Merge pull request #1038 from projectdiscovery/dev

v2.5.2 Bugfix release

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.17.0-alpine as build-env
+FROM golang:1.17.1-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
 
 FROM alpine:3.14

README.md

@@ -56,9 +56,9 @@ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
 
 ### Nuclei Templates
 
-Nuclei has had built-in support for automatic update/download templates since version [v2.4.0](https://github.com/projectdiscovery/nuclei/releases/tag/v2.4.0). [**Nuclei-Templates**](https://github.com/projectdiscovery/nuclei-templates) project provides a community-contributed list of ready-to-use templates that is constantly updated.
+Nuclei has had built-in support for automatic template download/update as default since version [v2.5.2](https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2). [**Nuclei-Templates**](https://github.com/projectdiscovery/nuclei-templates) project provides a community-contributed list of ready-to-use templates that is constantly updated.
 
-You may still use the `update-templates` flag to update the nuclei templates at any time; automatic updates happen every 24 hours. You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://nuclei.projectdiscovery.io/templating-guide/).
+You may still use the `update-templates` flag to update the nuclei templates at any time; You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://nuclei.projectdiscovery.io/templating-guide/).
 
 The YAML DSL reference syntax is available [here](SYNTAX-REFERENCE.md).
 
@@ -128,8 +128,9 @@ CONFIGURATIONS:
    -env-vars                   enable environment variables support
 
 INTERACTSH:
-   -no-interactsh                     do not use interactsh server for blind interaction polling
-   -interactsh-url string             self-hosted Interactsh Server URL (default "https://interact.sh")
+   -no-interactsh                     disable interactsh server for OOB testing
+   -interactsh-url string             interactsh server url for self-hosted instance (default "https://interact.sh")
+   -interactsh-token string           authentication token for self-hosted interactsh server
    -interactions-cache-size int       number of requests to keep in the interactions cache (default 5000)
    -interactions-eviction int         number of seconds to wait before evicting requests from cache (default 60)
    -interactions-poll-duration int    number of seconds to wait before each interaction poll request (default 5)
@@ -219,7 +220,7 @@ Nuclei offers great number of features that are helpful for security engineers t
 <tr>
 <td>  
 
-**For bugbounty hunters:**
+**For Bug Bounty hunters:**
 
 Nuclei allows you to customise your testing approach with your own suite of checks and easily run across your bug bounty programs. Moreover, Nuclei can be easily integrated into any continuous scanning workflow.
 
@@ -237,9 +238,9 @@ Please check our other open-source projects that might fit into your bug bounty
 <tr>
 <td>
 
-**For pentesters:**
+**For Penetration Testers:**
 
-Nuclei immensely improve how you approach security assessment by augmenting the manual repetitve processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner. 
+Nuclei immensely improve how you approach security assessment by augmenting the manual, repetitive processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner. 
 
 Pen-testers get the full power of our public templates and customization capabilities to speed-up their assessment process, and specifically with the regression cycle where you can easily verify the fix.
 
@@ -254,7 +255,7 @@ Pen-testers get the full power of our public templates and customization capabil
 
 # For Developers and Organisations
 
-Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and  eliminate vulnerabilities from occuring in future.
+Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with the latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occurring in the future.
 
 - **CI/CD:** Engineers are already utilising Nuclei within their CI/CD pipeline, it allows them to constantly monitor their staging and production environments with customised templates.
 - **Continuous Regression Cycle:** With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle.

SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to security@projectdiscovery.io and we will acknowledge it within 3 working days.
+DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to security@projectdiscovery.io, and we will acknowledge it within 3 working days.

SYNTAX-REFERENCE.md

@@ -348,7 +348,7 @@ Examples:
 
