fuzz

package

v3.4.8 Latest Latest Go to latest Published: Aug 21, 2025 License: MIT Imports: 23 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/projectdiscovery/nuclei

Links

Open Source Insights

Documentation ¶

Overview ¶

Package fuzz contains the fuzzing functionality for dynamic fuzzing of HTTP requests and its respective implementation.

Index ¶

func ErrRuleNotApplicable(reason interface{}) error
func IsErrRuleNotApplicable(err error) bool
type ExecuteRuleInput
type GeneratedRequest
type Rule
- func (rule *Rule) Compile(generator *generators.PayloadGenerator, options *protocols.ExecutorOptions) error
- func (rule *Rule) Execute(input *ExecuteRuleInput) (err error)
type SliceOrMapSlice
type ValueOrKeyValue
- func (v *ValueOrKeyValue) IsKV() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ErrRuleNotApplicable ¶

func ErrRuleNotApplicable(reason interface{}) error

ErrRuleNotApplicable returns a rule not applicable error

func IsErrRuleNotApplicable ¶

func IsErrRuleNotApplicable(err error) bool

IsErrRuleNotApplicable checks if an error is due to rule not applicable

Types ¶

type ExecuteRuleInput ¶

type ExecuteRuleInput struct {
	// Input is the context args input
	Input *contextargs.Context
	// Callback is the callback for generated rule requests
	Callback func(GeneratedRequest) bool
	// InteractURLs contains interact urls for execute call
	InteractURLs []string
	// Values contains dynamic values for the rule
	Values map[string]interface{}
	// BaseRequest is the base http request for fuzzing rule
	BaseRequest *retryablehttp.Request
	// DisplayFuzzPoints is a flag to display fuzz points
	DisplayFuzzPoints bool

	// ApplyPayloadInitialTransformation is an optional function
	// to transform the payload initially based on analyzer rules
	ApplyPayloadInitialTransformation func(string, map[string]interface{}) string
	AnalyzerParams                    map[string]interface{}
}

ExecuteRuleInput is the input for rule Execute function

type GeneratedRequest ¶

type GeneratedRequest struct {
	// Request is the http request for rule
	Request *retryablehttp.Request
	// InteractURLs is the list of interactsh urls
	InteractURLs []string
	// DynamicValues contains dynamic values map
	DynamicValues map[string]interface{}
	// Component is the component for the request
	Component component.Component
	// Parameter being fuzzed
	Parameter string

	// Key is the key for the request
	Key string
	// Value is the value for the request
	Value string
	// OriginalValue is the original value for the request
	OriginalValue string
	// OriginalPayload is the original payload for the request
	OriginalPayload string
}

GeneratedRequest is a single generated request for rule

type Rule ¶

type Rule struct {
	// description: |
	//   Type is the type of fuzzing rule to perform.
	//
	//   replace replaces the values entirely. prefix prefixes the value. postfix postfixes the value
	//   and infix places between the values.
	// values:
	//   - "replace"
	//   - "prefix"
	//   - "postfix"
	//   - "infix"
	Type string `` /* 187-byte string literal not displayed */

	// description: |
	//   Part is the part of request to fuzz.
	// values:
	//   - "query"
	//   - "header"
	//   - "path"
	//   - "body"
	//   - "cookie"
	//   - "request"
	Part string `` /* 184-byte string literal not displayed */

	// description: |
	//   Parts is the list of parts to fuzz. If multiple parts need to be
	//   defined while excluding some, this should be used instead of singular part.
	// values:
	//   - "query"
	//   - "header"
	//   - "path"
	//   - "body"
	//   - "cookie"
	//   - "request"
	Parts []string `` /* 187-byte string literal not displayed */

	// description: |
	//   Mode is the mode of fuzzing to perform.
	//
	//   single fuzzes one value at a time. multiple fuzzes all values at same time.
	// values:
	//   - "single"
	//   - "multiple"
	Mode string `` /* 142-byte string literal not displayed */

	// description: |
	//   Keys is the optional list of key named parameters to fuzz.
	// examples:
	//   - name: Examples of keys
	//     value: >
	//       []string{"url", "file", "host"}
	Keys []string `` /* 128-byte string literal not displayed */

	// description: |
	//   KeysRegex is the optional list of regex key parameters to fuzz.
	// examples:
	//   - name: Examples of key regex
	//     value: >
	//       []string{"url.*"}
	KeysRegex []string `` /* 137-byte string literal not displayed */

	// description: |
	//   Values is the optional list of regex value parameters to fuzz.
	// examples:
	//   - name: Examples of value regex
	//     value: >
	//       []string{"https?://.*"}
	ValuesRegex []string `` /* 133-byte string literal not displayed */

	// description: |
	//   Fuzz is the list of payloads to perform substitutions with.
	// examples:
	//   - name: Examples of fuzz
	//     value: >
	//       []string{"{{ssrf}}", "{{interactsh-url}}", "example-value"}
	//      or
	//       x-header: 1
	//       x-header: 2
	Fuzz SliceOrMapSlice `` /* 143-byte string literal not displayed */
	// description: |
	//  replace-regex is regex for regex-replace rule type
	//  it is only required for replace-regex rule type
	// examples:
	//   - type: replace-regex
	//     replace-regex: "https?://.*"
	ReplaceRegex string `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Rule is a single rule which describes how to fuzz the request

func (*Rule) Compile ¶

func (rule *Rule) Compile(generator *generators.PayloadGenerator, options *protocols.ExecutorOptions) error

Compile compiles a fuzzing rule and initializes it for operation

func (*Rule) Execute ¶

func (rule *Rule) Execute(input *ExecuteRuleInput) (err error)

Execute executes a fuzzing rule accepting a callback on which generated requests are returned.

Input is not thread safe and should not be shared between concurrent goroutines.

type SliceOrMapSlice ¶

type SliceOrMapSlice struct {
	Value []string
	KV    *mapsutil.OrderedMap[string, string]
}

func (SliceOrMapSlice) JSONSchema ¶ added in v3.2.4

func (v SliceOrMapSlice) JSONSchema() *jsonschema.Schema

func (SliceOrMapSlice) JSONSchemaExtend ¶ added in v3.2.4

func (v SliceOrMapSlice) JSONSchemaExtend(schema *jsonschema.Schema) *jsonschema.Schema

func (SliceOrMapSlice) MarshalJSON ¶

func (v SliceOrMapSlice) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface.

func (SliceOrMapSlice) MarshalYAML ¶

func (v SliceOrMapSlice) MarshalYAML() (any, error)

MarshalYAML implements yaml.Marshaler interface.

func (*SliceOrMapSlice) UnmarshalJSON ¶

func (v *SliceOrMapSlice) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler interface.

func (*SliceOrMapSlice) UnmarshalYAML ¶

func (v *SliceOrMapSlice) UnmarshalYAML(callback func(interface{}) error) error

UnmarshalYAML implements yaml.Unmarshaler interface.

type ValueOrKeyValue ¶

type ValueOrKeyValue struct {
	Key   string
	Value string

	OriginalPayload string
}

func (*ValueOrKeyValue) IsKV ¶

func (v *ValueOrKeyValue) IsKV() bool

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
analyzers
time Package time implements a time delay analyzer using linear regression heuristics inspired from ZAP to discover time based issues.	Package time implements a time delay analyzer using linear regression heuristics inspired from ZAP to discover time based issues.
component
dataformat
frequency
stats Package stats implements a statistics recording module for nuclei fuzzing.	Package stats implements a statistics recording module for nuclei fuzzing.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL