Skip to content

javascript protocol for scripting (includes 15+ proto libs) #4109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 54 commits into from
Sep 16, 2023
Merged

javascript protocol for scripting (includes 15+ proto libs) #4109

merged 54 commits into from
Sep 16, 2023

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Sep 1, 2023
edited by ehsandeep
Loading

Proposed changes

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@tarunKoyalwar tarunKoyalwar self-assigned this Sep 1, 2023
@tarunKoyalwar tarunKoyalwar marked this pull request as draft September 1, 2023 07:49
@tarunKoyalwar
Copy link
Member Author

Notes

  • goja , goja_nodejs don't create github releases and we manually need to update HEAD
  • zgrab2 is missing release from 2 years but latest commit is required "97ba87c"

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 1, 2023
View reviewed changes
v2/pkg/js/libs/net/net.go

// Open opens a new connection to the address with a timeout.
func OpenTLS(protocol, address string) (*Conn, error) {
config := &tls.Config{InsecureSkipVerify: true}

Check failure

Code scanning / CodeQL

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 1, 2023
View reviewed changes
@tarunKoyalwar tarunKoyalwar changed the title WIP: new protocol js to execute controlled javascript javascript protocol for scripting (includes 15+ proto libs) Sep 12, 2023
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review September 12, 2023 15:42
@tarunKoyalwar tarunKoyalwar mentioned this pull request Sep 12, 2023
Closed
4 tasks
This was linked to issues Sep 12, 2023
Add js based runtime for complex execution scripts and network protocols #3691
Closed
Add support to additional network protocols #2699
Closed
@tarunKoyalwar
Copy link
Member Author

Note

  • template validate fails because xpath matcher support is not yet available in v3-beta branch

@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Sep 13, 2023
edited
Loading

TODO

  • validate and fix network policy(-lna) in javascript protocol

Done

  • use network policy to drop local network connection when enabled
  • use default fastdialer instance everywhere in js libs
$ ./nuclei -u 127.0.0.1:2222 -t ~/Codebase/nuclei-templates/javascript/ssh-server-fingerprint.yaml  -v -lna

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.0-dev

		projectdiscovery.io

[WRN] Could not initialize code template verifier: public key not defined
[INF] Current nuclei version: v3.0.0-dev (development)
[INF] Current nuclei-templates version: v9.6.3 (latest)
[INF] New templates added in latest release: 54
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[VER] [ssh-server-fingerprint] Sent Javascript request to 127.0.0.1:2222
[WRN] [ssh-server-fingerprint] Could not execute request for 127.0.0.1:2222: GoError: host 127.0.0.1 dropped by network policy at reflect.methodValueCall (native)
[INF] No results found. Better luck next time!

This was referenced Sep 13, 2023
Closed
Closed
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Sep 16, 2023
@ehsandeep ehsandeep merged commit 4f93520 into v3-beta Sep 16, 2023
@ehsandeep ehsandeep deleted the feat-js-protocol branch October 18, 2023 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@Ice3man543 Ice3man543 Ice3man543 approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add js based runtime for complex execution scripts and network protocols Add support to additional network protocols
4 participants
@tarunKoyalwar @ehsandeep @Mzack9999 @Ice3man543