Nuclei Debut

This is a huge moment for methodwebtest as we move away from a custom requests and vuln scanning engine towards Nuclei and custom templates that leverage its DSL.

This PR also takes this opportunity to perform some high-level organization of the scanning logic - at this stage, this tool is broken down into 2 top level modules:

DAST and Scan High Level Modules:

$ methodwebtest pentest
Penetration testing commands

Usage:
  methodwebtest pentest [command]

Available Commands:
  dast        Dast targets to discover previously unknown vulnerabilities
  scan        Scan targets for known vulnerabilities

DAST (discovers previously-unknown vulns) - allows us to potentially eat another security point product (DAST scanners). This module implements a multi-modal fuzzer that gives us the ability to fuzz injection points across param locations header | query | body | cookie | path

• Allows filtering on --vuln-types for bug classes and specifying --http-methods for "cluster bomb" injections across several methods.
• When paired with effective spidering, this can become a very powerful tool that continuously performs autonomous injections.
• Detects OOB (out-of-band) vulns (Nuclei integrates with interactsh-servers, this feature is a TODO)

Scan - allows us to immediately leverage the power of thousands of templates from the larger security community and exponentially expand our detection surface. We can now detect all vulns with public exploits available between 2000-2025!!

• Allows filtering on --scan-types (CVE, Misconfigurations, Technologies), --resource-types (for technologies scan type), --modules to pick subtype (like year under CVE or apache under webservers)
• Keeps up with newly discovered and published CVEs and public exploits without continuous DevX.

Testing

• Fuzzing functionality was tested against a vulnerable SSTI lab.
• Scanning functionality was tested against a vulnerable Docker container with Apache OPTIONS bleed vuln.