Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/lib/sdk_private.go
2843 views
1
package nuclei

2


3
import (

4
	"context"

5
	"fmt"

6
	"os"

7
	"strings"

8
	"sync"

9
	"time"

10


11
	"github.com/projectdiscovery/nuclei/v3/pkg/input"

12
	"github.com/projectdiscovery/nuclei/v3/pkg/reporting"

13


14
	"github.com/logrusorgru/aurora"

15
	"github.com/pkg/errors"

16
	"github.com/projectdiscovery/gologger/levels"

17
	"github.com/projectdiscovery/httpx/common/httpx"

18
	"github.com/projectdiscovery/nuclei/v3/internal/runner"

19
	"github.com/projectdiscovery/nuclei/v3/pkg/authprovider"

20
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"

21
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"

22
	"github.com/projectdiscovery/nuclei/v3/pkg/core"

23
	"github.com/projectdiscovery/nuclei/v3/pkg/input/provider"

24
	"github.com/projectdiscovery/nuclei/v3/pkg/installer"

25
	"github.com/projectdiscovery/nuclei/v3/pkg/output"

26
	"github.com/projectdiscovery/nuclei/v3/pkg/progress"

27
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"

28
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/hosterrorscache"

29
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"

30
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolinit"

31
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"

32
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine"

33
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/httpclientpool"

34
	"github.com/projectdiscovery/nuclei/v3/pkg/templates"

35
	"github.com/projectdiscovery/nuclei/v3/pkg/testutils"

36
	"github.com/projectdiscovery/nuclei/v3/pkg/types"

37
	nucleiUtils "github.com/projectdiscovery/nuclei/v3/pkg/utils"

38
	"github.com/projectdiscovery/ratelimit"

39
)

40


41
// applyRequiredDefaults to options

42
func (e *NucleiEngine) applyRequiredDefaults(ctx context.Context) {

43
	mockoutput := testutils.NewMockOutputWriter(e.opts.OmitTemplate)

44
	mockoutput.WriteCallback = func(event *output.ResultEvent) {

45
		if len(e.resultCallbacks) > 0 {

46
			for _, callback := range e.resultCallbacks {

47
				if callback != nil {

48
					callback(event)

49
				}

50
			}

51
			return

52
		}

53
		sb := strings.Builder{}

54
		sb.WriteString(fmt.Sprintf("[%v] ", event.TemplateID))

55
		if event.Matched != "" {

56
			sb.WriteString(event.Matched)

57
		} else {

58
			sb.WriteString(event.Host)

59
		}

60
		fmt.Println(sb.String())

61
	}

62
	if e.onFailureCallback != nil {

63
		mockoutput.FailureCallback = e.onFailureCallback

64
	}

65


66
	if e.customWriter != nil {

67
		e.customWriter = output.NewMultiWriter(e.customWriter, mockoutput)

68
	} else {

69
		e.customWriter = mockoutput

70
	}

71


72
	if e.customProgress == nil {

73
		e.customProgress = &testutils.MockProgressClient{}

74
	}

75
	if e.hostErrCache == nil && e.opts.ShouldUseHostError() {

76
		e.hostErrCache = hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount, nil)

77
	}

78
	// setup interactsh

79
	if e.interactshOpts != nil {

80
		e.interactshOpts.Output = e.customWriter

81
		e.interactshOpts.Progress = e.customProgress

82
	} else {

83
		e.interactshOpts = interactsh.DefaultOptions(e.customWriter, e.rc, e.customProgress)

84
	}

85
	if e.rateLimiter == nil {

86
		e.rateLimiter = ratelimit.New(ctx, 150, time.Second)

87
	}

88
	if e.opts.ExcludeTags == nil {

89
		e.opts.ExcludeTags = []string{}

90
	}

91
	// these templates are known to have weak matchers

92
	// and idea is to disable them to avoid false positives

93
	e.opts.ExcludeTags = append(e.opts.ExcludeTags, config.ReadIgnoreFile().Tags...)

94


95
	e.inputProvider = provider.NewSimpleInputProvider()

96
}

97


98
// init

99
func (e *NucleiEngine) init(ctx context.Context) error {

100
	// Update logger ref (if it was changed by [WithLogger])

101
	// (Logger is already initialized)

102
	if e.opts.Logger != e.Logger {

103
		e.Logger = e.opts.Logger

104
	}

105


106
	if e.opts.Verbose {

107
		e.Logger.SetMaxLevel(levels.LevelVerbose)

108
	} else if e.opts.Debug {

109
		e.Logger.SetMaxLevel(levels.LevelDebug)

110
	} else if e.opts.Silent {

111
		e.Logger.SetMaxLevel(levels.LevelSilent)

112
	}

113


114
	if err := runner.ValidateOptions(e.opts); err != nil {

115
		return err

116
	}

117


118
	if e.opts.Parser != nil {

119
		if op, ok := e.opts.Parser.(*templates.Parser); ok {

120
			e.parser = op

121
		}

122
	}

123


124
	if e.parser == nil {

125
		e.parser = templates.NewParser()

126
	}

127


128
	if protocolstate.ShouldInit(e.opts.ExecutionId) {

129
		_ = protocolinit.Init(e.opts)

130
	}

131


132
	if e.opts.ProxyInternal && e.opts.AliveHttpProxy != "" || e.opts.AliveSocksProxy != "" {

133
		httpclient, err := httpclientpool.Get(e.opts, &httpclientpool.Configuration{})

134
		if err != nil {

135
			return err

136
		}

137
		e.httpClient = httpclient

138
	}

139


140
	e.applyRequiredDefaults(ctx)

141
	var err error

142


143
	// setup progressbar

144
	if e.enableStats {

145
		progressInstance, progressErr := progress.NewStatsTicker(e.opts.StatsInterval, e.enableStats, e.opts.StatsJSON, false, e.opts.MetricsPort)

146
		if progressErr != nil {

147
			return err

148
		}

149
		e.customProgress = progressInstance

150
		e.interactshOpts.Progress = progressInstance

151
	}

152


153
	if err := reporting.CreateConfigIfNotExists(); err != nil {

154
		return err

155
	}

156
	// we don't support reporting config in sdk mode

157
	if e.rc, err = reporting.New(&reporting.Options{}, "", false); err != nil {

158
		return err

159
	}

160
	e.interactshOpts.IssuesClient = e.rc

161
	if e.httpClient != nil {

162
		e.interactshOpts.HTTPClient = e.httpClient

163
	}

164
	if e.interactshClient, err = interactsh.New(e.interactshOpts); err != nil {

165
		return err

166
	}

167


168
	if e.opts.Headless {

169
		if engine.MustDisableSandbox() {

170
			e.Logger.Warning().Msgf("The current platform and privileged user will run the browser without sandbox")

171
		}

172
		browser, err := engine.New(e.opts)

173
		if err != nil {

174
			return err

175
		}

176
		e.browserInstance = browser

177
	}

178


179
	if e.catalog == nil {

180
		e.catalog = disk.NewCatalog(config.DefaultConfig.TemplatesDirectory)

181
	}

182


183
	if e.tmpDir == "" {

184
		tmpDir, err := os.MkdirTemp("", "nuclei-tmp-*")

185
		if err != nil {

186
			return err

187
		}

188
		e.tmpDir = tmpDir

189
	}

190


191
	e.executerOpts = &protocols.ExecutorOptions{

192
		Output:             e.customWriter,

193
		Options:            e.opts,

194
		Progress:           e.customProgress,

195
		Catalog:            e.catalog,

196
		IssuesClient:       e.rc,

197
		RateLimiter:        e.rateLimiter,

198
		Interactsh:         e.interactshClient,

199
		Colorizer:          aurora.NewAurora(true),

200
		ResumeCfg:          types.NewResumeCfg(),

201
		Browser:            e.browserInstance,

202
		Parser:             e.parser,

203
		InputHelper:        input.NewHelper(),

204
		TemporaryDirectory: e.tmpDir,

205
		Logger:             e.opts.Logger,

206
	}

207
	if e.opts.ShouldUseHostError() && e.hostErrCache != nil {

208
		e.executerOpts.HostErrorsCache = e.hostErrCache

209
	}

210
	if len(e.opts.SecretsFile) > 0 {

211
		authTmplStore, err := runner.GetAuthTmplStore(e.opts, e.catalog, e.executerOpts)

