更新nuclei至v3.1.3

Update.md

@@ -1,5 +1,13 @@
 # 更新日志
 
+## 2023.1.8
+
+将内嵌的nuclei更新至v3.1.3版本（有新的nuclei模板需要最新的nuclei引擎支持）。
+
+将审计日志修改至基于nuclei debug功能，更全一点。1.6版本的审计日志会漏掉dns和javascript类的poc。
+
+
+
 ## 2023.1.3
 
 紧急修复一个因为resp为空导致读空指针的问题。

common/callnuclei/callnuclei.go

@@ -121,6 +121,8 @@ func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSear
 	}
 	options.Targets = targets
 
+	options.ExcludeTargets = []string{}
+
 	// path to file containing a list of target URLs/hosts to scan (one per line)
 	// 包含要扫描的目标URL/主机列表的文件路径(每行一个)
 	options.TargetsFilePath = ""
@@ -472,7 +474,7 @@ func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSear
 	options.ShowActions = false
 
 	// 显示所有请求和响应
-	options.Debug = false
+	options.Debug = gologger.Audit
 	// 显示所有请求
 	options.DebugRequests = false
 	// 显示所有响应
@@ -522,48 +524,21 @@ func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSear
 	// 更改Nuclei默认端口（默认：9092）
 	options.MetricsPort = 9092
 
-	// run scan on nuclei cloud
-	options.Cloud = false
-	// add specified data source (s3,github)
-	options.AddDatasource = ""
-	// add target(s) to cloud
-	options.AddTarget = ""
-	// add template(s) to cloud
-	options.AddTemplate = ""
-	// list previous cloud scans
-	options.ScanList = false
-	// list scan output by scan id
-	options.ScanOutput = ""
-	// list cloud target by id
-	options.ListTargets = false
-	// list cloud template by id
-	options.ListTemplates = false
-	// list cloud datasource by id
-	options.ListDatasources = false
-	// list reporting sources
-	options.ListReportingSources = false
-	// delete cloud scan by id
-	options.DeleteScan = ""
-	// delete target(s) from cloud
-	options.RemoveTarget = ""
-	// delete template(s) from cloud
-	options.RemoveTemplate = ""
-	// delete specified data source
-	options.RemoveDatasource = ""
-	// disable specified reporting source
-	options.DisableReportingSource = ""
-	// enable specified reporting source
-	options.EnableReportingSource = ""
-	// get target content by id
-	options.GetTarget = ""
-	// get template content by id
-	options.GetTemplate = ""
-	// disable scan/output storage on cloud
-	options.NoStore = false
-	// do not display pretty-printed tables
-	options.NoTables = false
-	// limit the number of output to display
-	options.OutputLimit = 100
+	options.OmitTemplate = false
+
+	// network请求超时时间
+	options.DialerTimeout = 0
+
+	// network请求的keep-alive持续时间
+	options.DialerKeepAlive = 0
+
+	// 启用加载基于代码协议的模板
+	options.EnableCodeTemplates = false
+
+	// 将扫描结果上传到pdcp仪表板 敏感环境高危
+	options.EnableCloudUpload = false
+
+	options.SignTemplates = false
 
 	options.PocNameForSearch = nameForSearch
 

common/flag.go

@@ -34,7 +34,7 @@ func GC() {
 	debug.FreeOSMemory()
 }
 
-var version = "1.6.1"
+var version = "1.7"
 
 func showBanner() {
 	banner := fmt.Sprintf(`
@@ -255,7 +255,7 @@ func prepare() {
 
 	structs.FingerprintDB = ddfinger.ParseFingerYaml()
 	if len(structs.FingerprintDB) == 0 {
-		gologger.Fatal().Msg("请检查指纹数据库是否正常。")
+		gologger.Fatal().Msg("请检查指纹数据库是否正常，是否正确放置config文件夹。")
 	}
 	gologger.Info().Msgf("YAML指纹数据: %d 条\n", len(structs.FingerprintDB))
 

