add nuclei-templates 2022-06-29 13:33:1656480787

Author: x51pwn

.github/build/linux.yml

@@ -17,7 +17,7 @@ builds:
     goarch:
       - amd64
 archives:
-- format: zip
+  - format: zip
 
 checksum:
   name_template: "{{ .ProjectName }}-linux-checksums.txt"

.github/build/mac.yml

@@ -18,9 +18,9 @@ builds:
       - amd64
 
 archives:
-- format: zip
-  replacements:
-      darwin: macOS
+  - format: zip
+    replacements:
+        darwin: macOS
 
 checksum:
   name_template: "{{ .ProjectName }}-mac-checksums.txt"

.github/build/windows.yml

@@ -20,7 +20,7 @@ builds:
       - amd64
 
 archives:
-- format: zip
+  - format: zip
 
 checksum:
   name_template: "{{ .ProjectName }}-windows-checksums.txt"

config/nuclei-templates/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+
+contact_links:
+  - name: Ask an question / advise on using nuclei-templates
+    url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/q-a
+    about: Ask a question or request support for using nuclei-templates
+
+  - name: Share idea / feature to discuss for nuclei-templates
+    url: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
+    about: Share idea / feature to discuss for nuclei-templates
+
+  - name: Connect with PD Team & Community (Discord)
+    url: https://discord.gg/projectdiscovery
+    about: Connect with PD Team & Community for direct communication

config/nuclei-templates/.github/ISSUE_TEMPLATE/false-negative.md

@@ -0,0 +1,21 @@
+---
+name: False Negative
+about: 'Issue for template missing valid/expected result.'
+labels: 'false-negative'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Nuclei Version:
+
+<!-- You can find current version of nuclei with "nuclei -version" -->
+
+### Template file:
+
+<!-- Template producing false-negative results, for example: "cves/XX/XX.yaml" -->
+
+### Command to reproduce:
+
+<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
+<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->

config/nuclei-templates/.github/ISSUE_TEMPLATE/false-positive.md

@@ -0,0 +1,24 @@
+---
+name: False Positive
+about: 'Issue for template producing invalid/unexpected result.'
+labels: 'false-positive'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Nuclei Version:
+
+<!-- You can find current version of nuclei with "nuclei -version" -->
+
+### Template file:
+
+<!-- Template producing false-positive results, for example: "cves/XX/XX.yaml" -->
+
+### Command to reproduce:
+
+<!-- Please include the command to replicate the behavior so fix can be applied asap. -->
+<!-- if host information can not be shared publicly, please reach out to us on discord server in DM -->
+
+### Anything else:
+<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

config/nuclei-templates/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,18 @@
+---
+name: Feature request
+about: Request feature to implement in this project
+labels: 'Type: Enhancement'
+---
+
+<!--
+1. Please make sure to provide a detailed description with all the relevant information that might be required to start working on this feature.
+2. In case you are not sure about your request or whether the particular feature is already supported or not, please start a discussion instead.
+3. GitHub Discussion: https://github.com/projectdiscovery/nuclei-templates/discussions/categories/ideas
+4. Join our discord server at https://discord.gg/projectdiscovery to discuss the idea on the #nuclei-templates channel.
+-->
+
+### Please describe your feature request:
+<!-- A clear and concise description of feature to implement -->
+
+### Describe the use case of this feature:
+<!-- A clear and concise description of the feature request's motivation and the use-cases in which it could be useful. -->

config/nuclei-templates/.github/ISSUE_TEMPLATE/issue-report.md

@@ -0,0 +1,21 @@
+---
+name: Issue report
+about: "Issue to report invalid template"
+labels: 'Type: Bug'
+
+---
+
+<!-- 
+1. Please search to see if an issue already exists for the bug you encountered.
+2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei-templates/discussions or
+3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei-templates channel.
+-->
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+### Issue description:
+<!-- A concise description of what you're experiencing. -->
+
+
+### Anything else:
+<!-- Links? References? Screnshots? Anything that will give us more context about the issue that you are encountering! -->

config/nuclei-templates/.github/ISSUE_TEMPLATE/submit-template.md

@@ -0,0 +1,23 @@
+---
+name: Template Contribution
+about: Contributing nuclei template using GitHub Issue
+labels: 'nuclei-template'
+---
+
+### Template Information:
+
+<!-- Include basic information of the template including reference -->
+<!-- Templates without any reference mostly likely to take more time for review/validation -->
+
+
+### Nuclei Template:
+
+<!-- Include nuclei template in between code block shared below -->
+
+
+```yaml
+
+```
+
+<!-- Include template results if available or redacted valid response snippet of valid match -->
+<!-- Example response help us to update the matchers as unique as possible to avoid possible false-positive results. -->

config/nuclei-templates/.github/scripts/README.tmpl

@@ -0,0 +1,84 @@
+f"""
+
+<h1 align="center">
+Nuclei Templates
+</h1>
+<h4 align="center">Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.</h4>
+
+
+<p align="center">
+<a href="https://github.com/projectdiscovery/nuclei-templates/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
+<a href="https://github.com/projectdiscovery/nuclei-templates/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei-templates"></a>
+<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
+<a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
+</p>
+      
+<p align="center">
+  <a href="https://nuclei.projectdiscovery.io/templating-guide/">Documentation</a> •
+  <a href="#-contributions">Contributions</a> •
+  <a href="#-discussion">Discussion</a> •
+  <a href="#-community">Community</a> •
+  <a href="https://nuclei.projectdiscovery.io/faq/templates/">FAQs</a> •
+  <a href="https://discord.gg/projectdiscovery">Join Discord</a>
+</p>
+
+----
+
+Templates are the core of the [nuclei scanner](https://github.com/projectdiscovery/nuclei) which powers the actual scanning engine.
+This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community.
+We hope that you also contribute by sending templates via **pull requests** or [Github issues](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) to grow the list.
+
+
+## Nuclei Templates overview
+
+
+An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is [available here](TEMPLATES-STATS.md), and also available in [JSON](TEMPLATES-STATS.json) format for integration.
+
+<table>
+<tr>
+<td> 
+
+{get_top10()}
+
+**{command("tree", -2, None)}**.
+
+</td>
+</tr>
+</table>
+
+📖 Documentation
+-----
+
+Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to **build** new or your own **custom** templates.
+We have also added a set of templates to help you understand how things work.
+
+💪 Contributions
+-----
+
+Nuclei-templates is powered by major contributions from the community.
+[Template contributions ](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+), [Feature Requests](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=feature_request.md&title=%5BFeature%5D+) and [Bug Reports](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=bug_report.md&title=%5BBug%5D+) are more than welcome.
+
+![Alt](https://repobeats.axiom.co/api/embed/55ee65543bb9a0f9c797626c4e66d472a517d17c.svg "Repobeats analytics image")
+
+💬 Discussion
+-----
+
+Have questions / doubts / ideas to discuss?
+Feel free to open a discussion on [Github discussions](https://github.com/projectdiscovery/nuclei-templates/discussions) board.
+
+👨‍💻 Community
+-----
+
+You are welcome to join the active [Discord Community](https://discord.gg/projectdiscovery) to discuss directly with project maintainers and share things with others around security and automation.
+Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be updated on all the things about Nuclei.
+
+
+<p align="center">
+<a href="https://github.com/projectdiscovery/nuclei-templates/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=projectdiscovery/nuclei-templates&max=300">
+</a>
+</p>
+
+
+Thanks again for your contribution and keeping this community vibrant. :heart:
+"""

config/nuclei-templates/.github/scripts/update-readme.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+import glob
+import subprocess
+
+def countTpl(path):
+	return len(glob.glob(path + "/*.*"))
+
+def command(args, start=None, end=None):
+	return "\n".join(subprocess.run(args, text=True, capture_output=True).stdout.split("\n")[start:end])[:-1]
+
+def get_top10():
+	HEADER = "## Nuclei Templates Top 10 statistics\n\n"
+	TOP10 = command(["cat", "TOP-10.md"])
+	return HEADER + TOP10 if len(TOP10) > 0 else ""
+
+if __name__ == "__main__":
+	version = command(["git", "describe", "--tags", "--abbrev=0"])
+	template = eval(open(".github/scripts/README.tmpl", "r").read())
+
+	print(template)
+	f = open("README.md", "w")
+	f.write(template)
+	f.close()

config/nuclei-templates/.github/workflows/cve-annotate.yml

@@ -0,0 +1,49 @@
+name: ✍🏻 CVE Annotate
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Get Github tag
+        id: meta
+        run: |
+          echo "::set-output name=tag::$(curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name)"
+
+      - name: Setup CVE annotate
+        if: steps.meta.outputs.tag != ''
+        env:
+          VERSION: ${{ steps.meta.outputs.tag }}
+        run: |
+          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
+          sudo unzip cve-annotate.zip -d /usr/local/bin
+        working-directory: /tmp
+
+      - name: Generate CVE Annotations
+        id: cve-annotate
+        run: |
+          cve-annotate -i ./cves/ -d .
+          echo "::set-output name=changes::$(git status -s | wc -l)"
+
+      - name: Commit files
+        if: steps.cve-annotate.outputs.changes > 0
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git pull
+          git add cves
+          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
+
+      - name: Push changes
+        if: steps.cve-annotate.outputs.changes > 0
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: ${{ github.ref }}

config/nuclei-templates/.github/workflows/new-templates.yml

@@ -0,0 +1,37 @@
+name: 🥳 New Template List
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  templates:
+    runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
+    steps:
+      - uses: actions/checkout@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Generate new template list
+        id: new-additions
+        run: |
+          git pull
+          git diff  --name-only --diff-filter=A $(git tag | tail -n 1) @ . | grep .yaml | tee .new-additions
+
+      - name: Commit files
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git add .new-additions -f
+          git commit --allow-empty -m "Auto Generated New Template Addition List [$(date)] :robot:" -a
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: ${{ github.ref }}