Merge branch 'master' into tpl-http-port-path-preference

Dockerfile

@@ -1,10 +1,19 @@
-FROM golang:1.14-alpine AS build-env
+FROM golang:alpine as builder
 
-RUN apk add --no-cache --upgrade git openssh-client ca-certificates
-RUN go get -u github.com/golang/dep/cmd/dep
-WORKDIR /go/src/app
+RUN mkdir -p /app
+WORKDIR /app
+COPY ./go.mod .
+RUN go mod download
 
-# Install
-RUN GO111MODULE=on go get -u github.com/projectdiscovery/nuclei/v2/cmd/nuclei
+COPY . .
+RUN cd ./cmd/nuclei && go build -o nuclei .
 
-ENTRYPOINT ["nuclei"]
+FROM alpine
+
+RUN mkdir /app
+RUN adduser -S -D -H -h /app appuser
+USER appuser
+COPY --from=builder /app/cmd/nuclei/nuclei /app
+
+WORKDIR /app
+CMD ["./nuclei"]

README.md

@@ -22,19 +22,19 @@ We have also [open-sourced a template repository](https://github.com/projectdisc
 <details>
 <summary>Resources</summary>
 
-- [Features](#features)
-- [Usage](#usage)
-- [Installation Instructions](#installation-instructions)
-    - [From Binary](#from-binary)
-    - [From Source](#from-source)
-    - [From Github](#from-github)
-- [Nuclei templates](#nuclei-templates)
-- [Running nuclei](#running-nuclei)
-    - [Running with a single template.](#running-with-single-template)
-    - [Running with multiple templates.](#running-with-multiple-templates)
-    - [Running with subfinder](#running-with-subfinder)
-    - [Running in Docker](#running-in-docker-container)
-- [Thanks](#thanks)
+-   [Features](#features)
+-   [Usage](#usage)
+-   [Installation Instructions](#installation-instructions)
+    -   [From Binary](#from-binary)
+    -   [From Source](#from-source)
+    -   [From Github](#from-github)
+-   [Nuclei templates](#nuclei-templates)
+-   [Running nuclei](#running-nuclei)
+    -   [Running with a single template.](#running-with-single-template)
+    -   [Running with multiple templates.](#running-with-multiple-templates)
+    -   [Running with subfinder](#running-with-subfinder)
+    -   [Running in Docker](#running-in-docker-container)
+-   [Thanks](#thanks)
 
 </details>
 
@@ -71,12 +71,13 @@ This will display help for the tool. Here are all the switches it supports.
 |         -o        |         File to save output result (optional)         |               nuclei -o output.txt              |
 |       -pbar       |           Enable the progress bar (optional)          |                   nuclei -pbar                  |
 |      -silent      |           Show only found results in output           |                  nuclei -silent                 |
+|                   |             (except when using with pbar)             |                                                 |
 |      -retries     | Number of times to retry a failed request (default 1) |                nuclei -retries 1                |
 |      -timeout     |       Seconds to wait before timeout (default 5)      |                nuclei -timeout 5                |
 |       -debug      |         Allow debugging of request/responses.         |                  nuclei -debug                  |
 | -update-templates |         Download and updates nuclei templates         |             nuclei -update-templates            |
 | -update-directory |    Directory for storing nuclei-templates(optional)   |        nuclei -update-directory templates       |
-|        -lt        |                List available templates               |                    nuclei -lt                   |
+|        -tl        |                List available templates               |                    nuclei -tl                   |
 |         -v        |       Shows verbose output of all sent requests       |                    nuclei -v                    |
 |      -version     |                 Show version of nuclei                |                 nuclei -version                 |
 |     -proxy-url    |                       Proxy URL                       |     nuclei -proxy-url hxxp://127.0.0.1:8080     |
@@ -102,7 +103,7 @@ Download latest binary from https://github.com/projectdiscovery/nuclei/releases
 nuclei requires **go1.14+** to install successfully. Run the following command to get the repo -
 
 ```sh
-▶ GO111MODULE=auto go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
+▶ GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
 ```
 
