Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Add warnings for more visibility when running self-contained templates #5742

Open
tarunKoyalwar opened this issue Oct 17, 2024 · 1 comment · May be fixed by #5757
Open

[FEATURE] Add warnings for more visibility when running self-contained templates #5742

tarunKoyalwar opened this issue Oct 17, 2024 · 1 comment · May be fixed by #5757
Assignees
@dwisiswant0
Labels
Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@tarunKoyalwar
Copy link
Member

Describe your feature request

When writing a template, we often forget to add self-content. When this happens and we try to run it using Nuclei, the program simply exits without showing verbose data. After adding self-content, it works, but there's still no visibility. Strangely, there's no debug statement either. We should improve this to prevent user confusion.

Describe the use case of the feature

  • more visibility on what's happening
  • avoid confusing this with a bug

Describe alternatives you've considered

  • none

Additional context

id: password-complexity-disabled

info:
  name: Password Complexity Requirements Disabled
  author: princechaddha
  severity: high
  description: Checks if password complexity requirements are disabled in Active Directory.
  impact: |
    Weak password policies can lead to easy password guessing attacks.
  remediation: |
    Enable password complexity requirements to ensure strong passwords are used.
  tags: windows,password,active-directory,complexity,disabled

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
      - -File
    pattern: "*.ps1"
    source: |
      Get-ADDefaultDomainPasswordPolicy | Select-Object PasswordComplexityEnabled

    matchers:
      - type: word
        words:
          - "False"
.\nuclei.exe -t test.yaml -code -debug  -svd -v

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.4

                projectdiscovery.io

[VER] Started metrics server at localhost:9092
[WRN] Found 32 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.3.4 (latest)
[INF] Current nuclei-templates version: v10.0.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 255
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from windows
[INF] No results found. Better luck next time!

Note

  • This need not be windows specific template and behaviour seems to be reproduced on other simple templates with code protocol as well, the above mentioned template will run but never return any verbose data or anything , but after we add self-contained: true it works as expected
  • the problem could be that matcher-status is not being generated when simply there is not match at all
  • we should verify if matcher-status if adding a pre-condition is generating matcher-status as well
@tarunKoyalwar tarunKoyalwar added the Type: Enhancement Most issues will probably ask for additions or changes. label Oct 17, 2024
@dwisiswant0 dwisiswant0 linked a pull request Oct 21, 2024 that will close this issue
Open
5 tasks
@dwisiswant0
Copy link
Member

dwisiswant0 commented Oct 21, 2024
edited
Loading

This should be a bug, and we should drop a note in docs that: code-protocol-based templates are self-contained, unless they include other protocols in the template.

Also, the CVE-2024-22120 template should be rewritten to an HTTP-protocol-based template. I don't see any need to do it with the code-protocol-based template (it's just too raw & improper or over-engineered). Ref: https://support.zabbix.com/browse/ZBX-24505.

CC: @projectdiscovery/template.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dwisiswant0 dwisiswant0

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(code): do NOT compile single code protocol w/o request.SelfContained projectdiscovery/nuclei
2 participants
@dwisiswant0 @tarunKoyalwar