Paul Mueller
Paul Mueller
### Template Information: I am proposing revisions to the current iis shortname template (https://github.com/projectdiscovery/nuclei-templates/blob/d6636f9169920d3ccefc692bc1a6136e2deb9205/fuzzing/iis-shortname.yaml) - Addition of the DEBUG http method. In my experience, a certain percentage of vulnerable IIS...
### Template Information: Older versions of roxy fileman have several serious security vulnerabilities: https://www.cvedetails.com/vulnerability-list/vendor_id-18324/product_id-46688/Roxyfileman-Roxy-Fileman.html This template should reliably detect multiple versions of the utility (asp.net/php) Even if a non-vulnerable version...
If we get a url_unverified event for a page, normally if it turns out to be a 404 httpx wont report it as a URL event. However, if we instead...
Occasionally we may want to visit the actual archived pages as opposed to the live pages. This would be an option that would be disabled by default.
Nuclei Budget mode calculations can take 30 seconds+ on some systems. We should implement some kind of a caching system to avoid this when possible
Running the SSL cert module constantly produces these errors: ``` DBUG] bbot.modules.sslcert: Error with SSL handshake on xxx.xxx.xxx.xxx port 80: 'float' object is not callable ``` This does not appear...
Output modules seem to ignore the watched_events value, as well as the filter_event method. To specify a particular set of events, currently it is necessary to explicitly check event.type against...
When http_headers are supplied incorrectly, web helper gives off cryptic errors, no validation is happening prior to scan. Expectation: An error message showing an example of how to properly define...
In very rare edge cases, perhaps only in specific versions, a "+" or possibly other base64 chars will cause a false negative on an individual byte crack.