search

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.66k stars 2.51k forks source link

Unknown crash #821

Closed 0xAwali closed 3 years ago

0xAwali commented 3 years ago

Describe the bug

While Trying Rebuild CVS's e.g. CVE-2005-2428 From

requests:
  - method: GET
    path:
      - "{{BaseURL}}/names.nsf/People?OpenView"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        name: domino-username
        regex:
          - '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
        part: body

To Do Something Like That

requests:
  - payloads:
      Subdomains: /home/mahmoud/Wordlist/AllSubdomains.txt
    attack: sniper
    threads: 100

    raw:
      - |
        GET /names.nsf/People?OpenView HTTP/1.1
        Host: {{Subdomains}}
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        name: domino-username
        regex:
          - '(<a href\=\"/names\.nsf/[0-9a-z\/]+\?OpenDocument)'
        part: body

Some Tips To Understand My Template , I'm Trying To FUZZ Host Header e.g. If My Wordlist Contains :- internal.company.com dev.company.com

Nuclei Will Sent Two Requests 

GET /names.nsf/People?OpenView HTTP/1.1
Host: internal.company.com
GET /names.nsf/People?OpenView HTTP/1.1
Host: dev.company.com

So Nuclei Will Work Fine If My Wordlist Is Small e.g. 10 Lines And URL's File Also Small But When My Wordlist Contains e.g. 200 Lines And URL's File 200 URL's , I Got This Error

Screenshot!UNITO-UNDERSCORE!2021-07-09!UNITO-UNDERSCORE!10!UNITO-UNDERSCORE!19!UNITO-UNDERSCORE!39

Here Is My Command

nuclei -c 400 -list urls.txt -t "/cvs/*.yaml" -o CVE.out

Number OF Lines Into urls.txt 145 Lines Number OF Lines Into My Wordlist That Will Use 150 Lines Number OF CVS's 70 Yaml Files

So I Test It Multiple Times And Got The Same Error After e.g. 10-15 Minutes

Nuclei version Current Version: 2.3.8

And Also There Is Another Error While Nuclei Facing HTTP Response Contains HTTP/1.0

Screenshot!UNITO-UNDERSCORE!2021-07-08!UNITO-UNDERSCORE!18!UNITO-UNDERSCORE!25!UNITO-UNDERSCORE!08

ehsandeep commented 3 years ago

@0xAwali can you please paste the complete crash log from the beginning?

0xAwali commented 3 years ago

Start With This

01

Then A Lot Of

02

03

And Then Empty

04

Finally

05

ehsandeep commented 3 years ago

@0xAwali it's a panic error for out of memory, can you confirm your machine config?

0xAwali commented 3 years ago

I'm Sorry But I Can't Get What You Mean So Can You Talk In Details Please , Are You Mean Size Of My Memory ?

ehsandeep commented 3 years ago

Fixed in the latest release.