Skip to content
This repository has been archived by the owner on Aug 18, 2023. It is now read-only.

Commit

Permalink
Add docs related to interactsh sni annotation (#118)
Browse files Browse the repository at this point in the history 
* Align usage of GitHub

* typo update

* Fix issue with description of modes

* adding interactsh-sni annotation

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Brendan O'Leary <boleary@gitlab.com>
  • Loading branch information
@Mzack9999 @ehsandeep @fabaff
5 people committed Feb 7, 2023
1 parent f2a6ac6 commit d875987
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 11 deletions.
17 changes: 10 additions & 7 deletions docs/nuclei/get-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@

Nuclei has built-in support for automatic update/download templates since version [v2.4.0](https://github.com/projectdiscovery/nuclei/releases/tag/v2.4.0). [**Nuclei-Templates**](https://github.com/projectdiscovery/nuclei-templates) project provides a community-contributed list of ready-to-use templates that is constantly updated.

Nuclei also support for update/download custom template repositories. You can pass the file/list of github repositories by using `-gtr`/`-github-template-repo` flag. This will download the repositories under `nuclei-templates/github` directory. To update the repo you can pass the `-update-templates` with `-gtr` flag.
Nuclei also support for update/download custom template repositories. You can pass the file/list of Github repositories by using `-gtr`/`-github-template-repo` flag. This will download the repositories under `nuclei-templates/github` directory. To update the repo you can pass the `-update-templates` with `-gtr` flag.

Nuclei checks for new community template releases upon each execution and automatically downloads the latest version when available. This feature can be disabled using the `-duc`, `-disable-update-check` flags via the CLI or the configuration file.

Expand Down Expand Up @@ -284,7 +284,8 @@ Custom template directory or multiple template directory can be executed as foll
nuclei -u https://example.com -t cves/ -t exposures/
```

Custom template github repos are downloaded under `github` directory. Custom repo templates can be passed as follows
Custom template Github repos are downloaded under `github` directory. Custom repo templates can be passed as follows

```sh
nuclei -u https://example.com -t github/private-repo
```
Expand Down Expand Up @@ -345,6 +346,7 @@ nuclei -u https://example.com -tags cve -severity critical,high -author geeknik
```

Multiple filters can also be combined using the template condition flag (`-tc`) that allows complex expressions like the following ones:

```sh
nuclei -tc "contains(id,'xss') || contains(tags,'xss')"
nuclei -tc "contains(tags,'cve') && contains(tags,'ssrf')"
Expand Down Expand Up @@ -516,6 +518,7 @@ Template snippet of [CVE-2021-26855](https://github.com/projectdiscovery/nuclei-
metadata:
shodan-query: 'vuln:CVE-2021-26855'
```

```console
nuclei -t cves/2021/CVE-2021-26855.yaml -uncover
nuclei -tags cve -uncover
Expand Down Expand Up @@ -584,7 +587,7 @@ This option should only be enabled if targets > 10k . This skips any type of sor

Default path of nuclei config file is `$HOME/.config/nuclei/config.yaml`, uncomment and configure the flags you wish to run as default.

Here is an example config file:-
Here is an example config file:

```yaml
# Headers to include with all HTTP request
Expand Down Expand Up @@ -670,7 +673,7 @@ Nuclei comes with reporting module support with the release of [v2.3.0](https://



For example, to create tickets on GitHub, create a config file with the following content and replace the appropriate values:-
For example, to create tickets on GitHub, create a config file with the following content and replace the appropriate values:

```yaml
# GitHub contains configuration options for GitHub issue tracker
Expand All @@ -683,7 +686,7 @@ github:
issue-label: "Nuclei"
```

To store results in Elasticsearch, create a config file with the following content and replace the appropriate values:-
To store results in Elasticsearch, create a config file with the following content and replace the appropriate values:

```yaml
# elasticsearch contains configuration options for elasticsearch exporter
Expand All @@ -696,7 +699,7 @@ elasticsearch:
index-name: nuclei
```

