[feature] Add username/password/credential to output file with default-logins templates

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

9.18k stars 2.6k forks source link

[feature] Add username/password/credential to output file with default-logins templates #2781

Closed l0nedigit closed 3 years ago

l0nedigit commented 3 years ago

When using default-logins templates, it would be convenient to have the successful username(s) & password(s) used against the application included in the output file specified (stdout and json format). Understand the -irr flag can be used, but is also cumbersome at times to sort through.

ehsandeep commented 3 years ago

@l0nedigit This can be accomplished by upgrading all current login templates to incorporate payloads, as the nuclei engine does include matched payload values in the output.

For example, dell-idrac-default-login can be updated as follows:

id: dell-idrac-default-login
info:
  name: Dell iDRAC6/7/8 Default login
  author: kophjager007
  severity: high
  tags: dell,idrac,default-login

requests:
  - method: POST
    path:
      - "{{BaseURL}}/data/login"

    body: "user={{username}}&password={{password}}"

    headers:
      Content-Type: "application/x-www-form-urlencode"
      Referer: "{{BaseURL}}/login.html"

    attack: pitchfork
    payloads:
      username:
        - root

      password:
        - calvin

    cookie-reuse: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '<authResult>0</authResult>'

l0nedigit commented 3 years ago

Awesome thanks!

ehsandeep commented 3 years ago

@l0nedigit we are keeping this issue open as we wanted to apply these changes in existing templates as well.

l0nedigit commented 3 years ago

That'd be great, thanks again.

aga7hokakological commented 3 years ago

@ehsandeep does all the templates from login should be updated this way? So I only need to upgrade the default login parameters to the body: "user={{username}}&password={{password}}" ?

ehsandeep commented 3 years ago

@aga7hokakological right, here is an example PR - https://github.com/projectdiscovery/nuclei-templates/pull/2828, we need to adopt payloads in default login templates.

aga7hokakological commented 3 years ago

Hey @ehsandeep I would like to take up this issue but I have one question about template validation, can I use YAMLlint for validation?

ehsandeep commented 3 years ago

@aga7hokakological don't worry about validation as they will be auto detected as part of automation once the PR is open.

ethanous commented 3 years ago

I just posted a pull request that includes updated templates to hopefully resolve this issue.