Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDK: abstracted and minimal nuclei v3 sdk #4104

Merged
merged 11 commits into from
Sep 2, 2023
Merged

SDK: abstracted and minimal nuclei v3 sdk #4104

merged 11 commits into from
Sep 2, 2023

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Aug 29, 2023
edited
Loading

Proposed changes

  • New easy to use and simplified Library/SDK for nuclei
  • Added testable examples
  • Updated Docs etc
  • closes Nuclei Go SDK v3 #4054
  • docs about library at

    nuclei/v2/lib/README.md

    Lines 1 to 87 in 186a4da

    ## Using Nuclei as Library
    Nuclei was primarily built as a CLI tool, but with increasing choice of users wanting to use nuclei as library in their own automation, we have added a simplified Library/SDK of nuclei in v3
    ### Installation
    To add nuclei as a library to your go project, you can use the following command:
    ```bash
    go get -u github.com/projectdiscovery/nuclei/v2/lib
    ```
    Or add below import to your go file and let IDE handle the rest:
    ```go
    import nuclei "github.com/projectdiscovery/nuclei/v2/lib"
    ```
    ## Basic Example of using Nuclei Library/SDK
    ```go
    // create nuclei engine with options
    ne, err := nuclei.NewNucleiEngine(
    nuclei.WithTemplateFilters(nuclei.TemplateFilters{Severity: "critical"}), // run critical severity templates only
    )
    if err != nil {
    panic(err)
    }
    // load targets and optionally probe non http/https targets
    ne.LoadTargets([]string{"scanme.sh"}, false)
    err = ne.ExecuteWithCallback(nil)
    if err != nil {
    panic(err)
    }
    defer ne.Close()
    ```
    ## Advanced Example of using Nuclei Library/SDK
    For Various use cases like batching etc you might want to run nuclei in goroutines this can be done by using `nuclei.NewThreadSafeNucleiEngine`
    ```go
    // create nuclei engine with options
    ne, err := nuclei.NewThreadSafeNucleiEngine()
    if err != nil{
    panic(err)
    }
    // setup waitgroup to handle concurrency
    wg := &sync.WaitGroup{}
    // scan 1 = run dns templates on scanme.sh
    wg.Add(1)
    go func() {
    defer wg.Done()
    err = ne.ExecuteNucleiWithOpts([]string{"scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "http"}))
    if err != nil {
    panic(err)
    }
    }()
    // scan 2 = run http templates on honey.scanme.sh
    wg.Add(1)
    go func() {
    defer wg.Done()
    err = ne.ExecuteNucleiWithOpts([]string{"honey.scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))
    if err != nil {
    panic(err)
    }
    }()
    // wait for all scans to finish
    wg.Wait()
    defer ne.Close()
    ```
    ## More Documentation
    For complete documentation of nuclei library, please refer to [godoc](https://pkg.go.dev/github.com/projectdiscovery/nuclei/v2/lib) which contains all available options and methods.
    ### Note
    | :exclamation: **Disclaimer** |
    |---------------------------------|
    | **This project is in active development**. Expect breaking changes with releases. Review the release changelog before updating. |
    | This project was primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. |

Design Considerations

  • SDK should be easy to get started with minimal code
  • Use Option Style syntax to abstract options (we have so many options in nuclei >30 this style of syntax i.e option style is more powerful and suitable for such cases)
  • Thread Safe Nuclei Execution example/support
  • User should only need to have 1 import to avoid searching over multiple packages for docs

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@tarunKoyalwar tarunKoyalwar self-assigned this Aug 29, 2023
@tarunKoyalwar tarunKoyalwar linked an issue Aug 29, 2023 that may be closed by this pull request
Nuclei Go SDK v3 #4054
Closed
@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Aug 29, 2023
edited
Loading

View SDK docs

cd v2/lib
godoc -http=:6060

^ this will start a local doc server with final docs which includes testable examples at http://localhost:6060/pkg/github.com/projectdiscovery/nuclei/v2/lib/

@tarunKoyalwar tarunKoyalwar changed the title SDK: abstracted and minimal nuclei sdk SDK: abstracted and minimal nuclei v3 sdk Aug 30, 2023
@tarunKoyalwar
Copy link
Member Author

New Changes

  • remove old implementation of stats and use new clistats logic
  • fix issue with clustering (-dc flag was not used while clustering)
  • fix stats while using SDK/library mode
  • deprecated -metrics option since clistats by default starts a server for stats
  • -mp now directly updates port in clistats and thus eliminating port already in use issue

New /metrics endpoint

{
  "requests": 3416,
  "errors": 955,
  "matched": 15,
  "startedAt": "2023-08-30T19:02:13.636473+05:30",
  "summary": "[0:00:27] | Templates: 6720 | Hosts: 1 | RPS: 126 | Matched: 15 | Errors: 955 | Requests: 3416/9963 (34%)\n",
  "rps": "126",
  "total": 9963,
  "templates": 6720,
  "hosts": 1,
  "duration": "0:00:27",
  "percent": "34"
}

Mzack9999
Mzack9999 approved these changes Aug 31, 2023
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - nice one! This was really a must-do. The absence of consistent components initializations with reasonable defaults along with a too long boilerplate to just create an instance was definitely a usability anti-pattern.

@ehsandeep ehsandeep merged commit 2d31788 into v3-beta Sep 2, 2023
7 of 10 checks passed
@ehsandeep ehsandeep deleted the feat-sdk-4-all branch September 2, 2023 09:04
@tarunKoyalwar tarunKoyalwar mentioned this pull request Sep 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@ShubhamRasal ShubhamRasal ShubhamRasal approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nuclei Go SDK v3
4 participants
@tarunKoyalwar @ehsandeep @Mzack9999 @ShubhamRasal