From 97f662cc079b2656951c673c73d736b5651b3264 Mon Sep 17 00:00:00 2001 From: kazet Date: Wed, 17 Jul 2024 12:59:31 +0200 Subject: [PATCH] Fewer Nuclei requests (#1162) --- artemis/config.py | 34 ++++++++++++++++++++++++++++++++++ artemis/modules/nuclei.py | 1 + 2 files changed, 35 insertions(+) diff --git a/artemis/config.py b/artemis/config.py index a623727fe..b2c376a10 100644 --- a/artemis/config.py +++ b/artemis/config.py @@ -437,6 +437,40 @@ class Nuclei: "http/cves/2024/CVE-2024-1208.yaml", "http/cves/2024/CVE-2024-1210.yaml", "http/cves/2024/CVE-2024-3097.yaml", + # Over 50 requests + "http/cves/2017/CVE-2017-17562.yaml", + "http/cves/2019/CVE-2019-17382.yaml", + "http/cves/2022/CVE-2022-2034.yaml", + "http/cves/2023/CVE-2023-24489.yaml", + "http/default-logins/apache/tomcat-default-login.yaml", + "http/default-logins/oracle/peoplesoft-default-login.yaml", + "http/exposed-panels/adminer-panel-detect.yaml", + "http/exposures/apis/swagger-api.yaml", + "http/exposures/backups/php-backup-files.yaml", + "http/exposures/backups/zip-backup-files.yaml", + "http/exposures/files/generic-db.yaml", + "http/fuzzing/cache-poisoning-fuzz.yaml", + "http/fuzzing/header-command-injection.yaml", + "http/fuzzing/mdb-database-file.yaml", + "http/fuzzing/prestashop-module-fuzz.yaml", + "http/fuzzing/waf-fuzz.yaml", + "http/fuzzing/wordpress-plugins-detect.yaml", + "http/fuzzing/wordpress-themes-detect.yaml", + "http/fuzzing/wordpress-weak-credentials.yaml", + "http/miscellaneous/defacement-detect.yaml", + "http/misconfiguration/aem/aem-default-get-servlet.yaml", + "http/misconfiguration/akamai/akamai-s3-cache-poisoning.yaml", + "http/misconfiguration/gitlab/gitlab-api-user-enum.yaml", + "http/misconfiguration/gitlab/gitlab-user-enum.yaml", + "http/misconfiguration/servicenow-widget-misconfig.yaml", + "http/technologies/graphql-detect.yaml", + "http/technologies/graylog/graylog-api-exposure.yaml", + "http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml", + "http/vulnerabilities/generic/open-redirect-generic.yaml", + "http/vulnerabilities/grafana/grafana-file-read.yaml", + "http/vulnerabilities/tongda/tongda-auth-bypass.yaml", + "http/vulnerabilities/wordpress/wp-xmlrpc-brute-force.yaml", + "javascript/default-logins/ssh-default-logins.yaml", ] ), cast=decouple.Csv(str), diff --git a/artemis/modules/nuclei.py b/artemis/modules/nuclei.py index f9c0eef3a..7cadb643a 100644 --- a/artemis/modules/nuclei.py +++ b/artemis/modules/nuclei.py @@ -128,6 +128,7 @@ def _scan(self, templates: List[str], targets: List[str]) -> List[Dict[str, Any] lines = [] for template_chunk in more_itertools.chunked(templates, Config.Modules.Nuclei.NUCLEI_TEMPLATE_CHUNK_SIZE): + self.log.info("Running batch of %d templates on %d target(s)", len(template_chunk), len(targets)) command = [ "nuclei", "-disable-update-check",