Static Auth

[tarunKoyalwar]

Proposed Changes

• context Complete support for Auth Protected Targets #4793
• support static auth
• Accept Secrets From YAML file
• Basic WWW-Authentication Support
• Global Variables Override for input-modes like postman,openapi etc
• Cookie Reuse Improvements ( linking to static auth)
• Per Host Creds Support

Final Static Secrets file format & options

id: pd-nuclei-auth-test

info:
  name: ProjectDiscovery Test Dev Servers
  author: pdteam
  description: |
    This is a auth file for ProjectDiscovery dev servers.
    It contains auth data of all projectdiscovery dev servers.

# Note: this is a dummy example file. none of the secrets here are real.

# static secrets
static:
  # for header based auth session
  - type: header
    domains:
      - api.projectdiscovery.io
      - cve.projectdiscovery.io
      - chaos.projectdiscovery.io
    headers:
      - key: x-pdcp-key
        value: <api-key-here>

  # for query based auth session
  - type: Query
    domains:
      - scanme.sh
    params:
      - key: token
        value: 1a2b3c4d5e6f7g8h9i0j

  # for cookie based auth session
  - type: Cookie
    domains:
      - scanme.sh
    cookies:
      - key: PHPSESSID
        value: 1a2b3c4d5e6f7g8h9i0j

  # for basic auth session
  - type: BasicAuth
    domains:
      - scanme.sh
    username: test
    password: test

  # for authorization bearer token
  - type: BearerToken
    domains-regex:
      - .*scanme.sh
      - .*pdtm.sh
    token: test