Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pre-condition in code , fuzz and other misc updates #4966

Merged
merged 12 commits into from
Apr 1, 2024
Merged

pre-condition in code , fuzz and other misc updates #4966

merged 12 commits into from
Apr 1, 2024

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Mar 30, 2024
edited
Loading

Proposed Changes

id: pre-condition-code

info:
  name: example code template
  author: pdteam
  severity: info


self-contained: true

variables:
  OAST: "{{interactsh-url}}"

code:
  - pre-condition: IsLinux()
    engine:
      - sh
      - bash
    source: |
      echo "$OAST" | base64
    
    matchers:
      - type: dsl
        dsl:
          - true

@tarunKoyalwar tarunKoyalwar self-assigned this Mar 30, 2024
@tarunKoyalwar tarunKoyalwar mentioned this pull request Mar 30, 2024
Merged
@tarunKoyalwar tarunKoyalwar mentioned this pull request Mar 30, 2024
Closed
@tarunKoyalwar tarunKoyalwar linked an issue Mar 30, 2024 that may be closed by this pull request
Investigation on inappropriate use of panic-recover paradigm #4886
Closed
@tarunKoyalwar tarunKoyalwar changed the title fuzz: rename 'filters' -> 'pre-condition' pre-condition in code , fuzz and other misc updates Mar 30, 2024
@tarunKoyalwar
Copy link
Member Author

  • due to variable priority in flow / multi-protocol , array was not flattened in some cases . since we always flatten slice if its size is 1 . for cases where length is not known using _slice suffix along with required key ensures that it always returns a slice ( note: slice/array are only meant to be used in flow )
id: extracted_value

info:
  name: Extracted value does not work in flow
  author: pascal-sun
  severity: info

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/{{test}}"

    extractors: 
      - type: regex
        name: test
        group: 1
        regex:
          - 'This (domain) is for use in illustrative examples in documents.'
        internal: true

    matchers:
      - type: status
        internal: true
        status:
          - 200
 
  - method: GET
    path:
      - "https://example.org/{{test}}"
    matchers:
      - type: status
        status:
          - 404

Before

 nuclei -t a.yaml -u https://example.com -v -debug-req 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [extracted_value] Dumped HTTP request for https://example.com

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.com
[INF] [extracted_value] Dumped HTTP request for https://example.com/[domain]

GET /[domain] HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.com/[domain]
[INF] [extracted_value] Dumped HTTP request for https://example.org/domain

GET /domain HTTP/1.1
Host: example.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.org/domain
[extracted_value] [http] [info] https://example.org/domain

Now

$  ./nuclei -t a.yaml -u https://example.com -v -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [extracted_value] Dumped HTTP request for https://example.com

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.com
[INF] [extracted_value] Dumped HTTP request for https://example.com/domain

GET /domain HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/604.2.4 (KHTML, like Gecko) Version/9.1.2 Safari/604.2.4
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.com/domain
[INF] [extracted_value] Dumped HTTP request for https://example.org/domain

GET /domain HTTP/1.1
Host: example.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.8.25
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [extracted_value] Sent HTTP request to https://example.org/domain
[extracted_value] [http] [info] https://example.org/domain

@tarunKoyalwar
Copy link
Member Author

Fixed Incorrect Template Loading Counters

  • due to logic of excluding template being after parsing template load and executing template count were always incorrect. this is now fixed

Before

Screenshot 2024-03-31 at 3 07 40 AM

After

Screenshot 2024-03-31 at 3 10 34 AM

$ ./nuclei -dast -u example.com -t ~/Codebase/nuclei-templates/ -v -itags fuzz

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[WRN] Excluded 82 template[s] with known weak matchers / tags excluded from default run using .nuclei-ignore
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 21
[WRN] Executing 21 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1

cc: @ehsandeep

@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review March 30, 2024 21:41
@ehsandeep ehsandeep merged commit 255032f into dev Apr 1, 2024
12 checks passed
@ehsandeep ehsandeep deleted the add_pre_condition branch April 1, 2024 13:48
@BrewTestBot BrewTestBot mentioned this pull request Apr 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@tarunKoyalwar @ehsandeep @Mzack9999