-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checking socks5 proxy before launching a scan #1001
Comments
Hello @osamahamad, Your request makes sense, and we can definitely add such validations, although I am not sure ignoring the proxy in case of errors is a good idea. Quite the opposite actually, because it might give a false sense of security to those who would want to mask their IP addresses. As an enhancement, we could accept a file with a list of proxies and nuclei could go through them until it finds a working one, but if none of them are valid, I think the application should exit with an error code. If you want to default to no-proxy, then you could adjust your automation script to do so, based on the exit code. |
Proposed solution:
|
* "#issue1001" * changes for #issue1001 * minor changes * minor * flag consolidation and proxy file #issue1001 * readme changes * review changes * enviroment variable changes * review comment changes * review changes * removed commented out code
Revert "feat: Checking socks5 proxy before launching a scan #1001"
Is your feature request related to a problem? Please describe.
When using socks5 proxy and try to test a website / list of websites.
Example;
nuclei response will be
[INF] No results found
in case -proxy-socks-url contains false credentials / wrong IP ..etcwhen performing
nuclei -t /x/nuclei-templates/vulnerabilities/jira/ -u https://tpx.sys.comcast.net
will result
also, trying -proxy-socks-url with true credentials attempt will result in
That being said, nuclei does not check if the -proxy-socks-url argument has a valid socks5 proxy before launching the scan. I wish it check argument value and in case the provided socks5 proxy is invalid due to wrong credentials supply or expired then nuclei will notify the user in stdout with something like ( proxy is invalid ) or
Can't complete SOCKS5 connection to xxx port xxx
and Ignore -proxy-socks-url argument and lunch the scan without proxy attempt ( the user might be able to control being able to perform the scan without proxy in case the proxy is invalid by additional flag )Something like curl ; in the screenshot is an example when you supply true + false credentials.
This is helpful since most of the time since proxies can be used to avoid having your IP blocked by WAF or sometimes to bypass specific WAFs configurations. Also, most of the time proxies might get expired so the user supposed to know that and optionally being able to perform a scan with ignoring proxy flag ( specially if nuclei command used in a script ) is a plus.
The text was updated successfully, but these errors were encountered: