ehsandeep
commented
2 years ago @gbiagomba try installing latest version of nuclei v2.4.2
Closed gbiagomba closed 2 years ago
gbiagomba
commented
2 years ago I updated it and this is what i get (same err it seems)
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.4.2
projectdiscovery.io
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[INF] Using Nuclei Engine 2.4.2
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x49083fb]
goroutine 1 [running]:
github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc0001f0000, 0x0, 0x0)
github.com/projectdiscovery/nuclei/v2/internal/runner/runner.go:345 +0xd5b
main.main()
command-line-arguments/main.go:30 +0x87I will revert back to the version that is working until this gets fixed. But i will happily check from time to time
Mzack9999
commented
2 years ago @gbiagomba Thanks for reporting the issue. Would it be possible to provide the full command line that is causing the error? I tried a few combinations, but the tool seems to run just fine. Thanks!
gbiagomba
commented
2 years ago here is the command nuclei -t /opt/nuclei-templates/cves/ -t /opt/nuclei-templates/exposures/ -t /opt/nuclei-templates/misconfiguration/ -t /opt/nuclei-templates/vulnerabilities/ -t /opt/nuclei-templates/takeovers/ -update-templates -l ssl_targets.list -o tools/nuclei/nuclei_output-$current_time.out -severity critical,high,medium -exclude dos -c 25 -nc | tee -a nuclei_output.txt
Mzack9999
commented
2 years ago Unfortunately, I'm still unable to reproduce this with the latest version 2.4.3. If you are still facing the issue, I'd suggest reaching out to pd-team via DM on our discord as I suspect it might be something related to some edge case target in your list.
Ganapati
commented
2 years ago Same case here, running nuclei arm on rooted mobile (Android)
gbiagomba
commented
2 years ago @Mzack9999 I do not think its the target list, it just seems the tool is existing and I am not getting any output. Here is the command nuclei -t /opt/nuclei-templates/cves/ -t /opt/nuclei-templates/exposures/ -t /opt/nuclei-templates/misconfiguration/ -t /opt/nuclei-templates/vulnerabilities/ -t /opt/nuclei-templates/takeovers/ -update-templates -l url.txt -o tools/nuclei/nuclei_output-$current_time.out -severity critical,high,medium -exclude dos -c 25 -nc -vv | tee -a nuclei_output.txt and here is them output I keep getting
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.4.3
projectdiscovery.io
I tried a specific URL and here is what i got
nuclei -u https://redacted.example.com
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.4.3
projectdiscovery.io
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[INF] Using Nuclei Engine 2.4.3
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x49ea03b]
goroutine 1 [running]:
github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc000156000, 0x0, 0x0)
github.com/projectdiscovery/nuclei/v2/internal/runner/runner.go:361 +0xd5b
main.main()
command-line-arguments/main.go:30 +0x87So i tried building the package from raw source and this is the err am receiving
geeknik
commented
2 years ago Could you try running go clean -cache -modcache -i -r and then try to build nuclei from source again?
terryf82
commented
2 years ago Ran into a similar issue today after upgrading from 2.3.8 -> 2.4.3 and using this command:
/go/bin/nuclei -u https://target.host -silent -json -tags microsoft,iis -ud /nuclei-templates -timeout 30The execution context is a golang:alpine based container running inside of AWS lambda. The error message, "panic: runtime error: invalid memory address or nil pointer dereference", is identical to the error I was receiving back when this issue was reported & fixed in June.
In this case at least, I believe the issue is caused by nuclei not being able to locate the .nuclei-ignore file, which simply cannot exist at /root/.config/nuclei/.nuclei-ignore because of the way lambda functions run. If there was some way to specify the location of this file, or skip using it altogether, would that resolve the issue?
ehsandeep
commented
2 years ago @terryf82 @Ganapati @gbiagomba Can you confirm if this issue is resolved by building nuclei binary from fixed PR - https://github.com/projectdiscovery/nuclei/pull/983?
gbiagomba
commented
2 years ago I'll check shortly
gbiagomba
commented
2 years ago here is what happened when i tried to update it
sudo -EH go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
Password:
go: downloading github.com/projectdiscovery/nuclei v1.1.7
go: downloading github.com/projectdiscovery/nuclei/v2 v2.4.3
go: downloading go.uber.org/atomic v1.9.0
go: downloading github.com/projectdiscovery/stringsutil v0.0.0-20210823090203-2f5f137e8e1d
go: downloading go.uber.org/multierr v1.7.0
go: downloading github.com/owenrumney/go-sarif v1.0.11
go: downloading github.com/segmentio/ksuid v1.0.4
go: downloading github.com/shirou/gopsutil/v3 v3.21.7
go: downloading github.com/shirou/gopsutil v3.21.7+incompatible
go: downloading github.com/mattn/go-runewidth v0.0.13
go: downloading github.com/google/go-querystring v1.1.0
go: downloading golang.org/x/net v0.0.0-20210825183410-e898025ed96a
go: downloading github.com/projectdiscovery/retryabledns v1.0.12
go: downloading github.com/projectdiscovery/fastdialer v0.0.12
go: downloading github.com/projectdiscovery/retryablehttp-go v1.0.2
go: downloading golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
go: downloading github.com/andygrunwald/go-jira v1.14.0
go: downloading github.com/xanzy/go-gitlab v0.50.3
go: downloading github.com/ysmood/gson v0.7.0
go: downloading github.com/zclconf/go-cty v1.9.1
go: downloading github.com/antchfx/xpath v1.2.0
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/spf13/cast v1.4.1
go: downloading golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf
go: downloading github.com/hashicorp/go-retryablehttp v0.7.0
go: downloading golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
go: downloading golang.org/x/text v0.3.7
go: downloading github.com/klauspost/compress v1.13.4
go: downloading github.com/mattn/go-isatty v0.0.13
go: downloading github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d
go: downloading github.com/tklauser/go-sysconf v0.3.8
go: downloading github.com/StackExchange/wmi v1.2.1
go: downloading github.com/golang/snappy v0.0.4
go: downloading github.com/golang/protobuf v1.4.3
go: downloading github.com/go-ole/go-ole v1.2.4
go: downloading github.com/go-ole/go-ole v1.2.5
go: downloading github.com/tklauser/numcpus v0.2.1
go: downloading google.golang.org/protobuf v1.25.0
go: downloading github.com/tklauser/numcpus v0.3.0
go: downloading google.golang.org/protobuf v1.27.1
go: downloading github.com/eggsampler/acme v1.0.0
go: downloading github.com/klauspost/cpuid v1.3.1
go: downloading github.com/projectdiscovery/hmap v0.0.2-0.20210616215655-7b78e7f33d1f
go: downloading github.com/projectdiscovery/networkpolicy v0.0.1
go: downloading github.com/golang-jwt/jwt v3.2.1+incompatible
go: downloading github.com/golang-jwt/jwt v1.0.2
go: downloading github.com/akrylysov/pogreb v0.10.0
go: downloading github.com/dgraph-io/badger v1.6.2
go: downloading go.etcd.io/bbolt v1.3.5
go: downloading github.com/yl2chen/cidranger v1.0.2
go: downloading github.com/projectdiscovery/iputil v0.0.0-20210429152401-c18a5408ca46
go: downloading github.com/golang-jwt/jwt v3.2.2+incompatible
go: downloading github.com/projectdiscovery/iputil v0.0.0-20210804143329-3a30fcde43f3
go: downloading github.com/akrylysov/pogreb v0.10.1
go: downloading go.etcd.io/bbolt v1.3.6
go: downloading github.com/dgraph-io/ristretto v0.0.3
go: downloading github.com/projectdiscovery/mapcidr v0.0.6
go: downloading github.com/dgraph-io/ristretto v0.1.0
go: downloading github.com/projectdiscovery/mapcidr v0.0.8
go: downloading github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96
go: downloading github.com/cespare/xxhash/v2 v2.1.1
go: downloading github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e
go: downloading github.com/golang/glog v1.0.0
go: downloading github.com/cespare/xxhash/v2 v2.1.2
go: downloading github.com/karlseguin/ccache v1.0.1
go: downloading github.com/Knetic/govaluate v1.5.0
go: downloading github.com/tj/go-update v1.0.0
go: downloading github.com/blang/semver v1.1.0
github.com/dgraph-io/badger/options
google.golang.org/protobuf/internal/flags
golang.org/x/sys/internal/unsafeheader
google.golang.org/protobuf/internal/set
github.com/dgraph-io/badger/trie
github.com/golang/groupcache/lru
golang.org/x/net/html/atom
golang.org/x/text/encoding/internal/identifier
golang.org/x/text/internal/utf8internal
golang.org/x/net/internal/iana
github.com/projectdiscovery/blackrock
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/tostring
golang.org/x/text/internal/tag
github.com/projectdiscovery/hmap/store/cache
google.golang.org/protobuf/internal/pragma
github.com/projectdiscovery/stringsutil
github.com/google/go-querystring/query
github.com/mattn/go-runewidth
github.com/akrylysov/pogreb/fs
github.com/akrylysov/pogreb/internal/errors
github.com/akrylysov/pogreb/internal/hash
google.golang.org/protobuf/internal/detrand
google.golang.org/protobuf/internal/version
golang.org/x/net/internal/timeseries
golang.org/x/sys/unix
github.com/cespare/xxhash/v2
github.com/dgraph-io/ristretto/z/simd
github.com/projectdiscovery/goflags
github.com/olekukonko/tablewriter
github.com/dustin/go-humanize
github.com/google/go-github/github
github.com/golang/glog
google.golang.org/protobuf/internal/errors
github.com/AndreasBriese/bbloom
github.com/akrylysov/pogreb
golang.org/x/net/trace
github.com/golang/snappy
github.com/projectdiscovery/nuclei/v2/internal/colorizer
github.com/projectdiscovery/nuclei/v2/pkg/catalog
google.golang.org/protobuf/encoding/protowire
github.com/projectdiscovery/nuclei/v2/pkg/catalog/config
github.com/projectdiscovery/nuclei/v2/pkg/types
github.com/antchfx/xpath
golang.org/x/net/html
github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter
google.golang.org/protobuf/reflect/protoreflect
golang.org/x/text/transform
golang.org/x/text/internal/language
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/deserialization
golang.org/x/net/bpf
github.com/google/uuid
github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/load
golang.org/x/text/encoding
golang.org/x/text/runes
github.com/projectdiscovery/nuclei/v2/pkg/operators/common/dsl
golang.org/x/text/encoding/internal
github.com/projectdiscovery/interactsh/pkg/storage
go.uber.org/atomic
golang.org/x/text/unicode/bidi
github.com/syndtr/goleveldb/leveldb/table
golang.org/x/text/encoding/charmap
google.golang.org/protobuf/internal/encoding/messageset
google.golang.org/protobuf/internal/strs
google.golang.org/protobuf/internal/genid
google.golang.org/protobuf/internal/order
google.golang.org/protobuf/internal/encoding/text
google.golang.org/protobuf/reflect/protoregistry
google.golang.org/protobuf/runtime/protoiface
google.golang.org/protobuf/internal/descfmt
google.golang.org/protobuf/internal/descopts
golang.org/x/text/encoding/japanese
golang.org/x/text/encoding/korean
github.com/dgraph-io/badger/y
github.com/dgraph-io/ristretto/z
github.com/syndtr/goleveldb/leveldb
google.golang.org/protobuf/proto
go.etcd.io/bbolt
github.com/dgraph-io/badger/table
google.golang.org/protobuf/internal/encoding/defval
golang.org/x/text/encoding/simplifiedchinese
golang.org/x/text/encoding/traditionalchinese
golang.org/x/text/encoding/unicode
golang.org/x/text/internal/language/compact
golang.org/x/text/language
github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers
google.golang.org/protobuf/encoding/prototext
google.golang.org/protobuf/internal/filedesc
github.com/dgraph-io/badger/skl
golang.org/x/net/internal/socket
github.com/projectdiscovery/clistats
golang.org/x/text/secure/bidirule
golang.org/x/text/unicode/norm
golang.org/x/net/http2/hpack
github.com/zclconf/go-cty/cty/set
github.com/projectdiscovery/nuclei/v2/pkg/progress
golang.org/x/net/context/ctxhttp
github.com/hashicorp/go-retryablehttp
golang.org/x/time/rate
github.com/golang-jwt/jwt
golang.org/x/oauth2/internal
go.uber.org/multierr
github.com/ysmood/gson
golang.org/x/net/ipv4
golang.org/x/net/ipv6
golang.org/x/oauth2
github.com/projectdiscovery/mapcidr
github.com/go-rod/rod/lib/utils
github.com/andygrunwald/go-jira
golang.org/x/text/encoding/htmlindex
github.com/xanzy/go-gitlab
github.com/go-rod/rod/lib/defaults
golang.org/x/net/html/charset
github.com/go-rod/rod/lib/proto
github.com/go-rod/rod/lib/cdp
github.com/projectdiscovery/iputil
github.com/yl2chen/cidranger/net
google.golang.org/protobuf/internal/encoding/tag
golang.org/x/net/idna
github.com/antchfx/htmlquery
github.com/zclconf/go-cty/cty
github.com/yl2chen/cidranger
github.com/go-rod/rod/lib/launcher
google.golang.org/protobuf/internal/impl
github.com/miekg/dns
github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors
github.com/segmentio/ksuid
github.com/projectdiscovery/networkpolicy
github.com/projectdiscovery/nuclei/v2/pkg/operators
github.com/shirou/gopsutil/v3/internal/common
golang.org/x/net/http/httpguts
github.com/tklauser/go-sysconf
golang.org/x/net/http2
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/compare
github.com/spf13/cast
golang.org/x/net/internal/socks
golang.org/x/net/publicsuffix
github.com/shirou/gopsutil/v3/cpu
github.com/shirou/gopsutil/v3/mem
github.com/shirou/gopsutil/v3/net
golang.org/x/net/proxy
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/race
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/raw
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions
github.com/klauspost/compress/flate
github.com/owenrumney/go-sarif/sarif
github.com/klauspost/pgzip
github.com/c4milo/unpackit
github.com/tj/go-update
github.com/projectdiscovery/retryablehttp-go
github.com/projectdiscovery/rawhttp
github.com/tj/go-update/stores/github
google.golang.org/protobuf/internal/filetype
google.golang.org/protobuf/runtime/protoimpl
google.golang.org/protobuf/types/descriptorpb
github.com/projectdiscovery/retryabledns
github.com/projectdiscovery/interactsh/pkg/server
github.com/projectdiscovery/nuclei/v2/pkg/protocols/dns/dnsclientpool
github.com/projectdiscovery/interactsh/pkg/client
github.com/projectdiscovery/nuclei/v2/pkg/output
google.golang.org/protobuf/reflect/protodesc
github.com/projectdiscovery/nuclei/v2/pkg/reporting/dedupe
github.com/projectdiscovery/nuclei/v2/pkg/reporting/format
github.com/projectdiscovery/nuclei/v2/pkg/reporting/trackers/gitlab
github.com/projectdiscovery/nuclei/v2/pkg/reporting/trackers/jira
github.com/projectdiscovery/nuclei/v2/pkg/reporting/trackers/github
github.com/projectdiscovery/nuclei/v2/pkg/reporting/exporters/sarif
github.com/projectdiscovery/nuclei/v2/pkg/reporting/exporters/disk
github.com/projectdiscovery/nuclei/v2/pkg/reporting
github.com/golang/protobuf/proto
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh
github.com/go-rod/rod/lib/devices
github.com/go-rod/rod/lib/input
github.com/dgraph-io/badger/pb
github.com/dgraph-io/badger
github.com/go-rod/rod
github.com/shirou/gopsutil/v3/process
github.com/projectdiscovery/hmap/store/disk
github.com/projectdiscovery/hmap/store/hybrid
github.com/projectdiscovery/nuclei/v2/pkg/projectfile
github.com/projectdiscovery/fastdialer/fastdialer
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate
github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/httpclientpool
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit
github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine
# github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine
/Users/gbiago909/go/pkg/mod/github.com/projectdiscovery/nuclei/v2@v2.4.3/pkg/protocols/headless/engine/page_actions.go:469:27: too many arguments in call to page.Search
have (number, number, string)
want (string)
/Users/gbiago909/go/pkg/mod/github.com/projectdiscovery/nuclei/v2@v2.4.3/pkg/protocols/headless/engine/page_actions.go:473:9: invalid argument elms (type *rod.SearchResult) for len
/Users/gbiago909/go/pkg/mod/github.com/projectdiscovery/nuclei/v2@v2.4.3/pkg/protocols/headless/engine/page_actions.go:474:15: invalid operation: elms[0] (type *rod.SearchResult does not support indexing)Hi @gbiagomba, Try to copy-paste the below step to build nuclei from fixed PR and let me know if you still see the crash.
git clone https://github.com/projectdiscovery/nuclei; cd nuclei/v2/cmd/nuclei; git checkout fix-crashes-config; go build; ./nuclei@ehsandeep it looks like you merged this into dev and deleted fix-crashes-config before I had a chance to test it out, so the following results are from testing against the latest commit to dev.
After building the nuclei binary from source and adding it to my Dockerfile, I was able to run manual scans inside of a container successfully. However, the error mentioned above continued to happen when the container was deployed to run under AWS Lambda, because of the execution context, which cannot be changed.
I realise the Lambda setup is not a typical one, but being able to specify the path to the nuclei config folder would help a lot here. For now my solution is to reconfigure the expected path for the config folder in my Dockerfile, so that it is available within the Lambda context:
RUN cp -R ~/.config /
ENV HOME=/I had previously tried to specify a custom config file as an argument using -config /custom-config.yaml hoping that would remove the check for the default file which was causing the crash, but it seems that this approach can only add to the settings from the default file, not replace them?
ehsandeep
commented
2 years ago @terryf82 thank you for sharing the feedback, You can definitely specify custom config from any location without checking the default one but that applies for this config /.config/nuclei/config.yaml file only and not the /.config/nuclei/.nuclei-ignore and that might cause the issue in your case If I understood it correctly?
Is it also feasible for you to join https://discord.gg/projectdiscovery, that will assist us to understand the issue you're having?
terryf82
commented
2 years ago @ehsandeep yes, the assumption that ~/.config/nuclei/.nuclei-ignore will always be available is a problem when running inside a container through AWS Lambda, because user folders are not available as part of the Lambda execution context.
I'm already logged into the pd-community discord, I'll message @pd-team there in case you need any further info.
gbiagomba
commented
2 years ago so should i do git checkout dev instead?
gbiagomba
commented
2 years ago This is the output i got
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.4.4-dev
projectdiscovery.io
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[INF] Using Nuclei Engine 2.4.4-dev
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x4c04b5b]
goroutine 1 [running]:
github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc0003005a0, 0x0, 0x0)
/opt/nuclei/v2/internal/runner/runner.go:381 +0xe3b
main.main()
/opt/nuclei/v2/cmd/nuclei/main.go:32 +0x87btw the tools works great in docker but not when i compile it on my mac
ehsandeep
commented
2 years ago @gbiagomba thanks again, can you copy-paste the complete crash log?
gbiagomba
commented
2 years ago My pleasure, I am not sure if this is what you were looking for but
./nuclei |& pp
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.4.4-dev
projectdiscovery.io
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[INF] Using Nuclei Engine 2.4.4-dev
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x4c04b5b]
To see all goroutines, visit https://github.com/maruel/panicparse#gotraceback
1: running
runner runner.go:381 (*Runner).RunEnumeration(*Runner(0xc00037a640), 0x0, 0x0)
main main.go:32 main()And the tool I used was https://golangrepo.com/repo/maruel-panicparse--go-error-handling
terryf82
commented
2 years ago @ehsandeep FYI - the line numbers & addresses above are the same as what I was seeing when running in Docker, prior to reconfiguring the path to the config dir.
gbiagomba
commented
2 years ago I am not sure if this is helpful but here goes
go version)?$ go version go version go1.16.6 darwin/amd64
go env)?go env Output$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/var/root/Library/Caches/go-build" GOENV="/var/root/Library/Application Support/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="/Users/gbiago909/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/gbiago909/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/Cellar/go/1.16.6/libexec" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/Cellar/go/1.16.6/libexec/pkg/tool/darwin_amd64" GOVCS="" GOVERSION="go1.16.6" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/opt/nuclei/v2/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/j5/t3kln5r959vc5bfr4hp20vmh0000gn/T/go-build4150747171=/tmp/go-build -gno-record-gcc-switches -fno-common" GOROOT/bin/go version: go version go1.16.6 darwin/amd64 GOROOT/bin/go tool compile -V: compile version go1.16.6 uname -v: Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 ProductName: Mac OS X ProductVersion: 10.15.6 BuildVersion: 19G2021 lldb --version: lldb-1103.0.22.10 Apple Swift version 5.2.4 (swiftlang-1103.0.32.9 clang-1103.0.32.53)
gbiagomba
commented
2 years ago I upgraded to version 2.5 and here is what happens when i just run it as nuclei -v. Its at least running dry and not failing lol
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.5.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[WRN] Could not update templates: could not write template configuration: open /Users/gbiago909/.config/nuclei/.templates-config.json: permission denied
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/grav-cms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/default-logins/szhe/szhe-default-password.yaml: yaml: unmarshal errors:
line 8: field vendor not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/network/expn-mail-detect.yaml: yaml: unmarshal errors:
line 13: field read-size not found in type network.Input
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/wazuh-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/shopware-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-19985.yaml: yaml: unmarshal errors:
line 8: field refrense not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-20141.yaml: yaml: unmarshal errors:
line 8: field refrense not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-27986.yaml: yaml: unmarshal errors:
line 11: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-4463.yaml: yaml: unmarshal errors:
line 13: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/miscellaneous/unencrypted-bigip-ltm-cookie.yaml: yaml: unmarshal errors:
line 8: field mitigation not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/moinmoin-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-6112.yaml: yaml: unmarshal errors:
line 8: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/sap-web-dispatcher-admin-portal.yaml: yaml: unmarshal errors:
line 22: field conditions not found in type matchers.Matcher
line 28: field conditions not found in type matchers.Matcher
line 35: field conditions not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/other/jfrog-unauth-build-exposed.yaml: yaml: unmarshal errors:
line 7: field referemce not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-18394.yaml: yaml: unmarshal errors:
line 8: field refrense not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-12725.yaml: yaml: unmarshal errors:
line 12: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/other/bullwark-momentum-lfi.yaml: yaml: unmarshal errors:
line 32: field word not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/opencast-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/generic/top-xss-params.yaml: yaml: unmarshal errors:
line 9: field parameters not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/exposed-panels/sophos-fw-version-detect.yaml: yaml: unmarshal errors:
line 23: field condition not found in type http.Request
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/misconfiguration/aem/aem-crx-bypass.yaml: yaml: unmarshal errors:
line 32: field word not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/other/ruijie-networks-rce.yaml: yaml: unmarshal errors:
line 8: field vendor not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/plone-cms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/other/zms-auth-bypass.yaml: yaml: unmarshal errors:
line 7: field refernce not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2018/CVE-2018-1335.yaml: yaml: unmarshal errors:
line 8: field edb not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-14864.yaml: yaml: unmarshal errors:
line 6: field cvss not found in type model.Info
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/prototype-pollution-check.yaml: cannot create template executer
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2021/CVE-2021-22986.yaml: yaml: unmarshal errors:
line 9: field advisory not found in type model.Info
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/extract-urls.yaml: cannot create template executer
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/exposed-panels/unauthenticated-frp.yaml: yaml: unmarshal errors:
line 8: field vendor not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2009/CVE-2009-1151.yaml: yaml: unmarshal errors:
line 9: field vulhub not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/exposures/configs/exposed-gitignore.yaml: yaml: unmarshal errors:
line 39: field condtion not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/mautic-crm-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
line 17: field matcherscondition not found in type http.Request
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-12461.yaml: yaml: unmarshal errors:
line 10: field software not found in type model.Info
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/postmessage-tracker.yaml: cannot create template executer
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-16097.yaml: yaml: unmarshal errors:
line 8: field issues not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/other/etouch-v2-sqli.yaml: yaml: unmarshal errors:
line 7: field refrence not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2017/CVE-2017-16806.yaml: yaml: unmarshal errors:
line 25: field conditon not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/bolt-cms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/network/starttls-mail-detect.yaml: yaml: unmarshal errors:
line 13: field read-size not found in type network.Input
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/misconfiguration/unauthenticated-varnish-cache-purge.yaml: yaml: unmarshal errors:
line 8: field hackerone not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/octobercms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/strapi-cms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2015/CVE-2015-8813.yaml: yaml: unmarshal errors:
line 8: field refrense not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2016/CVE-2016-0957.yaml: yaml: unmarshal errors:
line 15: field header not found in type http.Request
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/exposures/tokens/generic/shoppable-token.yaml: yaml: unmarshal errors:
line 7: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/.pre-commit-config.yaml: yaml: unmarshal errors:
line 1: field repos not found in type templates.Template
[WRN] Could not load template /Users/gbiago909/nuclei-templates/.pre-commit-config.yaml: mandatory 'name' field is missing
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2021/CVE-2021-24176.yaml: yaml: unmarshal errors:
line 8: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/bookstack-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2018/CVE-2018-2894.yaml: yaml: unmarshal errors:
line 22: field conditon not found in type matchers.Matcher
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-17558.yaml: yaml: unmarshal errors:
line 6: field refrense not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/misconfiguration/unauthenticated-nacos-access.yaml: yaml: unmarshal errors:
line 7: field issues not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/network/rdp-detect.yaml: yaml: unmarshal errors:
line 13: field read-size not found in type network.Input
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/window-name-domxss.yaml: cannot create template executer
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/vulnerabilities/lsoft/listserv_maestro_rce.yaml: yaml: unmarshal errors:
line 25: field condition not found in type extractors.Extractor
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/exposed-panels/zte-panel.yaml: yaml: unmarshal errors:
line 19: field condtion not found in type matchers.Matcher
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/dvwa-headless-automatic-login.yaml: cannot create template executer
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-17506.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2018/CVE-2018-13380.yaml: yaml: unmarshal errors:
line 8: field type not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/technologies/rhymix-cms-detect.yaml: yaml: unmarshal errors:
line 9: field references not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-15500.yaml: yaml: unmarshal errors:
line 8: field source not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2015/CVE-2015-5688.yaml: yaml: unmarshal errors:
line 7: field issues not found in type model.Info
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/cves/2021/CVE-2021-26722.yaml: yaml: unmarshal errors:
line 10: field issues not found in type model.Info
[WRN] Found 59 templates with syntax warning (use -validate flag for further examination)
[INF] Using Nuclei Engine 2.5.0
[INF] Using Interactsh Server https://interact.sh
[INF] Templates added in last update: 0
[INF] Templates loaded for scan: 1653
[INF] No results found. Better luck next time!When i ran the command nuclei -t /opt/nuclei-templates/cves/ -t /opt/nuclei-templates/exposures/ -t /opt/nuclei-templates/misconfiguration/ -t /opt/nuclei-templates/vulnerabilities/ -t /opt/nuclei-templates/takeovers/ -update-templates -l ssl_targets.list -o tools/nuclei/nuclei_output-$current_time.out -severity critical,high,medium -exclude dos -c 25 -nc | tee -a nuclei_output.txt against a target file this is what happened:
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.5.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.I also tried running it in docker and now it does not seem to recognize the local files for -t i had to mount the template file to the docker image and manually point nuclei to it for it to load the templates. I can create a seperate ticket with those details if you like
forgedhallpass
commented
2 years ago Hello @gbiagomba,
With regards to your previous comment with regards to upgrading to 2.5.0, please note the following:
[WRN] Could not update templates: could not write template configuration: open /Users/gbiago909/.config/nuclei/.templates-config.json: permission denied
[ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directoryIt seems that you have some permission issues in you environment.
We have introduced stricter template validation in v2.5.0 that will give out warnings if the templates on your machine contain errors. The errors within the public nuclei-templates directory have been fixed prior the release, hence after a successful update, you should not see such warnings anymore.
p.s. in your last comment, you haven't inserted the full execution log (only the banner and the disclaimer), hence I am not sure what problems are you referring to.
gbiagomba
commented
2 years ago Hello,
That was literally all that i got in my ouput. I will try dry run using sudo & another loaded run with -v.
Stay tuned!
gbiagomba
commented
2 years ago @forgedhallpass
Here is the latest run sudo nuclei -v -t /opt/nuclei-templates/cves/ -t /opt/nuclei-templates/exposures/ -t /opt/nuclei-templates/misconfiguration/ -t /opt/nuclei-templates/vulnerabilities/ -t /opt/nuclei-templates/takeovers/ -update-templates -l ssl_targets.list -o tools/nuclei/nuclei_output-$current_time.out -severity critical,high,medium -exclude dos -c 25 -nc | tee -a nuclei_output.txt; sudo nuclei -v
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.5.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[VER] Downloading config file from https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/.nuclei-ignore
[INF] nuclei-templates are not installed, installing...
[VER] Downloading nuclei-templates (v8.5.0) to /Users/gbiago909/nuclei-templates
Newly added templates:
cves/2005/CVE-2005-4385.yaml
cves/2006/CVE-2006-1681.yaml
cves/2008/CVE-2008-4668.yaml
cves/2008/CVE-2008-4764.yaml
cves/2008/CVE-2008-6172.yaml
cves/2008/CVE-2008-6668.yaml
cves/2009/CVE-2009-0932.yaml
cves/2009/CVE-2009-5114.yaml
cves/2010/CVE-2010-0943.yaml
cves/2010/CVE-2010-0944.yaml
cves/2010/CVE-2010-0985.yaml
cves/2010/CVE-2010-1219.yaml
cves/2010/CVE-2010-1304.yaml
cves/2010/CVE-2010-1305.yaml
cves/2010/CVE-2010-1306.yaml
cves/2010/CVE-2010-1307.yaml
cves/2010/CVE-2010-1313.yaml
cves/2010/CVE-2010-1314.yaml
cves/2010/CVE-2010-1345.yaml
cves/2010/CVE-2010-1353.yaml
cves/2010/CVE-2010-1354.yaml
cves/2010/CVE-2010-1470.yaml
cves/2010/CVE-2010-1471.yaml
cves/2010/CVE-2010-1474.yaml
cves/2010/CVE-2010-1475.yaml
cves/2010/CVE-2010-1476.yaml
cves/2010/CVE-2010-1494.yaml
cves/2010/CVE-2010-1495.yaml
cves/2010/CVE-2010-1532.yaml
cves/2010/CVE-2010-1533.yaml
cves/2010/CVE-2010-1535.yaml
cves/2010/CVE-2010-1601.yaml
cves/2010/CVE-2010-1602.yaml
cves/2010/CVE-2010-1657.yaml
cves/2010/CVE-2010-1659.yaml
cves/2010/CVE-2010-1714.yaml
cves/2010/CVE-2010-1717.yaml
cves/2010/CVE-2010-1718.yaml
cves/2010/CVE-2010-1722.yaml
cves/2010/CVE-2010-1875.yaml
cves/2010/CVE-2010-1953.yaml
cves/2010/CVE-2010-1954.yaml
cves/2010/CVE-2010-1955.yaml
cves/2010/CVE-2010-1979.yaml
cves/2010/CVE-2010-1980.yaml
cves/2010/CVE-2010-1981.yaml
cves/2010/CVE-2010-1983.yaml
cves/2010/CVE-2010-2033.yaml
cves/2010/CVE-2010-2035.yaml
cves/2010/CVE-2010-2036.yaml
cves/2010/CVE-2010-2122.yaml
cves/2010/CVE-2010-2259.yaml
cves/2010/CVE-2010-2682.yaml
cves/2010/CVE-2010-3426.yaml
cves/2010/CVE-2010-4617.yaml
cves/2010/CVE-2010-5278.yaml
cves/2011/CVE-2011-4336.yaml
cves/2011/CVE-2011-4804.yaml
cves/2012/CVE-2012-0991.yaml
cves/2012/CVE-2012-4253.yaml
cves/2012/CVE-2012-4878.yaml
cves/2013/CVE-2013-5979.yaml
cves/2014/CVE-2014-4535.yaml
cves/2014/CVE-2014-4536.yaml
cves/2014/CVE-2014-4940.yaml
cves/2014/CVE-2014-5368.yaml
cves/2014/CVE-2014-8799.yaml
cves/2015/CVE-2015-2807.yaml
cves/2015/CVE-2015-3648.yaml
cves/2015/CVE-2015-4050.yaml
cves/2015/CVE-2015-5461.yaml
cves/2015/CVE-2015-6544.yaml
cves/2015/CVE-2015-8349.yaml
cves/2015/CVE-2015-9414.yaml
cves/2016/CVE-2016-1000139.yaml
cves/2016/CVE-2016-1000146.yaml
cves/2016/CVE-2016-1000148.yaml
cves/2016/CVE-2016-1000149.yaml
cves/2016/CVE-2016-1000153.yaml
cves/2016/CVE-2016-1000155.yaml
cves/2016/CVE-2016-10993.yaml
cves/2016/CVE-2016-2389.yaml
cves/2016/CVE-2016-6277.yaml
cves/2016/CVE-2016-7981.yaml
cves/2017/CVE-2017-14651.yaml
cves/2017/CVE-2017-15647.yaml
cves/2017/CVE-2017-18024.yaml
cves/2017/CVE-2017-18638.yaml
cves/2017/CVE-2017-4011.yaml
cves/2017/CVE-2017-6090.yaml
cves/2018/CVE-2018-10095.yaml
cves/2018/CVE-2018-10818.yaml
cves/2018/CVE-2018-12095.yaml
cves/2018/CVE-2018-14013.yaml
cves/2018/CVE-2018-15473.yaml
cves/2018/CVE-2018-15517.yaml
cves/2018/CVE-2018-15745.yaml
cves/2018/CVE-2018-16167.yaml
cves/2018/CVE-2018-16288.yaml
cves/2018/CVE-2018-19458.yaml
cves/2018/CVE-2018-20470.yaml
cves/2018/CVE-2018-5233.yaml
cves/2018/CVE-2018-6008.yaml
cves/2018/CVE-2018-8719.yaml
cves/2019/CVE-2019-0193.yaml
cves/2019/CVE-2019-12276.yaml
cves/2019/CVE-2019-14312.yaml
cves/2019/CVE-2019-15501.yaml
cves/2019/CVE-2019-16313.yaml
cves/2019/CVE-2019-17503.yaml
cves/2019/CVE-2019-7238.yaml
cves/2019/CVE-2019-8937.yaml
cves/2020/CVE-2020-11455.yaml
cves/2020/CVE-2020-11547.yaml
cves/2020/CVE-2020-12800.yaml
cves/2020/CVE-2020-25223.yaml
cves/2020/CVE-2020-26153.yaml
cves/2020/CVE-2020-27361.yaml
cves/2020/CVE-2020-27735.yaml
cves/2020/CVE-2020-28976.yaml
cves/2020/CVE-2020-29453.yaml
cves/2020/CVE-2020-35598.yaml
cves/2020/CVE-2020-35774.yaml
cves/2020/CVE-2020-6171.yaml
cves/2020/CVE-2020-6637.yaml
cves/2020/CVE-2020-7796.yaml
cves/2020/CVE-2020-9036.yaml
cves/2021/CVE-2021-20090.yaml
cves/2021/CVE-2021-20091.yaml
cves/2021/CVE-2021-20092.yaml
cves/2021/CVE-2021-21816.yaml
cves/2021/CVE-2021-22145.yaml
cves/2021/CVE-2021-24235.yaml
cves/2021/CVE-2021-24288.yaml
cves/2021/CVE-2021-26084.yaml
cves/2021/CVE-2021-26086.yaml
cves/2021/CVE-2021-27561.yaml
cves/2021/CVE-2021-28918.yaml
cves/2021/CVE-2021-29484.yaml
cves/2021/CVE-2021-3017.yaml
cves/2021/CVE-2021-31856.yaml
cves/2021/CVE-2021-32030.yaml
cves/2021/CVE-2021-32305.yaml
cves/2021/CVE-2021-32819.yaml
cves/2021/CVE-2021-3297.yaml
cves/2021/CVE-2021-33807.yaml
cves/2021/CVE-2021-34370.yaml
cves/2021/CVE-2021-34473.yaml
cves/2021/CVE-2021-35336.yaml
cves/2021/CVE-2021-36380.yaml
cves/2021/CVE-2021-37216.yaml
cves/2021/CVE-2021-37538.yaml
cves/2021/CVE-2021-37573.yaml
cves/2021/CVE-2021-37704.yaml
cves/2021/CVE-2021-38702.yaml
cves/2021/CVE-2021-38751.yaml
default-logins/abb/cs141-default-login.yaml
default-logins/azkaban/azkaban-web-client-default-creds.yaml
default-logins/guacamole/guacamole-default-login.yaml
default-logins/vidyo/vidyo-default-credentials.yaml
default-logins/wso2/wso2-default-password.yaml
dns/can-i-take-over-dns.yaml
dns/cname-service-detection.yaml
dns/dnssec-detection.yaml
exposed-panels/3g-wireless-gateway.yaml
exposed-panels/azkaban-web-client.yaml
exposed-panels/bazarr-login.yaml
exposed-panels/camunda-login-panel.yaml
exposed-panels/cerebro-panel.yaml
exposed-panels/cisco-meraki-exposure.yaml
exposed-panels/cisco-sendgrid.yaml
exposed-panels/clearpass-policy-manager.yaml
exposed-panels/dell-openmanager-login.yaml
exposed-panels/epson-unauthorized-access-detect.yaml
exposed-panels/epson-web-control-detect.yaml
exposed-panels/f-secure-policy-manager.yaml
exposed-panels/glpi-authentication.yaml
exposed-panels/gxd5-pacs-connexion-utilisateur.yaml
exposed-panels/hitron-technologies.yaml
exposed-panels/honeywell-web-controller.yaml
exposed-panels/hp-ilo-5.yaml
exposed-panels/hp-service-manager.yaml
exposed-panels/ibm-note-login.yaml
exposed-panels/identity-services-engine.yaml
exposed-panels/lacie-panel.yaml
exposed-panels/mongodb-ops-manager.yaml
exposed-panels/nginx-proxy-manager.yaml
exposed-panels/r-webserver-login.yaml
exposed-panels/server-backup-manager-se.yaml
exposed-panels/sgp-login-panel.yaml
exposed-panels/sidekiq-dashboard.yaml
exposed-panels/tectuus-scada-monitor.yaml
exposed-panels/tracer-sc-login.yaml
exposed-panels/web-service-panel.yaml
exposed-panels/whm-login-detect.yaml
exposed-panels/wowza-streaming-engine.yaml
exposed-panels/xvr-login.yaml
exposures/apis/couchbase-buckets-api.yaml
exposures/configs/appspec-yml-disclosure.yaml
exposures/configs/codeigniter-env.yaml
exposures/configs/dbeaver-credentials.yaml
exposures/configs/firebase-config-exposure.yaml
exposures/configs/qdpm-info-leak.yaml
exposures/configs/ruijie-eg-password-leak.yaml
exposures/configs/ruijie-nbr1300g-cli-password-leak.yaml
exposures/files/axis-happyaxis.yaml
exposures/files/crossdomin-xml.yaml
exposures/files/db-schema.yaml
exposures/files/github-gemfile-files.yaml
exposures/files/github-page-config.yaml
exposures/files/glpi-status-ldap-domain-disclosure.yaml
exposures/files/glpi-telemetry-disclosure.yaml
exposures/files/iceflow-vpn-disclosure.yaml
exposures/files/webpack-sourcemap-disclosure.yaml
exposures/logs/django-debug-exposure.yaml
exposures/tokens/docker/dockercfg-config.yaml
file/keys/github-personal-token.yaml
file/perl/perl-scanner.yaml
file/php/php-scanner.yaml
file/xss/dom-xss.yaml
fuzzing/prestashop-module-fuzz.yaml
fuzzing/wordpress-weak-credentials.yaml
helpers/wordlists/prestashop-modules.txt
helpers/wordlists/wp-passwords.txt
helpers/wordlists/wp-users.txt
iot/qvisdvr-deserialization-rce.yaml
miscellaneous/aws-ecs-container-agent-tasks.yaml
misconfiguration/akamai-arl-xss.yaml
misconfiguration/android-debug-database-exposed.yaml
misconfiguration/grafana-public-signup.yaml
misconfiguration/http-missing-security-headers.yaml
misconfiguration/kubernetes/kubernetes-metrics.yaml
misconfiguration/kubernetes/kubernetes-pods.yaml
misconfiguration/kubernetes/kubernetes-resource-report.yaml
misconfiguration/node-exporter-metrics.yaml
misconfiguration/office365-open-redirect.yaml
misconfiguration/springboot/springboot-autoconfig.yaml
misconfiguration/springboot/springboot-dump.yaml
misconfiguration/springboot/springboot-health.yaml
misconfiguration/springboot/springboot-metrics.yaml
misconfiguration/springboot/springboot-threaddump.yaml
misconfiguration/viewpoint-system-status.yaml
misconfiguration/zabbix-dashboards-access.yaml
network/cisco-smi-exposure.yaml
network/clickhouse-unauth.yaml
network/exposed-adb.yaml
network/ftp-default-credentials.yaml
network/ftp-weak-credentials.yaml
takeovers/announcekit-takeover.yaml
technologies/abyss-web-server.yaml
technologies/achecker-detect.yaml
technologies/acontent-detect.yaml
technologies/adobe-coldfusion-detector.yaml
technologies/apache-axis-detect.yaml
technologies/apache-guacamole.yaml
technologies/avantfax-detect.yaml
technologies/bigbluebutton-detect.yaml
technologies/centreon-detect.yaml
technologies/craft-cms-detect.yaml
technologies/dolibarr-detect.yaml
technologies/froxlor-detect.yaml
technologies/gespage-detect.yaml
technologies/getsimple-cms-detector.yaml
technologies/glpi-cms-detect.yaml
technologies/influxdb-detect.yaml
technologies/itop-detect.yaml
technologies/jeedom-detect.yaml
technologies/jenkins-detect.yaml
technologies/kubernetes-enterprise-manager.yaml
technologies/kubernetes-mirantis.yaml
technologies/oneblog-detect.yaml
technologies/opensis-detect.yaml
technologies/openx-detect.yaml
technologies/operations-automation-default-page.yaml
technologies/oracle-iplanet-web-server.yaml
technologies/owasp-juice-shop-detected.yaml
technologies/phpcollab-detect.yaml
technologies/sage-detect.yaml
technologies/synology-web-station.yaml
technologies/teradici-pcoip.yaml
technologies/wondercms-detect.yaml
technologies/wordpress-gotmls-detect.yaml
technologies/wso2-apimanager-detect.yaml
vulnerabilities/generic/cors-misconfig.yaml
vulnerabilities/generic/generic-blind-xxe.yaml
vulnerabilities/generic/generic-linux-lfi.yaml
vulnerabilities/generic/generic-windows-lfi.yaml
vulnerabilities/generic/xmlrpc-pingback-ssrf.yaml
vulnerabilities/jenkins/jenkins-script.yaml
vulnerabilities/jenkins/unaunthenticated-jenkin.yaml
vulnerabilities/oracle/oracle-siebel-xss.yaml
vulnerabilities/other/bems-api-lfi.yaml
vulnerabilities/other/beward-ipcamera-disclosure.yaml
vulnerabilities/other/bitrix-open-redirect.yaml
vulnerabilities/other/buffalo-config-injection.yaml
vulnerabilities/other/caucho-resin-info-disclosure.yaml
vulnerabilities/other/commax-biometric-auth-bypass.yaml
vulnerabilities/other/comtrend-password-exposure.yaml
vulnerabilities/other/ewebs-arbitrary-file-reading.yaml
vulnerabilities/other/eyelock-nano-lfd.yaml
vulnerabilities/other/geovision-geowebserver-lfi.yaml
vulnerabilities/other/geovision-geowebserver-xss.yaml
vulnerabilities/other/hasura-graphql-psql-exec.yaml
vulnerabilities/other/kevinlab-hems-backdoor.yaml
vulnerabilities/other/ms-exchange-server-reflected-xss.yaml
vulnerabilities/other/netgear-router-exposure.yaml
vulnerabilities/other/netis-info-leak.yaml
vulnerabilities/other/opensis-lfi.yaml
vulnerabilities/other/pmb-directory-traversal.yaml
vulnerabilities/other/processmaker-lfi.yaml
vulnerabilities/other/qcubed-xss.yaml
vulnerabilities/other/ruijie-eg-rce.yaml
vulnerabilities/other/sap-redirect.yaml
vulnerabilities/other/sar2html-rce.yaml
vulnerabilities/other/solar-log-authbypass.yaml
vulnerabilities/other/unauth-hoteldruid-panel.yaml
vulnerabilities/other/zhiyuan-file-upload.yaml
vulnerabilities/other/zimbra-preauth-ssrf.yaml
vulnerabilities/simplecrm/simple-crm-sql-injection.yaml
vulnerabilities/wordpress/wp-grimag-open-redirect.yaml
vulnerabilities/wordpress/wp-prostore-open-redirect.yaml
vulnerabilities/wordpress/wp-upload-data.yaml
vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml
workflows/azkaban-workflow.yaml
Nuclei Templates v8.5.0 Changelog
[INF] Successfully downloaded nuclei-templates (v8.5.0). GoodLuck!
+-------+-------+---------+
| TOTAL | ADDED | REMOVED |
+-------+-------+---------+
| 2014 | 324 | 0 |
+-------+-------+---------+
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.5.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/old-copyright.yaml: the template was excluded
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/extract-urls.yaml: cannot create template executer
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/directory-traversal.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/apple-app-site-association.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/clientaccesspolicy.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/cves/2019/CVE-2019-17382.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/htaccess-config.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/tabnabbing-check.yaml: the template was excluded
[WRN] Syntax warnings for template /Users/gbiago909/nuclei-templates/.pre-commit-config.yaml: yaml: unmarshal errors:
line 1: field repos not found in type templates.Template
[WRN] Could not load template /Users/gbiago909/nuclei-templates/.pre-commit-config.yaml: mandatory 'name' field is missing
[WRN] Could not load template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-9490.yaml: the template was excluded
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/postmessage-tracker.yaml: cannot create template executer
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/robots.txt.yaml: the template was excluded
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/dvwa-headless-automatic-login.yaml: cannot create template executer
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/unpatched-coldfusion.yaml: the template was excluded
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/window-name-domxss.yaml: cannot create template executer
[WRN] Could not load template /Users/gbiago909/nuclei-templates/technologies/waf-detect.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/default-logins/aem/adobe-aem-default-credentials.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/iis-shortname.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/wordpress-plugins-detect.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/adminer-panel-fuzz.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/prestashop-module-fuzz.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/detect-options-method.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/trace-method.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/xml-schema-detect.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/wordpress-themes-detect.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/unencrypted-bigip-ltm-cookie.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/missing-hsts.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/moodle-changelog.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/mdb-database-file.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/detect-dns-over-https.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/xff-403-bypass.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/wordpress-weak-credentials.yaml: the template was excluded
[WRN] Could not parse template /Users/gbiago909/nuclei-templates/headless/prototype-pollution-check.yaml: cannot create template executer
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/phpmyadmin-setup.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/joomla-htaccess.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/missing-csp.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/display-via-header.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/google-floc-disabled.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/dir-listing.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/ntlm-directories.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/joomla-manifest-file.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/missing-x-frame-options.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/cves/2017/CVE-2017-17562.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/security.txt.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/missing-x-content-type-options.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/arbitrary-file-read.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/header-command-injection.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/miscellaneous/email-extractor.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/cves/2020/CVE-2020-16139.yaml: the template was excluded
[WRN] Could not load template /Users/gbiago909/nuclei-templates/fuzzing/generic-lfi-fuzzing.yaml: the template was excluded
[WRN] Found 1 templates with syntax warning (use -validate flag for further examination)
[INF] Using Nuclei Engine 2.5.0 (latest)
[INF] Using Nuclei Templates 8.5.0 (latest)
[INF] Using Interactsh Server https://interact.sh
[INF] Templates added in last update: 324
[INF] Templates loaded for scan: 1929
[INF] No results found. Better luck next time!@gbiagomba
The output looks correct to me. Let me point out some observations though:
fuzz, misc, dos tags are excluded by default, hence you don't need -exclude dos. The list of excluded tags are taken from the .nuclei-ignore file. This is also why you see the warning about excluded templates in verbose mode.-vv or -debug to see even more informationLet me know if you have any other questions or need further clarifications.
forgedhallpass
commented
2 years ago @terryf82 @gbiagomba do you still have any issues with the latest release or can we close the ticket?
terryf82
commented
2 years ago @forgedhallpass the fix from my perspective (AWS Lambda function running inside golang Docker container) was to copy /root/.config to the root folder, and adjust the HOME env var:
RUN cp -R ~/.config /
ENV HOME=/That resolved the issue I was seeing - but I think the author's issue was slightly different.
forgedhallpass
commented
2 years ago @terryf82 We might consider adding a configuration option to override the default config file location so that such workarounds would not be needed.
ehsandeep
commented
2 years ago Closing this issue as the crash issue is resolved.
gbiagomba
commented
2 years ago @forgedhallpass it seems to haave gone away since I updated. I dont know what happened it just started working so we are good to go
Jaypanchal1401
commented
1 year ago hiii nuclei therw error like below
Error occurred loading template /home/kali/Downloads/Nuclei-Templates-main/Find-wp-config-backup.yaml: invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$) [FTL] Could not validate templates: errors occured during template validation
what should i do
forgedhallpass
commented
1 year ago hiii nuclei therw error like below
Error occurred loading template /home/kali/Downloads/Nuclei-Templates-main/Find-wp-config-backup.yaml: invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$) [FTL] Could not validate templates: errors occured during template validation
what should i do
Make sure the id field in the template follows the ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$ format. Meaning that
it should start and end with alphanumeric characters and in between can only contain dashes and underscores. (spaces are not allowed)
Describe the bug I updated my nuclei install to version
2.4.1and now it errors out every time i try to run it. Be advised I think upgrade over brew install and i am runningDarwin HQSML-1689616 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. This is related to #888Nuclei version Please share the version of the nuclei you are running with
nuclei -versionSee above and belowScreenshot of the error or bug please add the screenshot showing bug or issue you are facing.