Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Global passive matchers / extractors for nuclei scan #4549

Closed
ehsandeep opened this issue Dec 28, 2023 · 0 comments · Fixed by #5701
Closed

Global passive matchers / extractors for nuclei scan #4549

ehsandeep opened this issue Dec 28, 2023 · 0 comments · Fixed by #5701
Assignees
Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Milestone

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Dec 28, 2023

Please describe your feature request:

Nuclei runs multiple templates that makes active HTTP request, generally matchers are defined to detect specific issue / detection / tech for specific templates, instead global matcher will make use of existing response data passed through nuclei i.e no additional active requests and allow users to write matchers / extractors to detect interesting behavior / errors / secret etc.

Describe the use case of this feature:

  • Passive response based detections
  • Passive response based fingerprinting.
  • Error / WAF / Interesting behavior detection
  • Secret Detection

Example Template:

id: global-matcher-example

info:
  name: Test Global Matcher Template
  author: pdteam
  severity: info

  - global-matchers: true # enables global matching and applies them globally to all events from other templates
    matchers-condition: and
    matchers:
      - type: word
        words:
          - This is test matcher text

      - type: word
        words:
          - This is test matcher text 2

    extractors:
      - type: regex
        group: 1
        regex:
          - '<title>(.*)<\/title>'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
5 participants