Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global passive matchers / extractors for nuclei scan #4549

Open
ehsandeep opened this issue Dec 28, 2023 · 0 comments · May be fixed by #4723
Open

Global passive matchers / extractors for nuclei scan #4549

ehsandeep opened this issue Dec 28, 2023 · 0 comments · May be fixed by #4723
Assignees
@Ice3man543
Labels
Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Dec 28, 2023
edited

Please describe your feature request:

Nuclei runs multiple templates that makes active HTTP request, generally matchers are defined to detect specific issue / detection / tech for specific templates, instead global matcher will make use of existing response data passed through nuclei i.e no additional active requests and allow users to write matchers / extractors to detect interesting behavior / errors / secret etc.

Describe the use case of this feature:

  • Passive response fingerprinting
  • Error / WAF / Interesting behavior detection
  • Secret Detection

Example Template:

id: global-matcher-example

info:
  name: Test Global Matcher Template
  author: pdteam
  severity: info

passive: true # this is passive template!
http: # matcher / extractors will be applied for http protocol, similarly other protocol block can be defined. 
  - matchers-condition: and
    matchers:
      - type: word
        words:
          - This is test matcher text

      - type: word
        words:
          - This is test matcher text 2

    extractors:
      - type: regex
        group: 1
        regex:
          - '<title>(.*)<\/title>'
@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Dec 28, 2023
@ehsandeep ehsandeep changed the title Global matchers / extractors for nuclei scan Global passive matchers / extractors for nuclei scan Dec 28, 2023
@dogancanbakir dogancanbakir self-assigned this Jan 2, 2024
This was referenced Jan 5, 2024
Closed
Closed
@tarunKoyalwar tarunKoyalwar self-assigned this Jan 23, 2024
@tarunKoyalwar tarunKoyalwar mentioned this issue Feb 2, 2024
Open
@Ice3man543 Ice3man543 linked a pull request Feb 3, 2024 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ice3man543 Ice3man543

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: first implementation of global matchers projectdiscovery/nuclei
4 participants
@ehsandeep @Ice3man543 @tarunKoyalwar @dogancanbakir