-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: global matchers #5701
feat: global matchers #5701
Conversation
Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man543 <ice3man543@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
also use `Set` method instead of `maps.Clone` Signed-off-by: Dwi Siswanto <git@dw1.io>
After giving it some serious thought about the convention - me and @Ice3man543. (I'll leave this here for tracking purposes) Initially, the idea was to use the field name Then I suggested changing the name to So, I decided to go with |
How about something at the template level? The feature name would be something like |
I definitely prefer the term The thing is, the current setup actually works; for global matching, users still need to define which protocol they want to use. The problem right now is that the abstraction is not on the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Use of
global-matchers
instead ofmatcher-static
in template andjson(l)
andglobal
instead ofstatic
in CLI output line.
# example template
id: basic-example
info:
name: Test HTTP Template
author: pdteam
severity: info
http:
- global-matchers: true # enables global matching and applies them globally to all events from other templates
matchers:
- type: word
words:
- The requested URL
negative: true
- missing failed event with
-ms
option.
Current:
$ go run cmd/nuclei/main.go -u https://www.google.com -c 1 -t http-templ-1.yaml -t matchers-static-templ-1.yaml -ms -silent
[matchers-static-templ-1] [matched] [global] [http] [info] https://www.google.com/nonexistent ["matchers-static-templ-1","http-templ-1"]
Expected:
$ go run cmd/nuclei/main.go -u https://www.google.com -c 1 -t http-templ-1.yaml -t matchers-static-templ-1.yaml -ms -silent
[http-templ-1] [failed] [http] [info] https://www.google.com/nonexistent
[matchers-static-templ-1] [matched] [global] [http] [info] https://www.google.com/nonexistent ["matchers-static-templ-1","http-templ-1"]
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
This will end up generating 2 events from the same `scan.ScanContext` if one of the templates has `global-matchers` enabled. This way, non- `global-matchers` templates can enter the `writeFailureCallback` func to log failure output. Signed-off-by: Dwi Siswanto <git@dw1.io>
169c0fc
to
4bbb949
Compare
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
On hold.
UPDATE: Fixed in 12f6cb5 |
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
Proposed changes
Close #4549
How has this been tested?
Templates:
http-templ-1.yaml
matchers-static-templ-1.yaml
Proof:
Checklist