search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
18.89k stars 2.38k forks source link

[Bug] Httpx does not respond correctly BaseURL #5244

Open jason3e7 opened 2 months ago

jason3e7 commented 2 months ago

Nuclei version:

v3.2.8

Introduction:

My target open 80 port, not open 443 port.

2024-05-31_17-26-25

Current Behavior:

I'm using the nuclei scan a target without protocol. Httpx is automatically used to probe the host for web services in order to run HTTP based templates. However, certain templates fail to work.

Expected Behavior:

When running nuclei on a target without protocol, I expect httpx to be used to identified web service in order to run HTTP based templates.

Steps To Reproduce:

Anything else:

http_httpGet.yaml

id: http_httpGet

info:
  name: http_httpGet
  author: jason3e7
  severity: info

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "<html>"

http_httpGetGet.yaml

id: http_httpGetGet

info:
  name: http_httpGetGet
  author: jason3e7
  severity: info

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "<html>"
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: word
        words:
          - "<html>"
jason3e7 commented 2 months ago

httpx test

2024-05-31_21-15-50