Skip to content

Commit 0d94008

Browse files
malexmavemalexmave
committed
Split Nuclei cascade into two
The nuclei rule had problems because it omitted the protocol and port information. This commit splits it into two separate rules, one for http and one for https. This should make it more robust. Signed-off-by: Max Maass <max.maass@iteratec.com>
1 parent e46688e commit 0d94008

2 files changed

Lines changed: 47 additions & 4 deletions

File tree

scanners/nuclei/cascading-rules/subdomain_http.yaml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# SPDX-FileCopyrightText: 2021 iteratec GmbH
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
5+
apiVersion: "cascading.securecodebox.io/v1"
6+
kind: CascadingRule
7+
metadata:
8+
name: "nuclei-subdomain-scan-light-http"
9+
labels:
10+
securecodebox.io/invasive: non-invasive
11+
securecodebox.io/intensive: light
12+
spec:
13+
matches:
14+
anyOf:
15+
- category: "Open Port"
16+
attributes:
17+
port: 80
18+
state: open
19+
- category: "Open Port"
20+
attributes:
21+
service: "http"
22+
state: open
23+
- category: "Open Port"
24+
attributes:
25+
service: "http-*"
26+
state: open
27+
28+
scanSpec:
29+
scanType: "nuclei"
30+
parameters:
31+
# Target domain name of the finding and start a nuclei scan
32+
- "-u"
33+
- "http://{{$.hostOrIP}}:{{attributes.port}}"

scanners/nuclei/cascading-rules/subdomain.yaml renamed to scanners/nuclei/cascading-rules/subdomain_https.yaml

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,28 @@
55
apiVersion: "cascading.securecodebox.io/v1"
66
kind: CascadingRule
77
metadata:
8-
name: "nuclei-subdomain-scan-light"
8+
name: "nuclei-subdomain-scan-light-https"
99
labels:
1010
securecodebox.io/invasive: non-invasive
1111
securecodebox.io/intensive: light
1212
spec:
1313
matches:
1414
anyOf:
15-
- category: "Subdomain"
16-
osi_layer: "NETWORK"
15+
- category: "Open Port"
16+
attributes:
17+
port: 443
18+
state: open
19+
- category: "Open Port"
20+
attributes:
21+
service: "https"
22+
state: open
23+
- category: "Open Port"
24+
attributes:
25+
service: "https*"
26+
state: open
1727
scanSpec:
1828
scanType: "nuclei"
1929
parameters:
2030
# Target domain name of the finding and start a nuclei scan
2131
- "-u"
22-
- "{{location}}"
32+
- "https://{{$.hostOrIP}}:{{attributes.port}}"

0 commit comments

Comments
 (0)