Nuclei doesn't not run on localhost

[sauravpradhan]

Nuclei version: v3.2.8

Current Behavior:

While executing self made template to access the server nuclei throws error.

Expected Behavior:

Should execute successfully as Windows and Postman is giving response.

Steps To Reproduce:

1) Run nuclei -v -u http://localhost:4000/api -t .\MyFirstTemplate.yaml 2) Response is: [WRN] [eOTA-vulneribility20240529] Could not execute request for http://localhost:4000/api: [:RUNTIME] got err while executing http://localhost:4000/api <- Get "http://localhost:4000/api": errKind=network-permanent-error no address found for host [INF] No results found. Better luck next time!

Anything else:

YAML Template:

id: eOTA-vulneribility20240529 

info:
  name: HTTP BASICS Template
  author: __saurav
  description: Break-in
  severity: info
  tags: eota

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "New Node Server is up and running with volumes"

Postman Response:

CURL Response:

Also this was discussed in Discord sub-thread: https://discord.com/channels/695645237418131507/1245309592573837394

[dogancanbakir]

Couldn't repro this on osx. Here's what I've did to repro the issue:

simple go server:

package main

import (
    "fmt"
    "net/http"
)

func apiHandler(w http.ResponseWriter, r *http.Request) {
    if r.URL.Path != "/api" {
        http.NotFound(w, r)
        return
    }

    w.Header().Set("Content-Type", "text/plain")
    w.Header().Set("Access-Control-Allow-Origin", "http://localhost:4200")
    w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE")
    w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
    w.Header().Set("Access-Control-Allow-Credentials", "true")
    w.WriteHeader(http.StatusOK)

    responseContent := "New Node Server is up and running with volumes. Server version: 4.0"
    fmt.Fprint(w, responseContent)
}

func main() {
    http.HandleFunc("/api", apiHandler)

    port := 4000
    fmt.Printf("Starting server on port %d\n", port)
    if err := http.ListenAndServe(fmt.Sprintf(":%d", port), nil); err != nil {
        fmt.Printf("Error starting server: %s\n", err)
    }
}

template:

id: eOTA-vulneribility20240529 

info:
  name: HTTP BASICS Template
  author: __saurav
  description: Break-in
  severity: info
  tags: eota

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "New Node Server is up and running with volumes"

running go server:

$ go run test.go 
Starting server on port 4000

curl request:

$ curl -I http://localhost:4000/api
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Origin: http://localhost:4200
Content-Type: text/plain
Date: Wed, 29 May 2024 11:59:48 GMT
Content-Length: 67

nuclei:

$ go run . -t test_template.yaml -u http://localhost:4000/api

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.8

                projectdiscovery.io

[INF] Current nuclei version: v3.2.8 (latest)
[INF] Current nuclei-templates version: v9.8.7 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 62
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[eOTA-vulneribility20240529] [http] [info] http://localhost:4000/api

[tarunKoyalwar]

@sauravpradhan, Nuclei resolves IP addresses to domains using the /etc/hosts file in linux/mac, and this includes localhost. On Windows, it uses the ${SystemRoot}/System32/drivers/etc/hosts file. If Nuclei can't resolve localhost, please check if this file has an entry for localhost. If it doesn't, try adding one to see if this resolves the issue.

ref: https://github.com/projectdiscovery/fastdialer/blob/15d01c739e9222312d6e6292989f308145bd93e5/fastdialer/metafiles/hostsfile_windows.go#L6

[sauravpradhan]

@tarunKoyalwar I ll try this and get back if this issue is resolved or not.

[sauravpradhan]

@tarunKoyalwar Added this change to hosts file: C:\Windows\System32\drivers\etc

New error:(Port Closed) [WRN] [eOTA-vulneribility20240529] Could not execute request for http://localhost:4000/api: [:RUNTIME] got err while executing http://localhost:4000/api <- Get "http://localhost:4000/api": errKind=network-permanent-error [address=localhost:4000] port closed or filtered; No connection could be made because the target machine actively refused it.

[Mzack9999]

@sauravpradhan Are you able to reach the port with curl?

[sauravpradhan]

@sauravpradhan Are you able to reach the port with curl?

Yes ,

[dogancanbakir]

Closing this; still not reproducible.

$ curl -I http://localhost:4000/api
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Origin: http://localhost:4000
Content-Type: text/plain
Date: Mon, 05 Aug 2024 11:51:24 GMT
Content-Length: 67

$ go run . -t test_template.yaml -u http://localhost:4000/api

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.0

                projectdiscovery.io

[INF] Current nuclei version: v3.3.0 (latest)
[INF] Current nuclei-templates version: v9.9.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 67
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[eOTA-vulneribility20240529] [http] [info] http://localhost:4000/api