-max-host-error not respecting "context deadline exceeded" errors

[h888t]

Nuclei version:

Nuclei 2.8.3

$ nuclei -v

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.3

                projectdiscovery.io

Current Behavior:

When running Nuclei against a port that doesn't respond as closed, but filtered (i.e requests timeout), Nuclei tries to perform full scans without respecting -max-host-error despite all probes returning "context deadline exceeded"

Expected Behavior:

I expect that errors of "context deadline exceeded" to contribute to the -max-host-error count, to ensure that Nuclei skips filtered/no longer accessible ports

Steps To Reproduce:

Create targets file containing

https://127.0.0.1:4443
https://127.0.0.1:8880
http://google.com:6969

Run command: nuclei -s low,medium -l test.txt -max-host-error 3 -v -timeout 3

127.0.0.1:4443/8880 will be eventually skipped as the port is closed (respond with TCP RST) - but google.com:6969 does not, therefore trying to execute a full scan when the port is not available.

Example -v output:

[WRN] [CVE-2019-13396] Could not make http request for http://google.com:6969: unresolved variables found: token
[WRN] [CVE-2019-13396] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2022-26159] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [monitorix-exposure] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2021-42566] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2020-26413] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2021-41174] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2015-6544] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [404-to-301-xss] Could not make http request for http://google.com:6969: unresolved variables found: username,password
[WRN] [brother-unauthorized-access] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2021-31589] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [aem-disk-usage] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [oracle-ebs-sqllog-disclosure] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [wptouch-xss] Could not make http request for http://google.com:6969: unresolved variables found: username,password
[WRN] [couchdb-exposure] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2018-3238] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2015-5354] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2021-26812] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [netgear-router-exposure] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [netis-info-leak] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [CVE-2021-24298] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [apache-druid-unauth] Could not execute request for http://google.com:6969: context deadline exceeded
[WRN] [netdata-panel] Could not execute request for http://google.com:6969: context deadline exceeded

Anything else:

I assume these errors are supposed to typically include "Client.Timeout exceeded while awaiting headers" (from what I can see in similar output on Discord, documentation etc) which I believe previously handled this test case - but I am unable to recreate this error message

[ehsandeep]

@h888t thanks for flagging this, should be fixed with #3121

[h888t]

great, thank you! Fix looks logical :-)

[ehsandeep]

@h888t FYI, this change is reverted in #3143 as it turned out to be this error can be generated for multiple reasons and is not reliable to use for the counter to skip the host.

[jak0ne]

Any workaround for this? Adding manually "context deadline exceeded" to TrackError still seems to skip all hosts on the latest version.

This makes the scans continue on filtered ports, plus the ExecuteWithCallback function doesn't take a context for cancellation in the SDK so the scans keep running forever with no way to cancel them...

Any suggestions on how to skip filtered ports would be highly appreciated!

Thanks!

[aviadavi]

Any workaround for this? Adding manually "context deadline exceeded" to TrackError still seems to skip all hosts on the latest version.

This makes the scans continue on filtered ports, plus the ExecuteWithCallback function doesn't take a context for cancellation in the SDK so the scans keep running forever with no way to cancel them...

Any suggestions on how to skip filtered ports would be highly appreciated!

Thanks!

having the same issue here.
how did you workaround it?