nuclei
nuclei copied to clipboard
Published
20 hours ago •
projectdiscovery
projectdiscovery
Could not execute any template using any host
trafficstars
Description:
My nuclei dont want to run using any host, this is the error nuclei given using some random template
Could not execute request for https://google.com: GET https://google.com/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1) giving up after 2 attempts: Get "https://google.com/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Nuclei version:
Latest version (2.7.1)
Current Behavior:
I expected nuclei to run without any error using any host
Expected Behavior:
Same error using any domain
PS D:\Kerja\> .\nuclei.exe -u https://google.com --debug -tags xss
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.7.1
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
...
[INF] [CVE-2018-2791] Dumped HTTP request for https://google.com
GET /cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=qqq%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
Host: https:
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36
Connection: close
Accept-Encoding: gzip
[INF] [CVE-2017-9140] Dumped HTTP request for https://google.com
GET /Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1) HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[INF] [CVE-2022-0218] Dumped HTTP request for https://google.com
[INF] [CVE-2014-4550] Dumped HTTP request for https://google.com
[WRN] [CVE-2017-9140] Could not execute request for https://google.com: GET https://google.com/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1) giving up after 2 attempts: Get "https://google.com/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
GET /index.php?rest_route=/whm/v3/themesettings HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
GET /wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[WRN] [CVE-2022-0218] Could not execute request for https://google.com: GET https://google.com/index.php?rest_route=/whm/v3/themesettings giving up after 2 attempts: Get "https://google.com/index.php?rest_route=/whm/v3/themesettings": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[WRN] [CVE-2014-4550] Could not execute request for https://google.com: GET https://google.com/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e giving up after 2 attempts: Get
"https://google.com/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[WRN] [CVE-2021-46005] Could not make http request for https://google.com: unresolved variables found: username,password
[INF] [CVE-2016-10993] Dumped HTTP request for https://google.com
GET /?s=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[INF] [CVE-2021-30213] Dumped HTTP request for https://google.com
GET /knowage/servlet/AdapterHTTP?Page=LoginPage&NEW_SESSION=TRUE&TargetService=%2Fknowage%2Fservlet%2FAdapterHTTP%3FPage%3DLoginPage%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[INF] [CVE-2015-2068] Dumped HTTP request for https://google.com
[INF] [CVE-2021-32853] Dumped HTTP request for https://google.com
[WRN] [CVE-2016-10993] Could not execute request for https://google.com: GET https://google.com/?s=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E giving up after 2 attempts: Get "https://google.com/?s=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[WRN] [CVE-2021-30213] Could not execute request for https://google.com: GET https://google.com/knowage/servlet/AdapterHTTP?Page=LoginPage&NEW_SESSION=TRUE&TargetService=%2Fknowage%2Fservlet%2FAdapterHTTP%3FPage%3DLoginPage%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E giving up after 2 attempts: Get "https://google.com/knowage/servlet/AdapterHTTP?Page=LoginPage&NEW_SESSION=TRUE&TargetService=%2Fknowage%2Fservlet%2FAdapterHTTP%3FPage%3DLoginPage%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
GET /magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
GET /widgets/knowledgebase?topicId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[WRN] [CVE-2015-2068] Could not execute request for https://google.com: GET https://google.com/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E giving up after 2 attempts: Get "https://google.com/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[WRN] [CVE-2021-32853] Could not execute request for https://google.com: GET https://google.com/widgets/knowledgebase?topicId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E giving up after 2 attempts: Get "https://google.com/widgets/knowledgebase?topicId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E": context deadline exceeded (Client.Timeout exceeded while
awaiting headers)
More information again: this issue also appears in nuclei version 2.7.0, right now I am downgrading my nuclei from 2.7.1 to 2.6.9
I am download using this link
It looks like I'm encountering a similar issue.
I'm running:
nuclei -u https://target.com -id laravel-debug-enabled -timeout 10 -debug
[INF] Using Nuclei Engine 2.7.1 (latest)
[INF] Using Nuclei Templates 9.0.2 (latest)
[INF] Templates added in last update: 24
[INF] Templates loaded for scan: 1
[INF] [laravel-debug-enabled] Dumped HTTP request for https://target.com
GET /_ignition/health-check HTTP/1.1
Host: target.com
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[WRN] [laravel-debug-enabled] Could not execute request for https://target.com: GET https://target.com/_ignition/health-check giving up after 2 attempts: Get "https://target.com/_ignition/health-check": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[INF] No results found. Better luck next time!
But it works when using Burp as a proxy:
❯ nuclei -u https://target.com -id laravel-debug-enabled -proxy http://127.0.0.1:8080
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.7.1
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.1 (latest)
[INF] Using Nuclei Templates 9.0.2 (latest)
[INF] Templates added in last update: 24
[INF] Templates loaded for scan: 1
[2022-05-25 11:08:26] [laravel-debug-enabled] [http] [medium] https://target.com/_ignition/health-check
@daffainfo @Techbrunch I'm able to execute nuclei correctly on windows. Could you confirm if this issue is still reproducible and if you can perform a full scan against scanme.sh (either http/https)?
I'm closing the issue as it seems not reproducible anymore - please let us know if you still face the problem, and we will reopen it.