New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nuclei 3.1.10 validates invalid template #4866
Comments
I can confirm I am experiencing the same issue with several phishing templates using the following command: |
i am not able to reproduce this , ./nuclei -t x.yaml -validate -debug 1 ↵
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.0-dev
projectdiscovery.io
[VER] Started metrics server at localhost:9092
[ERR] Error occurred loading template /Users/tarun/Codebase/nuclei/x.yaml: Could not load template /Users/tarun/Codebase/nuclei/x.yaml: yaml: line 25: could not find expected ':'
[FTL] Could not validate templates: errors occurred during template validation $ nuclei -t x.yaml -validate
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.10
projectdiscovery.io
[VER] Started metrics server at localhost:9092
[ERR] Error occurred loading template /Users/tarun/Codebase/nuclei/x.yaml: Could not load template /Users/tarun/Codebase/nuclei/x.yaml: yaml: line 25: could not find expected ':'
[FTL] Could not validate templates: errors occurred during template validation cc: @geeknik and issue seems to be related to incorrect yaml and not template logic $ nuclei -t ~/nuclei-templates/http/osint/phishing -validate
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.10
projectdiscovery.io
[VER] Started metrics server at localhost:9092
[INF] All templates validated successfully
|
@tarunKoyalwar I'm pretty sure there is something going on during the validation. Here's an interesting AI generated template example that looks pretty neat.
Look pretty conformant. Some of it even makes sense. Let's validate it just to be sure..
Now let's hack the planet!!!
Wait, what? ~$ nuclei -hc
|
Nuclei version:
3.1.10
Current Behavior:
nuclei validates an invalid template.
Expected Behavior:
It should see the error when using
-validate
.Steps To Reproduce:
nuclei -validate test.yaml -v -debug
nuclei -t test.yaml -u http://example.com/ -debug -v
yamllint test.yaml
Anything else:
hi! 🤙🏻
The text was updated successfully, but these errors were encountered: