Nuclei failed to find the vulnerability #4595
-
I've been using Nuclei for almost a week, but Nuclei always fails to get vulnerabilities, even I've used it at http://testphp.vulnweb.com/artists.php?artist=3 and https://xsstrain.com/ but Nuclei still fails to get vulnerabilities. I've used Nuclei using Docker or using the command -> go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest Nuclei version:Current Behavior:Expected Behavior:Steps To Reproduce:Anything else: |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
Hi @moh-ariful ! Thanks for the issue. Nuclei is only as good as the templates being used. In the first example, a fuzzing template with the correct parameters would be able to discover the vulnerability, but Nuclei excludes fuzzing templates by default and they must be specifically called for a scan. Nuclei on it's own can't find every vulnerability unless there's a template specifically built for finding that vulnerability. So in every case it's important to check if a template already exists for the vuln or if one needs to be written for it. I hope this helps! |
Beta Was this translation helpful? Give feedback.
-
Hello,
Thank you for your message and your explanation. I appreciate your help.
However, I want to clarify that I already used the default templates when I
scanned both websites. I did not specify any particular template or tag, so
I assumed that Nuclei would use all the available templates that match the
severity and protocol that I chose. I also updated the templates to the
latest version before scanning.
But, strangely, I did not find any bugs on either website, even though they
are clearly vulnerable and designed for learning purposes. I expected
Nuclei to detect at least some common vulnerabilities like XSS, SQL
injection, or command injection, but it did not.
Do you have any idea why this happened? Is there something wrong with the
default templates or the way I used them? Do I need to use different
templates or parameters to find the vulnerabilities on these websites?
Please let me know if you have any suggestions or solutions. I really want
to learn how to use Nuclei effectively and efficiently.
Thank you for your time and attention.
Sincerely,
Moh-Ariful
…On Sat, Nov 18, 2023 at 5:34 AM Pj Metz ***@***.***> wrote:
Hi @moh-ariful <https://github.com/moh-ariful> ! Thanks for the issue.
Nuclei is only as good as the templates being used. In the first example,
a fuzzing template with the correct parameters would be able to discover
the vulnerability, but Nuclei excludes fuzzing templates by default and
they must be specifically called for a scan.
Nuclei on it's own can't find every vulnerability unless there's a
template specifically built for finding that vulnerability. So in every
case it's important to check if a template already exists for the vuln or
if one needs to be written for it. I hope this helps!
—
Reply to this email directly, view it on GitHub
<#4382 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZL4PXYT6N32ZRRPQJ2FHOTYE7Q5TAVCNFSM6AAAAAA7PNRW2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJXGIYDINRVGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
This is clearly not a bug on nuclei. @moh-ariful you are not using the tool correctly. Not because a site has vulnerabilities to exploit, nuclei will find automatically how to exploit them. My advice is to run only one template against one of the sites and see what happens, what the request does and what responses the template gets, you can check this using the -debug flag. Tools like Dalfox (XSS, open redirects mostly) and sqlmap (SQLi) might find a vulnerability just giving an url with/without params. |
Beta Was this translation helpful? Give feedback.
-
"Thank you for your advice. I followed your suggestion by scanning the target websites using specific templates with the commands:
These commands were aimed at websites known for their SQL injection and XSS vulnerabilities, respectively. However, even after using these templates tailored for these vulnerabilities, the Docker version of Nuclei still failed to detect these vulnerabilities. I appreciate your advice and attempted to scan with specific templates targeting the vulnerabilities mentioned. Despite this effort, the Nuclei Docker version did not successfully identify the vulnerabilities. Should I consider additional approaches or tools to address these issues?" |
Beta Was this translation helpful? Give feedback.
-
@moh-ariful |
Beta Was this translation helpful? Give feedback.
Hi @moh-ariful ! Thanks for the issue.
Nuclei is only as good as the templates being used. In the first example, a fuzzing template with the correct parameters would be able to discover the vulnerability, but Nuclei excludes fuzzing templates by default and they must be specifically called for a scan.
Nuclei on it's own can't find every vulnerability unless there's a template specifically built for finding that vulnerability. So in every case it's important to check if a template already exists for the vuln or if one needs to be written for it. I hope this helps!