 ### From Github

go.mod

@@ -4,7 +4,6 @@ go 1.14
 
 require (
 	github.com/Knetic/govaluate v3.0.0+incompatible
-	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/d5/tengo/v2 v2.6.0
 	github.com/google/go-github/v32 v32.1.0

go.sum

@@ -1,23 +1,17 @@
-github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4=
 github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg=
 github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/blang/semver v1.1.0 h1:ol1rO7QQB5uy7umSNV7VAmLugfLRD+17sYJujRNYPhg=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/d5/tengo v1.24.8 h1:PRJ+NWt7ae/9sSbIfThOBTkPSvNV+dwYoBAvwfNgNJY=
 github.com/d5/tengo/v2 v2.6.0 h1:D0cJtpiBzaLJ/Smv6nnUc/LIfO46oKwDx85NZtIRNRI=
 github.com/d5/tengo/v2 v2.6.0/go.mod h1:XRGjEs5I9jYIKTxly6HCF8oiiilk5E/RYXOZ5b0DZC8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
 github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II=
 github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
@@ -33,7 +27,6 @@ github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/z
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/miekg/dns v1.1.31 h1:sJFOl9BgwbYAWOGEwr61FU28pqsBNdpRBnhGXtO06Oo=
 github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
@@ -46,9 +39,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/projectdiscovery/gologger v1.0.1 h1:FzoYQZnxz9DCvSi/eg5A6+ET4CQ0CDUs27l6Exr8zMQ=
 github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE=
-github.com/projectdiscovery/nuclei v1.1.7 h1:5Z1fBHcjyAuuI89xcCzv8tYK7b6ucqLxs+mCC/nJjno=
-github.com/projectdiscovery/nuclei/v2 v2.1.0 h1:TUr9lwJ8lulBmEfz6AQHoKPiBQocl4PrPXSu3ekXsXY=
-github.com/projectdiscovery/nuclei/v2 v2.1.0/go.mod h1:iufrjj0m0PCZc8J8eVLZqZMyiCaMMv4R5d6QKBdqpZA=
 github.com/projectdiscovery/retryabledns v1.0.4 h1:0Va7qHlWQsIXjRLISTjzfN3tnJmHYDudY05Nu3IJd60=
 github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
@@ -57,8 +47,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/vbauerster/mpb v1.1.3 h1:IRgic8VFaURXkW0VxDLkNOiNaAgtw0okB2YIaVvJDI4=
-github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw=
 github.com/vbauerster/mpb/v5 v5.2.4 h1:PLP8vv75RcEgxGoJVtKaRD2FHSxEmIV/u4ZuOrfO8Qg=
 github.com/vbauerster/mpb/v5 v5.2.4/go.mod h1:K4iCHQp5sWnmAgEn+uW1sAxSilctb4JPAGXx49jV+Aw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -73,6 +61,7 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -84,6 +73,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=

