ehsandeep
commented
4 years ago Hi @michael1026,
Thanks for the feedback and suggestion, I'm not sure if you already checked the dsl matcher, but you can pretty much configure everything, for example, if you looking for a path and not sure about the response, you can use the matcher like this:-
matchers:
- type: dsl
dsl:
- "len(body)>100 && status_code==200" # Body length less than 100 and 200 status codedsl allows many more options listed here https://github.com/projectdiscovery/nuclei-templates/blob/master/GUIDE.md
I hope this partially solves your case, otherwise, we are open to discuss more on this.
michael1026
If I'd like to look for paths that exist, but I'm not sure what's going to be there, it's almost impossible to write a template for that case. For example, if I want to write a test interesting path locations such as
/admin,/api,/upload, I don't know what to look for in the response. It could vary from site to site.What I'm proposing is an option in the template file to auto-configure the response matching per host. How this could work is by requesting non-existent paths on each host to know what the response would look like, then use that to determine if your paths are interesting or not. This is much like the -ac option for ffuf.
I'm happy to help with this, but haven't written very much Go. I might take a shot at it this weekend.