Merge pull request #1576 from projectdiscovery/dev

v2.6.0 Release
projectdiscovery · Feb 5, 2022 · 149edf1 · 149edf1
2 parents 4d4d722 + 7c8137c
commit 149edf1
Show file tree

Hide file tree

Showing 54 changed files with 1,739 additions and 311 deletions.
diff --git a/README.md b/README.md
@@ -143,6 +143,7 @@ CONFIGURATIONS:
    -cc, -client-cert string    client certificate file (PEM-encoded) used for authenticating against scanned hosts
    -ck, -client-key string     client key file (PEM-encoded) used for authenticating against scanned hosts
    -ca, -client-ca string      client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
+   -ztls                       Use ztls library with autofallback to standard one for tls13
 
 INTERACTSH:
    -iserver, -interactsh-server string  interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)

diff --git a/README_CN.md b/README_CN.md
@@ -106,8 +106,8 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
    -itags, -include-tags string[]       不执行具有攻击性的模板
    -et, -exclude-templates string[]     要排除的模板或者模板目录
    -it, -include-templates string[]     执行默认或配置中排除的模板
-   -s, -severity value[]                根据严重性运行模板，允许的值有：info,low,medium,high,critical   
-   -es, -exclude-severity value[]       根据严重性排除模板，允许的值有：info,low,medium,high,critical   
+   -s, -severity value[]                根据严重程度运行模板，可候选的值有：info,low,medium,high,critical   
+   -es, -exclude-severity value[]       根据严重程度排除模板，可候选的值有：info,low,medium,high,critical   
    -a, -author string[]                 执行指定作者的模板
 
 输出：
@@ -136,7 +136,7 @@ Nuclei是一款注重于可配置性、可扩展性和易用性的基于模板
    -inserver, -ineractsh-server string  使用interactsh反连检测平台（默认为"https://interact.sh"）
    -itoken, -interactsh-token string    指定反连检测平台的身份凭证
    -interactions-cache-size int         指定保存在交互缓存中的请求数（默认：5000）
-   -interactions-eviction int           聪缓存中删除请求前等待的时间（默认为60秒）
+   -interactions-eviction int           从缓存中删除请求前等待的时间（默认为60秒）
    -interactions-poll-duration int      每个轮询前等待时间（默认为5秒）
    -interactions-cooldown-period int    退出轮询前的等待时间（默认为5秒）
    -ni, -no-interactsh                  禁用反连检测平台，同时排除基于反连检测的模板

diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
@@ -2092,6 +2092,8 @@ Appears in:
 
 - <code><a href="#networkrequest">network.Request</a>.attack</code>
 
+- <code><a href="#headlessrequest">headless.Request</a>.attack</code>
+
 - <code><a href="#websocketrequest">websocket.Request</a>.attack</code>
 
 
@@ -2506,6 +2508,8 @@ Enum Values:
   - <code>TXT</code>
 
   - <code>AAAA</code>
+
+  - <code>CAA</code>
 </div>
 
 <hr />
@@ -3134,6 +3138,39 @@ ID is the optional id of the request
 
 <div class="dd">
 
+<code>attack</code>  <i><a href="#generatorsattacktypeholder">generators.AttackTypeHolder</a></i>
+
+</div>
+<div class="dt">
+
+Attack is the type of payload combinations to perform.
+
+Batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates
+permutations and combinations for all payloads.
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>payloads</code>  <i>map[string]interface{}</i>
+
+</div>
+<div class="dt">
+
+Payloads contains any payloads for the current request.
+
+Payloads support both key-values combinations where a list
+of payloads is provided, or optionally a single file can also
+be provided as payload which will be read on run-time.
+
+</div>
+
+<hr />
+
+<div class="dd">
+
 <code>steps</code>  <i>[]<a href="#engineaction">engine.Action</a></i>
 
 </div>
@@ -3445,6 +3482,71 @@ Address contains address for the request
 
 <hr />
 
+<div class="dd">
+
+<code>min_version</code>  <i>string</i>
+
+</div>
+<div class="dt">
+
+Minimum tls version - auto if not specified.
+
+
+Valid values:
+
+
+  - <code>sslv3</code>
+
+  - <code>tls10</code>
+
+  - <code>tls11</code>
+
+  - <code>tls12</code>
+
+  - <code>tls13</code>
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>max_version</code>  <i>string</i>
+
+</div>
+<div class="dt">
+
+Max tls version - auto if not specified.
+
+
+Valid values:
+
+
+  - <code>sslv3</code>
+
+  - <code>tls10</code>
+
+  - <code>tls11</code>
+
+  - <code>tls12</code>
+
+  - <code>tls13</code>
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>cipher_suites</code>  <i>[]string</i>
+
+</div>
+<div class="dt">
+
+Client Cipher Suites  - auto if not specified.
+
+</div>
+
+<hr />
+
 
 
 

diff --git a/integration_tests/dns/caa.yaml b/integration_tests/dns/caa.yaml
@@ -0,0 +1,22 @@
+id: caa-fingerprinting
+
+info:
+  name: CAA Fingerprint
+  author: pdteam
+  severity: info
+  tags: dns,caa
+
+dns:
+  - name: "{{FQDN}}"
+    type: CAA
+
+    matchers:
+      - type: word
+        words:
+          - "IN\tCAA"
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - "IN\tCAA\t(.+)"
diff --git a/integration_tests/headless/headless-payloads.yaml b/integration_tests/headless/headless-payloads.yaml
@@ -0,0 +1,26 @@
+id: headless-payloads
+
+info:
+  name: headless payloads example
+  author: pdteam
+  severity: info
+  tags: headless
+
+headless:
+  - attack: clusterbomb
+    payloads:
+      aa:
+        - aa
+        - bb
+      bb:
+        - cc
+        - dd
+    steps:
+      - args:
+          url: "{{BaseURL}}?aa={{aa}}&bb={{bb}}"
+        action: navigate
+      - action: waitload
+    matchers:
+      - type: word
+        words:
+          - "test"
diff --git a/integration_tests/http/stop-at-first-match-with-extractors.yaml b/integration_tests/http/stop-at-first-match-with-extractors.yaml
@@ -0,0 +1,18 @@
+id: stop-at-first-match-with-extractors
+
+info:
+  name: Stop at first match Request with extractors
+  author: pdteam
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}?a=1"
+      - "{{BaseURL}}?a=2"
+    stop-at-first-match: true
+    extractors:
+      - type: kval
+        part: header
+        kval:
+          - "date"
diff --git a/integration_tests/http/stop-at-first-match.yaml b/integration_tests/http/stop-at-first-match.yaml
@@ -0,0 +1,17 @@
+id: stop-at-first-match
+
+info:
+  name: Stop at first match Request
+  author: pdteam
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}?a=1"
+      - "{{BaseURL}}?a=2"
+    matchers:
+      - type: word
+        words:
+          - "This is test"
+    stop-at-first-match: true
diff --git a/integration_tests/ssl/basic-ztls.yaml b/integration_tests/ssl/basic-ztls.yaml
@@ -0,0 +1,15 @@
+id: basic-ssl-tls
+
+info:
+  name:  Basic SSL Request with ztls
+  author: pdteam
+  severity: info
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+    min_version: sslv3
+    max_version: tls12
+    matchers:
+      - type: dsl
+        dsl:
+          - "not_after>=0"
diff --git a/integration_tests/ssl/basic.yaml b/integration_tests/ssl/basic.yaml
@@ -0,0 +1,13 @@
+id: expired-ssl
+
+info:
+  name: Basic SSL Request
+  author: pdteam
+  severity: info
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+    matchers:
+      - type: dsl
+        dsl:
+          - "not_after>=0"
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json
@@ -338,7 +338,8 @@
         "PTR",
         "MX",
         "TXT",
-        "AAAA"
+        "AAAA",
+        "CAA"
       ],
       "type": "string",
       "title": "type of DNS request to make",
@@ -501,6 +502,21 @@
           "title": "id of the request",
           "description": "Optional ID of the headless request"
         },
+        "attack": {
+          "$ref": "#/definitions/generators.AttackTypeHolder",
+          "title": "attack is the payload combination",
+          "description": "Attack is the type of payload combinations to perform"
+        },
+        "payloads": {
+          "patternProperties": {
+            ".*": {
+              "additionalProperties": true
+            }
+          },
+          "type": "object",
+          "title": "payloads for the headless request",
+          "description": "Payloads contains any payloads for the current request"
+        },
         "steps": {
           "items": {
             "$schema": "http://json-schema.org/draft-04/schema#",
@@ -950,6 +966,36 @@
           "type": "string",
           "title": "address for the ssl request",
           "description": "Address contains address for the request"
+        },
+        "min_version": {
+          "enum": [
+            "sslv3",
+            "tls10",
+            "tls11",
+            "tls12",
+            "tls13"
+          ],
+          "type": "string",
+          "title": "TLS version",
+          "description": "Minimum tls version - automatic if not specified."
+        },
+        "max_version": {
+          "enum": [
+            "sslv3",
+            "tls10",
+            "tls11",
+            "tls12",
+            "tls13"
+          ],
+          "type": "string",
+          "title": "TLS version",
+          "description": "Max tls version - automatic if not specified."
+        },
+        "cipher_suites": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "additionalProperties": false,

diff --git a/v2/cmd/integration-test/dns.go b/v2/cmd/integration-test/dns.go
@@ -7,6 +7,7 @@ import (
 var dnsTestCases = map[string]testutils.TestCase{
 	"dns/basic.yaml": &dnsBasic{},
 	"dns/ptr.yaml":   &dnsPtr{},
+	"dns/caa.yaml":   &dnsCAA{},
 }
 
 type dnsBasic struct{}
@@ -40,3 +41,19 @@ func (h *dnsPtr) Execute(filePath string) error {
 	}
 	return expectResultsCount(results, 1)
 }
+
+type dnsCAA struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *dnsCAA) Execute(filePath string) error {
+	var routerErr error
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "google.com", debug)
+	if err != nil {
+		return err
+	}
+	if routerErr != nil {
+		return routerErr
+	}
+	return expectResultsCount(results, 1)
+}