internal/bufwriter/bufwriter.go

@@ -0,0 +1,74 @@
+package bufwriter
+
+import (
+	"bufio"
+	"os"
+	"sync"
+)
+
+// Writer is a mutex protected buffered writer
+type Writer struct {
+	file   *os.File
+	writer *bufio.Writer
+	mutex  *sync.Mutex
+}
+
+// New creates a new mutex protected buffered writer for a file
+func New(file string) (*Writer, error) {
+	output, err := os.Create(file)
+	if err != nil {
+		return nil, err
+	}
+	return &Writer{file: output, writer: bufio.NewWriter(output), mutex: &sync.Mutex{}}, nil
+}
+
+// Write writes a byte slice to the underlying file
+//
+// It also writes a newline if the last byte isn't a newline character.
+func (w *Writer) Write(data []byte) error {
+	if len(data) == 0 {
+		return nil
+	}
+	w.mutex.Lock()
+	defer w.mutex.Unlock()
+
+	_, err := w.writer.Write(data)
+	if err != nil {
+		return err
+	}
+	if data[len(data)-1] != '\n' {
+		_, err = w.writer.WriteRune('\n')
+	}
+	return err
+}
+
+// WriteString writes a string to the underlying file
+//
+// It also writes a newline if the last byte isn't a newline character.
+func (w *Writer) WriteString(data string) error {
+	if data == "" {
+		return nil
+	}
+	w.mutex.Lock()
+	defer w.mutex.Unlock()
+
+	_, err := w.writer.WriteString(data)
+	if err != nil {
+		return err
+	}
+	if data[len(data)-1] != '\n' {
+		_, err = w.writer.WriteRune('\n')
+	}
+	return err
+}
+
+// Close closes the underlying writer flushing everything to disk
+func (w *Writer) Close() error {
+	w.mutex.Lock()
+	defer w.mutex.Unlock()
+
+	w.writer.Flush()
+	//nolint:errcheck // we don't care whether sync failed or succeeded.
+	w.file.Sync()
+	return w.file.Close()
+}

internal/progress/progress.go

@@ -21,7 +21,7 @@ const (
 	mili        = 1000.
 )
 
-// Encapsulates progress tracking.
+// IProgress encapsulates progress tracking.
 type IProgress interface {
 	InitProgressbar(hostCount int64, templateCount int, requestCount int64)
 	AddToTotal(delta int64)
@@ -37,7 +37,7 @@ type Progress struct {
 	initialTotal int64
 
 	totalMutex *sync.Mutex
-	colorizer  aurora.Aurora
+	colorizer  *aurora.Aurora
 
 	renderChan         chan time.Time
 	captureData        *captureData
@@ -49,8 +49,8 @@ type Progress struct {
 	stdRenderWaitGroup *sync.WaitGroup
 }
 
-// Creates and returns a new progress tracking object.
-func NewProgress(noColor, active bool) IProgress {
+// NewProgress creates and returns a new progress tracking object.
+func NewProgress(colorizer aurora.Aurora, active bool) IProgress {
 	if !active {
 		return &NoOpProgress{}
 	}
@@ -65,7 +65,7 @@ func NewProgress(noColor, active bool) IProgress {
 			mpb.WithManualRefresh(renderChan),
 		),
 		totalMutex: &sync.Mutex{},
-		colorizer:  aurora.NewAurora(!noColor),
+		colorizer:  &colorizer,
 
 		renderChan:         renderChan,
 		stdCaptureMutex:    &sync.Mutex{},
@@ -85,7 +85,7 @@ func (p *Progress) InitProgressbar(hostCount int64, rulesCount int, requestCount
 		panic("A global progressbar is already present.")
 	}
 
-	color := p.colorizer
+	color := *p.colorizer
 
 	barName := color.Sprintf(
 		color.Cyan("%d %s, %d %s"),
@@ -193,7 +193,7 @@ func (p *Progress) renderStdData() {
 
 // Creates and returns a progress bar.
 func (p *Progress) setupProgressbar(name string, total int64, priority int) *mpb.Bar {
-	color := p.colorizer
+	color := *p.colorizer
 
 	p.total = total
 	p.initialTotal = total

internal/runner/banner.go

@@ -7,11 +7,11 @@ const banner = `
      ____  __  _______/ /__  (_)
     / __ \/ / / / ___/ / _ \/ /
    / / / / /_/ / /__/ /  __/ /
-  /_/ /_/\__,_/\___/_/\___/_/   v2.1
+  /_/ /_/\__,_/\___/_/\___/_/   v2.1.1
 `
 
 // Version is the current version of nuclei
-const Version = `2.1.0`
+const Version = `2.1.1`
 
 // showBanner is used to show the banner to the user
 func showBanner() {