Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

import already existing templates within a template #4287

Open
iamnoooob opened this issue Oct 24, 2023 · 0 comments
Open

import already existing templates within a template #4287

iamnoooob opened this issue Oct 24, 2023 · 0 comments
Assignees
@tarunKoyalwar
Labels
Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@iamnoooob
Copy link

Please describe your feature request:

There should be a feature to reuse existing templates by referencing them inside a nuclei template instead of re-writing the already existing config/rule (similar to workflows).

Describe the use case of this feature:

Taking this template as an example from here :

id: wordpress-bruteforce

info:
  name: WordPress Login Bruteforce
  author: pdteam
  severity: high

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-login.php"

    matchers:
        - type: word
            words:
            - "WordPress"

  - method: POST
    path:
      - "{{BaseURL}}/wp-login.php"

    body: |
        log={{username}}&pwd={{password}}&wp-submit=Log+In

    attack: clusterbomb 
    payloads:
      users: helpers/wordlists/wp-users.txt
      passwords: helpers/wordlists/wp-passwords.txt

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains_all(header, "/wp-admin","wordpress_logged_in")
        condition: and

Here, there is a detection step in the first http request of the flow involved which is kind of repetitive as detection for wordpress pre-exists as a separate template. It would be much more easier and remove any kind of redudancy while writing templates if we could just add a reference to the pre-existing templates. Something like:

...
http:
    template: http/technologies/wordpress-detect.yaml

  - method: POST
    path:
      - "{{BaseURL}}/wp-login.php"
...
@iamnoooob iamnoooob added the Type: Enhancement Most issues will probably ask for additions or changes. label Oct 24, 2023
@tarunKoyalwar tarunKoyalwar self-assigned this Oct 31, 2023
@tarunKoyalwar tarunKoyalwar changed the title Reference already existing templates within a template import already existing templates within a template May 17, 2024
@ehsandeep ehsandeep pinned this issue Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iamnoooob @tarunKoyalwar