-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nuclei shouldn't scan other ports when the user specified one #4157
Comments
@jimen0, thanks for flagging this; it's something we already handled in #3902; as you might already know, It's the templates making the additional request, in order to support default port + port specified in user input, existing public network templates makes two request block which results into two network request, but with the improvements done in #4123 now nuclei can handle user input port without the need of duplicating request. This also requires a change in the public network templates after the next nuclei release, but we will wait for a couple of weeks to avoid force updates for users. |
@jimen0 new release of nuclei is out with a fix; here is the template that you can run with the latest nuclei release: id: openssh-detect
info:
name: OpenSSH Service - Detect
author: r3dg33k,daffainfo,iamthefrogy
severity: info
description: |
OpenSSH service was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
reference:
- http://www.openwall.com/lists/oss-security/2016/08/01/2
- http://www.openwall.com/lists/oss-security/2018/08/15/5
- http://seclists.org/fulldisclosure/2016/Jul/51
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
tags: seclists,network,ssh,openssh,detect
metadata:
max-request: 1
tcp:
- host:
- "{{Hostname}}"
port: 22
matchers:
- type: regex
regex:
- '(?i)OpenSSH'
extractors:
- type: regex
regex:
- '(?i)SSH-(.*)-OpenSSH_[^\r]+' |
That's amazing, @ehsandeep. Incredible team you built! Let me know if you want me to close this issue or if you prefer it to stay open until your team closes it, please. |
Thank you, @jimen0 💙 I'm closing this issue as this is already resolved and soon public network templates will be updated - projectdiscovery/nuclei-templates#8219 |
Nuclei version:
Current
dev
branch:77a03ee90fc2cebdb8aac4471e8c315be588240c
Current Behavior:
Expected Behavior:
Port
22/tcp
shouldn't be fetched by the tool without explicit consent by the user.Steps To Reproduce:
See the Current Behavior section.
Anything else:
Reason behind this is oftentimes bug hunters aren't allowed to hunt on ALL ports as scope is restricted to a specific service/app.
If this is the intended behavior I'd expect it to be documented and a flag provided to disable it, please.
The text was updated successfully, but these errors were encountered: