search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.33k stars 2.65k forks source link

Not getting output when use httpx (stuck after banner printed) #491

Closed shivammusic closed 4 years ago

shivammusic commented 4 years ago

Nuclei version

v2.1.1

Nuclei template version

7.0.6

Describe the bug Hello team I just run command

subfinder -d redacted.com -silent | httpx -silent | nuclei -t /root/nuclei-templates/ -o /root/Desktop/redacted.txt -v

But i stuck at below scene, not getting any output.

subfinder -d redacted.com -silent | httpx -silent | nuclei -t /root/nuclei-templates/ -o /root/Desktop/redacted.txt -v

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.1.1

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.

when i run command

subfinder -d redacted.com -silent | nuclei -t /root/nuclei-templates/ -o /root/Desktop/redacted.txt -v

i got o/p, but obviously i got so many protocol erros because i didn't use httpx.

i think there is any problem with httpx or i dont know what is going on.

o/p

[DBG] Found template in nuclei-templates directory: /root/nuclei-templates/cves/CVE-2020-17505.yaml
[DBG] Found template in nuclei-templates directory: /root/nuclei-templates/cves/CVE-2018-1271.yaml
[DBG] Found template in nuclei-templates directory: /root/nuclei-templates/files/wordpress-installer-log.yaml
[WRN] [wordpress-tmm-db-migrate] Could not execute step: could not handle http request: Get "/wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip": unsupported protocol scheme ""
[http-request] Sent for [cve-2020-8193] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2020-8193] Could not execute step: parse ":///rapi/filedownload?filter=path:%2Fetc%2Fpasswd": missing protocol scheme
[http-request] Sent for [cve-2018-13379] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2018-13379] Could not execute step: could not handle http request: Get "/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession": unsupported protocol scheme ""
[http-request] Sent for [cve-2019-3799] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2019-3799] Could not execute step: could not handle http request: Get "/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd": unsupported protocol scheme ""
[http-request] Sent for [cve-2019-2588] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2019-2588] Could not execute step: parse ":9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": missing protocol scheme
[http-request] Sent for [cve-2019-3396] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2019-3396] Could not execute step: parse ":///rest/tinymce/1/macro/preview": missing protocol scheme
[http-request] Sent for [cve-2018-14728] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2018-14728] Could not execute step: could not handle http request: Post "/filemanager/upload.php": unsupported protocol scheme ""
[http-request] Sent for [cve-2020-16139] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2020-16139] Could not execute step: parse ":///localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA": missing protocol scheme
[http-request] Sent for [cve-2019-15043] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2019-15043] Could not execute step: could not handle http request: Post "/api/snapshots": unsupported protocol scheme ""
[http-request] Sent for [cve-2018-0296] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2018-0296] Could not execute step: could not handle http request: Get "/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions": unsupported protocol scheme ""
[http-request] Sent for [cve-2020-9496] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2020-9496] Could not execute step: parse "://:8443/webtools/control/xmlrpc": missing protocol scheme
[http-request] Sent for [cve-2020-10199] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2020-10199] Could not execute step: could not handle http request: Post "/rest/beta/repositories/go/group": unsupported protocol scheme ""
[http-request] Sent for [cve-2019-2725] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2019-2725] Could not execute step: parse ":7001/_async/AsyncResponseService": missing protocol scheme
[http-request] Sent for [cve-2018-16763] to pv11p01sa-p12.siri.redacted.com
[WRN] [cve-2018-16763] Could not execute step: parse ":///fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27": missing protocol scheme

after that i run this command and just got happy hacking (not o/p)

root@kali:~# subfinder -d redacted.com -silent | httpx -silent | nuclei -t /root/nuclei-templates/ -o /root/Desktop/newwwwwwwwww.txt -v

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.1.1

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[FTL] Could not create httpx instance: Could not create cdn check: Get "https://ipinfo.io/AS12222": EOF
[INF] Loading templates...
[INF] [general-tokens] General Tokens (@nadino) [medium]
[INF] [top-15-xss] Top 15 XSS Check (@foulenzer) [medium]
.....
.....
.....**so on** 
[INF] [wordpress-tmm-db-migrate] WordPress ThemeMarkers DB Migration File (@dwisiswant0) [info]
[INF] Using 293 rules (278 templates, 15 workflows)
[ERR] Could not find any valid input URLs.
[INF] No results found. Happy hacking!
root@kali:~#
geeknik commented 4 years ago

What was the issue? I am seeing this behavior too.

shivammusic commented 4 years ago

i dont know why but it started after waiting for two hours, generally it takes only 2-3 minutes to start that's why i reported.

ehsandeep commented 4 years ago

@shivammusic it's obviously will take time before you get started to see results, as you chaining multiple tools here, for example, at first, subfinder gets completed, later httpx will process on the output of subfinder and pass to nuclei and then you will start to see results of nuclei, or just don't use silent flag if you want to see results of subfinder or httpx at runtime.