Skip to content

Update Nuclei cascading rule to include protocol information and allow alternative HTTP ports #920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
malexmave merged 1 commit into from
Jan 10, 2022
Merged

Update Nuclei cascading rule to include protocol information and allow alternative HTTP ports #920

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions scanners/nuclei/cascading-rules/subdomain_http.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# SPDX-FileCopyrightText: 2021 iteratec GmbH
#
# SPDX-License-Identifier: Apache-2.0

apiVersion: "cascading.securecodebox.io/v1"
kind: CascadingRule
metadata:
name: "nuclei-subdomain-scan-light-http"
labels:
securecodebox.io/invasive: non-invasive
securecodebox.io/intensive: light
spec:
matches:
anyOf:
- category: "Open Port"
attributes:
port: 80
state: open
- category: "Open Port"
attributes:
service: "http"
state: open
- category: "Open Port"
attributes:
service: "http-*"
state: open

scanSpec:
scanType: "nuclei"
parameters:
# Target domain name of the finding and start a nuclei scan
- "-u"
- "http://{{$.hostOrIP}}:{{attributes.port}}"
18 changes: 14 additions & 4 deletions ...ers/nuclei/cascading-rules/subdomain.yaml → ...clei/cascading-rules/subdomain_https.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,28 @@
apiVersion: "cascading.securecodebox.io/v1"
kind: CascadingRule
metadata:
name: "nuclei-subdomain-scan-light"
name: "nuclei-subdomain-scan-light-https"
labels:
securecodebox.io/invasive: non-invasive
securecodebox.io/intensive: light
spec:
matches:
anyOf:
- category: "Subdomain"
osi_layer: "NETWORK"
- category: "Open Port"
attributes:
port: 443
state: open
- category: "Open Port"
attributes:
service: "https"
state: open
- category: "Open Port"
attributes:
service: "https*"
state: open
scanSpec:
scanType: "nuclei"
parameters:
# Target domain name of the finding and start a nuclei scan
- "-u"
- "{{location}}"
- "https://{{$.hostOrIP}}:{{attributes.port}}"