goexec

package

v3.9.0 Latest Latest Go to latest Published: Jun 10, 2026 License: MIT, Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/projectdiscovery/nuclei

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AuthConstructors() map[string]interface{}
func SetRunnerForTesting(runner Runner) func()
func WithExecutionID(ctx context.Context, executionID string) context.Context
type Auth
- func AESKey(username, aesKey string, options ...interface{}) *Auth
- func CCache(path string) *Auth
- func Kerberos(username string, options ...interface{}) *Auth
- func NTHash(username, ntHash string, extra ...string) *Auth
- func PFX(username, pfxPath, pfxPassword string) *Auth
- func Password(username, password string) *Auth
- func (a *Auth) MarshalJSON() ([]byte, error)
type CleanupResult
type ExecutionOptions
- func DefaultExecutionOptions() ExecutionOptions
- func MergeOptions(base ExecutionOptions, raw interface{}) ExecutionOptions
type GoExecRunner
- func (r *GoExecRunner) Run(ctx context.Context, req Request) (*Result, error)
type Redactor
- func (r *Redactor) Error(err error) string
- func (r *Redactor) String(value string) string
type Request
type Result
- func Run(ctx context.Context, req Request) *Result
- func (r *Result) Public() map[string]interface{}
type Runner

Constants ¶

View Source

const (
	DefaultOutputMethod  = "smb"
	DefaultOutputTimeout = 60
	DefaultMaxOutputSize = 1024 * 1024
)

Variables ¶

View Source

var (
	ErrMissingAuth             = errors.New("goexec auth is required")
	ErrMissingUsername         = errors.New("goexec username is required for this auth mode")
	ErrMultipleCredentialModes = errors.New("goexec auth selects multiple primary credential modes")
	ErrMissingTarget           = errors.New("goexec target is required")
	ErrMissingCommand          = errors.New("goexec command is required")
	ErrMissingExecutable       = errors.New("goexec executable is required")
	ErrUnsupportedModule       = errors.New("unsupported goexec module")
	ErrUnsupportedMethod       = errors.New("unsupported goexec method")
	ErrUnsupportedOutputMethod = errors.New("unsupported goexec output method")
	ErrNetworkPolicyDenied     = errors.New("target denied by network policy")
	ErrInvalidMethodArguments  = errors.New("invalid goexec method arguments")
	ErrDomainControllerDenied  = errors.New("domain controller denied by network policy")
	ErrProxyDenied             = errors.New("proxy denied by network policy")
	ErrEndpointDenied          = errors.New("endpoint denied by network policy")
)

Functions ¶

func AuthConstructors ¶

func AuthConstructors() map[string]interface{}

AuthConstructors returns the JavaScript-facing Auth helper namespace.

func SetRunnerForTesting ¶

func SetRunnerForTesting(runner Runner) func()

SetRunnerForTesting replaces the adapter runner and returns a restore func.

func WithExecutionID ¶

func WithExecutionID(ctx context.Context, executionID string) context.Context

WithExecutionID adds nuclei's execution ID to contexts passed through manual JavaScript closures that do not go through gojs' context injection path.

Types ¶

type Auth ¶

type Auth struct {
	// contains filtered or unexported fields
}

Auth stores Windows authentication material for GoExec-backed helpers.

The credential fields are intentionally unexported so JavaScript templates cannot serialize them back into findings, debug output, or stored responses.

func AESKey ¶

func AESKey(username, aesKey string, options ...interface{}) *Auth

AESKey creates Kerberos AES-key authentication.

func CCache ¶

func CCache(path string) *Auth

CCache creates ccache authentication.

func Kerberos ¶

func Kerberos(username string, options ...interface{}) *Auth

Kerberos creates Kerberos authentication with optional fields such as dc.

func NTHash ¶

func NTHash(username, ntHash string, extra ...string) *Auth

NTHash creates pass-the-hash authentication.

func PFX ¶

func PFX(username, pfxPath, pfxPassword string) *Auth

PFX creates PFX client certificate authentication.

func Password ¶

func Password(username, password string) *Auth

Password creates username/password authentication.

func (*Auth) MarshalJSON ¶

func (a *Auth) MarshalJSON() ([]byte, error)

MarshalJSON intentionally hides credential material from serialized output.

type CleanupResult ¶

type CleanupResult struct {
	Attempted bool     `json:"attempted"`
	Succeeded bool     `json:"succeeded"`
	Artifacts []string `json:"artifacts,omitempty"`
}

CleanupResult reports helper-created artifact cleanup state.

type ExecutionOptions ¶

type ExecutionOptions struct {
	Timeout        int
	Proxy          string
	Output         bool
	OutputMethod   string
	OutputTimeout  int
	NoDeleteOutput bool
	Directory      string
	Endpoint       string
	EPM            bool
	EPMFilter      string
	NoSign         bool
	NoSeal         bool
	MaxOutputSize  int
}

ExecutionOptions controls one Windows execution helper call.

func DefaultExecutionOptions ¶

func DefaultExecutionOptions() ExecutionOptions

DefaultExecutionOptions returns conservative defaults for helper execution.

func MergeOptions ¶

func MergeOptions(base ExecutionOptions, raw interface{}) ExecutionOptions

MergeOptions combines base options with a JavaScript-supplied object.

type GoExecRunner ¶

type GoExecRunner struct{}

GoExecRunner maps nuclei helper requests to FalconOps GoExec library calls.

func (*GoExecRunner) Run ¶

func (r *GoExecRunner) Run(ctx context.Context, req Request) (*Result, error)

type Redactor ¶

type Redactor struct {
	// contains filtered or unexported fields
}

Redactor removes credential material before data is returned to JavaScript.

func (*Redactor) Error ¶

func (r *Redactor) Error(err error) string

func (*Redactor) String ¶

func (r *Redactor) String(value string) string

String redacts every known secret from value.

type Request ¶

type Request struct {
	Module         string
	Method         string
	Target         string
	Auth           *Auth
	Executable     string
	Args           string
	Command        string
	TaskName       string
	ServiceName    string
	Namespace      string
	ClassName      string
	MethodName     string
	MethodArgsJSON string
	Options        ExecutionOptions
}

Request is the adapter boundary between JavaScript helpers and GoExec.

type Result ¶

type Result struct {
	OK              bool          `json:"ok"`
	Module          string        `json:"module"`
	Method          string        `json:"method"`
	Target          string        `json:"target"`
	Stdout          string        `json:"stdout,omitempty"`
	Stderr          string        `json:"stderr,omitempty"`
	ExitCode        int           `json:"exit_code"`
	OutputCollected bool          `json:"output_collected"`
	OutputMethod    string        `json:"output_method,omitempty"`
	DurationMS      int64         `json:"duration_ms"`
	Error           string        `json:"error,omitempty"`
	Cleanup         CleanupResult `json:"cleanup"`
}

Result is returned by GoExec-backed Windows execution helper calls.

func Run ¶

func Run(ctx context.Context, req Request) *Result

Run executes a helper request and always returns a structured Result.

func (*Result) Public ¶

func (r *Result) Public() map[string]interface{}

Public returns a JavaScript-safe object with snake_case field names.

type Runner ¶

type Runner interface {
	Run(ctx context.Context, req Request) (*Result, error)
}

Runner executes a normalized Windows helper request.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL