infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
5.06k stars 917 forks source link

How do I import Nuclei results with API? #469

Closed dwisiswant0 closed 1 year ago

dwisiswant0 commented 1 year ago

Please search the Wiki for a solution before posting a ticket. Use the “New Support Request” button to the right of the screen to submit a ticket for technical support.

Issue Type

Faraday version

Paste the output of the ./faraday.py --version command

Component Name

If you know where the problem lays indicate it: WebGui/GTKGui/Plugin/Console/Continuous Scanning/Etc.

Steps to reproduce

Provide detailed steps on how the issue happened so we can try to reproduce it. If the issue is random, please provide as much information as possible.

Expected results

What did you expect to happen when following the steps above?

Debugging tracebacks (current results)

Try to reproduce the bug with the server and/or gtk client in debug mode and check the logs for the ERROR string. Add here any errors you find while running in debug mode or, if possible, Faraday’s log files (located at $HOME/.faraday/logs/).

If you need help on how to execute in debug mode click here for more information.

Please attach the result of:

pip freeze > requirements_freeze.txt

Screenshots

If you don't find anything on the logs, please provide screenshots of the error.

Environment information

Configuration files

Mention any settings you have changed/added/removed.

Reports/Extra data

If you are having issues with plugins, please attach relevant files if possible. (strip your reports of all sensitive information beforehand).

OS

Provide information on your operating system. Example:

$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.10 DISTRIB_CODENAME=yakkety DISTRIB_DESCRIPTION="Ubuntu 16.10"

fedek commented 1 year ago

Hey @dwisiswant0

Thanks for reaching out. If i understood correctly you are looking to automate the ingestion of nuclei results. There are two ways of achieving this:

1) Using faraday-cli in-line (https://github.com/infobyte/faraday-cli) faraday-cli is a command-line interface tool that allows users to interact with the Faraday platform, It supports multiple security tools, including Nuclei. You could use the following as a base for your needs:

~/go/bin/nuclei -u http://example.test -t ~/nuclei-templates/exposures/ -json -irr -o output.json && faraday-cli tool report output.json -w nuclei-scan --create-workspace

2) Using Faraday Agents (https://github.com/infobyte/faraday_agent_dispatcher) We currently support nuclei out-of-the-box as well, so you could automate the scanning as well using this feature. https://github.com/infobyte/faraday_agent_dispatcher/blob/master/faraday_agent_dispatcher/static/executors/official/nuclei.py

I hope this helps! Let me know if you have any further questions.