Merge pull request #1478 from projectdiscovery/dev

v2.5.8 Release
projectdiscovery · Jan 13, 2022 · 57d947f · 57d947f
2 parents 6cde584 + 6550453
commit 57d947f
Show file tree

Hide file tree

Showing 68 changed files with 1,653 additions and 661 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -15,16 +15,20 @@ updates:
     commit-message:
       prefix: "chore"
       include: "scope"
+    labels:
+      - "Type: Maintenance"
 
   # Maintain dependencies for go modules
   - package-ecosystem: "gomod"
-    directory: "/"
+    directory: "v2/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
     target-branch: "dev"
     commit-message:
       prefix: "chore"
       include: "scope"
+    labels:
+      - "Type: Maintenance"
 
   # Maintain dependencies for docker
   - package-ecosystem: "docker"
@@ -34,4 +38,6 @@ updates:
     target-branch: "dev"
     commit-message:
       prefix: "chore"
-      include: "scope"
+      include: "scope"
+    labels:
+      - "Type: Maintenance"
diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml
@@ -22,7 +22,6 @@ jobs:
 #        if: steps.cache-go.outputs.cache-hit != 'true'
         run: |
           go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
-
       - name: Template Validation
         run: |
           nuclei -validate

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.5-alpine as build-env
+FROM golang:1.17.6-alpine as build-env
 RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
 
 FROM alpine:3.15.0

diff --git a/README.md b/README.md
@@ -93,6 +93,7 @@ Flags:
 TARGET:
    -u, -target string[]  target URLs/hosts to scan
    -l, -list string      path to file containing a list of target URLs/hosts to scan (one per line)
+   -resume               Resume scan using resume.cfg (clustering will be disabled)
 
 TEMPLATES:
    -t, -templates string[]      template or template directory paths to include in the scan
@@ -109,11 +110,13 @@ FILTERING:
    -etags, -exclude-tags string[]    exclude templates with the provided tags
    -it, -include-templates string[]  templates to be executed even if they are excluded either by default or configuration
    -et, -exclude-templates string[]  template or template directory paths to exclude
-   -s, -severity value[]             Templates to run based on severity. Possible values info,low,medium,high,critical
-   -es, -exclude-severity value[]    Templates to exclude based on severity. Possible values info,low,medium,high,critical
-   -pt, -type value[]                protocol types to be executed. Possible values dns,file,http,headless,network,workflow,ssl,websocket
-   -ept, -exclude-type value[]       protocol types to not be executed. Possible values dns,file,http,headless,network,workflow,ssl,websocket
+   -s, -severity value[]             Templates to run based on severity. Possible values: info, low, medium, high, critical
+   -es, -exclude-severity value[]    Templates to exclude based on severity. Possible values: info, low, medium, high, critical
+   -pt, -type value[]                protocol types to be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
+   -ept, -exclude-type value[]       protocol types to not be executed. Possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
    -a, -author string[]              execute templates that are (co-)created by the specified authors
+   -id, -template-id string[]        List of template IDs to run (comma-separated, file)
+   -eid, -exclude-id string[]        List of template IDs to exclude (comma-separated, file)
 
 OUTPUT:
    -o, -output string            output file to write found issues/vulnerabilities
@@ -142,7 +145,7 @@ CONFIGURATIONS:
    -ca, -client-ca string      client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
 
 INTERACTSH:
-   -iserver, -interactsh-server string  interactsh server url for self-hosted instance (default "https://interact.sh")
+   -iserver, -interactsh-server string  interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
    -itoken, -interactsh-token string    authentication token for self-hosted interactsh server
    -interactions-cache-size int         number of requests to keep in the interactions cache (default 5000)
    -interactions-eviction int           number of seconds to wait before evicting requests from cache (default 60)
@@ -168,7 +171,7 @@ OPTIMIZATIONS:
    -stream                    Stream mode - start elaborating without sorting the input
 
 HEADLESS:
-   -headless            enable templates that require headless browser support
+   -headless            enable templates that require headless browser support (root user on linux will disable sandbox)
    -page-timeout int    seconds to wait for each page in headless mode (default 20)
    -sb, -show-browser   show the browser on the screen when running templates with headless mode
    -sc, -system-chrome  Use local installed chrome browser instead of nuclei installed

diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
@@ -297,6 +297,24 @@ Stop execution once first match is found
 
 <hr />
 
+<div class="dd">
+
+<code>signature</code>  <i><a href="#httpsignaturetypeholder">http.SignatureTypeHolder</a></i>
+
+</div>
+<div class="dt">
+
+Signature is the request signature method
+
+
+Valid values:
+
+
+  - <code>AWS</code>
+</div>
+
+<hr />
+
 
 
 
@@ -1182,6 +1200,24 @@ max-size: 2048
 
 <div class="dd">
 
+<code>signature</code>  <i><a href="#signaturetypeholder">SignatureTypeHolder</a></i>
+
+</div>
+<div class="dt">
+
+Signature is the request signature method
+
+
+Valid values:
+
+
+  - <code>AWS</code>
+</div>
+
+<hr />
+
+<div class="dd">
+
 <code>cookie-reuse</code>  <i>bool</i>
 
 </div>
@@ -2144,6 +2180,20 @@ Enum Values:
 
 
 
+## SignatureTypeHolder
+SignatureTypeHolder is used to hold internal type of the signature
+
+Appears in:
+
+
+- <code><a href="#httprequest">http.Request</a>.signature</code>
+
+
+
+
+
+
+
 ## dns.Request
 Request contains a DNS protocol request to be made from a template
 
@@ -3847,3 +3897,17 @@ Subtemplates are run if the name of matcher matches.
 
 
 
+
+## http.SignatureTypeHolder
+SignatureTypeHolder is used to hold internal type of the signature
+
+Appears in:
+
+
+- <code><a href="#template">Template</a>.signature</code>
+
+
+
+
+
+
diff --git a/integration_tests/http/interactsh-stop-at-first-match.yaml b/integration_tests/http/interactsh-stop-at-first-match.yaml
@@ -0,0 +1,23 @@
+id: interactsh-stop-at-first-match-integration-test
+
+info:
+  name: Interactsh StopAtFirstMatch Integration Test
+  author: pdteam
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}"
+      - "{{BaseURL}}"
+    headers:
+      url: 'http://{{interactsh-url}}'
+
+    stop-at-first-match: true
+
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"
diff --git a/integration_tests/http/self-contained.yaml b/integration_tests/http/self-contained.yaml
@@ -9,7 +9,7 @@ self-contained: true
 requests:
   - raw:
       - |
-        GET http://localhost:5431/ HTTP/1.1
+        GET http://127.0.0.1:5431/ HTTP/1.1
         Host: {{Hostname}}
 
     matchers:

diff --git a/integration_tests/network/self-contained.yaml b/integration_tests/network/self-contained.yaml
@@ -8,7 +8,7 @@ info:
 self-contained: true
 network:
   - host:
-      - "localhost:5431"
+      - "127.0.0.1:5431"
 
     matchers:
       - type: word

diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json
@@ -741,6 +741,12 @@
           "title": "maximum http response body size",
           "description": "Maximum size of http response body to read in bytes"
         },
+        "signature": {
+          "$schema": "http://json-schema.org/draft-04/schema#",
+          "$ref": "#/definitions/http.SignatureTypeHolder",
+          "title": "signature is the http request signature method",
+          "description": "Signature is the HTTP Request signature Method"
+        },
         "cookie-reuse": {
           "type": "boolean",
           "title": "optional cookie reuse enable",
@@ -790,6 +796,14 @@
       "additionalProperties": false,
       "type": "object"
     },
+    "http.SignatureTypeHolder": {
+      "enum": [
+        "AWS"
+      ],
+      "type": "string",
+      "title": "type of the signature",
+      "description": "Type of the signature"
+    },
     "network.Input": {
       "properties": {
         "data": {
@@ -1178,6 +1192,11 @@
           "type": "boolean",
           "title": "stop at first match",
           "description": "Stop at first match for the template"
+        },
+        "signature": {
+          "$ref": "#/definitions/http.SignatureTypeHolder",
+          "title": "signature is the http request signature method",
+          "description": "Signature is the HTTP Request signature Method"
         }
       },
       "additionalProperties": false,

diff --git a/v2/cmd/cve-annotate/main.go b/v2/cmd/cve-annotate/main.go
@@ -71,7 +71,7 @@ func getCVEData(client *nvd.Client, filePath, data string) {
 	cveName := matches[0][1]
 
 	severityMatches := severityRegex.FindAllStringSubmatch(data, 1)
-	if len(matches) == 0 {
+	if len(severityMatches) == 0 {
 		return
 	}
 	severityValue := severityMatches[0][1]

diff --git a/v2/cmd/integration-test/http.go b/v2/cmd/integration-test/http.go
@@ -35,6 +35,7 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/request-condition.yaml":                  &httpRequestCondition{},
 	"http/request-condition-new.yaml":              &httpRequestCondition{},
 	"http/interactsh.yaml":                         &httpInteractshRequest{},
+	"http/interactsh-stop-at-first-match.yaml":     &httpInteractshStopAtFirstMatchRequest{},
 	"http/self-contained.yaml":                     &httpRequestSelContained{},
 	"http/get-case-insensitive.yaml":               &httpGetCaseInsensitive{},
 	"http/get.yaml,http/get-case-insensitive.yaml": &httpGetCaseInsensitiveCluster{},
@@ -67,6 +68,29 @@ func (h *httpInteractshRequest) Execute(filePath string) error {
 	return expectResultsCount(results, 1)
 }
 
+type httpInteractshStopAtFirstMatchRequest struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *httpInteractshStopAtFirstMatchRequest) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		value := r.Header.Get("url")
+		if value != "" {
+			if resp, _ := http.DefaultClient.Get(value); resp != nil {
+				resp.Body.Close()
+			}
+		}
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 1)
+}
+
 type httpGetHeaders struct{}
 
 // Execute executes a test case and returns an error if occurred