Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Adding environment variable support using helper functions #643

Closed
ehsandeep opened this issue Mar 23, 2021 · 5 comments · Fixed by #916 or #922
Closed

[feature] Adding environment variable support using helper functions #643

ehsandeep opened this issue Mar 23, 2021 · 5 comments · Fixed by #916 or #922
Assignees
@Mzack9999 @Ice3man543
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Mar 23, 2021
edited by sync-by-unito bot

Is your feature request related to a problem? Please describe.
For regression testing and authenticated tests, it's helpful to read system variables to replace values into templates at run time.

for example:-

export USER=admin
export PASSWORD=admin_token
source ~/.bashrc

Describe the solution you'd like

requests:
  - method: POST
    path:
      - "{{BaseURL}}/apps"

    body: username={{ENV_USER}}&password={{ENV_TOKEN}}

    matchers:
      - type: word
        words:
          - "Logged in"

Result into:-

POST /apps HTTP/1.1
Host: 0.0.0.0:8000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 YaBrowser/19.6.0.1583 Yowser/2.5 Safari/537.36
Connection: close
Content-Length: 44
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

username=admin&password=admin_token
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Mar 23, 2021
@ehsandeep ehsandeep changed the title [feature] Adding environment variable support [feature] Adding environment variable support using helper functions Mar 23, 2021
@ehsandeep ehsandeep added enhancement and removed Type: Enhancement Most issues will probably ask for additions or changes. labels May 26, 2021
@Mzack9999
Copy link
Member

Mzack9999 commented Jun 21, 2021
edited by ehsandeep

Support for environment variables is already added in #641, the template would look like the following one:

requests:
  - method: POST
    path:
      - "{{BaseURL}}/apps"

    body: username={{ENV_USER}}&password={{ENV_TOKEN}}

    matchers:
      - type: word
        words:
          - "Logged in"

@Mzack9999 Mzack9999 self-assigned this Jun 21, 2021
This was referenced Jul 28, 2021
Closed
Merged
@Mzack9999 Mzack9999 linked a pull request Aug 8, 2021 that will close this issue
Adding support for global env variables #916
Merged
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Aug 9, 2021
@ehsandeep ehsandeep linked a pull request Aug 9, 2021 that will close this issue
Hotfix release #922
Merged
@ehsandeep
Copy link
Member Author

ehsandeep commented Aug 10, 2021
edited

@toufik-airane this is now supported with the release of v2.4.3, you just need to add -env-vars flag, and the template will read defined variable name from a running system.

Example template:-

id: env-example

info:
  name: ENV Template
  author: pdteam
  severity: info

requests:
  - method: POST
    path:
      - "{{BaseURL}}/apps"

    body: username={{USER}}&password={{TOKEN}}

    matchers:
      - type: word
        words:
          - "Logged in"
nuclei -env-vars -t test.yaml -u https://example.com

Additionally, you can also define these variables via CLI as well using the newly introduced var flag.

For example:-

nuclei -t test.yaml -u https://example.com -var ENV_USER=YYY -var ENV_TOKEN=XXX

@toufik-airane
Copy link
Contributor

Big! 🤩

@savushkin-yauheni
Copy link
Contributor

Hi @ehsandeep

Can we use env vars in matchers ?

If no, what do you think about it ?

Thanks!

@ehsandeep
Copy link
Member Author

@savushkin-yauheni that is something we intend to support, GH issue for it - #555

@forgedhallpass forgedhallpass added Type: Enhancement Most issues will probably ask for additions or changes. and removed enhancement labels Oct 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

@Ice3man543 Ice3man543

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
6 participants
@savushkin-yauheni @toufik-airane @ehsandeep @Mzack9999 @forgedhallpass @Ice3man543