search

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.52k stars 2.5k forks source link

Nothing over Severity "Medium" detected #3729

Closed brentonswanepoel closed 1 year ago

brentonswanepoel commented 1 year ago

Hi there,

I am doing some tests against OWASP Juice shop and picked up that nothing over medium is being picked up. This is after I did scanning against a live host on a website using my cloud instance that i decided to test locally:

┌──(kali㉿kali)-[~]
└─$ nuclei -u http://127.0.0.1:3000

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.4

                projectdiscovery.io

[INF] Current nuclei version: v2.9.4 (latest)
[INF] Current nuclei-templates version: v9.5.0 (latest)
[INF] New templates added in latest release: 62
[INF] Templates loaded for current scan: 5958
[INF] Targets loaded for current scan: 1
[INF] Templates clustered: 1057 (Reduced 999 Requests)
[fingerprinthub-web-fingerprints:qm-system] [http] [info] http://127.0.0.1:3000
[owasp-juice-shop-detect] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:strict-transport-security] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:content-security-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:access-control-allow-credentials] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:referrer-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:clear-site-data] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:access-control-allow-methods] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:access-control-allow-headers] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:permissions-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:access-control-expose-headers] [http] [info] http://127.0.0.1:3000
[http-missing-security-headers:access-control-max-age] [http] [info] http://127.0.0.1:3000
[x-recruiting-header] [http] [info] http://127.0.0.1:3000 [/#/jobs]
[INF] Using Interactsh Server: oast.me
[prometheus-metrics] [http] [medium] http://127.0.0.1:3000/metrics
[kubelet-metrics] [http] [info] http://127.0.0.1:3000/metrics
[robots-txt-endpoint] [http] [info] http://127.0.0.1:3000/robots.txt
[robots-txt-endpoint] [http] [info] http://127.0.0.1:3000/ftp
[security-txt] [http] [info] http://127.0.0.1:3000/.well-known/security.txt [ mailto:donotreply@owasp-juice.shop]                                                                                                             
[swagger-api] [http] [info] http://127.0.0.1:3000/api-docs/swagger.json
[ptr-fingerprint] [dns] [info] 127.0.0.1 [localhost.]

Also tried scanning differently with specific templates and no luck. Anything im missing?

MetzinAround commented 1 year ago

Are you certain that there's vulns that are higher than medium level present and you're expecting them here?

ehsandeep commented 1 year ago

Please refer to https://github.com/projectdiscovery/nuclei/discussions/3168#discussioncomment-4625710; nuclei scans for a specific set of known vulnerabilities against specific applications.

If you are looking to test for unknown vulnerabilities, please refer to https://github.com/projectdiscovery/fuzzing-templates, and something will be extended with time to cover more than converting just query URLs.