Rate limits don't seem to work when using options like -nt #1983

maliciousgroup · 2022-05-09T18:16:23Z

maliciousgroup
May 9, 2022

Nuclei version:

Nuclei Engine 2.7.0 (latest)
Nuclei Templates 8.9.9 (latest)

Current Behavior:

When trying to use a rate-limit with new templates option (-nt), it ignores the rate-limit completely making this method unusable with highly rate-limited targets.

Command as example:
cat targets.txt | nuclei -rate-limit 50 -nt -stats -si 30 -o new.log

Expected Behavior:

I expected the RPS to be less or equal to 50, instead it jumps up to 500+ or so as seen below:

Steps To Reproduce:

1.) Run the command with -nt and -rate-limit together like so:
cat targets.txt | nuclei -rate-limit 50 -nt -stats -si 30 -o new.log

2.) To verify how it should work, you can run the same without -nt and it works.
cat targets.txt | nuclei -rate-limit 50 -t ~/nuclei-templates/ -stats -si 30 -o new.log

Answered by ehsandeep

May 11, 2022

@maliciousgroup, here is a test with a local http server running 5 templates in 5 seconds with rate limit set to 1, so I'm unable to replicate this behavior.

echo http://0.0.0.0:8000 | nuclei -nt -rl 1 -stats -si 1

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.7.0

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.0 (latest)
[INF] Using Nuclei Templates 9.0.0 (latest)
[INF] Templates added in last update: 5
[INF] Templates loaded for …

View full answer

ehsandeep · 2022-05-11T12:18:23Z

ehsandeep
May 11, 2022
Maintainer

@maliciousgroup, here is a test with a local http server running 5 templates in 5 seconds with rate limit set to 1, so I'm unable to replicate this behavior.

echo http://0.0.0.0:8000 | nuclei -nt -rl 1 -stats -si 1

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.7.0

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.0 (latest)
[INF] Using Nuclei Templates 9.0.0 (latest)
[INF] Templates added in last update: 5
[INF] Templates loaded for scan: 5
[0:00:01] | Templates: 5 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 1/6 (16%)
[0:00:02] | Templates: 5 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 2/6 (33%)
[0:00:03] | Templates: 5 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 3/6 (50%)
[0:00:04] | Templates: 5 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 4/6 (66%)
[0:00:05] | Templates: 5 | Hosts: 1 | RPS: 0 | Matched: 0 | Errors: 0 | Requests: 5/6 (83%)
[0:00:05] | Templates: 5 | Hosts: 1 | RPS: 1 | Matched: 0 | Errors: 0 | Requests: 6/6 (100%)

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ProjectDiscovery

Rate limits don't seem to work when using options like -nt #1983

{{title}}

Replies: 1 comment

{{title}}

Select a reply

ProjectDiscovery

Rate limits don't seem to work when using options like -nt #1983

maliciousgroup May 9, 2022

Nuclei version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Replies: 1 comment

ehsandeep May 11, 2022 Maintainer

maliciousgroup
May 9, 2022

ehsandeep
May 11, 2022
Maintainer