Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[BUG] Executing template on different targets causes not to create result event #5955

Open
1 task done
yaron12n opened this issue Jan 6, 2025 · 2 comments
Open
1 task done
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@yaron12n
Copy link

yaron12n commented Jan 6, 2025

Is there an existing issue for this?

  • I have searched the existing issues.

Current Behavior

Using the Nuclei engine, I'm trying to run the same template on different targets. When I run it against a single target, everything works as expected. However, no result events are created if I run it first against an HTTP target and then against an HTTPS target.
On the other hand, if I run it only on the HTTPS target, it does create a result event.
I don't want to use load all targets in the same execution as sometimes I want to run only specific templates.

Here is some pseudo-code demonstrating the issue:

ne, err := nuclei.NewNucleiEngineCtx(context.Background(),
    nuclei.WithTemplatesOrWorkflows(
        nuclei.TemplateSources{Templates: []string{"test.yaml"}},
    ),
)
if err != nil {
    panic(err)
}

// Load targets and (optionally) probe non-HTTP/HTTPS targets.
ne.LoadTargets([]string{"http://127.0.0.1:12345"}, false)
err = ne.ExecuteWithCallback(func(event *output.ResultEvent) {
    fmt.Println(event)
})
if err != nil {
    panic(err)
}

// Now load HTTPS targets.
ne.LoadTargets([]string{"https://127.0.0.1:443"}, false)
err = ne.ExecuteWithCallback(func(event *output.ResultEvent) {
    fmt.Println(event)
})
if err != nil {
    panic(err)
}

I'm not sure why the result event is missing when running against HTTP followed by HTTPS, yet appears when running against HTTPS alone.

The template is just sending POST request with default credentials, then getting redirect and searching some content in the response (after the redirect)

Expected Behavior

result event will be created when even after different targets executed

Steps To Reproduce

added pseudo code

Relevant log output

Environment

- OS: 
- Nuclei: v3.3.5
- Go: 1.23

Anything else?

No response

@yaron12n yaron12n added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jan 6, 2025
@GeorginaReeder
Copy link

Thanks for your contribution @yaron12n !

@dogancanbakir
Copy link
Member

I couldn't repro this. I get events for both targets. Tried with dev branch, fyi.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Development

No branches or pull requests

3 participants