Nuclei stats display upon keypress (space)

[sullo]

Without enabling debug mode, it would be nice to obtain status of the scan by pressing a key in the terminal where nuclei is running.

This is supported by both nmap and nikto by pressing spacebar.

nmap:

nmap -sT -p1-1000 <redacted>
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-06 15:24 UTC
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 0.95% done
Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 57.75% done; ETC: 15:24 (0:00:02 remaining)

nikto:

 - STATUS: Completed 70 requests (~1% complete, 3.3 minutes left): currently in plugin 'Test Authentication'
- STATUS: Running average: 10 requests: 0.0239 sec.

This will help with long-running or seemingly never ending scans where you are not sure if it has completely stopped or the target(s) is just slow. It will help make an informed decision on whether or not to cancel.

[ehsandeep]

@sullo since nuclei have -stats option which outputs similar information on default or custom intervals, do you think we wanted to print the same information upon keypress as default?

It was something supported initially before we moved to a dedicated option.

[lappsec]

I'd second @sullo that this would be helpful. For instance, if you start a scan thinking it will be fast so you don't include -stats but it ends up taking a long time, it would be nice to be able to get the status by pressing a key instead of canceling the scan and starting it over with -stats to see what the estimated time to completion is.

[geeknik]

I want to re-cast my vote for bringing back the original static progress bar which was present in the original builds of Nuclei way back in the day. I still don't understand the reasoning for ditching something that worked great and looked nice for something that fills the screen up with noise...

https://www.pixelstech.net/article/1596946473-A-simple-example-on-implementing-progress-bar-in-GoLang https://golangexample.com/go-simple-progress-bar-writing-to-output/

I'd second @sullo that this would be helpful. For instance, if you start a scan thinking it will be fast so you don't include -stats but it ends up taking a long time, it would be nice to be able to get the status by pressing a key instead of canceling the scan and starting it over with -stats to see what the estimated time to completion is.

Starting over isn't necessary as -resume exists for a reason. 👍🏻

[lappsec]

Oh yeah, duh. Regardless, it'd still be useful to have some sort of way to get the progress without including the flag. The progress bar you mentioned would probably be better than a key interrupt.

[Mzack9999]

The progress bar was indeed very nice. Anyway, it brought in a lot of problems since it was interfering with stdin/stdout, leading to destructive effects on data processing and usage of the tool within pipelines. Two options are now available:

• Generic keypress reader (at https://github.com/projectdiscovery/utils/pull/65) - which is debatable as it needs to disable buffered input in the console, leaving it in an inconsistent state in case of a crash
• Exposing the http statistics server bound to localhost, which can be queried anytime (preferred - at https://github.com/projectdiscovery/clistats/pull/18)