Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: added initial live DAST server implementation #5772

Open
wants to merge 29 commits into
base: dev
Choose a base branch
from
Open

feat: added initial live DAST server implementation #5772

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
0db2332
feat: added initial live DAST server implementation
Ice3man543 Oct 26, 2024
64ef60e
feat: more logging + misc additions
Ice3man543 Oct 30, 2024
efd8ab9
feat: auth file support enhancements for more complex scenarios + misc
Ice3man543 Nov 7, 2024
0da731c
Merge remote-tracking branch 'origin' into nuclei-dast-server
ehsandeep Nov 19, 2024
ae870e6
feat: added io.Reader support to input providers for http
Ice3man543 Nov 20, 2024
50d0952
feat: added stats db to fuzzing + use sdk for dast server + misc
Ice3man543 Nov 20, 2024
0395951
feat: more additions and enhancements
Ice3man543 Nov 21, 2024
7c27c22
misc changes to live server
Ice3man543 Nov 22, 2024
78ad4e3
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into…
Ice3man543 Nov 22, 2024
ce023d0
Merge branch 'auth-file-enhancements' of https://github.com/projectdi…
Ice3man543 Nov 22, 2024
090cadb
misc
Ice3man543 Nov 26, 2024
727ff90
use utils pprof server
Ice3man543 Nov 29, 2024
a105306
feat: added simpler stats tracking system
Ice3man543 Dec 1, 2024
38f25f5
feat: fixed analyzer timeout issue + missing case fix
Ice3man543 Dec 2, 2024
2fc1b3a
Merge branch 'time-analyzer-bugfixes' of https://github.com/projectdi…
Ice3man543 Dec 2, 2024
fda6165
misc changes fix
Ice3man543 Dec 2, 2024
7f55f01
feat: changed the logics a bit + misc changes and additions
Ice3man543 Dec 10, 2024
1fa4540
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into…
Ice3man543 Dec 11, 2024
ad5ec96
feat: re-added slope checks + misc
Ice3man543 Dec 13, 2024
70bd93a
feat: added baseline measurements for time based checks
Ice3man543 Dec 13, 2024
98646e6
chore(server): fix typos
dwisiswant0 Dec 13, 2024
f31e963
fix(templates): potential DOM XSS
dwisiswant0 Dec 13, 2024
1d2a1dc
fix(authx): potential NIL deref
dwisiswant0 Dec 13, 2024
9f4b89a
feat: misc review changes
Ice3man543 Dec 16, 2024
ab2ce86
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into…
Ice3man543 Dec 16, 2024
0c4645b
removed debug logging
Ice3man543 Dec 16, 2024
c1a2903
feat: remove existing cookies only
Ice3man543 Dec 19, 2024
78320d8
feat: lint fixes
Ice3man543 Dec 19, 2024
952a887
misc
Ice3man543 Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions cmd/nuclei/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"strings"
"time"

"github.com/copernicium-112/namegenerator"
_pdcp "github.com/projectdiscovery/nuclei/v3/internal/pdcp"
"github.com/projectdiscovery/utils/auth/pdcp"
"github.com/projectdiscovery/utils/env"
Expand Down Expand Up @@ -185,6 +186,11 @@ func main() {
go func() {
for range c {
gologger.Info().Msgf("CTRL+C pressed: Exiting\n")
if options.DASTServer {
nucleiRunner.Close()
os.Exit(1)
}

gologger.Info().Msgf("Attempting graceful shutdown...")
if options.EnableCloudUpload {
gologger.Info().Msgf("Uploading scan results to cloud...")
Expand Down Expand Up @@ -215,6 +221,10 @@ func main() {
}
}

var (
nameGenerator = namegenerator.NewNameGenerator(time.Now().UnixNano())
coderabbitai[bot] marked this conversation as resolved.
Show resolved Hide resolved
)

func readConfig() *goflags.FlagSet {

// when true updates nuclei binary to latest version
Expand Down Expand Up @@ -356,9 +366,15 @@ on extensive configurability, massive extensibility and ease of use.`)
flagSet.StringVarP(&options.FuzzingMode, "fuzzing-mode", "fm", "", "overrides fuzzing mode set in template (multiple, single)"),
flagSet.BoolVar(&fuzzFlag, "fuzz", false, "enable loading fuzzing templates (Deprecated: use -dast instead)"),
flagSet.BoolVar(&options.DAST, "dast", false, "enable / run dast (fuzz) nuclei templates"),
flagSet.BoolVarP(&options.DASTServer, "dast-server", "dts", false, "enable dast server mode (live fuzzing)"),
flagSet.BoolVarP(&options.DASTReport, "dast-report", "drg", false, "write dast scan report to file"),
Ice3man543 marked this conversation as resolved.
Show resolved Hide resolved
flagSet.StringVarP(&options.DASTServerToken, "dast-server-token", "dtst", "", "dast server token (optional)"),
flagSet.StringVarP(&options.DASTServerAddress, "dast-server-address", "dtsa", "localhost:9055", "dast server address"),
flagSet.BoolVarP(&options.DisplayFuzzPoints, "display-fuzz-points", "dfp", false, "display fuzz points in the output for debugging"),
flagSet.IntVar(&options.FuzzParamFrequency, "fuzz-param-frequency", 10, "frequency of uninteresting parameters for fuzzing before skipping"),
flagSet.StringVarP(&options.FuzzAggressionLevel, "fuzz-aggression", "fa", "low", "fuzzing aggression level controls payload count for fuzz (low, medium, high)"),
flagSet.StringSliceVarP(&options.Scope, "fuzz-scope", "cs", nil, "in scope url regex to be followed by fuzzer", goflags.FileCommaSeparatedStringSliceOptions),
flagSet.StringSliceVarP(&options.OutOfScope, "fuzz-out-scope", "cos", nil, "out of scope url regex to be excluded by fuzzer", goflags.FileCommaSeparatedStringSliceOptions),
)

flagSet.CreateGroup("uncover", "Uncover",
Expand Down
23 changes: 14 additions & 9 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ require (
github.com/olekukonko/tablewriter v0.0.5
github.com/pkg/errors v0.9.1
github.com/projectdiscovery/clistats v0.1.1
github.com/projectdiscovery/fastdialer v0.2.9
github.com/projectdiscovery/hmap v0.0.67
github.com/projectdiscovery/fastdialer v0.2.10
github.com/projectdiscovery/hmap v0.0.68
github.com/projectdiscovery/interactsh v1.2.0
github.com/projectdiscovery/rawhttp v0.1.74
github.com/projectdiscovery/retryabledns v1.0.85
github.com/projectdiscovery/retryablehttp-go v1.0.86
github.com/projectdiscovery/retryabledns v1.0.86
github.com/projectdiscovery/retryablehttp-go v1.0.88
github.com/projectdiscovery/yamldoc-go v1.0.4
github.com/remeh/sizedwaitgroup v1.0.0
github.com/rs/xid v1.5.0
Expand All @@ -51,16 +51,19 @@ require (
github.com/DataDog/gostackparse v0.6.0
github.com/Masterminds/semver/v3 v3.2.1
github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057
github.com/alitto/pond v1.9.2
github.com/antchfx/xmlquery v1.3.17
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
github.com/aws/aws-sdk-go-v2 v1.19.0
github.com/aws/aws-sdk-go-v2/config v1.18.28
github.com/aws/aws-sdk-go-v2/credentials v1.13.27
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.72
github.com/aws/aws-sdk-go-v2/service/s3 v1.37.0
github.com/ccojocar/randdetect v0.0.0-20241118085251-1581dcdbf207
github.com/cespare/xxhash v1.1.0
github.com/charmbracelet/glamour v0.8.0
github.com/clbanning/mxj/v2 v2.7.0
github.com/copernicium-112/namegenerator v0.0.0-20230403095523-b8a39e9024ce
github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
github.com/docker/go-units v0.5.0
github.com/dop251/goja v0.0.0-20240220182346-e401ed450204
Expand All @@ -70,13 +73,14 @@ require (
github.com/go-ldap/ldap/v3 v3.4.5
github.com/go-pg/pg v8.0.7+incompatible
github.com/go-sql-driver/mysql v1.7.1
github.com/gorilla/mux v1.8.1
github.com/h2non/filetype v1.1.3
github.com/invopop/yaml v0.3.1
github.com/kitabisa/go-ci v1.0.3
github.com/labstack/echo/v4 v4.10.2
github.com/labstack/echo/v4 v4.12.0
github.com/leslie-qiwa/flat v0.0.0-20230424180412-f9d1cf014baa
github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.22
github.com/mattn/go-sqlite3 v1.14.24
github.com/mholt/archiver v3.1.1+incompatible
github.com/microsoft/go-mssqldb v1.6.0
github.com/ory/dockertest/v3 v3.10.0
Expand All @@ -85,7 +89,7 @@ require (
github.com/projectdiscovery/fasttemplate v0.0.2
github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb
github.com/projectdiscovery/goflags v0.1.65
github.com/projectdiscovery/gologger v1.1.31
github.com/projectdiscovery/gologger v1.1.33
github.com/projectdiscovery/gostruct v0.0.2
github.com/projectdiscovery/gozero v0.0.3
github.com/projectdiscovery/httpx v1.6.9
Expand All @@ -97,7 +101,7 @@ require (
github.com/projectdiscovery/tlsx v1.1.8
github.com/projectdiscovery/uncover v1.0.9
github.com/projectdiscovery/useragent v0.0.78
github.com/projectdiscovery/utils v0.2.18
github.com/projectdiscovery/utils v0.2.22-0.20241129171309-2f4ef522155e
github.com/projectdiscovery/wappalyzergo v0.2.2
github.com/redis/go-redis/v9 v9.1.0
github.com/seh-msft/burpxml v1.0.1
Expand Down Expand Up @@ -152,6 +156,7 @@ require (
github.com/docker/docker v24.0.9+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/felixge/fgprof v0.9.5 // indirect
github.com/free5gc/util v1.0.5-0.20230511064842-2e120956883b // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/gaissmai/bart v0.9.5 // indirect
Expand Down Expand Up @@ -347,7 +352,7 @@ require (
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jcmturner/gokrb5/v8 v8.4.4
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/labstack/gommon v0.4.0 // indirect
github.com/labstack/gommon v0.4.2 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/nwaples/rardecode v1.1.3 // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
Expand Down
Loading