功能，可以使用Nuclei完成复杂的手动步骤和重复性渗透测试
+- 通过[FUZZ](https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/)和[工作流](https://nuclei.projectdiscovery.io/templating-guide/workflows/)等功能，可以使用Nuclei完成复杂的手动步骤和重复性渗透测试
 - 只需要重新运行Nuclei即可验证漏洞修复情况
 
 </td>

diff --git a/README_ID.md b/README_ID.md
@@ -52,7 +52,7 @@ Kami memiliki [repositori khusus](https://github.com/projectdiscovery/nuclei-tem
 
 # Instalasi Nuclei
 
-Nuclei membutuhkan **go1.19** agar dapat diinstall. Jalankan perintah berikut untuk menginstal versi terbaru -
+Nuclei membutuhkan **go1.20** agar dapat diinstall. Jalankan perintah berikut untuk menginstal versi terbaru -
 
 ```sh
 go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
@@ -304,7 +304,7 @@ Nuclei sangat meningkatkan cara Anda mendekati penilaian keamanan dengan menamba
 Para penguji penetrasi mendapatkan kekuatan penuh dari templat publik dan kemampuan penyesuaian kami untuk mempercepat proses penilaian mereka, dan khususnya dengan siklus regresi di mana Anda dapat dengan mudah memverifikasi perbaikannya.
 
 - Mudah untuk membuat daftar pemeriksa kepatuhan Anda, sederet standar (mis., OWASP 10 Teratas).
-- Dengan kemampuan seperti [fuzz](https://nuclei.projectdiscovery.io/templating-guide/#advance-fuzzing) dan [alur kerja](https://nuclei.projectdiscovery.io/templating-guide/#workflows), langkah manual yang rumit dan penilaian berulang dapat dengan mudah diotomatisasi dengan Nuclei.
+- Dengan kemampuan seperti [fuzz](https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/) dan [alur kerja](https://nuclei.projectdiscovery.io/templating-guide/workflows/), langkah manual yang rumit dan penilaian berulang dapat dengan mudah diotomatisasi dengan Nuclei.
 - Mudah untuk menguji ulang perbaikan kerentanan hanya dengan menjalankan ulang template.
 
 </td>

diff --git a/README_KR.md b/README_KR.md
@@ -50,7 +50,7 @@ Nuclei는 템플릿을 기반으로 대상 간에 요청을 보내기 위해 사
 
 # 설치
 
-Nuclei를 성공적으로 설치하기 위해서 **go1.19**가 필요합니다. 다음 명령을 실행하여 최신 버전을 설치합니다.
+Nuclei를 성공적으로 설치하기 위해서 **go1.20**가 필요합니다. 다음 명령을 실행하여 최신 버전을 설치합니다.
 
 ```sh
 go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
@@ -289,7 +289,7 @@ Nuclei는 수동적이고 반복적인 프로세스를 보강하여 보안 평
 침투 테스터는 평가 프로세스, 특히 수정 사항을 쉽게 확인할 수 있는 회귀 주기를 통해 공개 템플릿 및 사용자 지정 기능을 최대한 활용할 수 있습니다.
 
 - 규정 준수, 표준 제품군(예: OWASP Top 10) 체크리스트 쉽게 생성.
-- Nuclei의 [fuzz](https://nuclei.projectdiscovery.io/templating-guide/#advance-fuzzing) 및 [workflows](https://nuclei.projectdiscovery.io/templating-guide/#workflows) 같은 기능으로 복잡한 수동 단계와 반복 평가를 쉽게 자동화할 수 있음.
+- Nuclei의 [fuzz](https://nuclei.projectdiscovery.io/templating-guide/protocols/http-fuzzing/) 및 [workflows](https://nuclei.projectdiscovery.io/templating-guide/workflows/) 같은 기능으로 복잡한 수동 단계와 반복 평가를 쉽게 자동화할 수 있음.
 - 템플릿 재실행으로 취약점 수정 재테스트 용이.
 
