search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.14k stars 2.47k forks source link

-json-export is not saving all the detected findings #4371

Closed oscarintherocks closed 5 months ago

oscarintherocks commented 10 months ago

Nuclei version:

v3.0.3

Current Behavior:

Saving results to json file with -je switch (-json-export) is not saving all the detected findings into the json file specified

Expected Behavior:

Save all the findings

Steps To Reproduce:

Create a yaml config file with this content:

header:
  - 'X-BugBounty-Hacker: test/bot'
  - 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) / test-bot (nuclei)'
severity: critical,high,medium,low,info,unknown
timeout: 3
retries: 1
max-host-error: 10
include-rr: true
silent: false
jsonl: true
report-db: ./nuclei-report.db
sarif-export: ./nuclei-findings.sarif
stats: true
stats-json: true
stats-interval: 30

Create a hosts.txt file with 500 hosts to be scanned, the format is with mixed hosts without protocol and some hosts with port some without:

www.example.com
www.example.com:443

NOTE: With 500 hosts I can replicate the problem always, with 3 to 30 hosts the problem sometimes happens sometimes not, so you'll need to try multiple times to be able to replicate if few hosts are included in the hosts file.

Execute nuclei using the config and the hosts list, and save results using -je and -o to be able to compare results.

nuclei -l hosts.txt -config config.yaml -o results-o.json -je results-je.json

Compare results-o vs results-je to see differences on the number of findings saved in the file.

As the formats are slightly different, you can easily count the number of findings using this script:

echo Findings found in JE file
awk -F 'template-id' '{s+=(NF-1)} END {print s}' output-je.json
echo Findings found in O file
wc -l output-o.json

Anything else:

Using a hosts.txt file with:

www.google.com:443
www.projectdiscovery.com
www.roblox.com:80

The results obtained are: Findings found in JE file 1 Findings found in O file 38

Those results vary almost every time the scan is executed

blockisec commented 6 months ago

can confirm this. I have one finding in the nuclei output but none in the json export file.

dogancanbakir commented 5 months ago

I could not reproduce with a relatively large set of hosts -tried different sizes. I'm sharing my last attempt:

$ wc -l hosts.txt
    1500 hosts.txt

$ wc -l results-o.json                                                           
   27901 results-o.json

$ awk -F 'template-id' '{s+=(NF-1)} END {print s}' results-je.json               
27901
dogancanbakir commented 5 months ago

Closing this. Feel free to reopen if the issue persists.