Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

headless: fix panic + refactor waitevent action #4465

Merged
merged 5 commits into from
Dec 6, 2023
Merged

headless: fix panic + refactor waitevent action #4465

merged 5 commits into from
Dec 6, 2023

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Dec 5, 2023
edited
Loading

Proposed Changes

@tarunKoyalwar tarunKoyalwar self-assigned this Dec 5, 2023
@tarunKoyalwar tarunKoyalwar changed the title investigate headless waitevent headless: fix panic + refactor waitevent action Dec 5, 2023
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review December 5, 2023 21:43
@tarunKoyalwar
Copy link
Member Author

Example Template

id: headless-waitevent

info:
    name: WaitEvent
    severity: info
    author: pdteam

headless:
  - steps:
      # note waitevent must be used before navigating to any page
      # unlike waitload
      - action: waitevent
        args:
            event: 'Page.loadEventFired'
            max-duration: 15s

      - action: navigate  
        args:
          url: "{{BaseURL}}/"

    matchers:
      - type: word
        words:
          - "<html>"

Nuclei run

./nuclei -u https://imdb.com -headless -v -t integration_tests/protocols/headless/headless-waitevent.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[VER] Sent Headless request to https://imdb.com/
[headless-waitevent] [headless] [info] https://imdb.com/

dogancanbakir
dogancanbakir approved these changes Dec 6, 2023
View reviewed changes
Copy link
Member

@dogancanbakir dogancanbakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/protocols/headless/engine/page_actions.go Outdated Show resolved Hide resolved
@ehsandeep ehsandeep merged commit 47e7503 into dev Dec 6, 2023
12 checks passed
@ehsandeep ehsandeep deleted the investigate-headless-waitevent branch December 6, 2023 13:38
@BrewTestBot BrewTestBot mentioned this pull request Dec 9, 2023
Merged
tarunKoyalwar added a commit to Marcuccio/nuclei that referenced this pull request Dec 20, 2023
@tarunKoyalwar
headless: fix panic + refactor waitevent action (projectdiscovery#4465)
c82d2b5 
* fix waitEvent action

* avoid future panics

* integration test + bug fix

* headless: add max-duration support in waitevent

* fix comment + max-duration input
ehsandeep added a commit that referenced this pull request Dec 21, 2023
@dependabot @jimen0
@tarunKoyalwar @dogancanbakir @ehsandeep
Make the SMTP client used in javascript templates able to send email (#…
199bd9d 
…4451)

* Update smtp.go

make smtp module able to send mail

* Pass Lint Test

* chore(deps): bump github.com/projectdiscovery/retryablehttp-go

Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.36 to 1.0.38.
- [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases)
- [Commits](projectdiscovery/retryablehttp-go@v1.0.36...v1.0.38)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryablehttp-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/clistats

Bumps [github.com/projectdiscovery/clistats](https://github.com/projectdiscovery/clistats) from 0.0.19 to 0.0.20.
- [Release notes](https://github.com/projectdiscovery/clistats/releases)
- [Commits](projectdiscovery/clistats@v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/clistats
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/retryabledns

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.44 to 1.0.45.
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](projectdiscovery/retryabledns@v1.0.44...v1.0.45)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/dsl from 0.0.32 to 0.0.33

Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.32 to 0.0.33.
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](projectdiscovery/dsl@v0.0.32...v0.0.33)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/dsl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/rawhttp

Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.27 to 0.1.28.
- [Release notes](https://github.com/projectdiscovery/rawhttp/releases)
- [Commits](projectdiscovery/rawhttp@v0.1.27...v0.1.28)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/rawhttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* http: support arbitrary strings on TLS SNI annotation (#4462)

* headless: fix panic + refactor waitevent action (#4465)

* fix waitEvent action

* avoid future panics

* integration test + bug fix

* headless: add max-duration support in waitevent

* fix comment + max-duration input

* add timeout (#4467)

* add timeout

* ssh: make timeout configurable

* ssh: update bindings + docs

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* use file stat to check if file is empty (#4469)

* version update

* chore(deps): bump github.com/projectdiscovery/ratelimit

Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.17 to 0.0.19.
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](projectdiscovery/ratelimit@v0.0.17...v0.0.19)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/retryabledns

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.45 to 1.0.46.
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](projectdiscovery/retryabledns@v1.0.45...v1.0.46)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/interactsh

Bumps [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) from 1.1.7 to 1.1.8.
- [Release notes](https://github.com/projectdiscovery/interactsh/releases)
- [Changelog](https://github.com/projectdiscovery/interactsh/blob/main/.goreleaser.yml)
- [Commits](projectdiscovery/interactsh@v1.1.7...v1.1.8)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/interactsh
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/utils

Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.65 to 0.0.67.
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](projectdiscovery/utils@v0.0.65...v0.0.67)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/fastdialer

Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.46 to 0.0.48.
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](projectdiscovery/fastdialer@v0.0.46...v0.0.48)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* network proto: revert full buffer size read (#4497)

* network proto: revert full buffer size read

* fix read-all in network protocol

* version update

* chore(deps): bump github.com/projectdiscovery/retryabledns

Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.46 to 1.0.47.
- [Release notes](https://github.com/projectdiscovery/retryabledns/releases)
- [Commits](projectdiscovery/retryabledns@v1.0.46...v1.0.47)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/retryabledns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/fastdialer

Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.0.48 to 0.0.49.
- [Release notes](https://github.com/projectdiscovery/fastdialer/releases)
- [Commits](projectdiscovery/fastdialer@v0.0.48...v0.0.49)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/fastdialer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/ratelimit

Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.19 to 0.0.20.
- [Release notes](https://github.com/projectdiscovery/ratelimit/releases)
- [Commits](projectdiscovery/ratelimit@v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/ratelimit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/dsl from 0.0.33 to 0.0.35

Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.0.33 to 0.0.35.
- [Release notes](https://github.com/projectdiscovery/dsl/releases)
- [Commits](projectdiscovery/dsl@v0.0.33...v0.0.35)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/dsl
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump github.com/projectdiscovery/utils

Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.0.67 to 0.0.68.
- [Release notes](https://github.com/projectdiscovery/utils/releases)
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md)
- [Commits](projectdiscovery/utils@v0.0.67...v0.0.68)

---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.17.0.
- [Commits](golang/crypto@v0.15.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* misc updates

* misc updates + message builder struct

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: M. Ángel Jimeno <jimen0@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dogancanbakir dogancanbakir dogancanbakir approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How to use the headless waitevent action?
3 participants
@tarunKoyalwar @ehsandeep @dogancanbakir