projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.35k stars 2.65k forks source link

[FALSE-NEGATIVE] Dell iDRAC Workflow Not Working #10876

Open mr-pmillz opened 1 month ago

mr-pmillz commented 1 month ago

Template IDs or paths

- workflows/dell-idrac-workflow.yaml

Tech detection fails in the dell idrac workflow and thus the default cred sub-templates do not run.

The tech detection templates work on their own though. Am not sure why the workflow is broken currently.

Environment

- OS: Kali 2024.3
- Nuclei: v3.3.4
- Go: go1.22.7

Steps To Reproduce

Run Nuclei Workflow:

nuclei -l idrac-urls.txt -w ~/nuclei-templates/workflows/dell-idrac-workflow.yaml -o nuclei-dell-idrac-workflow-scan.log

No results.

Run tech detection against same idrac9 urls and tech detection works:

nuclei -l idrac-urls.txt -t ~/nuclei-templates/http/technologies/dell/ -o nuclei-dell-idrac-tech-scan.log
# or
nuclei -l idrac-urls.txt -t ~/nuclei-templates/http/technologies/dell/dell-idrac9-detect.yaml -o nuclei-dell-idrac-tech-scan.log

Relevant dumped responses

workflow has zero results.
tech detection templates specified in the workflow when run directly work as intended but fail to work in the workflow.

Anything else?

No response

princechaddha commented 1 month ago

Hi @mr-pmillz, thank you for taking the time to create this issue and for contributing to the project. We are looking into it. Meanwhile, would it be possible for you to share the -debug data for both scans?