Merge branch 'dev' into feat-conn

projectdiscovery · Aug 25, 2023 · 6ef4fc8 · 6ef4fc8
2 parents c9761c3 + d3928e0
commit 6ef4fc8
Show file tree

Hide file tree

Showing 170 changed files with 7,602 additions and 641 deletions.
diff --git a/.github/release.yml b/.github/release.yml
@@ -3,10 +3,10 @@ changelog:
     authors:
       - dependabot
   categories:
-    - title: 🎉 Features
+    - title: 🎉 New Features
       labels:
         - "Type: Enhancement"
-    - title: 🐞 Bugs
+    - title: 🐞 Bug Fixes
       labels:
         - "Type: Bug" 
     - title: 🔨 Maintenance

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -25,7 +25,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
 
-      - name: Go Mod hygine
+      - name: Go Mod hygiene
         run: |
           go clean -modcache
           go mod tidy

diff --git a/.github/workflows/dockerhub-push.yml b/.github/workflows/dockerhub-push.yml
@@ -14,7 +14,7 @@ jobs:
       - name: Git Checkout
         uses: actions/checkout@v3
 
-      - name: Get Github tag
+      - name: Get GitHub tag
         id: meta
         run: |
           curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT

diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
@@ -0,0 +1,29 @@
+name: 🔨 Release Test
+
+on:
+  pull_request:
+    paths:
+      - '**.go'
+      - '**.mod'
+  workflow_dispatch:
+
+jobs:
+  release-test:
+    runs-on: ubuntu-latest-16-cores
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with: 
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+
+      - name: release test
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: "release --clean --snapshot"
+          version: latest
+          workdir: v2/
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 .idea
 .vscode
+.devcontainer
 v2/vendor
 v2/dist
 integration_tests/nuclei
@@ -16,3 +17,4 @@ v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class
 v2/pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser
 *.exe
 v2/.gitignore
+*.DS_Store
diff --git a/DEBUG.md b/DEBUG.md
@@ -0,0 +1,42 @@
+## Debugging Nuclei
+
+While Adding new features or fixing bugs or writing new templates to properly understand the behavior of that component, it is essential to understand what debugging options are available in nuclei. This guide lists all the debugging options available in nuclei.
+
+### Template related debugging
+
+- `-debug` flag
+
+When this flag is provided, nuclei will print all requests that are being sent by nuclei to the target as well as the response received from the target.
+
+- `-debug-req` flag
+
+When this flag is provided, nuclei will print all requests that are being sent by nuclei to the target.
+
+- `-debug-resp` flag
+
+When this flag is provided, nuclei will  print all responses that are being received by nuclei from the target.
+
+- `-ldf` flag
+
+When this flag is provided, nuclei will print the list of all helper functions available in this release of nuclei and exit.
+
+- `-svd` flag
+
+When this flag is provided, nuclei will print all `variables` pre and post execution of a request for a template. This is useful to understand what variables are available for a template and what values they have.
+
+- `-elog = errors.txt` flag
+
+When this flag is provided, nuclei will log all errors to the file specified. This is helpful when running large scans.
+
+
+
+### Environment Variable Switches
+
+Nuclei was built with some environment variables in mind to help with debugging. These environment variables can be set to enable debugging of a particular component/functionality for nuclei.
+
+| Environment Variable   | Description                                              |
+| ---------------------- | -------------------------------------------------------- |
+| `DEBUG=true`           | Enables Printing Stack Traces for all errors             |
+| `SHOW_DSL_ERRORS=true` | Enables Printing DSL Errors (that are hidden by default) |
+
+
diff --git a/DESIGN.md b/DESIGN.md
@@ -145,7 +145,7 @@ type Exporter interface {
 }
 ```
 
-Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `Gitlab` and `Jira`.
+Exporters include `Elasticsearch`, `markdown`, `sarif` . Trackers include `GitHub` , `GitLab` and `Jira`.
 
 Each exporter and trackers implement their own configuration in YAML format and are very modular in nature, so adding new ones is easy.
 
@@ -484,7 +484,7 @@ $ go tool pprof -http=:8081 mem.pprof
 - [v2/pkg/reporting/exporters/markdown](./v2/pkg/reporting/exporters/markdown) - Markdown Result Exporter
 - [v2/pkg/reporting/exporters/es](./v2/pkg/reporting/exporters/es) - Elasticsearch Result Exporter
