nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

Global passive matchers / extractors for nuclei scan

Open ehsandeep opened this issue 2 years ago • 0 comments

Please describe your feature request:

Nuclei runs multiple templates that makes active HTTP request, generally matchers are defined to detect specific issue / detection / tech for specific templates, instead global matcher will make use of existing response data passed through nuclei i.e no additional active requests and allow users to write matchers / extractors to detect interesting behavior / errors / secret etc.

Describe the use case of this feature:

  • Passive response fingerprinting
  • Error / WAF / Interesting behavior detection
  • Secret Detection

Example Template:

id: global-matcher-example

info:
  name: Test Global Matcher Template
  author: pdteam
  severity: info

passive: true # this is passive template!
http: # matcher / extractors will be applied for http protocol, similarly other protocol block can be defined. 
  - matchers-condition: and
    matchers:
      - type: word
        words:
          - This is test matcher text

      - type: word
        words:
          - This is test matcher text 2

    extractors:
      - type: regex
        group: 1
        regex:
          - '<title>(.*)<\/title>'

ehsandeep avatar Dec 28 '23 19:12 ehsandeep