nuclei
nuclei copied to clipboard
projectdiscovery
Feature Request: Add `-loop` Flag for Repeated Template Scanning to Enhance Load Balancer Vulnerability Detection
Hey ProjectDiscovery Team,
I would like to request a feature to further improve nuclei template scanning and enhance the accuracy of finding vulnerabilities.
I suggest adding a -loop flag (or a similarly named flag) that accepts the number of times a template should be scanned. For example, if a user adds the -loop 5 argument, then nuclei should scan the same template 5 times on the current scan target.
Additionally, it would be great if nuclei could intelligently identify a load balancer. In such cases, a -loop 5 --loop_when_loadbalancer flag would loop the template scan only if a load balancer is detected.
Theory
A load balancer is a proxy (in front) that works to distribute the workload across multiple servers. Usually, those servers have similar structures, so the applications inside them also need to be similar.
But, the issue lies in:
- Server A - Failed
- Server B - Failed
- Server C - Exploitable!
By doing 10x loops on nuclei the issue is exploitable.
Why?
- The first request might go to the server with the latest app.
- The second request might also go there; our session will be directed to the newest version.
So, multiple requests are needed for our session to be directed to the vulnerable server.
Reference
https://twitter.com/xchopath/status/1805331064958894177?t=WWddaLg9BzXCqVYvq1YmJQ&s=19
Credits
https://x.com/xchopath https://github.com/xchopath
cc: @ehsandeep @princechaddha