go.mod

@@ -34,8 +34,8 @@ require (
 	github.com/alecthomas/jsonschema v0.0.0-20211022214203-8b29eab41725 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
-	github.com/andybalholm/brotli v1.0.5 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/andygrunwald/go-jira v1.16.0 // indirect
 	github.com/antchfx/htmlquery v1.3.0 // indirect
 	github.com/antchfx/xmlquery v1.3.15 // indirect
@@ -68,7 +68,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/cloudflare/cfssl v1.6.4 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.6 // indirect
 	github.com/corpix/uarand v0.2.0 // indirect
 	github.com/denisbrodbeck/machineid v1.0.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@@ -136,7 +136,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kataras/jwt v0.1.10 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/compress v1.17.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
@@ -155,22 +155,22 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/praetorian-inc/fingerprintx v1.1.9 // indirect
 	github.com/projectdiscovery/chaos-client v0.5.1 // indirect
-	github.com/projectdiscovery/dsl v0.0.26 // indirect
-	github.com/projectdiscovery/fastdialer v0.0.40 // indirect
+	github.com/projectdiscovery/dsl v0.0.35 // indirect
+	github.com/projectdiscovery/fastdialer v0.0.49 // indirect
 	github.com/projectdiscovery/fasttemplate v0.0.2 // indirect
 	github.com/projectdiscovery/fdmax v0.0.4 // indirect
-	github.com/projectdiscovery/gostruct v0.0.1 // indirect
+	github.com/projectdiscovery/gostruct v0.0.2 // indirect
 	github.com/projectdiscovery/gozero v0.0.1 // indirect
 	github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 // indirect
 	github.com/projectdiscovery/networkpolicy v0.0.6 // indirect
-	github.com/projectdiscovery/rawhttp v0.1.23 // indirect
+	github.com/projectdiscovery/rawhttp v0.1.28 // indirect
 	github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 // indirect
 	github.com/projectdiscovery/sarif v0.0.1 // indirect
-	github.com/projectdiscovery/tlsx v1.1.6-0.20231016194953-a3ff9518c766 // indirect
+	github.com/projectdiscovery/tlsx v1.1.6-0.20231116215000-e842dc367a74 // indirect
 	github.com/projectdiscovery/uncover v1.0.7 // indirect
 	github.com/projectdiscovery/wappalyzergo v0.0.109 // indirect
 	github.com/projectdiscovery/yamldoc-go v1.0.4 // indirect
-	github.com/quic-go/quic-go v0.38.1 // indirect
+	github.com/quic-go/quic-go v0.40.0 // indirect
 	github.com/redis/go-redis/v9 v9.1.0 // indirect
 	github.com/refraction-networking/utls v1.5.4 // indirect
 	github.com/remeh/sizedwaitgroup v1.0.0 // indirect
@@ -205,12 +205,12 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
 	github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 // indirect
-	github.com/zmap/zcrypto v0.0.0-20230829152017-3b5d61809233 // indirect
+	github.com/zmap/zcrypto v0.0.0-20231106212110-94c8f62efae4 // indirect
 	github.com/zmap/zgrab2 v0.1.8-0.20230806160807-97ba87c0e706 // indirect
 	go.uber.org/zap v1.25.0 // indirect
 	goftp.io/server/v2 v2.0.1 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/corvus-ch/zbase32.v1 v1.0.0 // indirect
@@ -241,7 +241,7 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-github/v30 v30.1.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/gorilla/css v1.0.0 // indirect
+	github.com/gorilla/css v1.0.1 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/lcvvvv/gonmap v1.3.4
 	github.com/logrusorgru/aurora v2.0.3+incompatible
@@ -250,9 +250,9 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mholt/archiver v3.1.1+incompatible // indirect
-	github.com/microcosm-cc/bluemonday v1.0.25 // indirect
-	github.com/miekg/dns v1.1.56
-	github.com/minio/selfupdate v0.6.0 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.26 // indirect
+	github.com/miekg/dns v1.1.57
+	github.com/minio/selfupdate v0.6.1-0.20230907112617-f11e74f84ca7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
@@ -261,28 +261,28 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1
-	github.com/projectdiscovery/asnmap v1.0.5 // indirect
+	github.com/projectdiscovery/asnmap v1.0.6 // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect
 	github.com/projectdiscovery/cdncheck v1.0.9 // indirect
-	github.com/projectdiscovery/clistats v0.0.19 // indirect
+	github.com/projectdiscovery/clistats v0.0.20 // indirect
 	github.com/projectdiscovery/freeport v0.0.5 // indirect
 	github.com/projectdiscovery/goconfig v0.0.1 // indirect
-	github.com/projectdiscovery/goflags v0.1.25
-	github.com/projectdiscovery/hmap v0.0.22
+	github.com/projectdiscovery/goflags v0.1.29
+	github.com/projectdiscovery/hmap v0.0.29
 	github.com/projectdiscovery/httpx v1.3.5
-	github.com/projectdiscovery/mapcidr v1.1.12 // indirect
-	github.com/projectdiscovery/ratelimit v0.0.12 // indirect
-	github.com/projectdiscovery/retryabledns v1.0.39 // indirect
-	github.com/projectdiscovery/retryablehttp-go v1.0.32
+	github.com/projectdiscovery/mapcidr v1.1.16 // indirect
+	github.com/projectdiscovery/ratelimit v0.0.20 // indirect
+	github.com/projectdiscovery/retryabledns v1.0.47 // indirect
+	github.com/projectdiscovery/retryablehttp-go v1.0.38
 	github.com/projectdiscovery/subfinder/v2 v2.5.8
-	github.com/projectdiscovery/utils v0.0.58
+	github.com/projectdiscovery/utils v0.0.68
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
-	github.com/tidwall/btree v1.6.0 // indirect
+	github.com/tidwall/btree v1.7.0 // indirect
 	github.com/tidwall/buntdb v1.3.0 // indirect
-	github.com/tidwall/gjson v1.16.0 // indirect
+	github.com/tidwall/gjson v1.17.0 // indirect
 	github.com/tidwall/grect v0.1.4 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
@@ -294,16 +294,16 @@ require (
 	github.com/yl2chen/cidranger v1.0.2 // indirect
 	github.com/yuin/goldmark v1.5.4 // indirect
 	github.com/yuin/goldmark-emoji v1.0.1 // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
+	go.etcd.io/bbolt v1.3.8 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.14.0
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/net v0.17.0
+	golang.org/x/crypto v0.17.0
+	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/net v0.18.0
 	golang.org/x/oauth2 v0.11.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.15.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/djherbis/times.v1 v1.3.0 // indirect
@@ -313,7 +313,7 @@ require (
 
 // nuclei
 require (
-	github.com/projectdiscovery/interactsh v1.1.7 // indirect
+	github.com/projectdiscovery/interactsh v1.1.8 // indirect
 	github.com/projectdiscovery/nuclei/v3 v3.0.2
 )