Output file being deleted when Nuclei finishes

[joefizz]

Describe the bug I am specifying an output file for Nuclei, and can see it being created. When Nuclei finishes the output file is being deleted.

Nuclei version 2.1.0

Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

As you can see in the following the /tmp/nuclei.txt file in the bottom panel is created, populated with data, then deleted when Nuclei finishes. I first thought this was related to a particular template however the issue appears transient.

[joefizz]

i;m piping in a list of urls to this command: ./links/nuclei -silent -t vulnerabilities/ -t default-credentials/ -t subdomain-takeover/ -t cves/ -t files/ -t security-misconfigurations/ -t tokens/ -t dns/ -t generic-detection/ -t workflows/ -o /tmp/nuclei.txt

[joefizz]

Ah I think I've gotten to the bottom of this. From what I can see Nuclei always creates the output file, and then if there is nothing to write to it it then deletes the file. Sounds sensible.

In the above clip I am using the workflows/ template which internally performs a tech-detect, as shown in the output. However as this detection is for the workflows/ template itself, and not at the request of the user, then it is not written to the output file.

However this theory is smooshed by the fact that we can see data going in to the nuclei.txt file (by the file size). To confirm I redid the above but also tailed the file after it was created:

So maybe there is a disconnect internally somewhere? Maybe the workflow script/ calling technologies creates the output to the file but something else doesn't get updated and therefore Nuclei doesn't expect there to be any output.

I guess the output file being deleted is the correct thing to do, however having the workflow/ template output the results from when it makes its own call to technologies/ should not happen as this causes confusion.

[ehsandeep]

This is fixed in v2.1.1 https://github.com/projectdiscovery/nuclei/releases/tag/v2.1.1

[ehsandeep]

@joefizz FYI

[joefizz]

thank you!

[joefizz]

Is the fix that the tech-detect output no longer goes to the output file/screen? If so there may still be a bug. Something in workflows/ is still outputting if the tech-detect is nginx:

➜ 15:49 /opt/autofindomain % echo http://falconexperience.crowdstrike.com/ | ./links/nuclei -o /tmp/nuclei.txt -t workflows

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.1.1

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Loading templates...
[INF] [vbulletin-workflow] vBulletin workflow (@pdteam)
[INF] [netsweeper-preauth-rce-workflow] Netsweeper PreAuth RCE Workflow (@dwisiswant0)
[INF] [bigip-pwner-workflow] F5 BIG-IP RCE Workflow (@dwisiswant0)
[INF] [wordpress-workflow] Wordpress workflow (@Kiblyn11 & zomsop82)
[INF] [artica-web-proxy-workflow] Artica Web Proxy Workflows (@dwisiswant0 & pdteam)
[INF] [magmi-workflow] MAGMI Workflow (@dwisiswant0)
[INF] [springboot-pwner-workflow] Spring Boot Pwner (@dwisiswant0)
[INF] [grafana-workflow] Grafana Workflow (@pdteam)
[INF] [cisco-asa-workflow] Cisco ASA Pwner (@flag007)
[INF] [jira-exploitaiton-workflow] Jira Exploitaiton workflow (@micha3lb3n)
[INF] [sap-netweaver-workflow] SAP NetWaver Workflow (@dwisiswant0)
[INF] [rabbitmq-workflow] RabbitMQ Workflow (@fyoorer)
[INF] [liferay-rce-workflow] Liferay RCE Workflow (@dwisiswant0)
[INF] [lotus-domino-workflow] Lotus Domino workflow (@CasperGN)
[INF] Using 14 rules (0 templates, 14 workflows)
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/
➜ 15:49 /opt/autofindomain % cat /tmp/nuclei.txt
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/
[tech-detect:nginx] [http] [info] http://falconexperience.crowdstrike.com/

[ehsandeep]

Hey @joefizz, this is expected behavior ( not a bug) but we might change the behavior in the coming release, also duplicate with this https://github.com/projectdiscovery/nuclei/issues/302, with workflows when a template with multiple matches get used, we need to initiate and later check for sub matcher.

As this getting tracked at https://github.com/projectdiscovery/nuclei/issues/302, I'm closing this issue.

[ademadam]

Hi @pdiscoveryio , The issue remains exist when running on windows on the latest version ,

I've read the latest issues opened about this bug and didn't found anything that refer to that the problem is on my set up , that's why I created this comment , Thanks for taking this into consideration , Best,

[ehsandeep]

@ademadam this issue contains 2 two issues, Can you list what's the problem you are facing and what version of nuclei you are running?

[ademadam]

Hi @pdiscoveryio ,

this issue contains 2 two issues, Can you list what's the problem you are facing :

The problem is "uotput file deleted automatically when the process finished", when I add the -o flag the file created and after the process finished it will be deleted automatically,

see this video

what version of nuclei you are running?

The latest version V2.2.0 , Windows binaries in both 386x and amd64 in Win7,

Thanks for your time,

[ehsandeep]

@ademadam,

This is expected, you will only see the output file when there will be any results.

[ademadam]

Oh I didn't knew that this is intended , thank you for the follow up