mirror of
https://github.com/freelabz/secator
synced 2026-05-24 10:08:23 +00:00
feat(nuclei): add -sr, -srd, and -logs option
This commit is contained in:
Olivier Cervello
parent
13353c198e
commit
40c77bdde9
3 changed files with 23 additions and 7 deletions
|
|
@ -122,9 +122,9 @@ class httpx(Http):
|
|||
self.cmd = self.cmd.replace('-silent', '')
|
||||
screenshot = self.get_opt_value('screenshot')
|
||||
store_responses = self.get_opt_value('store_responses')
|
||||
output_folder = shlex.quote(f'{self.reports_folder}/.outputs')
|
||||
if store_responses or screenshot:
|
||||
reports_folder_outputs = f'{self.reports_folder}/.outputs'
|
||||
self.cmd += f' -srd {shlex.quote(reports_folder_outputs)}'
|
||||
self.cmd += f' -srd {output_folder}'
|
||||
if screenshot:
|
||||
self.cmd += ' -esb -ehb'
|
||||
self.domains = []
|
||||
|
|
|
|||
|
|
@ -89,9 +89,9 @@ class katana(HttpCrawler):
|
|||
form_fill = self.get_opt_value('form_fill')
|
||||
form_extraction = self.get_opt_value('form_extraction')
|
||||
store_responses = self.get_opt_value('store_responses')
|
||||
output_folder = shelx.quote(f'{self.reports_folder}/.outputs')
|
||||
if form_fill or form_extraction or store_responses:
|
||||
reports_folder_outputs = f'{self.reports_folder}/.outputs'
|
||||
self.cmd += f' -srd {shlex.quote(reports_folder_outputs)}'
|
||||
self.cmd += f' -srd {output_folder}'
|
||||
self._techs = {}
|
||||
|
||||
@staticmethod
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
import shlex
|
||||
|
||||
from secator.config import CONFIG
|
||||
from secator.cve import extract_software_and_version
|
||||
from secator.decorators import task
|
||||
|
|
@ -37,21 +39,22 @@ class nuclei(VulnMulti):
|
|||
json_flag = '-jsonl'
|
||||
input_chunk_size = 20
|
||||
opts = {
|
||||
'automatic_scan': {'is_flag': True, 'short': 'as', 'help': 'Automatic web scan using wappalyzer technology detection to tags mapping'}, # noqa: E501
|
||||
'bulk_size': {'type': int, 'short': 'bs', 'help': 'Maximum number of hosts to be analyzed in parallel per template'}, # noqa: E501
|
||||
'debug': {'type': str, 'help': 'Debug mode'},
|
||||
'exclude_severity': {'type': str, 'short': 'es', 'help': 'Exclude severity'},
|
||||
'severity': {'type': str, 'short': 's', 'help': 'Templates to run based on severity. Possible values: info, low, medium, high, critical, unknown'}, # noqa: E501
|
||||
'exclude_tags': {'type': str, 'short': 'etags', 'help': 'Exclude tags'},
|
||||
'input_mode': {'type': str, 'short': 'im', 'help': 'Mode of input file (list, burp, jsonl, yaml, openapi, swagger)'},
|
||||
'hang_monitor': {'is_flag': True, 'short': 'hm', 'default': True, 'help': 'Enable nuclei hang monitoring'},
|
||||
'headless_bulk_size': {'type': int, 'short': 'hbs', 'help': 'Maximum number of headless hosts to be analzyed in parallel per template'}, # noqa: E501
|
||||
'input_mode': {'type': str, 'short': 'im', 'help': 'Mode of input file (list, burp, jsonl, yaml, openapi, swagger)'},
|
||||
'new_templates': {'type': str, 'short': 'nt', 'help': 'Run only new templates added in latest nuclei-templates release'}, # noqa: E501
|
||||
'automatic_scan': {'is_flag': True, 'short': 'as', 'help': 'Automatic web scan using wappalyzer technology detection to tags mapping'}, # noqa: E501
|
||||
'omit_raw': {'is_flag': True, 'short': 'or', 'default': True, 'help': 'Omit requests/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)'}, # noqa: E501
|
||||
'response_size_read': {'type': int, 'default': CONFIG.http.response_max_size_bytes, 'help': 'Max body size to read (bytes)'}, # noqa: E501
|
||||
'severity': {'type': str, 'short': 's', 'help': 'Templates to run based on severity. Possible values: info, low, medium, high, critical, unknown'}, # noqa: E501
|
||||
'stats': {'is_flag': True, 'short': 'stats', 'default': True, 'help': 'Display statistics about the running scan'},
|
||||
'stats_json': {'is_flag': True, 'short': 'sj', 'default': True, 'help': 'Display statistics in JSONL(ines) format'},
|
||||
'stats_interval': {'type': str, 'short': 'si', 'help': 'Number of seconds to wait between showing a statistics update'}, # noqa: E501
|
||||
'store_responses': {'is_flag': True, 'short': 'sr', 'default': CONFIG.http.store_responses, 'help': 'Store reponses'},
|
||||
'tags': {'type': str, 'help': 'Tags'},
|
||||
'templates': {'type': str, 'short': 't', 'help': 'Templates'},
|
||||
'template_id': {'type': str, 'short': 'tid', 'help': 'Template id'},
|
||||
|
|
@ -72,6 +75,7 @@ class nuclei(VulnMulti):
|
|||
'exclude_severity': 'exclude-severity',
|
||||
'templates': 't',
|
||||
'response_size_read': 'rsr',
|
||||
'store_responses': 'sr',
|
||||
'template_condition': 'tc',
|
||||
}
|
||||
opt_value_map = {
|
||||
|
|
@ -126,6 +130,18 @@ class nuclei(VulnMulti):
|
|||
proxy_http = True # same
|
||||
profile = 'extra_large'
|
||||
|
||||
@staticmethod
|
||||
def on_init(self):
|
||||
store_responses = self.get_opt_value('store_responses')
|
||||
output_folder = shlex.quote(f'{self.reports_folder}/.outputs')
|
||||
if store_responses:
|
||||
self.cmd += f' -srd {output_folder}'
|
||||
logs = self.get_opt_value('logs')
|
||||
if logs:
|
||||
self.cmd += ' -ts'
|
||||
self.cmd += f' -elog {output_dir}/{self.fqn}_error.json'
|
||||
self.cmd += f' -tlog {output_dir}/{self.fqn}_trace.json'
|
||||
|
||||
@staticmethod
|
||||
def id_extractor(item):
|
||||
cve_ids = item['info'].get('classification', {}).get('cve-id') or []
|
||||
|
|
|
|||
Loading…
Reference in a new issue