forgedhallpass
forgedhallpass
There might be cases where the scope of a bug bounty program is limited to a certain set of subdomain. By adding a new flag to filter the results of...
It has been reported by a user that doing a nuclei scan on a 2GB VPS (kali/debian 11) with default configuration against ~70 hosts would eat up all the memory,...
Example word list: ``` version version.txt api lib v1 ``` Example input root URL of a web application: `redacted.com/a-web-application` Current approach would test only the following: ``` redacted.com/a-web-application/version redacted.com/a-web-application/version.txt redacted.com/a-web-application/api...
Scenario: create a workflow that starts with a template that logs in to an application, and then all the subsequent templates would automatically contain the session cookies.
Request and response headers are not shown when the `-debug`, `-debug-req`, `-debug-resp` flags are provided. The headless action execution messages should be formatted (e.g. by adding `[DBG]` prefix) and some...
This would enable creating templates against services that require UDP communication (e.g. SNMP).
The user is not notified that the template will not be executed. We should let them know that headless templates require the `-headless` flag. ```sh nuclei -t headless.yaml -u https://www.instagram.com/jerkingmad...
A new `-cpe` flag could be added, based on which value, we could look query CVE IDs from NIST. ```sh nuclei -vv -cpe 2.3:a:glpi-project:glpi:9.5.5 -l targets.txt ``` Example: ```sh curl...
Placeholder template To be later discussed e.g. it seems the `setmethod` attribute overwrites the HTTP method for all future requests, without the possibility of reducing its scope, or reverting back...
There is some ambiguity in the variable resolution, when a user declares an extractor with a name that is reserved. e.g. If a user defines a variable called `server`, that...