Scanning single target with multiple templates will not generate json report

[miaochiahao]

Describe the bug When scanning a single target with multiple templates, nuclei didn't generate json report.

Nuclei version 2.2.0

Screenshot of the error or bug I used this command:

./nuclei -target http://target.com -t ~/nuclei-templates/cves -t ~/nuclei-templates/security-misconfiguration ~/nuclei-templates/subdomain-takeover -t ~/nuclei-templates/vulnerabilities -json -include-rr -o test_nuclei.json -rate-limit 2000 -v

I'm sure there's a vulnerability, and nuclei found it, but i got no json file output.

when i scan a target with just one template folder, i get right output, and when i scan multiple targets with multiple template folders, i also get right output. That's kind of werid.

[ehsandeep]

Hi @miaochiahao,

It works as expected, do you any example to share here or DM or discord as this is not reproducible on our side.

nuclei -target https://docs.hackerone.com -t missing-x-frame-options.yaml -t missing-hsts.yaml -t tokens -silent -json | jq .

{
  "severity": "low",
  "name": "Clickjacking (Missing XFO header)",
  "matched": "https://docs.hackerone.com",
  "template": "missing-x-frame-options",
  "type": "http",
  "host": "https://docs.hackerone.com",
  "author": "kurohost"
}
{
  "author": "Dawid Czarnecki",
  "severity": "info",
  "matched": "https://docs.hackerone.com",
  "template": "missing-hsts",
  "type": "http",
  "host": "https://docs.hackerone.com",
  "description": "Checks if the HSTS is enabled by looking for Strict Transport Security response header.",
  "name": "Strict Tranposrt Security Not Enforced"
}

[miaochiahao]

try this

[ehsandeep]

Hi @miaochiahao,

This is a feature and not a bug, you can read the details here, following folders are excluded from default run, you can run individual templates, more details here.

fuzzing/
wordlists/
misc/
workflows/