httpvoid · pull · Dec 16, 2022 · Dec 16, 2022 · Dec 16, 2022 · Dec 16, 2022
diff --git a/.github/ISSUE_TEMPLATE/new-template.md b/.github/ISSUE_TEMPLATE/new-template.md
@@ -0,0 +1,17 @@
+---
+name: Template Request
+about: 'request for new template to be created.'
+labels: 'new-template'
+
+---
+
+<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->
+
+
+### Template for?
+
+<!-- Name the CVE / Vulnerability / Exploit / Misconfiguration / Technology -->
+
+### Details:
+
+<!-- Required information to create a nuclei template such as exploit link / source / reference / vulnerable setup / search query / demo host -->
diff --git a/.github/scripts/wordpress-plugins-update-requirements.txt b/.github/scripts/wordpress-plugins-update-requirements.txt
@@ -0,0 +1,10 @@
+beautifulsoup4==4.11.1
+bs4==0.0.1
+certifi==2022.9.24
+charset-normalizer==2.1.1
+idna==3.4
+Markdown==3.4.1
+requests==2.28.1
+soupsieve==2.3.2.post1
+termcolor==2.1.1
+urllib3==1.26.13
diff --git a/.github/scripts/wordpress-plugins-update.py b/.github/scripts/wordpress-plugins-update.py
@@ -0,0 +1,185 @@
+#!/usr/bin/env python3
+
+'''
+This script reads the URL https://wordpress.org/plugins/browse/popular/ until page 10, extract each plugin name and namespace,
+then in http://plugins.svn.wordpress.org/ website, looks for the "Stable tag" inside the readme.txt and extract the last version
+number from trunk branch. Finally generates a template and a payload file with last version number to be used during scan that
+compares the detect version with the payload version.
+
+The generated template also includes the tags top-100 and top-200 allowing filtering.
+
+e.g.
+nuclei -t technologies/wordpress/plugins -tags top-100 -u https://www.example.com
+'''
+
+__author__ = "ricardomaia"
+
+from time import sleep
+from bs4 import BeautifulSoup
+import requests
+import re
+from markdown import markdown
+import os
+from termcolor import colored, cprint
+
+# Regex to extract the name of th plugin from the URL
+regex = r"https://wordpress.org/plugins/(\w.+)/"
+
+ranking = 1
+
+# Top 200 Wordpress Plugins
+for page_number in range(1, 11):
+
+    html = requests.get(url=f"https://wordpress.org/plugins/browse/popular/page/{page_number}", headers={
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
+        "Accept-Language": "en-US,en;q=0.9",
+        "Accept-Encoding": "gzip, deflate",
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+        "Connection": "keep-alive",
+        "Upgrade-Insecure-Requests": "1",
+        "Cache-Control": "max-age=0",
+        "Pragma": "no-cache",
+    }).content
+
+    # Parse HTML
+    soup = BeautifulSoup(html, 'html.parser')
+    results = soup.find(id="main")
+    articles = results.find_all("article", class_="plugin-card")
+
+    # Setting the top tag
+    top_tag = "top-100,top-200" if page_number <= 5 else "top-200"
+
+    # Get each plugin in the page
+    for article in articles:
+
+        full_title = article.find("h3", class_="entry-title").get_text()
+        regex_remove_quotes = r"[\"`:]"
+        subst_remove_quotes = "'"
+        title = re.sub(regex_remove_quotes, subst_remove_quotes, full_title)
+
+        link = article.find("a").get("href")
+        name = re.search(regex, link).group(1)
+
+        cprint(f"Title: {title}", "cyan")
+        cprint(f"Link: {link}", "yellow")
+        cprint(f"Name: {name} - Ranking: {ranking}", "green")
+        print(f"Page Number: {page_number}")
+        print(f"Top Tag: {top_tag}")
+        print(f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt")
+        ranking += 1
+
+        sleep(0.2)
+
+        # Get the readme.txt file from SVN
+        readme = requests.get(
+            url=f"http://plugins.svn.wordpress.org/{name}/trunk/readme.txt",
+            headers={
+                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
+                "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+                "Accept-Encoding": "gzip, deflate",
+                "Accept-Language": "pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6",
+                "Cache-Control": "no-cache",
+                "Connection": "keep-alive",
+                "Host": "plugins.svn.wordpress.org",
+                "Pragma": "no-cache",
+                "Upgrade-Insecure-Requests": "1",
+                "Referer": "http://plugins.svn.wordpress.org/{name}/trunk/"}).content
+
+        # Extract the plugin version
+        try:
+            version = re.search(r"(?i)Stable.tag:\s+([\w.]+)",
+                                readme.decode("utf-8")).group(1)
+        except:
+            version = "N/A"
+
+        # Extract the plugin description
+        try:
+            description_markdown = re.search(
+                r"(?i)==.Description.==\W+\n?(.*)", readme.decode("utf-8")).group(1)
+            html = markdown(description_markdown)
+            full_description = BeautifulSoup(html, 'html.parser').get_text()
+            regex_max_length = r"(\b.{80}\b)"
+            subst_max_lenght = "\\g<1>\\n    "
+            description = re.sub(
+                regex_max_length, subst_max_lenght, full_description, 0, re.MULTILINE)
+        except:
+            description = "N/A"
+
+        print(f"Version: {version}")
+        print(f"Description: {description}")
+
+        # Write the plugin template to file
+        template = f'''id: wordpress-{name}
+
+info:
+  name: {title} Detection
+  author: ricardomaia
+  severity: info
+  reference:
+    - https://wordpress.org/plugins/{name}/
+  metadata:
+    plugin_namespace: {name}
+    wpscan: https://wpscan.com/plugin/{name}
+  tags: tech,wordpress,wp-plugin,{top_tag}
+
+requests:
+  - method: GET
+
+    path:
+      - "{{{{BaseURL}}}}/wp-content/plugins/{name}/readme.txt"
+
+    payloads:
+      last_version: helpers/wordpress/plugins/{name}.txt
+
+    extractors:
+      - type: regex
+        part: body
+        internal: true
+        name: internal_detected_version
+        group: 1
+        regex:
+          - '(?i)Stable.tag:\s?([\w.]+)'
+
+      - type: regex
+        part: body
+        name: detected_version
+        group: 1
+        regex:
+          - '(?i)Stable.tag:\s?([\w.]+)'
+
+    matchers-condition: or
+    matchers:
+      - type: dsl
+        name: "outdated_version"
+        dsl:
+          - compare_versions(internal_detected_version, concat("< ", last_version))
+
+      - type: regex
+        part: body
+        regex:
+          - '(?i)Stable.tag:\s?([\w.]+)'
+'''
+
+        work_dir = os.getcwd()
+        print(f"Current working directory: {work_dir}")
+        helper_dir = f"{work_dir}/helpers/wordpress/plugins"
+        template_dir = f"{work_dir}/technologies/wordpress/plugins"
+
+        if not os.path.exists(helper_dir):
+            os.makedirs(helper_dir)
+
+        if not os.path.exists(template_dir):
+            os.makedirs(template_dir)
+
+        helper_path = f"helpers/wordpress/plugins/{name}.txt"
+        version_file = open(helper_path, "w")
+        version_file.write(version)
+        version_file.close()
+
+        template_path = f"technologies/wordpress/plugins/{name}.yaml"
+        template_file = open(template_path, "w")  # Dev environment
+        template_file.write(template)
+        template_file.close()
+
+        print("--------------------------------------------")
+        print("\n")
diff --git a/.github/workflows/cache-purge.yml b/.github/workflows/cache-purge.yml
@@ -0,0 +1,18 @@
+name: 🗑️ Cache Purge
+
+on:
+  push:
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Purge cache
+        uses: jakejarvis/cloudflare-purge-action@master
+        env:
+          CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
+          CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
+#          PURGE_URLS: '["https://version-check.nuclei.sh/versions"]'
diff --git a/.github/workflows/cve-annotate.yml b/.github/workflows/cve-annotate.yml
@@ -10,28 +10,30 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/checkout@v2
 