 - [v2/pkg/reporting/dedupe](./v2/pkg/reporting/dedupe) - Dedupe module for Results
-- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - Gitlab Issue Tracker Exporter
+- [v2/pkg/reporting/trackers/gitlab](./v2/pkg/reporting/trackers/gitlab) - GitLab Issue Tracker Exporter
 - [v2/pkg/reporting/trackers/jira](./v2/pkg/reporting/trackers/jira) - Jira Issue Tracker Exporter
 - [v2/pkg/reporting/trackers/github](./v2/pkg/reporting/trackers/github) - GitHub Issue Tracker Exporter
 - [v2/pkg/reporting/format](./v2/pkg/reporting/format) - Result Formatting Functions

diff --git a/README.md b/README.md
@@ -139,7 +139,7 @@ FILTERING:
    -tags string[]                     templates to run based on tags (comma-separated, file)
    -etags, -exclude-tags string[]     templates to exclude based on tags (comma-separated, file)
    -itags, -include-tags string[]     tags to be executed even if they are excluded either by default or configuration
-   -id, -template-id string[]         templates to run based on template ids (comma-separated, file)
+   -id, -template-id string[]         templates to run based on template ids (comma-separated, file, allow-wildcard)
    -eid, -exclude-id string[]         templates to exclude based on template ids (comma-separated, file)
    -it, -include-templates string[]   templates to be executed even if they are excluded either by default or configuration
    -et, -exclude-templates string[]   template or template directory to exclude (comma-separated, file)
@@ -246,11 +246,12 @@ OPTIMIZATIONS:
    -no-stdin                           disable stdin processing
 
 HEADLESS:
-   -headless                    enable templates that require headless browser support (root user on Linux will disable sandbox)
-   -page-timeout int            seconds to wait for each page in headless mode (default 20)
-   -sb, -show-browser           show the browser on the screen when running templates with headless mode
-   -sc, -system-chrome          use local installed Chrome browser instead of nuclei installed
-   -lha, -list-headless-action  list available headless actions
+   -headless                        enable templates that require headless browser support (root user on Linux will disable sandbox)
+   -page-timeout int                seconds to wait for each page in headless mode (default 20)
+   -sb, -show-browser               show the browser on the screen when running templates with headless mode
+   -ho, -headless-options string[]  start headless chrome with additional options
+   -sc, -system-chrome              use local installed Chrome browser instead of nuclei installed
+   -lha, -list-headless-action      list available headless actions
 
 DEBUG:
    -debug                    show all requests and responses
@@ -283,29 +284,6 @@ STATISTICS:
    -si, -stats-interval int  number of seconds to wait between showing a statistics update (default 5)
    -m, -metrics              expose nuclei metrics on a port
    -mp, -metrics-port int    port to expose nuclei metrics on (default 9092)
-
-CLOUD:
-   -cloud                              run scan on nuclei cloud
-   -ads, -add-datasource string        add specified data source (s3,github)
-   -atr, -add-target string            add target(s) to cloud
-   -atm, -add-template string          add template(s) to cloud
-   -lsn, -list-scan                    list previous cloud scans
-   -lso, -list-output string           list scan output by scan id
-   -ltr, -list-target                  list cloud target by id
-   -ltm, -list-template                list cloud template by id
-   -lds, -list-datasource              list cloud datasource by id
-   -lrs, -list-reportsource            list reporting sources
-   -dsn, -delete-scan string           delete cloud scan by id
-   -dtr, -delete-target string         delete target(s) from cloud
-   -dtm, -delete-template string       delete template(s) from cloud
-   -dds, -delete-datasource string     delete specified data source
-   -drs, -disable-reportsource string  disable specified reporting source
-   -ers, -enable-reportsource string   enable specified reporting source
-   -gtr, -get-target string            get target content by id
-   -gtm, -get-template string          get template content by id
-   -nos, -no-store                     disable scan/output storage on cloud
-   -no-tables                          do not display pretty-printed tables
-   -limit int                          limit the number of output to display (default 100)
 ```
 
 ### Running Nuclei