search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.01k stars 2.46k forks source link

[issue] Can't run a scan with only one template #681

Closed pdelteil closed 3 years ago

pdelteil commented 3 years ago

Describe the bug In order to verify bugs I usually run nuclei -t template -u url

Lately this didn't work, for example 

nuclei -t misconfiguration/springboot-detect.yaml  -target https://a.domain.com 

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.3.4

        projectdiscovery.io

[INF] Loading templates...
[INF] [springboot-actuators] Detect the exposure of Springboot Actuators (@that_juan_ & dwisiswant0) [medium]
...truncated
[INF] [access-log-file] Publicly accessible access-log file (@sheikhrishad) [low]
[INF] [laravel-telescope] Laravel Telescope Disclosure (@geeknik) [medium]
[INF] [amazon-mws-auth-token] Amazon MWS Auth Token (@puzzlepeaches) [info]
[INF] [amazon-sns-topic] Amazon SNS Topic Disclosure (@Ice3man) [info]
[INF] [aws-access-key-value] AWS Access Key ID Value (@Swissky) [info]
[INF] [artifactory-api-password] Artifactory Password Disclosure (@Ice3man) [info]
[INF] [artifactory-api-token] Artifactory API Token Disclosure (@Ice3man) [info]
[INF] [bitly-secret-key] Bitly Secret Key Disclosure (@Ice3man) [info]
[INF] [cloudinary-credentials] Cloudinary Credentials Disclosure (@Ice3man) [info]
[INF] [discord-webhook] Discord Webhook Disclosure (@Ice3man) [info]
[INF] [credentials-disclosure] Credentials Disclosure Check (@Sy3Omda) [info]
...truncated
[INF] [qi-anxin-netkang-next-generation-firewall-rce] Qi'anxin Netkang Next Generation Firewall RCE (@pikpikcu) [critical]
[INF] [turbocrm-xss] TurboCRM XSS (@pikpikcu) [medium]
[INF] [rockethchat-unauth-access] RocketChat Unauthenticated Read Access (@rojanrijal) [critical]
[INF] Loading workflows...
[INF] Reduced 213 requests to 179 (35 templates clustered)
[INF] Using 81 rules (81 templates, 0 workflows)
[2021-04-17 21:31:33] [springboot-actuators] [http] [medium] https://a.domain.com/actuator

Nuclei version v2.3.4

pdelteil commented 3 years ago

Maybe the issue is related to another instance is running on the same server?

I ran the command on another server and worked correctly (not running a scan)

ehsandeep commented 3 years ago

@pdelteil this template doesn’t exist and divided into multiple templates here https://github.com/projectdiscovery/nuclei-templates/tree/master/misconfiguration/springboot

pdelteil commented 3 years ago

@pdelteil this template doesn’t exist and divided into multiple templates here https://github.com/projectdiscovery/nuclei-templates/tree/master/misconfiguration/springboot

Thanks for your answer @ehsandeep

I get the same behavior using another template (any other). Does not happen on a server that's not running nuclei.

ehsandeep commented 3 years ago

@pdelteil I tried with executing nuclei side by side at same time on same machine, but unable to reproduce this:- 

nuclei -t openapi.yaml -target https://example.com

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.3.4

        projectdiscovery.io

[INF] Loading templates...
[INF] [openapi] OpenAPI (@pdteam) [info]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[0:00:01] | Templates: 1 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 1/1 (100%)
[INF] No results found. Better luck next time!
pdelteil commented 3 years ago

@pdelteil I tried with executing nuclei side by side at same time on same machine, but unable to reproduce this:-

nuclei -t openapi.yaml -target https://example.com

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.3.4

      projectdiscovery.io

[INF] Loading templates...
[INF] [openapi] OpenAPI (@pdteam) [info]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[0:00:01] | Templates: 1 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 1/1 (100%)
[INF] No results found. Better luck next time!

Hello @ehsandeep ,

I tested again with only one instance running and the issue persists. What else could be??

I don't get any errors, the selected template appears in first position on the 'Loading templates' log.

Screenshot from 2021-04-19 20-58-33 Screenshot from 2021-04-19 20-58-21

pdelteil commented 3 years ago

I did some tests again and using a blank config file solved the issue. I don't know why this happens, the -t flag is supposed to have a higher priority than the config file ?

ehsandeep commented 3 years ago

@pdelteil looks like this is a result of your config settings? in that case, we can close this issue.

the -t flag is supposed to have a higher priority than the config file?

Any flag provided with user input will overwrite the config settings, so yes, if you used CLI -t flag, it will ignore config file and execute templates provided with -t flag.

ehsandeep commented 3 years ago

Closing as this is not an issue with nuclei