To forward results to Splunk HEC, create a config file with the following content and replace the appropriate values:-
To forward results to Splunk HEC, create a config file with the following content and replace the appropriate values:

```yaml
# splunkhec contains configuration options for splunkhec exporter
Expand All @@ -715,7 +718,7 @@ splunkhec:
token: "$hec_token"
```

**Running nuclei with reporting module:-**
**Running nuclei with reporting module:**

```bash
nuclei -l urls.txt -t cves/ -rc issue-tracker.yaml
Expand Down
2 changes: 1 addition & 1 deletion docs/templating-guide/helper-functions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Here is the list of all supported helper functions can be used in the RAW reques
| html_unescape(input interface{}) string | HTML un-escapes the given input | `html_unescape("&lt;body&gt;test&lt;/body&gt;")` | `<body>test</body>` |
| join(separator string, elements ...interface{}) string | Joins the given elements using the specified separator | `join("_", 123, "hello", "world")` | `123_hello_world` |
| json_minify(json) string | Minifies a JSON string by removing unnecessary whitespace | `json_minify("{ \"name\": \"John Doe\", \"foo\": \"bar\" }")` | `{"foo":"bar","name":"John Doe"}` |
| json_pretiffy(json) string | Prettifies a JSON string by adding indentation | `json_prettify("{\"foo\":\"bar\",\"name\":\"John Doe\"}")` | `{\n \"foo\": \"bar\",\n \"name\": \"John Doe\"\n}` |
| json_prettify(json) string | Prettifies a JSON string by adding indentation | `json_prettify("{\"foo\":\"bar\",\"name\":\"John Doe\"}")` | `{\n \"foo\": \"bar\",\n \"name\": \"John Doe\"\n}` |
| len(arg interface{}) int | Returns the length of the input | `len("Hello")` | `5` |
| line_ends_with(str string, suffix ...string) bool | Checks if any line of the string ends with any of the provided substrings | `line_ends_with("Hello\nHi", "lo")` | `true` |
| line_starts_with(str string, prefix ...string) bool | Checks if any line of the string starts with any of the provided substrings | `line_starts_with("Hi\nHello", "He")` | `true` |
Expand Down
4 changes: 2 additions & 2 deletions docs/templating-guide/protocols/http-fuzzing.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ fuzzing:

Mode specifies the mode in which to perform the replacements. Available modes are -

1. **multiple** (`default`) - replace one value at a time
2. **single** - replace all values at once
1. **multiple** (`default`) - replace all values at once
2. **single** - replace one value at a time

```yaml
fuzzing:
Expand Down
14 changes: 13 additions & 1 deletion docs/templating-guide/protocols/http.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -593,7 +593,7 @@ requests:
Request inline annotations allow performing per request properties/behavior override. They are very similar to python/java class annotations and must be put on the request just before the RFC line. Currently, only the following overrides are supported:

- `@Host:` which overrides the real target of the request (usually the host/ip provided as input). It supports syntax with ip/domain, port, and scheme, for example: `domain.tld`, `domain.tld:port`, `http://domain.tld:port`
- `@tls-sni:` which overrides the SNI Name of the TLS request (usually the hostname provided as input). It supports any literals, the speciale value `request.host` use the value of the `Host` header.
- `@tls-sni:` which overrides the SNI Name of the TLS request (usually the hostname provided as input). It supports any literals. The special value `request.host` uses the `Host` header and `interactsh-url` uses an interactsh generated URL.
- `@timeout:` which overrides the timeout for the request to a custom duration. It supports durations formatted as string. If no duration is specified, the default Timeout flag value is used.

The following example shows the annotations within a request:
Expand Down Expand Up @@ -649,3 +649,15 @@ Example of a custom `timeout` annotations -
mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
```

Example of `sni` annotation with `interactsh-url` -

```yaml
- |
@tls-sni: interactsh-url
POST /conf_mail.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
```

0 comments on commit d875987

Please sign in to comment.