nuclei fuzzing seems broken on all 3.2.x

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

https://docs.projectdiscovery.io/tools/nuclei

MIT License

20.72k stars 2.51k forks source link

nuclei fuzzing seems broken on all 3.2.x #5107

Closed bpavesi closed 6 months ago

bpavesi commented 6 months ago

Nuclei version:

3.2.5 to 3.2.0

Current Behavior:

I would try to fuzz a path with nuclei new fuzzing features and i noticed that a fuzzing template of type query that work on 3.1.6 is not working from 3.2.0 to 3.2.5. Also path fuzzing seems broken.

In all test nuclei end with: [FTL] Could not run nuclei: no templates provided for scan

Expected Behavior:

fuzzing template of type query that work on 3.1.6 should work also on 3.2.5

geeknik commented 6 months ago

I believe you need to use the -dast flag since -fuzz is now deprecated. Let me know if that doesn't work for you.

bpavesi commented 6 months ago

@geeknik with -dast flag it works!

tnx