Skip to content

Nuclei下Code模板使用

可以正常使用的code模板逻辑

Files:

yaml
# template.yaml
id: code-test-wp-api

info:
  name: test template to assert that WP API is not exposed.
  author: dwisiswant0
  severity: low

code:
  - engine:
    - py  
    - python3
    source: /tmp/isolated/externals/file.py

    matchers:
      - type: word
        words:
          - "exposed"
# digest: 4b0a00483046022100ffc92b7fd2bbba9fc4bfd51c40aefc70c760bc0aad23e733303cc7cadf3171a3022100c8c6587dcb0fb0e2850712c7efbbc6e6e31153bc5133ef37f77f6d16c208c986:0acbc25bbf526ee86104fe7a57c5a13f
py
# externals/file.py
import requests, sys

url_to_test = sys.stdin.read()

resp = requests.get(f"https://{url_to_test}/wp-json")

if resp.status_code in [200, 301, 302]:
    if "namespaces" in resp.content.decode("utf-8"):
        print("exposed")
    else:
        print("not exposed")
else:
    print("No route response.")
console
$ tree $PWD
/tmp/isolated
├── externals
│   └── file.py
└── template.yaml

1 directory, 2 files
$ nuclei -lfa -sign -code -t template.yaml
[INF] All templates signatures were elaborated success=1 failed=0
$ nuclei -lfa -code -t template.yaml -u scanme.sh -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.4

		projectdiscovery.io

[INF] Current nuclei version: v3.4.4 (latest)
[INF] Current nuclei-templates version: v10.2.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 42
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from dwisiswant0
[INF] Targets loaded for current scan: 1
[DBG] [code-test-wp-api] Dumped Executed Source Code for input/stdin: 'scanme.sh'
---------------
Source Code:
---------------
import requests, sys

url_to_test = sys.stdin.read()

resp = requests.get(f"https://{url_to_test}/wp-json")

if resp.status_code in [200, 301, 302]:
    if "namespaces" in resp.content.decode("utf-8"):
        print("exposed")
    else:
        print("not exposed")
else:
    print("No route response.")

---------------
Command Executed:
---------------
/home/linuxbrew/.linuxbrew/bin/python3 /tmp/nuclei-tmp-1250672485/1067505762

---------------
Command Output:
---------------
Traceback (most recent call last):
  File "/tmp/nuclei-tmp-1250672485/1067505762", line 1, in <module>
    import requests, sys
ModuleNotFoundError: No module named 'requests'

[WRN] Command Output here is stdout+sterr, in response variables they are seperate (use -v -svd flags for more details)
[DBG] [code-test-wp-api] Dumped Code Execution for scanme.sh



[INF] Scan completed in 50.831674ms. No results found.
最近更新