search

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.37k stars 2.49k forks source link

Nuclei Skipping every valid domains #5725

Open the5orcerer opened 1 week ago

the5orcerer commented 1 week ago

Is there an existing issue for this?

Current Behavior

In previous it was good! Nuclei generate outputs but when i updated the latest version i can't see any output i use -v for verbose mode i can clearly see HTTP request is sent but not any output i get. Testing purpose boxes like DVWA, Webgoat everything nuclei is skiping. I use rate limit, timeout, nmhe etc everything but still facing the same issue. (It's happening on list)

Expected Behavior

Nuclei should be response the valid output not skiping targets. It was good on previous update.

Steps To Reproduce

  1. Run nuclei -l URLLIST -t Template

Relevant log output

No response

Environment

Anything else?

No response

exprays commented 4 days ago

Investigation Steps

  1. Created a sample URLLIST with a mix of public websites and common testing domains.
  2. Developed a basic Nuclei template for HTTP detection.
  3. Ran Nuclei with the sample URLLIST and template.

Current Findings

When running Nuclei v3.3.4 with the sample URLLIST and template, I observed the following:

[WRN] Found 1 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.3.4 (latest)
[INF] Current nuclei-templates version: v10.0.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 68
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 10
[basic-http-detection:title] [http] [info] https://example.com ["<title>Example Domain</title>"]
[basic-http-detection:title] [http] [info] http://zero.webappsecurity.com ["<title>Zero - Personal Banking - Loans - Credit Cards</title>"]
[basic-http-detection:title] [http] [info] http://testphp.vulnweb.com ["<title>Home of Acunetix Art</title>"]
[basic-http-detection:title] [http] [info] https://demo.testfire.net ["<title>Altoro Mutual</title>"]
[basic-http-detection:title] [http] [info] https://httpbin.org ["<title>httpbin.org</title>"]

Analysis

  1. Nuclei is processing the templates and URLs successfully.
  2. Results are being reported for 5 out of 10 URLs in the sample URLLIST.
  3. The basic template is working as expected, extracting titles from accessible websites.

Questions and Next Steps

  1. Is the issue still occurring with your original URLLIST and templates?

  2. If so, could you provide:

    • A sanitized version of your original URLLIST (with sensitive URLs removed)?
    • The names or types of templates you were using?
    • Any specific error messages or warnings you were seeing with your original scan?

  3. Have you tried running your original scan with the -debug flag for more detailed output?

  4. Are all the targets in your original URLLIST accessible from your network?

  5. If you're using custom templates, have you verified their compatibility with Nuclei v3.3.4?

This additional information would greatly help in identifying the root cause of the original issue. Based on the current findings, it appears that Nuclei's core functionality is working, but there might be specific conditions in your original setup triggering the problem.

the5orcerer commented 3 days ago

I used this command cat urls.txt | nuclei -t ~/nuclei-templates/http | anew xx.txt Image

As you can see every host is skiping!

the5orcerer commented 3 days ago

I also used -debug i can see nuclei sending request but after than no response catches.