Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DAST not running #5340

Closed
mastercho opened this issue Jun 28, 2024 · 5 comments
Closed

DAST not running #5340

mastercho opened this issue Jun 28, 2024 · 5 comments
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. wontfix This will not be worked on

Comments

@mastercho
Copy link

Nuclei version: 3.2.9

Current Behavior:

WHen i run -dast i expect to run all fuzz templates like like this https://github.com/projectdiscovery/nuclei-templates/blob/680352214bd86cbf953f11adfe9a55288db0f9cf/http/exposed-panels/adminer-panel-detect.yaml#L36 but currently when use -dast its just automatically completes scan without attempting to run any tempaltes.

Expected Behavior:

To run fuzz templates like before we was able with -fuzz tag

Steps To Reproduce:

nuclei -u https://www.site.com -mhe 80 -dast

Anything else:

Tried on vuln site which supposed to find adminer in fuzz
@mastercho mastercho added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jun 28, 2024
@mastercho
Copy link
Author

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue #5557

This was referenced Aug 24, 2024
Closed
Merged
@dwisiswant0 dwisiswant0 linked a pull request Aug 24, 2024 that will close this issue
refactor(fuzz): use mapsutil.Map type #5558
Merged
4 tasks
@dwisiswant0 dwisiswant0 self-assigned this Aug 24, 2024
@dwisiswant0
Copy link
Member

The template you mentioned is not a DAST template - it doesn't have a fuzzing object. See the fuzzing overview doc.

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue #5557

To your concern - #5557 (comment)

@dwisiswant0 dwisiswant0 closed this as not planned Won't fix, can't repro, duplicate, stale Aug 24, 2024
@dwisiswant0 dwisiswant0 removed their assignment Aug 24, 2024
@dwisiswant0 dwisiswant0 added the wontfix This will not be worked on label Aug 24, 2024
@dwisiswant0 dwisiswant0 removed a link to a pull request Aug 24, 2024
refactor(fuzz): use mapsutil.Map type #5558
Merged
4 tasks
@mastercho
Copy link
Author

The template you mentioned is not a DAST template - it doesn't have a fuzzing object. See the fuzzing overview doc.

i found that issue happen when url have / like site.com/ its runs fine without slash but currently hits on this issue #5557

To your concern - #5557 (comment)

This specific template was running with -fuzz tag before also inside template have fuzz as a tag, which make it to not run by default, if dast is not replacement for fuzz then which one we should use ?

@tarunKoyalwar
Copy link
Member

@mastercho , the earlier fuzz category ( before 'dast' ) is now renamed to 'bruteforce' for consistency and avoid confusion , it looks like we need to update tags in some templates

and to run these default ignored templates you need to use -include-tags or -itags flag , something like

nuclei -u example.com -tags bruteforce,fuzz -itags bruteforce,fuzz

temporarily this should work , later on we can omit fuzz when templates are updated

@mastercho
Copy link
Author

@mastercho , the earlier fuzz category ( before 'dast' ) is now renamed to 'bruteforce' for consistency and avoid confusion , it looks like we need to update tags in some templates

and to run these default ignored templates you need to use -include-tags or -itags flag , something like

nuclei -u example.com -tags bruteforce,fuzz -itags bruteforce,fuzz

temporarily this should work , later on we can omit fuzz when templates are updated

Thanks @tarunKoyalwar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mastercho @dwisiswant0 @tarunKoyalwar