Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

3 matchers:

- type: word

words:

- "Apache2 Ubuntu Default Page: It works"

part: body

Listing 5-3

An example Nuclei template

We define the template metadata, such as the template’s name,

author, severity, and so on 1. We then define the http (HTTP)

protocol, which will instruct Nuclei to use an HTTP client when

executing this template 2. We also declare that the template should

use the GET method. Next, we define a variable that will be swapped

with the target URL we’ll provide to Nuclei on the command line at

scan time. Then we define a single matcher of type word 3 and a

search pattern to match against the HTTP response body coming

back from the server, defined by the word part: body.

As a result, when Nuclei performs a scan against an IP address

that runs some form of a web server, this template will make a GET

request to its base URL (/) and look for the string Apache2

ubuntu Default Page: It works in the response. If it

finds this string in the response’s body, the check will be considered

successful because the pattern matched.

We encourage you to explore Nuclei’s templating system at

https://nuclei.projectdiscovery.io/templating-guide, as you can easily

use Nuclei with Bash to perform continuous assessments.

Writing a Custom Template

Let’s write a simple template that finds the git repositories we

discovered earlier on 172.16.10.11. In Listing 5-4, we define

multiple BaseURL paths to represent the two paths we’ve identified,

and using Nuclei's matchers, we define a string ref:

refs/heads/master to match against the response body

returned by the scanned server.

id: detect-git-repository

info:

name: Git Repository Finder

author: Dolev Farhi and Nick Aleks

severity: info

tags: git

http: