Nuclei documentation
Home Page: https://nuclei.projectdiscovery.io
License: MIT License
Github project for Nuclei documentation website https://nuclei.projectdiscovery.io
git clone https://github.com/projectdiscovery/nuclei-docs; cd nuclei-docs; \
docker run --rm -it -p 8000:8000 -v ${PWD}:/docs titom73/mkdocs
https://nuclei.projectdiscovery.io/template-examples/http-fuzzing/ uses § characters before and after used payloads. It's unclear is that's necessary and the behavior seems undocumented.
The task is about performing a review of all nuclei-docs sections and identify missing part/sections. Each update intervention should have an associated GitHub task:
I guess dsl means domain-specific language? I think the abbreviation should be explained in the docs along with additional information about the purpose and use of dsl matchers. https://nuclei.projectdiscovery.io/templating-guide/operators/matchers/ and extractors: https://nuclei.projectdiscovery.io/templating-guide/operators/extractors/.
Does the used dsl follow a syntax of another project or standard? The documentation just provides some examples but no full list of what dsl can be used and how.
It's unclear which REGEX flavors are supported PCRE, POSIX (ERE/BRE)? Also it's unclear how to escape characters in regular expressions and if/how (none-)matching groups are supported.
The following topics needs to be documented:
redirects vs host-redirects)Is there a missing '}' ?
That answer is now entirely focused on the target being scanned. However it should also mention the safety for the host machine being used. Especially when using third party / untrusted templates (which I also consider nuclei-templates repo to be) and in regards to: #92 and projectdiscovery/nuclei#2964.
And as long as running nuclei as root is allowed, recommending against that.
https://nuclei.projectdiscovery.io/templating-guide/protocols/dns/ does not document the use of the following variables
{{FQDN}}, {{RDN}}, {{DN}}, {{TLD}}, {{SD}} as defined here in v2/pkg/protocols/dns/dns.go:
Also I would probably recommend reusing the same naming schemes as much as possible. Meaning making {{RDN}} {{DN}} {{TLD}} et cetera available in HTTP requests too and probably renaming {{Host}} in HTTP to the DNS equivalent or visa versa.
The Indentation of the Example Code on the [Templating Guide-Operators-Extractors] page within the nuclei-docs is not consistent overall.
https://nuclei.projectdiscovery.io/templating-guide/operators/extractors/
In particular, I think that [DSL Extractor] part needs to be corrected due to errors when using it as copy&paste.
extractors:
- type: dsl # type of the extractor
dsl:
- "len(body)" # dsl expression value to extract from responseextractors:
- type: dsl # type of the extractor
dsl:
- "len(body)" # dsl expression value to extract from responseIn addition, there is a difference in the indentation of the example code of the page.
Add shell tags on all code blocks to do better syntax highlighting for the command line examples.
This can be done simply by changing
```
{shell commands}
to
```shell
{shell commands}
For examples, see:
-sandbox - sandbox nuclei for safe templates execution
-headless - enable templates that require headless browser support (root user on Linux will disable sandbox)?It seems sandbox has no documentation so far.
Also will -sandbox disable and prevent this projectdiscovery/nuclei#2964 entirely when implemented?
id: xxxx
info:
name: xxxx
author: zp857
severity: critical
description: xxxx
reference: xxxx
tags: xxxx
requests:
- raw:
- |
POST /xxx HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"xxx": "{{rand_text_alpha(11)}}",
"yyy": 1,
}
matchers-condition: and
matchers:
- type: word
words:
- "xxxxx"
When I use the above file the following happens, if I remove the double quotes outside {{}}, I can use the helper function.
id: xxxx
info:
name: xxxx
author: zp857
severity: critical
description: xxxx
reference: xxxx
tags: xxxx
requests:
- raw:
- |
POST /xxx HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"xxx": {{rand_text_alpha(11)}},
"yyy": 1,
}
matchers-condition: and
matchers:
- type: word
words:
- "xxxxx"
The following dsl functions have either missing documentation or the existing one needs to be updated:
sortuniqsha512contains_allcontains_anyrand_ipto_unix_timeto_numberto_stringdec_to_hexhex_to_decoct_to_decbin_to_decsubstraes_cbcdate_format (remove)Feature detail - projectdiscovery/nuclei#2613
PR detail - projectdiscovery/nuclei#2630
Helper functions - https://nuclei.projectdiscovery.io/templating-guide/helper-functions/
I've noticed Korean results when searching for which I created this issue #85 but I think there also should be a language switch option that lists all available languages.
