projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.88k stars 2.52k forks source link

Support for timeout matcher (dsl) #2346

Open princechaddha opened 2 years ago

princechaddha commented 2 years ago

Please describe your feature request:

Add support for a matcher that detects whether the host results in a timeout or not.

Describe the use case of this feature:

This can be useful for detecting DOS templates since we can verify that the host cannot be reached after the request with the payload has been sent.

Another use case would be adding an additional matcher to oast templates where the server timeouts while sending arbitrary requests, for these hosts, we have to only rely on the callbacks . This will prevent false positives on the honeypots that simply send requests to any URL they receive.

id: basic-example

info:
  name: Test HTTP Template
  author: pdteam
  severity: info

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "timeout == false"
Mzack9999 commented 2 years ago

Potential follow up ticket:

Mzack9999 commented 1 year ago

The feature request is problematic as the timeout is one important error that it's necessary to track to drop unresponsive hosts. Instead, we need to ignore the error cache and perform the template flow. The implementation should:

khizarulhaq commented 3 days ago

So no support for detecting timeouts still? This feature could also be useful in detecting potential subdomain takeover vulnerabilities.