nuclei/Makefile at dev · projectdiscovery/nuclei · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
# Go parameters
GOCMD := go
GOBUILD := $(GOCMD) build
GOBUILD_OUTPUT :=
GOBUILD_OUTPUT_EXT :=
GOBUILD_PACKAGES :=
GOBUILD_ADDITIONAL_ARGS :=
GOMOD := $(GOCMD) mod
GOTEST := $(GOCMD) test
GOFLAGS := -v
GOFUZZ_PACKAGE ?=
FUZZ_DURATION ?= 15m
# This should be disabled if the binary uses pprof
LDFLAGS := -s -w

ifneq ($(shell go env GOOS),darwin)
	LDFLAGS += -extldflags "-static"
endif

ifeq ($(shell go env GOOS),windows)
	GOBUILD_OUTPUT_EXT := .exe
endif

.PHONY: all build build-stats clean devtools-all devtools-bindgen devtools-scrapefuncs fuzz fuzz-ci fuzz-tools
.PHONY: devtools-tsgen docs docgen dsl-docs functional go-build lint lint-strict fuzzplayground syntax-docs
.PHONY: integration integration-debug jsupdate-all jsupdate-bindgen jsupdate-tsgen memogen scan-charts test test-with-lint
.PHONY: tidy ts verify download vet template-validate build-fuzz discover-fuzz-packages

all: build

clean:
	rm -f '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' 2>/dev/null

go-build: clean
go-build:
	CGO_ENABLED=0 $(GOBUILD) -trimpath $(GOFLAGS) -ldflags '${LDFLAGS}' $(GOBUILD_ADDITIONAL_ARGS) \
		 -o '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' $(GOBUILD_PACKAGES)

build: GOFLAGS = -pgo=auto
build: GOBUILD_OUTPUT = ./bin/nuclei
build: GOBUILD_PACKAGES = cmd/nuclei/main.go
build: go-build

build-test: GOFLAGS = -v -pgo=auto
build-test: GOBUILD_OUTPUT = ./bin/nuclei.test
build-test: GOBUILD_PACKAGES = ./cmd/nuclei/
build-test: clean
build-test:
	CGO_ENABLED=0 $(GOCMD) test -c -trimpath $(GOFLAGS) -ldflags '${LDFLAGS}' $(GOBUILD_ADDITIONAL_ARGS) \
		 -o '${GOBUILD_OUTPUT}${GOBUILD_OUTPUT_EXT}' ${GOBUILD_PACKAGES}

build-stats: GOBUILD_OUTPUT = ./bin/nuclei-stats
build-stats: GOBUILD_PACKAGES = cmd/nuclei/main.go
build-stats: GOBUILD_ADDITIONAL_ARGS = -tags=stats
build-stats: go-build

scan-charts: GOBUILD_OUTPUT = ./bin/scan-charts
scan-charts: GOBUILD_PACKAGES = cmd/scan-charts/main.go
scan-charts: go-build

template-signer: GOBUILD_OUTPUT = ./bin/template-signer
template-signer: GOBUILD_PACKAGES = cmd/tools/signer/main.go
template-signer: go-build

docgen: GOBUILD_OUTPUT = ./bin/docgen
docgen: GOBUILD_PACKAGES = cmd/docgen/docgen.go
docgen: bin = dstdocgen
docgen:
	@if ! which $(bin) >/dev/null; then \
		echo "Command $(bin) not found! Installing..."; \
		go install -v github.com/projectdiscovery/yamldoc-go/cmd/docgen/$(bin)@latest; \
	fi
	# TODO: FIX THIS PANIC
	$(GOCMD) generate pkg/templates/templates.go
	$(GOBUILD) -o "${GOBUILD_OUTPUT}" $(GOBUILD_PACKAGES)

docs: docgen
docs:
	./bin/docgen docs.md nuclei-jsonschema.json

syntax-docs: docgen
syntax-docs:
	./bin/docgen SYNTAX-REFERENCE.md nuclei-jsonschema.json

test: GOFLAGS = -race -v -timeout 1h -count 1
test:
	$(GOTEST) $(GOFLAGS) ./...

integration:
	$(GOTEST) -tags=integration -timeout 1h ./internal/tests/integration

integration-debug:
	$(GOTEST) -tags=integration ./internal/tests/integration -v $(GO_TEST_ARGS) -args $(INTEGRATION_ARGS)

functional: build
	@release_binary="$$(command -v nuclei.exe 2>/dev/null || command -v nuclei 2>/dev/null)"; \
	if [ -z "$$release_binary" ]; then \
		echo "release nuclei binary not found on PATH"; \
		exit 1; \
	fi; \
	RELEASE_BINARY="$$release_binary" DEV_BINARY="$(PWD)/bin/nuclei" \
		$(GOTEST) -tags=functional -timeout 1h ./internal/tests/functional

tidy:
	$(GOMOD) tidy

download:
	$(GOMOD) download

verify: download
	$(GOMOD) verify

vet: verify
	$(GOCMD) vet ./...

