Several useful pieces of data are missing from the JSONL output format.
The output data includes inconsistent reporting of service protocol, service name and service port.
While this could (should?) be resolved in each template, this seems like the kind of thing which could be resolved in the core nuclei engine.
I would like the service protocol, service name and service port to be included in the output to facilitate importing the data into other tools.
Describe the use case of this feature:
nuclei has become the most useful and popular scanning tool (congrats).
nuclei supports logging and exporting data in various standard formats. Ideally, it should be possible to import this data into other tools.
Unfortunately there are some inconsistencies or gaps in the data format which impact the usefulness of such an import. Specifically:
Each service protocol is not reported. TCP is assumed (rather than UDP).
Each service name is not reported as a separate key and can only be inferred from tags, url, matched-at, etc. This is unreliable.
Each service port is not always reported within the matched-at key. In particular, several of the SSL/TLS templates report only the host name and "type": "ssl" (presumably ssl is supposed to imply port 443)
I've created a pending PR for Metasploit to facilitate importing nuclei scan JSONL output into the Metasploit database. However, the above issues are not unique to Metasploit and will likely also pose an issue for any other tools importing nuclei data.
Please refer to the Metasploit pull request for context, sample data and sample output. The above issues are described in the "Bugs" section.
Please describe your feature request:
Several useful pieces of data are missing from the JSONL output format.
The output data includes inconsistent reporting of service protocol, service name and service port.
While this could (should?) be resolved in each template, this seems like the kind of thing which could be resolved in the core nuclei engine.
I would like the service protocol, service name and service port to be included in the output to facilitate importing the data into other tools.
Describe the use case of this feature:
nuclei has become the most useful and popular scanning tool (congrats).
nuclei supports logging and exporting data in various standard formats. Ideally, it should be possible to import this data into other tools.
Unfortunately there are some inconsistencies or gaps in the data format which impact the usefulness of such an import. Specifically:
tags
,url
,matched-at
, etc. This is unreliable.matched-at
key. In particular, several of the SSL/TLS templates report only the host name and"type": "ssl"
(presumablyssl
is supposed to imply port443
)I've created a pending PR for Metasploit to facilitate importing nuclei scan JSONL output into the Metasploit database. However, the above issues are not unique to Metasploit and will likely also pose an issue for any other tools importing nuclei data.
Please refer to the Metasploit pull request for context, sample data and sample output. The above issues are described in the "Bugs" section.