Fewer Nuclei requests (#1162)

CERT-Polska · Jul 17, 2024 · 97f662c · 97f662c
1 parent 0b7a66a
commit 97f662c
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/artemis/config.py b/artemis/config.py
@@ -437,6 +437,40 @@ class Nuclei:
                         "http/cves/2024/CVE-2024-1208.yaml",
                         "http/cves/2024/CVE-2024-1210.yaml",
                         "http/cves/2024/CVE-2024-3097.yaml",
+                        # Over 50 requests
+                        "http/cves/2017/CVE-2017-17562.yaml",
+                        "http/cves/2019/CVE-2019-17382.yaml",
+                        "http/cves/2022/CVE-2022-2034.yaml",
+                        "http/cves/2023/CVE-2023-24489.yaml",
+                        "http/default-logins/apache/tomcat-default-login.yaml",
+                        "http/default-logins/oracle/peoplesoft-default-login.yaml",
+                        "http/exposed-panels/adminer-panel-detect.yaml",
+                        "http/exposures/apis/swagger-api.yaml",
+                        "http/exposures/backups/php-backup-files.yaml",
+                        "http/exposures/backups/zip-backup-files.yaml",
+                        "http/exposures/files/generic-db.yaml",
+                        "http/fuzzing/cache-poisoning-fuzz.yaml",
+                        "http/fuzzing/header-command-injection.yaml",
+                        "http/fuzzing/mdb-database-file.yaml",
+                        "http/fuzzing/prestashop-module-fuzz.yaml",
+                        "http/fuzzing/waf-fuzz.yaml",
+                        "http/fuzzing/wordpress-plugins-detect.yaml",
+                        "http/fuzzing/wordpress-themes-detect.yaml",
+                        "http/fuzzing/wordpress-weak-credentials.yaml",
+                        "http/miscellaneous/defacement-detect.yaml",
+                        "http/misconfiguration/aem/aem-default-get-servlet.yaml",
+                        "http/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml",
+                        "http/misconfiguration/gitlab/gitlab-api-user-enum.yaml",
+                        "http/misconfiguration/gitlab/gitlab-user-enum.yaml",
+                        "http/misconfiguration/servicenow-widget-misconfig.yaml",
+                        "http/technologies/graphql-detect.yaml",
+                        "http/technologies/graylog/graylog-api-exposure.yaml",
+                        "http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml",
+                        "http/vulnerabilities/generic/open-redirect-generic.yaml",
+                        "http/vulnerabilities/grafana/grafana-file-read.yaml",
+                        "http/vulnerabilities/tongda/tongda-auth-bypass.yaml",
+                        "http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml",
+                        "javascript/default-logins/ssh-default-logins.yaml",
                     ]
                 ),
                 cast=decouple.Csv(str),

diff --git a/artemis/modules/nuclei.py b/artemis/modules/nuclei.py
@@ -128,6 +128,7 @@ def _scan(self, templates: List[str], targets: List[str]) -> List[Dict[str, Any]
 
         lines = []
         for template_chunk in more_itertools.chunked(templates, Config.Modules.Nuclei.NUCLEI_TEMPLATE_CHUNK_SIZE):
+            self.log.info("Running batch of %d templates on %d target(s)", len(template_chunk), len(targets))
             command = [
                 "nuclei",
                 "-disable-update-check",