Skip to content

Update Nuclei cascading rule to include protocol information and allow alternative HTTP ports#920

Merged
malexmave merged 1 commit into
mainfrom
fix/nuclei-cascading-scan-rule
Jan 10, 2022
Merged

Update Nuclei cascading rule to include protocol information and allow alternative HTTP ports#920
malexmave merged 1 commit into
mainfrom
fix/nuclei-cascading-scan-rule

Conversation

@malexmave

@malexmave malexmave commented Jan 10, 2022

Copy link
Copy Markdown
Member

The nuclei rule had problems because it omitted the protocol and port information (#713). This PR splits it into two separate rules, one for http and one for https. This should make it more robust.

An alternative that would only require a single rule would be the following:

# SPDX-FileCopyrightText: 2021 iteratec GmbH
#
# SPDX-License-Identifier: Apache-2.0

apiVersion: "cascading.securecodebox.io/v1"
kind: CascadingRule
metadata:
  name: "nuclei-subdomain-scan-light"
  labels:
    securecodebox.io/invasive: non-invasive
    securecodebox.io/intensive: light
spec:
  matches:
    anyOf:
      - category: "Open Port"
        attributes:
          port: 80
          state: open
      - category: "Open Port"
        attributes:
          port: 443
          state: open
      - category: "Open Port"
        attributes:
          service: "http"
          state: open
      - category: "Open Port"
        attributes:
          service: "https"
          state: open
      
  scanSpec:
    scanType: "nuclei"
    parameters:
      # Target domain name of the finding and start a nuclei scan
      - "-u"
      - "{{attributes.service}}://{{$.hostOrIP}}:{{attributes.port}}"

However, this would no longer allow us to trigger on alternative HTTP(S) ports like 8080, 8443, etc., since they have alternative service descriptors (http-proxy, ...) which would break the URL when based on {{attributes.service}} as the protocol selector. I thus opted to split it into two separate rules.

Closes #713.

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@malexmave malexmave added bug Bugs scanner Implement or update a security scanner labels Jan 10, 2022
@malexmave malexmave requested a review from J12934 January 10, 2022 14:53
@malexmave malexmave self-assigned this Jan 10, 2022
malexmave added a commit that referenced this pull request Jan 10, 2022
@malexmave
Split ZAP cascadingrule into two rules
fab0023 
Analogous to #920, this commit splits the cascading rule for ZAP into
two: one for HTTP and one for HTTPS. This allows it to cover HTTP(S)
services on nonstandard ports. This also requires adding the port as
an extra parameter.

Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave mentioned this pull request Jan 10, 2022
Merged
3 tasks
@malexmave malexmave changed the title Update Nuclei cascading rule to include protocol information Update Nuclei cascading rule to include protocol information and allow alternative HTTP ports Jan 10, 2022
@malexmave
Split Nuclei cascade into two
61416bd 
The nuclei rule had problems because it omitted the protocol and port
information. This commit splits it into two separate rules, one for
http and one for https. This should make it more robust.

Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave force-pushed the fix/nuclei-cascading-scan-rule branch from 0d94008 to 61416bd Compare January 10, 2022 16:08
@malexmave malexmave enabled auto-merge January 10, 2022 16:15
@malexmave malexmave merged commit 049a857 into main Jan 10, 2022
@malexmave malexmave deleted the fix/nuclei-cascading-scan-rule branch January 10, 2022 16:21
This was referenced Jan 6, 2023
Merged
Merged
@rfelber rfelber mentioned this pull request Jan 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@malexmave malexmave

Labels

bug Bugs scanner Implement or update a security scanner

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Nuclei Cascading Rules don't start Scans with Protocol (http/https)

2 participants

@malexmave @J12934