-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into Ldap-search
- Loading branch information
Showing
9,842 changed files
with
88,609 additions
and
28,294 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| name: False Negative | ||
| description: Report templates with false negative results. | ||
| title: "[FALSE-NEGATIVE] ..." | ||
| labels: ["false-negative"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this false-negative report! | ||
| :warning: **Issues missing important information may be closed without further investigation.** | ||
| - type: textarea | ||
| attributes: | ||
| label: Template IDs or paths | ||
| description: | | ||
| Examples: | ||
| - CVE-202A-YYYYY | ||
| - CVE-202B-YYYYY | ||
| - http/cves/CVE-202C-YYYYY.yaml | ||
| value: | | ||
| - ... | ||
| render: markdown | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Environment | ||
| description: | | ||
| Examples: | ||
| - **OS**: Ubuntu 20.04 | ||
| - **Nuclei** (`nuclei -version`): v3.3.3 | ||
| - **Go** (`go version`): go1.22.0 _(only if you've installed it via `go install` command)_ | ||
| value: | | ||
| - OS: | ||
| - Nuclei: | ||
| - Go: | ||
| render: markdown | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| attributes: | ||
| label: Steps To Reproduce | ||
| description: | | ||
| Steps to reproduce the behavior, for example, commands to run the templates with Nuclei. | ||
| :warning: **Please redact any literal target hosts/URLs or other sensitive information.** | ||
| placeholder: | | ||
| 1. Run `nuclei -t ...` | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Relevant dumped responses | ||
| description: | | ||
| Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks. | ||
| :warning: **Please redact any literal target hosts/URLs or other sensitive information.** | ||
| render: shell | ||
| - type: textarea | ||
| attributes: | ||
| label: Anything else? | ||
| description: | | ||
| Links? References? Trace (`-tlog`/`-trace-log`) or error (`-elog`/`-error-log`) log? Anything that will give us more context about the issue you are encountering! | ||
| Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. | ||
| validations: | ||
| required: false |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| name: False Positive | ||
| description: Report templates with false positive results. | ||
| title: "[FALSE-POSITIVE] ..." | ||
| labels: ["false-positive"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this false-positive report! | ||
| :warning: **Issues missing important information may be closed without further investigation.** | ||
| - type: textarea | ||
| attributes: | ||
| label: Template IDs or paths | ||
| description: | | ||
| Examples: | ||
| - CVE-202A-YYYYY | ||
| - CVE-202B-YYYYY | ||
| - http/cves/CVE-202C-YYYYY.yaml | ||
| value: | | ||
| - ... | ||
| render: markdown | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Environment | ||
| description: | | ||
| Examples: | ||
| - **OS**: Ubuntu 20.04 | ||
| - **Nuclei** (`nuclei -version`): v3.3.3 | ||
| - **Go** (`go version`): go1.22.0 _(only if you've installed it via `go install` command)_ | ||
| value: | | ||
| - OS: | ||
| - Nuclei: | ||
| - Go: | ||
| render: markdown | ||
| validations: | ||
| required: false | ||
| - type: textarea | ||
| attributes: | ||
| label: Steps To Reproduce | ||
| description: | | ||
| Steps to reproduce the behavior, for example, commands to run the templates with Nuclei. | ||
| :warning: **Please redact any literal target hosts/URLs or other sensitive information.** | ||
| placeholder: | | ||
| 1. Run `nuclei -t ...` | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Relevant dumped responses | ||
| description: | | ||
| Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks. | ||
| :warning: **Please redact any literal target hosts/URLs or other sensitive information.** | ||
| render: shell | ||
| - type: textarea | ||
| attributes: | ||
| label: Anything else? | ||
| description: | | ||
| Links? References? Trace (`-tlog`/`-trace-log`) or error (`-elog`/`-error-log`) log? Anything that will give us more context about the issue you are encountering! | ||
| Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. | ||
| validations: | ||
| required: false |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| name: Template Contribution | ||
| description: Contributing Nuclei template. | ||
| title: "[TEMPLATE CONTRIBUTION] ..." | ||
| labels: ["template-contribution"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to contribute a Nuclei template! | ||
| :warning: **Please submit only one template per issue. This helps us manage and review contributions more effectively.** | ||
| - type: checkboxes | ||
| attributes: | ||
| label: Is there an existing template for this? | ||
| description: Please search to see if an template or issue already exists for the template you contributed. | ||
| options: | ||
| - label: I have searched the existing templates. | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Nuclei Template | ||
| description: Please copy and paste the Nuclei template below. This will be automatically formatted into code, so no need for backticks. | ||
| render: yaml | ||
| - type: textarea | ||
| attributes: | ||
| label: Relevant dumped responses | ||
| description: | | ||
| Please copy and paste any relevant dumped responses (`-dresp`/`-debug-resp`). This will be automatically formatted into code, so no need for backticks. | ||
| :warning: **Please redact any literal target hosts/URLs or other sensitive information.** | ||
| render: shell | ||
| - type: textarea | ||
| attributes: | ||
| label: Anything else? | ||
| description: | | ||
| Links? References? Anything that can speed up the review or validation process. | ||
| validations: | ||
| required: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: Template Requests | ||
| description: Requesting new Nuclei templates. | ||
| title: "[TEMPLATE REQUEST] ..." | ||
| labels: ["template-requests"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thanks for taking the time to fill out this template request issue! | ||
| - type: checkboxes | ||
| attributes: | ||
| label: Is there an existing template for this? | ||
| description: Please search to see if an template or issue already exists for the template you contributed. | ||
| options: | ||
| - label: I have searched the existing templates. | ||
| required: true | ||
| - type: textarea | ||
| attributes: | ||
| label: Template requests | ||
| description: | | ||
| Examples: | ||
| - CVE-202A-YYYYY | ||
| - CVE-202B-YYYYY | ||
| - Exploit X | ||
| - Misconfiguration X | ||
| - Technology X Detection | ||
| value: | | ||
| - ... | ||
| - type: textarea | ||
| attributes: | ||
| label: Anything else? | ||
| description: | | ||
| Links? References (e.g. PoC, exploit, blog post, etc.)? Anything that can speed up template creation, such as: | ||
| - Detailed vulnerability descriptions | ||
| - Sample payloads or exploit code | ||
| - Expected responses or indicators of successful exploitation | ||
| - Affected software versions or configurations | ||
| - Any known limitations or edge cases | ||
| validations: | ||
| required: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -uo pipefail | ||
|
|
||
| OUTPUT="/tmp/nuclei-result-${GITHUB_SHA}.out" | ||
| CHANGED_FILES="$(sed 's/ / -t /g' <<< "${CHANGED_FILES}")" | ||
| WEAK=false | ||
| COMMENT="" | ||
|
|
||
| eval "nuclei -duc -silent -ud ${GITHUB_WORKSPACE} -u ${HONEYPOT_URL} -o ${OUTPUT} -t ${CHANGED_FILES}" | ||
|
|
||
| if [[ "$(wc -l < $OUTPUT)" -gt 0 ]]; then | ||
| COMMENT+="**:warning: Weak matcher detected**\n\n" | ||
| COMMENT+="It looks like Nuclei has found some results on the honeypot target.\n\n" | ||
| COMMENT+="To improve the accuracy of these results and avoid any false positives, " | ||
| COMMENT+="please adjust the matchers as needed. " | ||
| COMMENT+="This will help in providing more reliable and precise results.\n\n" | ||
| COMMENT+="| **Template ID** |\n" | ||
| COMMENT+="|--|\n" | ||
| COMMENT+=$(grep -Po "^\\K[[\w_-]+\]" $OUTPUT | sed 's/\[/| /g; s/\]/ |/g' | sed ':a;N;$!ba;s/\n/\\n/g') | ||
| COMMENT+="\n\n" | ||
| COMMENT+="> Ref ${GITHUB_SHA}" | ||
|
|
||
| WEAK=true | ||
| fi | ||
|
|
||
| echo "weak=${WEAK}" >> $GITHUB_OUTPUT | ||
|
|
||
| { | ||
| echo "comment<<EOF" | ||
| echo -e "${COMMENT}" | ||
| echo "EOF" | ||
| } >> $GITHUB_OUTPUT |
Oops, something went wrong.