feat: headless template

03d27cf3 · Pavel Břoušek · ef71c251 · 03d27cf3 · 03d27cf3 · 03d27cf3
Commit 03d27cf3 authored 1 year ago by Pavel Břoušek
--- a/README.md
+++ b/README.md
@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
 Run against one target:

 ```sh
-nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
+nuclei --headless -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
    -duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```

 or using docker:

 ```sh
-docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
+docker run --rm -v ./:/app/ projectdiscovery/nuclei --headless -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
    -duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```


--- a/nuclei-templates/saml-headless.yaml
+++ b/nuclei-templates/saml-headless.yaml
+id: saml-headless-all
+info:
+  name: SAML signature validation
+  author: T&I Incubator, GÉANT
+  severity: high
+  tags: saml,headless
+variables:
+  AUTHORIZATION: "Bearer abcd...789"
+  CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
+  RESULT_OUTPUT_DIR: ""
+  FILENAME: '{{date_time("%Y-%M-%D_%H-%m-%s")}}-{{replace_regex(BaseURL,"(\\W+)","_")}}'
+  TEST_CASES:
+    - noSignature
+    - invalidSignature
+  TEST_CASE: standardResponse # default
+
+# first test standard response, then each test case
+flow: |
+  headless();
+  set("VALID_STATUS_CODE", template["http_status_code"]);
+  set("VALID_BODY", template["http_body"]);
+  for (let testcase of iterate(template["TEST_CASES"])) {
+    set("TEST_CASE", testcase);
+    headless();
+  }
+
+headless:
+  - steps:
+    - action: setheader
+      args:
+        part: request
+        key: Authorization
+        value: "{{AUTHORIZATION}}"
+    - action: navigate
+      args:
+        url: "https://{{CONFORMANCE_IDP_HOSTNAME}}/module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}}"
+    - action: waitload
+    - action: navigate
+      args:
+        url: "https://{{CONFORMANCE_IDP_HOSTNAME}}/saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}}"
+    - action: waitload
+    - action: screenshot
+      args:
+        fullpage: "true"
+        mkdir: "true"
+        to: '{{RESULT_OUTPUT_DIR}}{{TEST_CASE}}-{{FILENAME}}'
+    matchers:
+      - type: dsl
+        dsl:
+          # ignore the happy case
+          - '!contains(TEST_CASE, "standardResponse")'
+          # does not work yet, nuclei does not expose the correct values for matchers
+          #- 'status_code == 200 || status_code == 301 || status_code == 302'
+        condition: and
+      # not usable, matches every time
+      #- type: status
+        #status:
+          #- 200
+          #- 301
+          #- 302
+      - type: word
+        part: resp
+        negative: true
+        words:
+          - error
+          - exception
+    matchers-condition: and
+    extractors:
+      - type: dsl
+        dsl:
+          - 'TEST_CASE'
--- a/nuclei-templates/saml-raw.yaml
+++ b/nuclei-templates/saml-raw.yaml
-id: samlsignaturevalidation
+id: saml-raw-all
 info:
  name: SAML signature validation
  author: T&I Incubator, GÉANT
  severity: high
-  tags: saml
+  tags: saml,raw
 variables:
  AUTHORIZATION: "Bearer abcd...789"
  CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org