212
		if err != nil {

213
			return errors.Wrap(err, "failed to load dynamic auth templates")

214
		}

215
		authOpts := &authprovider.AuthProviderOptions{SecretsFiles: e.opts.SecretsFile}

216
		authOpts.LazyFetchSecret = runner.GetLazyAuthFetchCallback(&runner.AuthLazyFetchOptions{

217
			TemplateStore: authTmplStore,

218
			ExecOpts:      e.executerOpts,

219
		})

220
		// initialize auth provider

221
		provider, err := authprovider.NewAuthProvider(authOpts)

222
		if err != nil {

223
			return errors.Wrap(err, "could not create auth provider")

224
		}

225
		e.executerOpts.AuthProvider = provider

226
	}

227
	if e.authprovider != nil {

228
		e.executerOpts.AuthProvider = e.authprovider

229
	}

230


231
	// prefetch secrets

232
	if e.executerOpts.AuthProvider != nil && e.opts.PreFetchSecrets {

233
		if err := e.executerOpts.AuthProvider.PreFetchSecrets(); err != nil {

234
			return errors.Wrap(err, "could not prefetch secrets")

235
		}

236
	}

237


238
	if e.executerOpts.RateLimiter == nil {

239
		if e.opts.RateLimitMinute > 0 {

240
			e.opts.RateLimit = e.opts.RateLimitMinute

241
			e.opts.RateLimitDuration = time.Minute

242
		}

243
		if e.opts.RateLimit > 0 && e.opts.RateLimitDuration == 0 {

244
			e.opts.RateLimitDuration = time.Second

245
		}

246
		if e.opts.RateLimit == 0 && e.opts.RateLimitDuration == 0 {

247
			e.executerOpts.RateLimiter = ratelimit.NewUnlimited(ctx)

248
		} else {

249
			e.executerOpts.RateLimiter = ratelimit.New(ctx, uint(e.opts.RateLimit), e.opts.RateLimitDuration)

250
		}

251
	}

252


253
	// Handle the case where the user passed an existing parser that we can use as a cache

254
	if e.opts.Parser != nil {

255
		if cachedParser, ok := e.opts.Parser.(*templates.Parser); ok {

256
			e.parser = cachedParser

257
			e.opts.Parser = cachedParser

258
			e.executerOpts.Parser = cachedParser

259
			e.executerOpts.Options.Parser = cachedParser

260
		}

261
	}

262


263
	// Create a new parser if necessary

264
	if e.parser == nil {

265
		op := templates.NewParser()

266
		e.parser = op

267
		e.opts.Parser = op

268
		e.executerOpts.Parser = op

269
		e.executerOpts.Options.Parser = op

270
	}

271


272
	e.engine = core.New(e.opts)

273
	e.engine.SetExecuterOptions(e.executerOpts)

274


275
	httpxOptions := httpx.DefaultOptions

276
	httpxOptions.Timeout = 5 * time.Second

277
	if client, err := httpx.New(&httpxOptions); err != nil {

278
		return err

279
	} else {

280
		e.httpxClient = nucleiUtils.GetInputLivenessChecker(client)

281
	}

282


283
	// Only Happens once regardless how many times this function is called

284
	// This will update ignore file to filter out templates with weak matchers to avoid false positives

285
	// and also upgrade templates to latest version if available

286
	installer.NucleiSDKVersionCheck()

287


288
	if DefaultConfig.CanCheckForUpdates() {

289
		return e.processUpdateCheckResults()

290
	}

291
	return nil

292
}

293


294
type syncOnce struct {

295
	sync.Once

296
}

297


298
var updateCheckInstance = &syncOnce{}

299


300
// processUpdateCheckResults processes update check results

301
func (e *NucleiEngine) processUpdateCheckResults() error {

302
	var err error

303
	updateCheckInstance.Do(func() {

304
		if e.onUpdateAvailableCallback != nil {

305
			e.onUpdateAvailableCallback(config.DefaultConfig.LatestNucleiTemplatesVersion)

306
		}

307
		tm := installer.TemplateManager{}

308
		err = tm.UpdateIfOutdated()

309
	})

310
	return err

311
}

312


313