forgedhallpass
commented
2 years ago Current workaround:
Template:
id: template-id
info:
name: Template Name
author: forgedhallpass
severity: info
requests:
- raw:
- |+
GET / HTTP/1.1
Host: {{Hostname}}
redirects: true
matchers:
- type: dsl
name: host
dsl:
- Host == "some_host"
- Host == "some_other_host"
- Host == "localhost"Workflow:
id: host-workflow
info:
name: test
author: forgedhallpass
description: description
workflows:
- template: returnHost.yaml
matchers:
- name: host
subtemplates:
- tags: cveExplanation: the workflow executes the template defined above and if the matcher called host is matched, it will execute a set of templates (in this case all the templates that have the cve tag).
Since the matcher operator is dependent on a request type, it is not possible to achieve this currently without making a request.
This request to be able use target information (domain name, IP, and or, port as a condition on whether a workflow gets triggered. Like other aspects in Nuclei, it would be useful to be able to specify to run if it matches, or exclude from the run if it matches.
Describe the use case of this feature:
The usecase for me is that want to be able to pass in a set of targets and workflows. As nuclei works through the templates and workflows, I would like for certain workflows to only trigger the templates associated to it if the target data meets a criteria.
I am trying to run a set target list and template list, but I am trying to trigger a extra set of templates if a target is a certain domain name, domain name pattern, or IP. This would allow me to add specific checks to specific systems ongoing to track findings being fixed, without having to throw those checks at every target. I am trying to avoid doing programmatic changes to the main system running nuclei in my environment.