String/Regex matchers for Workflows

[fail-open]

This request to be able use target information (domain name, IP, and or, port as a condition on whether a workflow gets triggered. Like other aspects in Nuclei, it would be useful to be able to specify to run if it matches, or exclude from the run if it matches.

Describe the use case of this feature:

The usecase for me is that want to be able to pass in a set of targets and workflows. As nuclei works through the templates and workflows, I would like for certain workflows to only trigger the templates associated to it if the target data meets a criteria.

I am trying to run a set target list and template list, but I am trying to trigger a extra set of templates if a target is a certain domain name, domain name pattern, or IP. This would allow me to add specific checks to specific systems ongoing to track findings being fixed, without having to throw those checks at every target. I am trying to avoid doing programmatic changes to the main system running nuclei in my environment.

[forgedhallpass]

Current workaround:

Template:

id: template-id

info:
  name: Template Name
  author: forgedhallpass
  severity: info

requests:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

    redirects: true
    matchers:
      - type: dsl
        name: host
        dsl:
          - Host == "some_host"
          - Host == "some_other_host"
          - Host == "localhost"

Workflow:

id: host-workflow

info:
  name: test
  author: forgedhallpass
  description: description

workflows:
  - template: returnHost.yaml
    matchers:
      - name: host
        subtemplates:
          - tags: cve

Explanation: the workflow executes the template defined above and if the matcher called host is matched, it will execute a set of templates (in this case all the templates that have the cve tag).

Since the matcher operator is dependent on a request type, it is not possible to achieve this currently without making a request.