Skip to content

v1.0.0-rc1
Compare
Choose a tag to compare
@forgedhallpass forgedhallpass released this 16 Feb 12:43
· 112 commits to main since this release
v1.0.0-rc1
92f850e

Features

Template matcher generation

  • Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts
  • Multi-line selections are split to separate words for readability
  • Binary matchers are created for selections containing non-ASCII characters
  • The part field is auto-set based on whether the selection was in the request header or body
  • Every generated template auto-includes a Status matcher, using the HTTP status code of the response

Request template generation

  • In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb
  • The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram

Template execution

  • Generated templates can be executed instantly, and the output is shown in the same window for convenience
  • The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request
  • History of unique, executed commands are stored, can be quick searched and re-executed within the current session

Experimental features

  • (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema
  • Syntax highlighting of YAML properties, based on reserved words

Productivity

  • Almost every action can be triggered using keyboard shortcuts:
    • F1: open nuclei template documentation
    • Ctrl + Enter: execute current template
    • Ctrl + Shift + E: jump to the template editor
    • Ctrl + L: jump to the CLI input field
    • Ctrl + S: save the current template
    • Ctrl + Plus/Minus: increase/decrease font size
    • Ctrl + Q: quit
  • The template path is auto-updated if the template is saved to a new location
  • The template-id is recommended as file name when saving

Settings

  • The plugin attempts to auto-detect and complete the configuration values
  • The code searches for the nuclei binary path, using the values from the process's environmental PATH variable.
    Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to
    the current users's PATH variable.
  • The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json
  • The name of the currently logged-in operating system user is used as a default value for the template author configuration

Look and feel

  • The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options
  • Support for colored nuclei output
  • Modifiable font size in the template editor and command output
Assets 3
Loading