Support for matchers groups with custom severity

[ehsandeep]

Please describe your feature request:

From projectdiscovery/nuclei-templates#6865 (comment)

The mainlimitation I mentioned above - it would be nice to be able to specify severity per matcher.

Describe the use case of this feature:

same response can be used to deduce multiple type of issues, instead of writing multiple template to cover all different cases, matchers groups will allow writing multiple groups of matchers with custom severity depending on the specific group of matchers.

For example as suggested by @tarunKoyalwar -

id: cloud-enum-aws-s3-bucket

info:
  name: Cloud Enumeration - AWS S3 Buckets
  author: initstring
  severity: medium
  description: Searches for open and protected buckets in AWS S3
  reference: tba
  tags: cloud,aws

self-contained: true

variables:
  baseDNS: "s3.amazonaws.com"

requests:
  - raw:
      - |
        GET http://{{keyword}}.{{baseDNS}} HTTP/1.1
        Host: {{keyword}}.{{baseDNS}}

    attack: batteringram
    threads: 10
    matchers-groups:
      - name: open-s3-bucket
        severity: unknown
        matchers:
          - type: status
            status:
              - 200

      - name: protected-s3-bucket
        severity: info
        matchers-condition: and
        matchers:
          - type: status
            status:
              - 403

          - type: word
            words:
              - xyz

[tarunKoyalwar]

TODO

• add more matcher related logging in debug mode (it should show status of both matchers even if condition is or )
• interactsh_matchers are evaluated only if interaction is received . add more logging related to this in debug mode which should provide details if operator payload was evaluated

[dogancanbakir]

I'm closing this issue due to inactivity. If you believe this was a mistake, please feel free to reopen it.