From 981e777b581bfa661c2457048a4f18cbe7534acf Mon Sep 17 00:00:00 2001 From: Ice3man Date: Sun, 20 Feb 2022 17:41:10 +0530 Subject: [PATCH 1/7] Use stringslice for proxy configuration instead of normalized --- v2/cmd/nuclei/main.go | 2 +- v2/pkg/types/types.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 42e445775b..28fdbda570 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -183,7 +183,7 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.BoolVar(&options.Debug, "debug", false, "show all requests and responses"), flagSet.BoolVar(&options.DebugRequests, "debug-req", false, "show all sent requests"), flagSet.BoolVar(&options.DebugResponse, "debug-resp", false, "show all received responses"), - flagSet.NormalizedStringSliceVarP(&options.Proxy, "proxy", "p", []string{}, "List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)"), + flagSet.StringSliceVarP(&options.Proxy, "proxy", "p", []string{}, "List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)"), flagSet.StringVarP(&options.TraceLogFile, "trace-log", "tlog", "", "file to write sent requests trace log"), flagSet.StringVarP(&options.ErrorLogFile, "error-log", "elog", "", "file to write sent requests error log"), flagSet.BoolVar(&options.Version, "version", false, "show nuclei version"), diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go index a56bdc9706..17d8b9d22f 100644 --- a/v2/pkg/types/types.go +++ b/v2/pkg/types/types.go @@ -68,7 +68,7 @@ type Options struct { // Output is the file to write found results to. Output string // List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input) - Proxy goflags.NormalizedStringSlice + Proxy goflags.StringSlice // TemplatesDirectory is the directory to use for storing templates TemplatesDirectory string // TraceLogFile specifies a file to write with the trace of all requests From 95f330d7e89547631bf9fbfc3a55114932b6a977 Mon Sep 17 00:00:00 2001 From: sandeep Date: Tue, 22 Feb 2022 15:36:34 +0530 Subject: [PATCH 2/7] dev update --- v2/pkg/catalog/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/catalog/config/config.go b/v2/pkg/catalog/config/config.go index 099781ec00..db45522451 100644 --- a/v2/pkg/catalog/config/config.go +++ b/v2/pkg/catalog/config/config.go @@ -27,7 +27,7 @@ type Config struct { const nucleiConfigFilename = ".templates-config.json" // Version is the current version of nuclei -const Version = `2.6.1` +const Version = `2.6.2-dev` func getConfigDetails() (string, error) { homeDir, err := os.UserHomeDir() From 1c0689ad7e07114e73a8c726756d115a0cdeea2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Feb 2022 05:18:40 +0000 Subject: [PATCH 3/7] chore(deps): bump github.com/aws/aws-sdk-go from 1.43.3 to 1.43.4 in /v2 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.3 to 1.43.4. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.3...v1.43.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- v2/go.mod | 2 +- v2/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 7569c9148e..c8658c2991 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -63,7 +63,7 @@ require ( moul.io/http2curl v1.0.0 ) -require github.com/aws/aws-sdk-go v1.43.3 +require github.com/aws/aws-sdk-go v1.43.4 require github.com/projectdiscovery/folderutil v0.0.0-20211206150108-b4e7ea80f36e diff --git a/v2/go.sum b/v2/go.sum index 8af50303fc..bb9a3aa9ff 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -83,8 +83,8 @@ github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3st github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.43.3 h1:qvCkC4FviA9rR4UvRk4ldr6f3mIJE0VaI3KrsDx1gTk= -github.com/aws/aws-sdk-go v1.43.3/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= +github.com/aws/aws-sdk-go v1.43.4 h1:EtsGbtOB+1548T6Nb62XCOofgXtMHwf+WZh5gQc3xTY= +github.com/aws/aws-sdk-go v1.43.4/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 793db8a614d456b35463f9773c327307f3fa14ac Mon Sep 17 00:00:00 2001 From: Ice3man Date: Wed, 23 Feb 2022 18:00:43 +0530 Subject: [PATCH 4/7] Use normalized original helpers to skip lowercasing for flags --- v2/cmd/nuclei/main.go | 14 +++++++------- v2/go.mod | 2 +- v2/go.sum | 2 ++ v2/pkg/types/types.go | 14 +++++++------- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 28fdbda570..8b4405e573 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -88,11 +88,11 @@ on extensive configurability, massive extensibility and ease of use.`) ) createGroup(flagSet, "templates", "Templates", - flagSet.FileNormalizedStringSliceVarP(&options.Templates, "templates", "t", []string{}, "template or template directory paths to include in the scan"), - flagSet.FileNormalizedStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "URL containing list of templates to run"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.Templates, "templates", "t", []string{}, "template or template directory paths to include in the scan"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.TemplateURLs, "template-url", "tu", []string{}, "URL containing list of templates to run"), flagSet.BoolVarP(&options.NewTemplates, "new-templates", "nt", false, "run only new templates added in latest nuclei-templates release"), - flagSet.FileNormalizedStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "workflow or workflow directory paths to include in the scan"), - flagSet.FileNormalizedStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "URL containing list of workflows to run"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "workflow or workflow directory paths to include in the scan"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "URL containing list of workflows to run"), flagSet.BoolVar(&options.Validate, "validate", false, "validate the passed templates to nuclei"), flagSet.BoolVar(&options.TemplateList, "tl", false, "list all available templates"), flagSet.StringSliceVarConfigOnly(&options.RemoteTemplateDomainList, "remote-template-domain", []string{"api.nuclei.sh"}, "allowed domain list to load remote templates from"), @@ -102,8 +102,8 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.FileNormalizedStringSliceVar(&options.Tags, "tags", []string{}, "execute a subset of templates that contain the provided tags"), flagSet.FileNormalizedStringSliceVarP(&options.IncludeTags, "include-tags", "itags", []string{}, "tags from the default deny list that permit executing more intrusive templates"), // TODO show default deny list flagSet.FileNormalizedStringSliceVarP(&options.ExcludeTags, "exclude-tags", "etags", []string{}, "exclude templates with the provided tags"), - flagSet.FileNormalizedStringSliceVarP(&options.IncludeTemplates, "include-templates", "it", []string{}, "templates to be executed even if they are excluded either by default or configuration"), - flagSet.FileNormalizedStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory paths to exclude"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.IncludeTemplates, "include-templates", "it", []string{}, "templates to be executed even if they are excluded either by default or configuration"), + flagSet.FileNormalizedOriginalStringSliceVarP(&options.ExcludedTemplates, "exclude-templates", "et", []string{}, "template or template directory paths to exclude"), flagSet.VarP(&options.Severities, "severity", "s", fmt.Sprintf("Templates to run based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), flagSet.VarP(&options.ExcludeSeverities, "exclude-severity", "es", fmt.Sprintf("Templates to exclude based on severity. Possible values: %s", severity.GetSupportedSeverities().String())), flagSet.VarP(&options.Protocols, "type", "pt", fmt.Sprintf("protocol types to be executed. Possible values: %s", templateTypes.GetSupportedProtocolTypes())), @@ -183,7 +183,7 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.BoolVar(&options.Debug, "debug", false, "show all requests and responses"), flagSet.BoolVar(&options.DebugRequests, "debug-req", false, "show all sent requests"), flagSet.BoolVar(&options.DebugResponse, "debug-resp", false, "show all received responses"), - flagSet.StringSliceVarP(&options.Proxy, "proxy", "p", []string{}, "List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)"), + flagSet.NormalizedOriginalStringSliceVarP(&options.Proxy, "proxy", "p", []string{}, "List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)"), flagSet.StringVarP(&options.TraceLogFile, "trace-log", "tlog", "", "file to write sent requests trace log"), flagSet.StringVarP(&options.ErrorLogFile, "error-log", "elog", "", "file to write sent requests error log"), flagSet.BoolVar(&options.Version, "version", false, "show nuclei version"), diff --git a/v2/go.mod b/v2/go.mod index d37ae90837..42b2260afd 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -30,7 +30,7 @@ require ( github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5 - github.com/projectdiscovery/goflags v0.0.8-0.20220208065736-e1d58bce8ce5 + github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37 github.com/projectdiscovery/gologger v1.1.4 github.com/projectdiscovery/hmap v0.0.2-0.20210917080408-0fd7bd286bfa github.com/projectdiscovery/interactsh v1.0.1-0.20220131074403-ca8bb8f87cd0 diff --git a/v2/go.sum b/v2/go.sum index 5044258c0a..b4d9b86fcf 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -427,6 +427,8 @@ github.com/projectdiscovery/folderutil v0.0.0-20211206150108-b4e7ea80f36e/go.mod github.com/projectdiscovery/goflags v0.0.7/go.mod h1:Jjwsf4eEBPXDSQI2Y+6fd3dBumJv/J1U0nmpM+hy2YY= github.com/projectdiscovery/goflags v0.0.8-0.20220208065736-e1d58bce8ce5 h1:IoDOKD+ZWctt0yGMwgGSCjWmSAaaMds7J9Tbxy6zv+A= github.com/projectdiscovery/goflags v0.0.8-0.20220208065736-e1d58bce8ce5/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY= +github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37 h1:wqvD7YOYzJsLxgp51saFR6Dr3niEi0e+b9OiOcnAnw8= +github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY= github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE= github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI= github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY= diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go index 17d8b9d22f..c0bce5cb71 100644 --- a/v2/pkg/types/types.go +++ b/v2/pkg/types/types.go @@ -16,17 +16,17 @@ type Options struct { // ExcludeTags is the list of tags to exclude ExcludeTags goflags.FileNormalizedStringSlice // Workflows specifies any workflows to run by nuclei - Workflows goflags.FileNormalizedStringSlice + Workflows goflags.FileOriginalNormalizedStringSlice // WorkflowURLs specifies URLs to a list of workflows to use - WorkflowURLs goflags.FileNormalizedStringSlice + WorkflowURLs goflags.FileOriginalNormalizedStringSlice // Templates specifies the template/templates to use - Templates goflags.FileNormalizedStringSlice + Templates goflags.FileOriginalNormalizedStringSlice // TemplateURLs specifies URLs to a list of templates to use - TemplateURLs goflags.FileNormalizedStringSlice + TemplateURLs goflags.FileOriginalNormalizedStringSlice // RemoteTemplates specifies list of allowed URLs to load remote templates from RemoteTemplateDomainList goflags.StringSlice // ExcludedTemplates specifies the template/templates to exclude - ExcludedTemplates goflags.FileNormalizedStringSlice + ExcludedTemplates goflags.FileOriginalNormalizedStringSlice // CustomHeaders is the list of custom global headers to send with each request. CustomHeaders goflags.StringSlice // Vars is the list of custom global vars @@ -46,7 +46,7 @@ type Options struct { // IncludeTags includes specified tags to be run even while being in denylist IncludeTags goflags.FileNormalizedStringSlice // IncludeTemplates includes specified templates to be run even while being in denylist - IncludeTemplates goflags.FileNormalizedStringSlice + IncludeTemplates goflags.FileOriginalNormalizedStringSlice // IncludeIds includes specified ids to be run even while being in denylist IncludeIds goflags.FileNormalizedStringSlice // ExcludeIds contains templates ids to not be executed @@ -68,7 +68,7 @@ type Options struct { // Output is the file to write found results to. Output string // List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input) - Proxy goflags.StringSlice + Proxy goflags.NormalizedOriginalStringSlice // TemplatesDirectory is the directory to use for storing templates TemplatesDirectory string // TraceLogFile specifies a file to write with the trace of all requests From ddb62ee3ff1fad9c4633437f58fc3640a065778b Mon Sep 17 00:00:00 2001 From: sandeep Date: Wed, 23 Feb 2022 18:56:29 +0530 Subject: [PATCH 5/7] go mod update --- v2/go.mod | 2 +- v2/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/v2/go.mod b/v2/go.mod index 42b2260afd..c0bd30bd2a 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -30,7 +30,7 @@ require ( github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5 - github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37 + github.com/projectdiscovery/goflags v0.0.8-0.20220223132346-fcffa47ead36 github.com/projectdiscovery/gologger v1.1.4 github.com/projectdiscovery/hmap v0.0.2-0.20210917080408-0fd7bd286bfa github.com/projectdiscovery/interactsh v1.0.1-0.20220131074403-ca8bb8f87cd0 diff --git a/v2/go.sum b/v2/go.sum index b4d9b86fcf..5af4427224 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -429,6 +429,8 @@ github.com/projectdiscovery/goflags v0.0.8-0.20220208065736-e1d58bce8ce5 h1:IoDO github.com/projectdiscovery/goflags v0.0.8-0.20220208065736-e1d58bce8ce5/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY= github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37 h1:wqvD7YOYzJsLxgp51saFR6Dr3niEi0e+b9OiOcnAnw8= github.com/projectdiscovery/goflags v0.0.8-0.20220223122339-bb3affd53c37/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY= +github.com/projectdiscovery/goflags v0.0.8-0.20220223132346-fcffa47ead36 h1:7tPZ9Ui9Iyo/bfP+LtOOKJRrXO7ZzunzMjqHClTDZEA= +github.com/projectdiscovery/goflags v0.0.8-0.20220223132346-fcffa47ead36/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY= github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE= github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI= github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY= From 010bab5aaf7df40a514cc86c47dd58e2722d2719 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Wed, 23 Feb 2022 21:45:55 +0530 Subject: [PATCH 6/7] Fixed failing tests due to missing field declaration --- v2/internal/runner/options.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/v2/internal/runner/options.go b/v2/internal/runner/options.go index 9352dd032b..22764c276e 100644 --- a/v2/internal/runner/options.go +++ b/v2/internal/runner/options.go @@ -23,9 +23,11 @@ import ( ) func ConfigureOptions() error { - goflags.DefaultFileNormalizedStringSliceOptions.IsFromFile = func(s string) bool { + isFromFileFunc := func(s string) bool { return !isTemplate(s) } + goflags.DefaultFileNormalizedStringSliceOptions.IsFromFile = isFromFileFunc + goflags.DefaultFileOriginalNormalizedStringSliceOptions.IsFromFile = isFromFileFunc return nil } From 60a723ffabf03343989b45e89893a3a00250e8e1 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 24 Feb 2022 02:21:58 +0530 Subject: [PATCH 7/7] Update config.go --- v2/pkg/catalog/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/catalog/config/config.go b/v2/pkg/catalog/config/config.go index db45522451..0034d0e29f 100644 --- a/v2/pkg/catalog/config/config.go +++ b/v2/pkg/catalog/config/config.go @@ -27,7 +27,7 @@ type Config struct { const nucleiConfigFilename = ".templates-config.json" // Version is the current version of nuclei -const Version = `2.6.2-dev` +const Version = `2.6.2` func getConfigDetails() (string, error) { homeDir, err := os.UserHomeDir()