search

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.71k stars 2.51k forks source link

DAST not running #5340

Closed mastercho closed 2 months ago

mastercho commented 4 months ago

Nuclei version: 3.2.9

Current Behavior:

WHen i run -dast i expect to run all fuzz templates like like this https://github.com/projectdiscovery/nuclei-templates/blob/680352214bd86cbf953f11adfe9a55288db0f9cf/http/exposed-panels/adminer-panel-detect.yaml#L36 but currently when use -dast its just automatically completes scan without attempting to run any tempaltes.

Expected Behavior:

To run fuzz templates like before we was able with -fuzz tag

Steps To Reproduce:

nuclei -u https://www.site.com -mhe 80 -dast

Anything else:

Tried on vuln site which supposed to find adminer in fuzz

mastercho commented 2 months ago

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue https://github.com/projectdiscovery/nuclei/issues/5557

dwisiswant0 commented 2 months ago

The template you mentioned is not a DAST template - it doesn't have a fuzzing object. See the fuzzing overview doc.

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue https://github.com/projectdiscovery/nuclei/issues/5557

To your concern - https://github.com/projectdiscovery/nuclei/issues/5557#issuecomment-2308028666

mastercho commented 2 months ago

The template you mentioned is not a DAST template - it doesn't have a fuzzing object. See the fuzzing overview doc.

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue #5557

To your concern - #5557 (comment)

This specific template was running with -fuzz tag before also inside template have fuzz as a tag, which make it to not run by default, if dast is not replacement for fuzz then which one we should use ?

tarunKoyalwar commented 2 months ago

@mastercho , the earlier fuzz category ( before 'dast' ) is now renamed to 'bruteforce' for consistency and avoid confusion , it looks like we need to update tags in some templates

and to run these default ignored templates you need to use -include-tags or -itags flag , something like

nuclei -u example.com -tags bruteforce,fuzz -itags bruteforce,fuzz

temporarily this should work , later on we can omit fuzz when templates are updated

mastercho commented 2 months ago

@mastercho , the earlier fuzz category ( before 'dast' ) is now renamed to 'bruteforce' for consistency and avoid confusion , it looks like we need to update tags in some templates

and to run these default ignored templates you need to use -include-tags or -itags flag , something like

nuclei -u example.com -tags bruteforce,fuzz -itags bruteforce,fuzz

temporarily this should work , later on we can omit fuzz when templates are updated

Thanks @tarunKoyalwar