Skip to content

Commit

Permalink
Actually running fuzzing templates (#1315)
Browse files Browse the repository at this point in the history
  • Loading branch information
kazet authored Oct 9, 2024
1 parent d09bfe6 commit fbfa109
Showing 1 changed file with 17 additions and 6 deletions.
23 changes: 17 additions & 6 deletions artemis/modules/nuclei.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

EXPOSED_PANEL_TEMPLATE_PATH_PREFIX = "http/exposed-panels/"
CUSTOM_TEMPLATES_PATH = os.path.join(os.path.dirname(__file__), "data/nuclei_templates_custom/")
TAGS_TO_INCLUDE = ["fuzz", "fuzzing", "dast"]


@load_risk_class.load_risk_class(load_risk_class.LoadRiskClass.HIGH)
Expand Down Expand Up @@ -51,33 +52,43 @@ def __init__(self, *args: Any, **kwargs: Any):
with self.lock:
subprocess.call(["nuclei", "-update-templates"])

templates_list_command = ["-tl", "-it", ",".join(TAGS_TO_INCLUDE)]

template_list_sources: Dict[str, Callable[[], List[str]]] = {
"known_exploited_vulnerabilities": lambda: check_output_log_on_error(
["find", "/known-exploited-vulnerabilities/nuclei/"], self.log
)
.decode("ascii")
.split(),
"critical": lambda: check_output_log_on_error(["nuclei", "-s", "critical", "-tl"], self.log)
"critical": lambda: check_output_log_on_error(
["nuclei", "-s", "critical"] + templates_list_command, self.log
)
.decode("ascii")
.split(),
"high": lambda: check_output_log_on_error(["nuclei", "-s", "high", "-tl"], self.log)
"high": lambda: check_output_log_on_error(["nuclei", "-s", "high"] + templates_list_command, self.log)
.decode("ascii")
.split(),
"medium": lambda: check_output_log_on_error(["nuclei", "-s", "medium", "-tl"], self.log)
"medium": lambda: check_output_log_on_error(
["nuclei", "-s", "medium"] + templates_list_command, self.log
)
.decode("ascii")
.split(),
# These are not high severity, but may lead to significant information leaks and are easy to fix
"log_exposures": lambda: [
item
for item in check_output_log_on_error(["nuclei", "-tl"], self.log).decode("ascii").split()
for item in check_output_log_on_error(["nuclei"] + templates_list_command, self.log)
.decode("ascii")
.split()
if item.startswith("http/exposures/logs")
# we already have a git detection module that filters FPs such as
# exposed source code of a repo that is already public
and not item.startswith("http/exposures/logs/git-")
],
"exposed_panels": lambda: [
item
for item in check_output_log_on_error(["nuclei", "-tl"], self.log).decode("ascii").split()
for item in check_output_log_on_error(["nuclei"] + templates_list_command, self.log)
.decode("ascii")
.split()
if item.startswith(EXPOSED_PANEL_TEMPLATE_PATH_PREFIX)
],
}
Expand Down Expand Up @@ -152,7 +163,7 @@ def _scan(self, templates: List[str], targets: List[str]) -> List[Dict[str, Any]
"-etags",
"intrusive",
"-itags",
"fuzz,dast",
",".join(TAGS_TO_INCLUDE),
"-v",
"-concurrency",
"1",
Expand Down

0 comments on commit fbfa109

Please sign in to comment.