Closed glassrye closed 2 years ago
Just faced the same issue:
flag provided but not defined: -exclude-id http-missing-security-headers -system-resolvers
@fguisso any idea what might be causing this issue? as everything looks fine in terms of flag input.
Okay, I finded the problem, the new github actions toolkit needs declared and separate params, I'll find a better way to fix it without changing the past behavior.
For now, @glassrye you can use rate-limit in this way:
flag: -rate-limit=10
@aminvakil and similar cases, you will need to wait for my fix or use just one flag:
flag: -exclude-id=http-missing-security-headers
@fguisso Thanks, I will wait for your fix and revert my commit removing the flag then.
@aminvakil I never tried that, but probably you can set the version in the workflow like this and use the last version that flags work:
name: Nuclei - DAST Scan
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
nuclei-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Nuclei - DAST Scan
uses: projectdiscovery/nuclei-action@v1.0.6
with:
target: https://example.com
- name: GitHub Workflow artifacts
uses: actions/upload-artifact@v2
with:
name: nuclei.log
path: nuclei.log
- name: GitHub Security Dashboard Alerts update
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: nuclei.sarif
@fguisso Yes, thanks, I'm fine with waiting on your fix though.
hey @glassrye @aminvakil can you test this change please: fguisso/nuclei-action#80fe93
You must substitute projectdiscovery/nuclei-action@main
with fguisso/nuclei-action@fix-flags
in your workflow.
@fguisso
Here is my step:
- name: Nuclei Scan
uses: fguisso/nuclei-action@fix-flags
with:
urls: output/active_urls.txt
output: output/nuclei_output.txt
flags: "-exclude-id http-missing-security-headers"
It failed with this error:
Run fguisso/nuclei-action@fix-flags
with:
urls: output/active_urls.txt
output: output/nuclei_output.txt
flags: -exclude-id http-missing-security-headers
json: false
include-rr: false
github-report: false
env:
GOROOT: /opt/hostedtoolcache/go/1.17.12/x64
Download and install Nuclei 2.7.4
Download version 2.7.4 from https://github.com/projectdiscovery/nuclei/releases/download/v2.7.4/nuclei_2.7.4_linux_amd64.zip.
/usr/bin/unzip -o -q /home/runner/work/_temp/ae83c5ad-0566-4348-9727-7a1749d5cebe
Nuclei 2.7.4 was successfully installed to /home/runner/work/_temp/096635b8-3602-4807-8ff2-fe33260fe4ed.
/home/runner/work/_temp/096635b8-3602-4807-8ff2-fe33260fe4ed/nuclei -list=output/active_urls.txt -se=nuclei.sarif -o=output/nuclei_output.txt -exclude-id http-missing-security-headers
flag provided but not defined: -exclude-id http-missing-security-headers
Nuclei is a fast, template based vulnerability scanner focusing
on extensive configurability, massive extensibility and ease of use.
Usage:
/home/runner/work/_temp/096635b8-3602-4807-8ff2-fe33260fe4ed/nuclei [flags]
Flags:
TARGET:
-u, -target string[] target URLs/hosts to scan
-l, -list string path to file containing a list of target URLs/hosts to scan (one per line)
-resume string Resume
...
STATISTICS:
-stats display statistics about the running scan
-sj, -stats-json write statistics data to an output file in JSONL(ines) format
-si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)
-m, -metrics expose nuclei metrics on a port
-mp, -metrics-port int port to expose nuclei metrics on (default 9092)
/home/runner/work/_actions/fguisso/nuclei-action/fix-flags/dist/index.js:1598
error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);
^
Error: The process '/home/runner/work/_temp/096635b8-3602-4807-8ff2-fe33260fe4ed/nuclei' failed with exit code 2
at ExecState._setResult (/home/runner/work/_actions/fguisso/nuclei-action/fix-flags/dist/index.js:1598:25)
at ExecState.CheckComplete (/home/runner/work/_actions/fguisso/nuclei-action/fix-flags/dist/index.js:1581:18)
at ChildProcess.<anonymous> (/home/runner/work/_actions/fguisso/nuclei-action/fix-flags/dist/index.js:1475:27)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
@aminvakil updated, try again please, and if you get more errors reach me in pd discord server, nickname hackaponey
with the same avatar, please.
@fguisso Sorry for late response.
It worked, thank you!
Nuclei Scan step is running for now and I'm waiting for it to be finished and also report back if it actually respected the flags or not.
But it has been started.
It finished correctly! Thank you very much for fixing this!
@aminvakil @glassrye and anyone else, can you test more cases, please? Now the update resides in the dev
branch.
You must substitute projectdiscovery/nuclei-action@main
with projectdiscovery/nuclei-action@dev
in your workflow.
The flags: are not properly used. Without these flags, especially rate limiting, it is very easy to overwhelm a target host.