noah-tutt-praetorian
commented
3 days ago Can we disable template validation? It's not clear to me what the request is - it's nuclei that's rejecting the templates, not our code
Closed Ameston closed 3 days ago
noah-tutt-praetorian
commented
3 days ago Can we disable template validation? It's not clear to me what the request is - it's nuclei that's rejecting the templates, not our code
Ameston
commented
3 days ago Disabling template validation is probably the quickest solution; however, in the old version of Chariot we opted to fork and modify Nuclei to have support for the praetorian YAML block. This way, we could tell when Nuclei templates were actually failing validation for real reasons (and not just the praetorian YAML block). The request is to support templates leveraging this newly merged feature because it is currently unusable.
noah-tutt-praetorian
commented
3 days ago I'd like to avoid forking nuclei unless absolutely necessary; that slows down the process of upgrading nuclei significantly and gives us another component to maintain. Between those two options disabling validation is my strong preference. I'd like to explore if there's a way to modify the metadata such that it validates though. @Ameston has MSP tried any other formatting that might allow the templates to validate? We can always change the parsing code.
noah-tutt-praetorian
commented
3 days ago For example, we might be able to use this
noah-tutt-praetorian
commented
3 days ago -nss is another option vs disabling all validation
Ameston
commented
3 days ago I'd like to avoid forking nuclei unless absolutely necessary;
Absolutely, me too.
I've been doing some digging, and I believe I found the issue. It looks like Aashish's initial proposal leveraged the metadata tag. I just tested locally, and the templates pass validation if the praetorian block is moved there. It looks like the solution @UNC1739 implemented leverages the meta tag.
Edit: This is incorrect. Adam's solution uses metadata. I was incorrectly using Weber's example template as the source of truth.
noah-tutt-praetorian
commented
3 days ago @Ameston can you send me an example that passes validation? I'll adjust the backend code to match
Ameston
commented
3 days ago id: detect-web-login-page
info:
name: Detect Web Login Page
author: michaelweber
severity: info
description: |
This template detects the presence of a web login page by checking for input tags and keywords commonly associated with login forms.
metadata:
praetorian:
detection: true
attributes:
type: "Login Page Detection"
tags: web, login
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "contains(tolower(body), '<input') && ((contains(tolower(body), 'login') ? 1 : 0) + (contains(tolower(body), 'log in') ? 1 : 0) + (contains(tolower(body), 'forgot') ? 1 : 0) + (contains(tolower(body), 'password') ? 1 : 0) + (contains(tolower(body), 'signup') ? 1 : 0) + (contains(tolower(body), 'sign-up') ? 1 : 0) + (contains(tolower(body), 'sign up') ? 1 : 0) + (contains(tolower(body), 'register') ? 1 : 0) >= 2)"
name: login_word_matchesAh - this is what we already have, I misunderstood. I think we're good then?
noah-tutt-praetorian
commented
3 days ago Info struct {
Description string `json:"description"`
Severity string `json:"severity"`
Author []string `json:"author"`
Metadata struct {
Praetorian struct {
Detection bool `json:"detection"`
Attributes map[string]string `json:"attributes"`
} `json:"praetorian"`
} `json:"metadata"`
Recently, support was added to create
Attributes Based on Nuclei Templates; however, the changes required to leverage that feature cause Nuclei templates to fail validation. As a result, they will not be used for scanning.