nuclei
nuclei copied to clipboard
projectdiscovery
Socks5 somehow doesn't work
Nuclei version:3.1.10
Current Behavior:
When i run nuclei without proxy or with http proxy scans ok, when i try to use -proxy=socks5://ip:port getting No results found. Better luck next time!
Expected Behavior:
To run scan as normal, like runs with http proxy
Steps To Reproduce:
nuclei -u site.com -proxy=socsk5://ip:port
Anything else:
Did send screenshots to @tarunKoyalwar in Discord for more details
Just tried with an ssh tunnel:
$ ssh -D 9000 [email protected]
...
debug3: channel 3: status: The following connections are open:
#2 client-session (t4 r0 i0/0 o0/0 e[write]/0 fd 7/8/9 sock -1 cc -1)
#3 direct-tcpip: listening port 9000 for 192.168.5.1 port 443, connect from 127.0.0.1 port 54557 to 127.0.0.1 port 9000 (t4 r1 i3/0 o3/0 e[closed]/0 fd 10/10/-1 sock 10 cc -1)
...
and nuclei seems to connect without issues:
$ nuclei -u https://192.168.5.1 -proxy socks5://127.0.0.1:9000 -verbose -debug -id CNVD-2022-86535 -timeout 30
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.10
projectdiscovery.io
[WRN] Excluded 113 template[s] with known weak matchers / tags excluded from default run using .nuclei-ignore
[INF] Current nuclei version: v3.1.10 (latest)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 106
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] [CNVD-2022-86535] Dumped HTTP request for https://192.168.5.1/?lang=../../../../../usr/local/php/pearcmd
GET /?lang=../../../../../usr/local/php/pearcmd HTTP/1.1
Host: 192.168.5.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Connection: close
Accept-Encoding: gzip
[DBG] [CNVD-2022-86535] Dumped HTTP response https://192.168.5.1/?lang=../../../../../usr/local/php/pearcmd
HTTP/1.1 200 OK
Connection: close
Cache-Control: no-cache
...
I increased the timeout to 30 as it's on a mobile connection and through tunnels it tends to take more time. I'm not sure if that might be your same issue, but if you use the -verbose -debug flags it might be possible to spot some more detailed error messages.
on verbose i can see its gives
remote error: tls: internal error on every request
~~would it be possible to provide more context on how to reproduce it? For example which socks5 proxy is being used and which service you are targeting?~~ got them internally
I'm not sure if there might be a problem with this specific socks5 proxy, I can't connect also with curl:
$ curl -vvv -x socks5://94.xxx.xxx.xxx:2020 https://scanme.sh
* Trying 94.xxx.xxx.xxx:2020...
* Connected to 94.xxx.xxx.xxx (94.xxx.xxx.xxx) port 2020
From the provided info I can only guess it might be something related to the particular socks5 proxy as also curl works randomly. Would it be possible to share more info about which software is used as socks5 proxy or if there is any particular configuration? (feel free to ping me via DM on discord)
From the provided info I can only guess it might be something related to the particular socks5 proxy as also curl works randomly. Would it be possible to share more info about which software is used as socks5 proxy or if there is any particular configuration? (feel free to ping me via DM on discord)
Sorry for late reply, we was using https://github.com/deadjakk/RustPivot/tree/master but later inspecting their source code we discover that they dont handle SSL and thats might be the problem