Comments (13)
I have used the below command in the NucleiFuzzer Script to run Nuclei tool on the collected URLs from Paramspider.
sort "output/$domain.yaml" | uniq | tee "output/$domain.yaml" | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -fuzz -rl 05
So, Sometimes the collected URLs were captured or passed to nuclei due to some issue with the Nuclei Tool. This is a known issue as it is happening even if I modify the script as shown below.
nuclei -l "output/$domain.yaml" -t "$home_dir/fuzzing-templates" -fuzz -rl 05
Just waiting for the update of Nuclei tool from @projectdiscovery team in order to fix this issue in capturing or passing the URLs to Nuclei tool.
However, if you run the current existing script for 3 to 4 times, it will work.
from nucleifuzzer.
Please update your nuclei tool to the latest version and don't give the subdomain as a target.
Try with the main domain as shown in the below pic: Try it a couple of times to check.
from nucleifuzzer.
from nucleifuzzer.
Try to run the command a couple of times and outside of the root
from nucleifuzzer.
Hi, @0xKayala
Thank you for the great tool.
I have the same problem
And All the required Tools works well in my terminal
Also I have all required directories in $HOME
from nucleifuzzer.
Output: Try to execute the script 3 to 4 times.
from nucleifuzzer.
bhai ek hi screenshot lo na yeh dusra screen shot asa alg lerha ho kuch tho gadbad hai
from nucleifuzzer.
@r0x5r Bro, Ek screenshot me pura nahi dhikra.
Isliye jithna dhikra hai, uthna capture kiya hai
For your satisfaction here is the single screenshot below
from nucleifuzzer.
Hi, @0xKayala
I have fixed the issue just by changing the file extension in the tee
command in NucleiFuzzer.sh
file
from tee "output/$domain.yaml"
to tee "output/$domain.txt"
The tool works very well now.
Hope This Helps!
from nucleifuzzer.
Previously I have used TXT file only but still I faced the same issue. That is why I changed it to yaml as it saves too fast for yaml format.
from nucleifuzzer.
I didn't face any problems since I have edited it. However, The tool is a little bit slow to initialize the scan.
from nucleifuzzer.
sort "output/$domain.yaml" - I think you forgot to change the extension here
from nucleifuzzer.
Hi, @0xKayala I have fixed the issue just by changing the file extension in the
tee
command inNucleiFuzzer.sh
file fromtee "output/$domain.yaml"
totee "output/$domain.txt"
The tool works very well now.
Hope This Helps!
The issue with the script lies in how the output files are handled and passed to the nuclei command. Specifically, the output file generated by ParamSpider
(output/$domain.yaml) is being overwritten by the tee command before it can be passed to httpx
and then to nuclei
. This is why nuclei
is not receiving the URLs for scanning.
To fix this, I have modified the script to use a temporary file to store the sorted and unique URLs before passing them to httpx
and nuclei
. Here's the updated portion of the script:
# Step 5: Run the Nuclei Fuzzing templates on the collected URLs
echo "Running Nuclei on collected URLs"
if [ -n "$domain" ]; then
# Use a temporary file to store the sorted and unique URLs
temp_file=$(mktemp)
sort "output/$domain.yaml" | uniq > "$temp_file"
httpx -silent -mc 200,301,302,403 -l "$temp_file" | nuclei -t "$home_dir/fuzzing-templates" -fuzz -rl 05
rm "$temp_file" # Remove the temporary file
elif [ -n "$filename" ]; then
sort "$output_file" | uniq > "$temp_file"
httpx -silent -mc 200,301,302,403 -l "$temp_file" | nuclei -t "$home_dir/fuzzing-templates" -fuzz -rl 05
rm "$temp_file" # Remove the temporary file
fi
This modification creates a temporary file ($temp_file) to store the sorted and unique URLs, which are then passed to httpx
for scanning. After the scanning is complete, the temporary file is removed. This should ensure that the collected URLs are properly passed to nuclei
for scanning.
from nucleifuzzer.
Related Issues (20)
- runtime error: invalid memory address or nil pointer dereference HOT 2
- No url Found HOT 1
- ParamSpider - urllib3 issue HOT 2
- set an output to Nuclei Scan HOT 1
- Add -H header HOT 1
- Problem with the tool HOT 4
- I don't know how to use it, for example I used the test station and it didn't output any vulnerabilities HOT 2
- Unable to run nf -h HOT 2
- FTL error HOT 1
- Can someone execute the below two versions of "NucleiFuzzer" scripts from your end and let me know the working version so that I will update the tool. HOT 2
- Tool Help Code
- Error: No such option: -s HOT 3
- Error: No such option: -s HOT 2
- No templates error HOT 5
- [reflected-xss] [http] [medium] https://######/domain-names/search/?domain=FUZZ'"><28022 HOT 1
- 如何批量扫描
- Giving multiple domains HOT 1
- No URLs Found. Exiting... HOT 2
- Please, -f for file.txt HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nucleifuzzer.