 
 ```yaml
-description: Bower is a package manager which stores packages informations in bower.json file
+description: Bower is a package manager which stores package information in the bower.json file
 ```
 
 ```yaml
@@ -415,20 +415,20 @@ Valid values:
 
 <div class="dd">
 
-<code>additional-fields</code>  <i>map[string]string</i>
+<code>metadata</code>  <i>map[string]string</i>
 
 </div>
 <div class="dt">
 
-AdditionalFields regarding metadata of the template.
+Metadata of the template.
 
 
 
 Examples:
 
 
 ```yaml
-additional-fields:
+metadata:
     customField1: customValue1
 ```
 
@@ -679,7 +679,7 @@ Matchers contains the detection mechanism for the request to identify
 whether the request was successful by doing pattern matching
 on request/responses.
 
-Multiple matchers can be combined together with `matcher-condition` flag
+Multiple matchers can be combined with `matcher-condition` flag
 which accepts either `and` or `or` as argument.
 
 </div>
@@ -792,7 +792,7 @@ raw:
 </div>
 <div class="dt">
 
-ID is the the optional id of the request
+ID is the optional id of the request
 
 </div>
 
@@ -869,6 +869,8 @@ Valid values:
   - <code>TRACE</code>
 
   - <code>PATCH</code>
+
+  - <code>PURGE</code>
 </div>
 
 <hr />
@@ -979,7 +981,7 @@ Examples:
 
 
 ```yaml
-# Follow upto 5 redirects
+# Follow up to 5 redirects
 max-redirects: 5
 ```
 
@@ -1125,7 +1127,7 @@ This can be used in conjunction with `max-redirects` to control the HTTP request
 
 Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining
 
-All requests must be indempotent (GET/POST). This can be used for race conditions/billions requests.
+All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests.
 
 </div>
 
@@ -1666,7 +1668,7 @@ group: 1
 description: |
    kval contains the key-value pairs present in the HTTP response header.
    kval extractor can be used to extract HTTP response header and cookie key-value pairs.
-   kval extractor inputs are case insensitive, and does not support dash (-) in input which can replaced with underscores (_)
+   kval extractor inputs are case-insensitive, and does not support dash (-) in input which can replaced with underscores (_)
  	 For example, Content-Type should be replaced with content_type
 
    A list of supported parts is available in docs for request types.
@@ -1844,7 +1846,7 @@ Matchers contains the detection mechanism for the request to identify
 whether the request was successful by doing pattern matching
 on request/responses.
 
-Multiple matchers can be combined together with `matcher-condition` flag
+Multiple matchers can be combined with `matcher-condition` flag
 which accepts either `and` or `or` as argument.
 
 </div>
@@ -1892,7 +1894,7 @@ Valid values:
 </div>
 <div class="dt">
 
-ID is the the optional id of the request
+ID is the optional id of the request
 
 </div>
 
@@ -2059,7 +2061,7 @@ Matchers contains the detection mechanism for the request to identify
 whether the request was successful by doing pattern matching
 on request/responses.
 
-Multiple matchers can be combined together with `matcher-condition` flag
+Multiple matchers can be combined with `matcher-condition` flag
 which accepts either `and` or `or` as argument.
 
 </div>
@@ -2162,7 +2164,7 @@ denylist:
 </div>
 <div class="dt">
 
-ID is the the optional id of the request
+ID is the optional id of the request
 
 </div>
 
@@ -2177,7 +2179,7 @@ ID is the the optional id of the request
 
 MaxSize is the maximum size of the file to run request on.
 
-By default, nuclei will process 5MB files and not go more than that.
+By default, nuclei will process 5 MB files and not go more than that.
 It can be set to much lower or higher depending on use.
 
 
@@ -2242,7 +2244,7 @@ matchers:
 </div>
 <div class="dt">
 
-ID is the the optional id of the request
+ID is the optional id of the request
 
 </div>
 
@@ -2366,7 +2368,7 @@ Matchers contains the detection mechanism for the request to identify
 whether the request was successful by doing pattern matching
 on request/responses.
 
-Multiple matchers can be combined together with `matcher-condition` flag
+Multiple matchers can be combined with `matcher-condition` flag
 which accepts either `and` or `or` as argument.
 
 </div>
@@ -2482,7 +2484,7 @@ Valid values:
 
 Read is the number of bytes to read from socket.
 
-This can be used for protcols which expected an immediate response. You can
+This can be used for protocols which expect an immediate response. You can
 read and write responses one after another and evetually perform matching
 on every data captured with `name` attribute.
 
@@ -2548,7 +2550,7 @@ Appears in:
 </div>
 <div class="dt">
 
-ID is the the optional id of the request
+ID is the optional id of the request
 
 </div>
 
@@ -2578,7 +2580,7 @@ Matchers contains the detection mechanism for the request to identify
 whether the request was successful by doing pattern matching
 on request/responses.
 
-Multiple matchers can be combined together with `matcher-condition` flag
+Multiple matchers can be combined with `matcher-condition` flag
 which accepts either `and` or `or` as argument.
 
 </div>
@@ -2823,7 +2825,7 @@ Matchers perform name based matching to run subtemplates for a workflow.
 </div>
 <div class="dt">
 
-Subtemplates are ran if the `template` field Template matches.
+Subtemplates are run if the `template` field Template matches.
 
 </div>
 
@@ -2864,7 +2866,7 @@ Name is the name of the item to match.
 </div>
 <div class="dt">
 
-Subtemplates are ran if the name of matcher matches.
+Subtemplates are run if the name of matcher matches.
 
 </div>
 

nuclei-jsonschema.json

@@ -57,7 +57,7 @@
           "title": "description of the template",
           "description": "In-depth explanation on what the template does",
           "examples": [
-            "Bower is a package manager which stores packages informations in bower.json file"
+            "Bower is a package manager which stores package information in the bower.json file"
           ]
         },
         "reference": {
@@ -69,7 +69,7 @@
           "$schema": "http://json-schema.org/draft-04/schema#",
           "$ref": "#/definitions/severity.Holder"
         },
-        "additional-fields": {
+        "metadata": {
           "patternProperties": {
             ".*": {
               "type": "string"
@@ -207,6 +207,7 @@
             "size",
             "word",
             "regex",
+            "binary",
             "dsl"
           ],
           "type": "string",
@@ -615,7 +616,8 @@
             "CONNECT",
             "OPTIONS",
             "TRACE",
-            "PATCH"
+            "PATCH",
+            "PURGE"
           ],
           "type": "string",
           "title": "method is the http request method",

v2/Makefile

@@ -7,16 +7,16 @@ GOGET=$(GOCMD) get
 
 all: build
 build:
-		$(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go
+	$(GOBUILD) -v -ldflags="-extldflags=-static" -o "nuclei" cmd/nuclei/main.go
 docs:
-		if ! which dstdocgen > /dev/null; then
-   			echo -e "Command not found! Install? (y/n) \c"
-   			go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen
-		fi
-		$(GOCMD) generate pkg/templates/templates.go
-		$(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go 
-		./cmd/docgen/docgen docs.md nuclei-jsonschema.json
-test: 
-		$(GOTEST) -v ./...
+	if ! which dstdocgen > /dev/null; then
+		echo -e "Command not found! Install? (y/n) \c"
+		go get -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/dstdocgen
+	fi
+	$(GOCMD) generate pkg/templates/templates.go
+	$(GOBUILD) -o "cmd/docgen/docgen" cmd/docgen/docgen.go
+	./cmd/docgen/docgen docs.md nuclei-jsonschema.json
+test:
+	$(GOTEST) -v ./...
 tidy:
-		$(GOMOD) tidy
+	$(GOMOD) tidy

v2/cmd/cve-annotate/main.go

@@ -75,6 +75,10 @@ func getCVEData(client *nvd.Client, filePath, data string) {
 	}
 	severityValue := severityMatches[0][1]
 
+	// Skip if there's classification data already
+	if strings.Contains(data, "classification:") {
+		return
+	}
 	cveItem, err := client.FetchCVE(cveName)
 	if err != nil {
 		log.Printf("Could not fetch cve %s: %s\n", cveName, err)
@@ -110,7 +114,6 @@ func getCVEData(client *nvd.Client, filePath, data string) {
 		newInfoBlock = strings.ReplaceAll(newInfoBlock, severityMatches[0][0], "severity: "+newSeverity)
 		fmt.Printf("Adjusting severity for %s from %s=>%s (%.2f)\n", filePath, severityValue, newSeverity, cvssScore)
 	}
-	// Start with additional-fields as that is the one most likely to break stuff.
 	if !strings.Contains(infoBlockClean, "classification") && (cvssScore != 0 && cvssMetrics != "") {
 		changed = true
 		newInfoBlock = newInfoBlock + fmt.Sprintf("\n  classification:\n    cvss-metrics: %s\n    cvss-score: %.2f\n    cve-id: %s", cvssMetrics, cvssScore, cveName)

v2/cmd/functional-test/main.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/logrusorgru/aurora"
 	"github.com/pkg/errors"
+
 	"github.com/projectdiscovery/nuclei/v2/internal/testutils"
 )
 
@@ -75,5 +76,5 @@ func runIndividualTestCase(testcase string) error {
 	if mainOutput == devOutput {
 		return nil
 	}
-	return fmt.Errorf("%s main is not equal to %s dev", mainOutput, devOutput)
+	return fmt.Errorf("%s main is not equal to %s dev", mainOutput, devOutput)
 }

v2/cmd/integration-test/dns.go

@@ -10,7 +10,7 @@ var dnsTestCases = map[string]testutils.TestCase{
 
 type dnsBasic struct{}
 
-// Executes executes a test case and returns an error if occurred
+// Execute executes a test case and returns an error if occurred
 func (h *dnsBasic) Execute(filePath string) error {
 	var routerErr error