search

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.54k stars 2.5k forks source link

[FEATURE] Add warnings for more visibility when running self-contained templates #5742

Open tarunKoyalwar opened 2 weeks ago

tarunKoyalwar commented 2 weeks ago

Describe your feature request

When writing a template, we often forget to add self-content. When this happens and we try to run it using Nuclei, the program simply exits without showing verbose data. After adding self-content, it works, but there's still no visibility. Strangely, there's no debug statement either. We should improve this to prevent user confusion.

Describe the use case of the feature

Describe alternatives you've considered

Additional context

id: password-complexity-disabled

info:
  name: Password Complexity Requirements Disabled
  author: princechaddha
  severity: high
  description: Checks if password complexity requirements are disabled in Active Directory.
  impact: |
    Weak password policies can lead to easy password guessing attacks.
  remediation: |
    Enable password complexity requirements to ensure strong passwords are used.
  tags: windows,password,active-directory,complexity,disabled

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
      - -File
    pattern: "*.ps1"
    source: |
      Get-ADDefaultDomainPasswordPolicy | Select-Object PasswordComplexityEnabled

    matchers:
      - type: word
        words:
          - "False"
.\nuclei.exe -t test.yaml -code -debug  -svd -v

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.4

                projectdiscovery.io

[VER] Started metrics server at localhost:9092
[WRN] Found 32 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.3.4 (latest)
[INF] Current nuclei-templates version: v10.0.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 255
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from windows
[INF] No results found. Better luck next time!

[!NOTE]

  • This need not be windows specific template and behaviour seems to be reproduced on other simple templates with code protocol as well, the above mentioned template will run but never return any verbose data or anything , but after we add self-contained: true it works as expected
  • the problem could be that matcher-status is not being generated when simply there is not match at all
  • we should verify if matcher-status if adding a pre-condition is generating matcher-status as well
dwisiswant0 commented 1 week ago

This should be a bug, and we should drop a note in docs that: code-protocol-based templates are self-contained, unless they include other protocols in the template.

Also, the CVE-2024-22120 template should be rewritten to an HTTP-protocol-based template. I don't see any need to do it with the code-protocol-based template (it's just too raw & improper or over-engineered). Ref: https://support.zabbix.com/browse/ZBX-24505.

CC: @projectdiscovery/template.