Merge pull request #3640 from projectdiscovery/dev

nuclei v2.9.3 (bugfix release)

Author: ehsandeep

.github/workflows/build-test.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       matrix:
         go-version: [1.19.x]
-        os: [ubuntu-latest-16-cores, windows-latest-8-cores, macOS-12]
+        os: [ubuntu-latest, windows-latest, macOS-13]
 
     runs-on: ${{ matrix.os }}
     steps:

.github/workflows/functional-test.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest-16-cores, windows-latest-8-cores, macOS-12]
+        os: [ubuntu-latest, windows-latest, macOS-13]
     steps:
       - name: Set up Go
         uses: actions/setup-go@v4

.github/workflows/lint-test.yml

@@ -10,7 +10,7 @@ on:
 jobs:
   lint:
     name: Lint Test
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     steps:
       - name: Set up Go
         uses: actions/setup-go@v4

.github/workflows/publish-docs.yaml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   docs:
-    runs-on: ubuntu-latest-16-cores
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

README.md

@@ -272,7 +272,7 @@ UPDATE:
 
 STATISTICS:
    -stats                    display statistics about the running scan
-   -sj, -stats-json          write statistics data to an output file in JSONL(ines) format
+   -sj, -stats-json          display statistics in JSONL(ines) format
    -si, -stats-interval int  number of seconds to wait between showing a statistics update (default 5)
    -m, -metrics              expose nuclei metrics on a port
    -mp, -metrics-port int    port to expose nuclei metrics on (default 9092)

README_ID.md

@@ -232,7 +232,7 @@ UPDATE:
 
 STATISTICS:
    -stats                    display statistics about the running scan
-   -sj, -stats-json          write statistics data to an output file in JSONL(ines) format
+   -sj, -stats-json          dispaly statistics in JSONL(ines) format
    -si, -stats-interval int  number of seconds to wait between showing a statistics update (default 5)
    -m, -metrics              expose nuclei metrics on a port
    -mp, -metrics-port int    port to expose nuclei metrics on (default 9092)

integration_tests/dns/dsl-matcher-variable.yaml

@@ -0,0 +1,23 @@
+id: dns-template
+
+info:
+  name: basic dns template
+  author: pdteam
+  severity: info
+
+dns:
+  - name: "{{FQDN}}"
+    type: CNAME
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "rcode == 0"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - rcode
+          - cname
+          - a
+          - aaaa

integration_tests/http/get-sni.yaml

@@ -1,4 +1,4 @@
-id: basic-get
+id: basic-get-sni
 
 info:
   name: Basic GET Request with CLI SNI

integration_tests/http/raw-unsafe-with-params.yaml

@@ -0,0 +1,20 @@
+id: raw-unsafe-with-params
+
+info:
+  name: Test RAW unsafe with params
+  author: pdteam
+  severity: info
+# this test is used to check automerge of params in both unsafe & safe requests
+# key1=value1 is added from inputURL
+
+requests:
+  - raw:
+      - |+
+        GET /?key2=value2 HTTP/1.1
+        Host: {{Hostname}}
+
+    unsafe: true
+    matchers:
+      - type: word
+        words:
+          - "Test is test raw-params-matcher text"

integration_tests/http/raw-with-params.yaml

@@ -0,0 +1,20 @@
+id: raw-with-params
+
+info:
+  name: Test RAW Params Template
+  author: pdteam
+  severity: info
+# this test is used to check automerge of params in both unsafe & safe requests
+# key1=value1 is added from inputURL
+
+requests:
+  - raw:
+      - |
+        GET /?key2=value2 HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{BaseURL}}
+
+    matchers:
+      - type: word
+        words:
+          - "Test is test raw-params-matcher text"

integration_tests/http/save-extractor-values-to-file.yaml

@@ -0,0 +1,18 @@
+id: save-extractor-values-to-file
+
+info:
+  name: save extractor values to file
+  author: pdteam
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - '[0-9]+'
+        to: output.txt

integration_tests/http/self-contained-with-params.yaml

@@ -0,0 +1,18 @@
+id: self-contained-with-params
+
+info:
+  name: self contained with params
+  author: pd-team
+  severity: info
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        GET http://127.0.0.1:5431/?something=here&key=value HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        words:
+          - This is self-contained response

integration_tests/http/self-contained-with-path.yaml

@@ -0,0 +1,18 @@
+id: self-contained-with-path
+
+info:
+  name: self-contained-with-path
+  author: pd-team
+  severity: info
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: 127.0.0.1:5431
+
+    matchers:
+      - type: word
+        words:
+          - This is self-contained response

integration_tests/http/variable-dsl-function.yaml

@@ -0,0 +1,21 @@
+id: basic-example
+
+info:
+  name: Test HTTP Template
+  author: pdteam
+  severity: info
+
+variables:
+ a1: "{{to_lower(rand_base(5))}}"
+
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?x={{a1}}"
+      - "{{BaseURL}}/?x={{a1}}"
+
+    extractors:
+      - type: dsl
+        dsl:
+          - a1

nuclei-jsonschema.json

@@ -232,6 +232,11 @@
           "type": "boolean",
           "title": "use case insensitive extract",
           "description": "use case insensitive extract"
+        },
+        "to": {
+          "type": "string",
+          "title": "save extracted values to file",
+          "description": "save extracted values to file"
         }
       },
       "additionalProperties": false,

v2/cmd/functional-test/run.sh

@@ -3,7 +3,7 @@
 # reading os type from arguments
 CURRENT_OS=$1
 
-if [ "${CURRENT_OS}" == "windows-latest-8-cores" ];then
+if [ "${CURRENT_OS}" == "windows-latest" ];then
     extension=.exe
 fi
 

v2/cmd/integration-test/dns.go

@@ -5,11 +5,12 @@ import (
 )
 
 var dnsTestCases = map[string]testutils.TestCase{
-	"dns/basic.yaml":     &dnsBasic{},
-	"dns/ptr.yaml":       &dnsPtr{},
-	"dns/caa.yaml":       &dnsCAA{},
-	"dns/tlsa.yaml":      &dnsTLSA{},
-	"dns/variables.yaml": &dnsVariables{},
+	"dns/basic.yaml":                &dnsBasic{},
+	"dns/ptr.yaml":                  &dnsPtr{},
+	"dns/caa.yaml":                  &dnsCAA{},
+	"dns/tlsa.yaml":                 &dnsTLSA{},
+	"dns/variables.yaml":            &dnsVariables{},
+	"dns/dsl-matcher-variable.yaml": &dnsDSLMatcherVariable{},
 }
 
 type dnsBasic struct{}
@@ -66,3 +67,14 @@ func (h *dnsVariables) Execute(filePath string) error {
 	}
 	return expectResultsCount(results, 1)
 }
+
+type dnsDSLMatcherVariable struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *dnsDSLMatcherVariable) Execute(filePath string) error {
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "one.one.one.one", debug)
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 1)
+}