I also think that the file structure should move most files to ./en/ to be more consistent with the ./kr/ and also to be prepared for other languages being added. Which adds a whole new issue, how to keep track of changes and keep the translated versions up-to-date with the English one, considering that the English one will always be the latest version.
I want to write a template to exploit the vulnerability of php source code disclosure<=7.4.21, but I cannot match the result using nucleie
I used wireshark to monitor traffic and found that the server returned body
I tried the following methods, but could not output the body content returned by the server
I checked the history of issus and found no relevant problems, but I found that print can be used_ Debug prints the returned results. I use print_ Debug View the returned results, and no body content is found
I'm sorry to bother you
Cover -resume, -automatic-scan and everything else that is missing.
filename:helper-functions.md
content:
There is an error in the description of the rand_base function。
Need to change one rand_char --> rand_base,Now there are two functions with the same name。
The TRACE method as used in /miscellaneous/trace-method.yaml is undocumented. The documentation mentions:
Request method can be GET, POST, PUT, DELETE, etc. depending on the needs.
Here: https://nuclei.projectdiscovery.io/templating-guide/protocols/http/. I think etc should be changed and all methods that are usable here should be mentioned.
What modules does nuclei engine support? ... Nuclei engine supports the following type of modules.
HTTP
DNS
TCP
FILE
Headless and WHOIS are missing in that list and WHOIS is missing under "What is nuclei? ... HTTP / DNS / Network / Headless / File protocols based checks".
WHOIS also seems to be missing documentation entirely.
New helper functions
New DSL matchers
-a: {{rand_int(1,10)}}) and can be referenced in the templatestatus_code_1=200 && status_code_2=301)New Features
Can we somehow limit the search function to the language? Now, often I get Korean results instead of English.
When req-condition: true the duration is equal to the last suffixable duration.
E.g. in case of 3 requests, duration == duration_3, whereas it should rather be equal to the total (duration_1 + duration_2 + duration_3)
Test template:
id: template-id
info:
name: Template Name
author: forgedhallpass
severity: info
requests:
- raw:
- |+
GET / HTTP/1.1
Host: {{Hostname}}
- |+
GET /{{srvr}} HTTP/1.1
Host: {{Hostname}}
- |+
GET /{{srvr}} HTTP/1.1
Host: {{Hostname}}
redirects: true
req-condition: true
matchers:
- type: dsl
name: timer
dsl:
- "print_debug(concat('first: ', duration_1))"
- "print_debug(concat('duration: ', duration))"
- "print_debug(concat('second: ', duration_2))"
- "print_debug(concat('duration: ', duration))"
- "print_debug(concat('third: ', duration_3))"
- "print_debug(concat('duration: ', duration))"
- "print_debug(concat('total: ', to_string(to_number(duration_1) + to_number(duration_2) + to_number(duration_3))))"
condition: and
extractors:
- type: regex
name: srvr
part: header
internal: true
group: 1
regex:
- "Server: ([a-zA-z]+)"
- type: kval
kval:
- srvrCurrent output:
In order to make the documentation more accessibly and understandable for more users, I think as many abbreviations should be explained such as "OOB" (Out-of-Band) here: https://nuclei.projectdiscovery.io/templating-guide/interactsh/.
Describe the bug
A clear and concise description of what the bug is.
Nuclei version
Please share the version of the nuclei you are running with nuclei -version
Screenshot of the error or bug
please add the screenshot showing bug or issue you are facing.
How to use the md5 32-bit encryption method, can it be added?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.