Allow passive mode to be run on responses exported from other tools - Githubissues

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

https://docs.projectdiscovery.io/tools/nuclei

MIT License

19.84k stars 2.44k forks source link

Allow passive mode to be run on responses exported from other tools #5414

Open tomdottom opened 1 month ago

tomdottom commented 1 month ago

Please describe your feature request:

Currently a passive scan can be performed on a response saved in a .txt file, or a directory of .txt files:

nucliei -passive -target ./responses/

It would useful to be able to run passive mode against responses stored in other supported formats, for example a burp export:

nuclie -passive -target burp-export.xml -input-mode burp

Describe the use case of this feature:

This would be use of use in situations such as:

Security audits where active scanning & fuzzing are out of scope and request/response data is collected by recording manual interaction with services, ie. when testing critical prod systems
Automated export and passive scans of assets produced by other tools

GeorginaReeder commented 1 month ago

Thanks for your feature request @tomdottom , we'll take a look into this! :)