Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add template_encode in output for custom templates #4218

Closed
ehsandeep opened this issue Oct 8, 2023 · 0 comments · Fixed by #4315
Closed

Add template_encode in output for custom templates #4218

ehsandeep opened this issue Oct 8, 2023 · 0 comments · Fixed by #4315
Assignees
@dogancanbakir
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Oct 8, 2023
edited
Loading

Please describe your feature request:

id: basic-example

info:
  name: Test HTTP Template
  author: pdteam
  severity: info

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "This is test matcher text"
        negative: true
echo https://scanme.sh | ./nuclei -t test.yaml -j | jq .
{
  "template-id": "basic-example",
  "template-path": "/Users/geekboy/Github/nuclei/v2/test.yaml",
  "template_encoded": "aWQ6IGJhc2ljLWV4YW1wbGUKCmluZm86CiAgbmFtZTogVGVzdCBIVFRQIFRlbXBsYXRlCiAgYXV0aG9yOiBwZHRlYW0KICBzZXZlcml0eTogaW5mbwoKaHR0cDoKICAtIG1ldGhvZDogR0VUCiAgICBwYXRoOgogICAgICAtICJ7e0Jhc2VVUkx9fSIKICAgIG1hdGNoZXJzOgogICAgICAtIHR5cGU6IHdvcmQKICAgICAgICB3b3JkczoKICAgICAgICAgIC0gIlRoaXMgaXMgdGVzdCBtYXRjaGVyIHRleHQiCiAgICAgICAgbmVnYXRpdmU6IHRydWU="
  "info": {
    "name": "Test HTTP Template",
    "author": [
      "pdteam"
    ],
    "tags": null,
    "severity": "info"
  },
  "type": "http",
  "host": "https://scanme.sh",
  "matched-at": "https://scanme.sh",
  "request": "GET / HTTP/1.1\r\nHost: scanme.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36\r\nConnection: close\r\nAccept: */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n",
  "response": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 2\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Sun, 08 Oct 2023 10:28:45 GMT\r\n\r\nok",
  "ip": "128.199.158.128",
  "timestamp": "2023-10-08T15:58:45.615485+05:30",
  "curl-command": "curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36' 'https://scanme.sh'",
  "matcher-status": true
}

Also optionally:

   -ot, -omit-template  omit encoded template in the JSON, JSONL output

Describe the use case of this feature:

Public nuclei templates contain template-url; instead, in custom templates, no information is available, adding template_encoded will make the nuclei output self-sufficient, containing all the information for review and replication.

Anything else:

URL is handled using below method for public templates:

// TemplatePathURL returns the Path and URL for the provided template
func TemplatePathURL(fullPath, templateId string) (string, string) {
	var templateDirectory string
	configData := config.DefaultConfig
	if configData.TemplatesDirectory != "" && strings.HasPrefix(fullPath, configData.TemplatesDirectory) {
		templateDirectory = configData.TemplatesDirectory
	} else {
		return "", ""
	}

	finalPath := strings.TrimPrefix(strings.TrimPrefix(fullPath, templateDirectory), "/")
	templateURL := TemplatesRepoURL + templateId
	return finalPath, templateURL
}

Note:

  • Max length for template size needs to be defined.
  • If the template length exceeds the max, it will be omitted from the result.
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Oct 8, 2023
@ehsandeep ehsandeep added the Priority: High After critical issues are fixed, these should be dealt with before any further issues. label Oct 26, 2023
This was referenced Oct 30, 2023
Closed
Merged
@dogancanbakir dogancanbakir linked a pull request Oct 30, 2023 that will close this issue
introduce template-encoded field #4315
Merged
4 tasks
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Nov 10, 2023
@RamanaReddy0M RamanaReddy0M mentioned this issue Sep 18, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
2 participants
@ehsandeep @dogancanbakir