Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Would be nice if it would be possible to use dynamic variable in the action text headless mode. Either including a 'payloads' within the template or via the CLI with -var syntax. I don't think that's currently possible.
Describe the use case of the feature
Was trying to use the template below to work against DVWA.
id: dvwa-login-headless
info:
name: DVWA Headless Login
author: dma
severity: info
description: |
DVWA Login template for testing.
tags: dvwa,login
headless:
- steps:
- action: navigate
args:
url: "{{BaseURL}}/login.php"
- action: waitload
- action: text
args:
by: x
value: {{username}}
xpath: /html/body/div/div[2]/form/fieldset/input[1]
- action: text
args:
by: x
value: password
xpath: /html/body/div/div[2]/form/fieldset/input[2]
- action: click
args:
by: x
xpath: /html/body/div/div[2]/form/fieldset/p/input
payloads:
username:
- admin
- root
matchers:
- type: word
part: body
words:
- "You have logged in"
Describe your feature request
Would be nice if it would be possible to use dynamic variable in the action text headless mode. Either including a 'payloads' within the template or via the CLI with -var syntax. I don't think that's currently possible.
Describe the use case of the feature
Was trying to use the template below to work against DVWA.
Describe alternatives you've considered
No response
Additional context
No response