 </td>

diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
@@ -184,8 +184,6 @@ file:
             - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
     extensions:
         - all
-    archive: false
-    mimetype: false
 ```
 
 
@@ -353,6 +351,19 @@ Variables contains any variables for the current request.
 
 <hr />
 
+<div class="dd">
+
+<code>constants</code>  <i>map[string]interface{}</i>
+
+</div>
+<div class="dt">
+
+Constants contains any scalar costant for the current template
+
+</div>
+
+<hr />
+
 
 
 
@@ -1470,6 +1481,8 @@ Appears in:
 
 - <code><a href="#httprequest">http.Request</a>.attack</code>
 
+- <code><a href="#dnsrequest">dns.Request</a>.attack</code>
+
 - <code><a href="#networkrequest">network.Request</a>.attack</code>
 
 - <code><a href="#headlessrequest">headless.Request</a>.attack</code>
@@ -1949,6 +1962,39 @@ trace-max-recursion: 100
 ```
 
 
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>attack</code>  <i><a href="#generatorsattacktypeholder">generators.AttackTypeHolder</a></i>
+
+</div>
+<div class="dt">
+
+Attack is the type of payload combinations to perform.
+
+Batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates
+permutations and combinations for all payloads.
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>payloads</code>  <i>map[string]interface{}</i>
+
+</div>
+<div class="dt">
+
+Payloads contains any payloads for the current request.
+
+Payloads support both key-values combinations where a list
+of payloads is provided, or optionally a single file can also
+be provided as payload which will be read on run-time.
+
 </div>
 
 <hr />
@@ -2031,6 +2077,8 @@ Enum Values:
   - <code>CAA</code>
 
   - <code>TLSA</code>
+
+  - <code>ANY</code>
 </div>
 
 <hr />
@@ -2055,8 +2103,6 @@ extractors:
         - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
 extensions:
     - all
-archive: false
-mimetype: false
 ```
 
 Part Definitions: 
@@ -2163,6 +2209,32 @@ max-size: 5Mb
 ```
 
 
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>archive</code>  <i>bool</i>
+
+</div>
+<div class="dt">
+
+elaborates archives
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>mime-type</code>  <i>bool</i>
+
+</div>
+<div class="dt">
+
+enables mime types check
+
 </div>
 
 <hr />

diff --git a/helm/templates/interactsh-ingress.yaml b/helm/templates/interactsh-ingress.yaml
@@ -1,12 +1,12 @@
 {{- if .Values.interactsh.ingress.enabled -}}
 {{- $fullName := include "nuclei.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
-{{- if and .Values.interactsh.ingress.className (not (semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion)) }}
+{{- if and .Values.interactsh.ingress.className (not (semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.interactsh.ingress.annotations "kubernetes.io/ingress.class") }}
   {{- $_ := set .Values.interactsh.ingress.annotations "kubernetes.io/ingress.class" .Values.interactsh.ingress.className}}
   {{- end }}
 {{- end }}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
@@ -23,7 +23,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if and .Values.interactsh.ingress.className (semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion) }}
+  {{- if and .Values.interactsh.ingress.className (semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion) }}
   ingressClassName: {{ .Values.interactsh.ingress.className }}
   {{- end }}
   {{- if .Values.interactsh.ingress.tls }}
@@ -43,11 +43,11 @@ spec:
         paths:
           {{- range .paths }}
           - path: {{ .path }}
-            {{- if and .pathType (semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion) }}
+            {{- if and .pathType (semverCompare ">=1.20-0" $.Capabilities.KubeVersion.GitVersion) }}
             pathType: {{ .pathType }}
             {{- end }}
             backend:
-              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              {{- if semverCompare ">=1.20-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
                 name: {{ $fullName }}
                 port:

diff --git a/integration_tests/dns/payload.yaml b/integration_tests/dns/payload.yaml
@@ -0,0 +1,29 @@
+id: dns-attack
+
+info:
+  name: basic dns template
+  author: pdteam
+  severity: info
+
+
+dns:
+  - name: "{{subdomain_wordlist}}.{{FQDN}}"
+    type: A
+
+    attack: batteringram
+    payloads:
+      subdomain_wordlist: 
+      - one
+      - docs
+      - drive
+
+    matchers:
+      - type: word
+        words:
+          - "IN\tA"
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - "IN\tA\t(.+)"
diff --git a/integration_tests/http/cli-with-constants.yaml b/integration_tests/http/cli-with-constants.yaml
@@ -0,0 +1,18 @@
+id: cli-with-constants
+
+info:
+  name: Cli Var with Constants
+  author: pdteam
+  severity: info
+
+constants:
+  test: test-in-template
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}?p={{test}}"
+    matchers:
+      - type: word
+        words:
+          - "test-in-template"
diff --git a/integration_tests/subdomains.txt b/integration_tests/subdomains.txt
@@ -0,0 +1,5 @@
+one
+docs
+drive
+play
+