The mainlimitation I mentioned above - it would be nice to be able to specify severity per matcher.
Describe the use case of this feature:
same response can be used to deduce multiple type of issues, instead of writing multiple template to cover all different cases, matchers groups will allow writing multiple groups of matchers with custom severity depending on the specific group of matchers.
For example as suggested by @tarunKoyalwar -
id: cloud-enum-aws-s3-bucket
info:
name: Cloud Enumeration - AWS S3 Buckets
author: initstring
severity: medium
description: Searches for open and protected buckets in AWS S3
reference: tba
tags: cloud,aws
self-contained: true
variables:
baseDNS: "s3.amazonaws.com"
requests:
- raw:
- |
GET http://{{keyword}}.{{baseDNS}} HTTP/1.1
Host: {{keyword}}.{{baseDNS}}
attack: batteringram
threads: 10
matchers-groups:
- name: open-s3-bucket
severity: unknown
matchers:
- type: status
status:
- 200
- name: protected-s3-bucket
severity: info
matchers-condition: and
matchers:
- type: status
status:
- 403
- type: word
words:
- xyz
[ ] add more matcher related logging in debug mode (it should show status of both matchers even if condition is or )
[ ] interactsh_matchers are evaluated only if interaction is received . add more logging related to this in debug mode which should provide details if operator payload was evaluated
Please describe your feature request:
From https://github.com/projectdiscovery/nuclei-templates/pull/6865#issuecomment-1463071558
Describe the use case of this feature:
same response can be used to deduce multiple type of issues, instead of writing multiple template to cover all different cases, matchers groups will allow writing multiple groups of matchers with custom severity depending on the specific group of matchers.
For example as suggested by @tarunKoyalwar -