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.17
+      - name: Get Github tag
+        id: meta
+        run: |
+          curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
+
+      - name: Setup CVE annotate
+        if: steps.meta.outputs.TAG != ''
+        env:
+          VERSION: ${{ steps.meta.outputs.TAG }}
+        run: |
+          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
+          sudo unzip cve-annotate.zip -d /usr/local/bin
+        working-directory: /tmp
 
       - name: Generate CVE Annotations
         id: cve-annotate
         run: |
-          if ! which cve-annotate > /dev/null; then
-            echo -e "Command cve-annotate not found! Installing\c"
-            go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
-          fi
-          cve-annotate -i ./cves/ -d .
-          echo "::set-output name=changes::$(git status -s | wc -l)"
+          cve-annotate -i . -d .
+          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
 
       - name: Commit files
-        if: steps.cve-annotate.outputs.changes > 0
+        if: steps.cve-annotate.outputs.CHANGES > 0
         run: |
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
@@ -40,8 +42,8 @@ jobs:
           git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
 
       - name: Push changes
-        if: steps.cve-annotate.outputs.changes > 0
+        if: steps.cve-annotate.outputs.CHANGES > 0
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: ${{ github.ref }}
+          branch: ${{ github.ref }}
diff --git a/.github/workflows/new-templates.yml b/.github/workflows/new-templates.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   templates:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@master
         with:
@@ -19,6 +20,7 @@ jobs:
       - name: Generate new template list
         id: new-additions
         run: |
+          git pull
           git diff  --name-only --diff-filter=A $(git tag | tail -n 1) @ . | grep .yaml | tee .new-additions
 
       - name: Commit files
@@ -32,4 +34,4 @@ jobs:
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: ${{ github.ref }}
+          branch: ${{ github.ref }}
diff --git a/.github/workflows/readme-update.yml b/.github/workflows/readme-update.yml
@@ -30,17 +30,17 @@ jobs:
         id: readme-update
         run: |
           python .github/scripts/update-readme.py
-          echo "::set-output name=changes::$(git status -s | wc -l)"
+          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
 
       - name: Commit files
-        if: steps.readme-update.outputs.changes > 0
+        if: steps.readme-update.outputs.CHANGES > 0
         run: |
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
           git commit -m "Auto README Update [$(date)] :robot:" -a
 
       - name: Push changes
-        if: steps.readme-update.outputs.changes > 0
+        if: steps.readme-update.outputs.CHANGES > 0
         uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/template-checksum.yml b/.github/workflows/template-checksum.yml
@@ -0,0 +1,38 @@
+name: 📝 Template Checksum
+
+on:
+  push:
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: actions/setup-go@v2
+        with: 
+          go-version: 1.18
+
+      - name: install checksum generator
+        run: |
+          go install -v github.com/projectdiscovery/nuclei/v2/cmd/generate-checksum@dev
+
+      - name: generate checksum
+        run: |
+          generate-checksum /home/runner/work/nuclei-templates/nuclei-templates/ templates-checksum.txt
+
+      - name: Commit files
+        run: |
+          git pull
+          git add templates-checksum.txt
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git commit -m "Auto Generated Templates Checksum [$(date)] :robot:" -a
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          branch: master