devtools-bindgen: GOBUILD_OUTPUT = ./bin/bindgen
devtools-bindgen: GOBUILD_PACKAGES = pkg/js/devtools/bindgen/cmd/bindgen/main.go
devtools-bindgen: go-build

devtools-tsgen: GOBUILD_OUTPUT = ./bin/tsgen
devtools-tsgen: GOBUILD_PACKAGES = pkg/js/devtools/tsgen/cmd/tsgen/main.go
devtools-tsgen: go-build

devtools-scrapefuncs: GOBUILD_OUTPUT = ./bin/scrapefuncs
devtools-scrapefuncs: GOBUILD_PACKAGES = pkg/js/devtools/scrapefuncs/main.go
devtools-scrapefuncs: go-build

devtools-all: devtools-bindgen devtools-tsgen devtools-scrapefuncs

jsupdate-bindgen: GOBUILD_OUTPUT = ./bin/bindgen
jsupdate-bindgen: GOBUILD_PACKAGES = pkg/js/devtools/bindgen/cmd/bindgen/main.go
jsupdate-bindgen: go-build
jsupdate-bindgen:
	./$(GOBUILD_OUTPUT) -dir pkg/js/libs -out pkg/js/generated

jsupdate-tsgen: GOBUILD_OUTPUT = ./bin/tsgen
jsupdate-tsgen: GOBUILD_PACKAGES = pkg/js/devtools/tsgen/cmd/tsgen/main.go
jsupdate-tsgen: go-build
jsupdate-tsgen:
	./$(GOBUILD_OUTPUT) -dir pkg/js/libs -out pkg/js/generated/ts

jsupdate-all: jsupdate-bindgen jsupdate-tsgen

ts: jsupdate-tsgen

fuzzplayground: GOBUILD_OUTPUT = ./bin/fuzzplayground
fuzzplayground: GOBUILD_PACKAGES = cmd/tools/fuzzplayground/main.go
fuzzplayground: LDFLAGS = -s -w
fuzzplayground: go-build

fuzz-tools:
	@$(GOCMD) tool -modfile=go.tool.mod -n go-fuzz-build >/dev/null
	@$(GOCMD) tool -modfile=go.tool.mod -n go-fuzz >/dev/null

discover-fuzz-packages:
	@set -eu; \
	entries_file="$$(mktemp)"; \
	trap 'rm -f "$$entries_file"' EXIT HUP INT TERM; \
	find . -type d -path '*/testdata/gofuzz-corpus' | LC_ALL=C sort | while IFS= read -r corpus_dir; do \
		pkg_dir="$${corpus_dir%/testdata/gofuzz-corpus}"; \
		if [ ! -f "$$pkg_dir/fuzz.go" ]; then \
			continue; \
		fi; \
		pkg_dir="$${pkg_dir#./}"; \
		pkg="./$$pkg_dir"; \
		if ! $(GOCMD) list "$$pkg" >/dev/null 2>&1; then \
			echo "failed to resolve $$pkg"; \
			exit 1; \
		fi; \
		jq -cn --arg pkg "$$pkg" '{pkg: $$pkg}' >> "$$entries_file"; \
	done; \
	if [ ! -s "$$entries_file" ]; then \
		echo "no fuzzable packages discovered"; \
		exit 1; \
	fi; \
	matrix="$$(jq -cs '{include: .}' "$$entries_file")"; \
	if [ -n "$${GITHUB_OUTPUT:-}" ]; then \
		printf 'matrix=%s\n' "$$matrix" >> "$${GITHUB_OUTPUT}"; \
	else \
		printf '%s\n' "$$matrix"; \
	fi

build-fuzz: fuzz-tools
	@if [ -z "$(GOFUZZ_PACKAGE)" ]; then echo "GOFUZZ_PACKAGE is required"; exit 1; fi
	@PACKAGE_DIR="$$( $(GOCMD) list -f '{{.Dir}}' $(GOFUZZ_PACKAGE) 2>/dev/null )" || { \
		echo "failed to resolve GOFUZZ_PACKAGE: $(GOFUZZ_PACKAGE)"; \
		exit 1; \
	}; \
	WORKDIR="$$PACKAGE_DIR/.gofuzz"; \
	CORPUS_DIR="$$PACKAGE_DIR/testdata/gofuzz-corpus"; \
	BIN_PATH="$$WORKDIR/$$(basename "$$PACKAGE_DIR")-fuzz.zip"; \
	if [ ! -d "$$CORPUS_DIR" ]; then \
		echo "seed corpus directory does not exist: $$CORPUS_DIR"; \
		exit 1; \
	fi; \
	set -- "$$CORPUS_DIR"/*; \
	if [ "$$1" = "$$CORPUS_DIR/*" ]; then \
		echo "seed corpus directory has no seed files: $$CORPUS_DIR"; \
		exit 1; \
	fi; \
	mkdir -p "$$WORKDIR/corpus"; \
	cp -f "$$CORPUS_DIR"/* "$$WORKDIR/corpus/"; \
	GO111MODULE=on $(GOCMD) tool -modfile=go.tool.mod go-fuzz-build -o "$$BIN_PATH" $(GOFUZZ_PACKAGE)

fuzz: build-fuzz
	@PACKAGE_DIR="$$( $(GOCMD) list -f '{{.Dir}}' $(GOFUZZ_PACKAGE) 2>/dev/null )" || { \
		echo "failed to resolve GOFUZZ_PACKAGE: $(GOFUZZ_PACKAGE)"; \
		exit 1; \
	}; \
	WORKDIR="$$PACKAGE_DIR/.gofuzz"; \
	BIN_PATH="$$WORKDIR/$$(basename "$$PACKAGE_DIR")-fuzz.zip"; \
	$(GOCMD) tool -modfile=go.tool.mod go-fuzz -bin="$$BIN_PATH" -workdir="$$WORKDIR"

fuzz-ci:
	@if [ "$${CI:-}" != "true" ]; then echo "fuzz-ci should be run in CI; use 'make fuzz' locally"; exit 1; fi
	@if [ -z "$(GOFUZZ_PACKAGE)" ]; then echo "GOFUZZ_PACKAGE is required"; exit 1; fi
	@set -eu; \
	pkg_dir="$(GOFUZZ_PACKAGE)"; \
	pkg_dir="$${pkg_dir#./}"; \
	workdir="$$pkg_dir/.gofuzz"; \
	pkg_id="$$(printf '%s' "$$pkg_dir" | tr '/.' '-')"; \
	artifact_name="gofuzz-$$pkg_id"; \
	if [ -n "$${GITHUB_OUTPUT:-}" ]; then \
		printf 'artifact_name=%s\n' "$$artifact_name" >> "$${GITHUB_OUTPUT}"; \
	fi; \
	mkdir -p "$$workdir"; \
	timeout_bin="$$(command -v timeout || command -v gtimeout || true)"; \
	if [ -z "$$timeout_bin" ]; then \
		echo "timeout command not found"; \
		exit 1; \
	fi; \
	exit_code=0; \
	"$$timeout_bin" "$(FUZZ_DURATION)" $(MAKE) --no-print-directory fuzz GOFUZZ_PACKAGE="$(GOFUZZ_PACKAGE)" || exit_code=$$?; \
	if [ "$$exit_code" -ne 0 ] && [ "$$exit_code" -ne 124 ]; then \
		echo "fuzzing failed with exit code $$exit_code"; \
		exit "$$exit_code"; \
	fi; \
	count_files() { \
		dir="$$1"; \
		if [ ! -d "$$dir" ]; then \
			echo 0; \
			return; \
		fi; \
		if [ "$$(basename "$$dir")" = "crashers" ]; then \
			find "$$dir" -maxdepth 1 -type f -printf '%f\n' | sed -E 's/\.(output|quoted)$$//' | sort -u | wc -l | tr -d '[:space:]'; \
			return; \
		fi; \
		find "$$dir" -maxdepth 1 -type f | wc -l | tr -d '[:space:]'; \
	}; \
	crasher_count="$$(count_files "$$workdir/crashers")"; \
	corpus_count="$$(count_files "$$workdir/corpus")"; \
	suppressions_count="$$(count_files "$$workdir/suppressions")"; \
	if [ -n "$${GITHUB_STEP_SUMMARY:-}" ]; then \
		{ \
			echo "## \`$(GOFUZZ_PACKAGE)\`"; \
			echo; \
			echo "- Corpus: $$corpus_count"; \
			echo "- Crashers: $$crasher_count"; \
			echo "- Suppressions: $$suppressions_count"; \
			echo; \
		} >> "$${GITHUB_STEP_SUMMARY}"; \
	else \
		printf 'Package: %s\nCorpus: %s\nCrashers: %s\nSuppressions: %s\n' "$(GOFUZZ_PACKAGE)" "$$corpus_count" "$$crasher_count" "$$suppressions_count"; \
	fi

memogen: GOBUILD_OUTPUT = ./bin/memogen
memogen: GOBUILD_PACKAGES = cmd/memogen/memogen.go
memogen: go-build
memogen:
	./$(GOBUILD_OUTPUT) -src pkg/js/libs -tpl cmd/memogen/function.tpl

dsl-docs: GOBUILD_OUTPUT = ./bin/scrapefuncs
dsl-docs: GOBUILD_PACKAGES = pkg/js/devtools/scrapefuncs/main.go
dsl-docs:
	./$(GOBUILD_OUTPUT) -out dsl.md

template-validate: build
template-validate:
	./bin/nuclei -ut
	./bin/nuclei -validate \
		-et http/technologies \
		-t dns \
		-t ssl \
		-t network \
		-t http/exposures \
		-ept code
	./bin/nuclei -validate \
		-w workflows \
		-et http/technologies \
		-ept code