-
When I run the given example there is no message emitted ➜ testvul nuclei -p http://192.168.1.69:8080 -t test_code.yaml -code -u xxxxxx -v
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.0.4
projectdiscovery.io
[VER] Using http://192.168.1.69:8080 as proxy server
[VER] Started metrics server at localhost:9092
[WRN] Found 1 unsigned or tampered code template (carefully examine before using it & use -sign flag to sign them)
[INF] Current nuclei version: v3.0.4 (latest)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] No results found. Better luck next time!
[FTL] Could not run nuclei: no templates provided for scan My template content is as follows id: code-template
info:
name: example code template
author: pdteam
severity: info
variables:
OAST: "{{interactsh-url}}"
code:
- engine:
- sh
- bash
source: |
echo "$OAST" | base64
- engine:
- py
- python3
source: |
import base64
import os
text = os.getenv('OAST')
text_bytes = text.encode('utf-8')
base64_bytes = base64.b64encode(text_bytes)
base64_text = base64_bytes.decode('utf-8')
print(base64_text)
http:
- method: GET
path:
- "{{BaseURL}}/?x={{code_1_response}}"
- "{{BaseURL}}/?x={{code_2_response}}" |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 2 replies
-
I am experiencing the same issue. nuclei -u https://www.hahwul.com -t http
# running
nuclei -u https://www.hahwul.com -t http/exposures
# running
nuclei -u https://www.hahwul.com -t http/default-logins
# running
nuclei -u https://www.hahwul.com -t http/fuzzing
# not running I think, it seems like there's an issue with the fuzzing type script in my case. |
Beta Was this translation helpful? Give feedback.
-
I just found a temporary solution. The issue seems to occur when there is tags: oast, fuzz ⬅️ remove this
cc @tower111
|
Beta Was this translation helpful? Give feedback.
-
Same problem, is there any update when this will be fixed? |
Beta Was this translation helpful? Give feedback.
-
I installed version 3.0, the very first release with support for this feature, it has the same problem with code support, but it worked before, right? |
Beta Was this translation helpful? Give feedback.
-
@reewardius @tower111 as the error says:
unsigned code templates are not allowed to run for security reasons, you need sign them before you use them, see the docs https://docs.projectdiscovery.io/templates/reference/template-signing for details. |
Beta Was this translation helpful? Give feedback.
-
Hi @ehsandeep |
Beta Was this translation helpful? Give feedback.
@hahwul yes, it's unrelated to code template, in your case, it's related to fuzz tag that is excluded from default run, see the docs - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion, you can override the exclusion by adding
-itags fuzz