This terraform module allows you to execute Nuclei within a lambda function within AWS. This is designed to be the backend for Nuclear Pond. Please go to that repository first if you have not. The purpose of which is to allow you to perform automated scans on your infrastructure and allow the results to be parsed in any way that you choose.
Nuclei can help you identify technologies running within your infrastructure, misconfigurations, exploitable vulnerabilities, network protocols, default credentials, exposed panels, takeovers, and so much more. Continuously monitoring for such vulnerabilities within your network can be crucial to providing you with a last line of defense against vulnerabilities hidden within your cloud infrastructure.
⚠️ This is vulnerable to Remote Code Execution: Be careful where you deploy this as I have made no attempt to sanitize inputs for flexibility purposes. Since it is running in lambda, the risk is generally low but if you were to attach a network interface to this it could add significant risk.
With any engineering project, design decisions are made based on the requirements of a given project. In which these designs have some limitations which are the following:
- Args are passed directly, to allow you to specify any arguments to nuclei, in invoking the lambda function and since the sink is
exec.Commandthis is vulnerable to remote code execution by design and can be easily escaped - Never pass
-u,-l,-json, or-oflag to this lambda function but you can pass any other nuclei arguments you like - Nuclei refuses to not write to
$HOME/.configso theHOME, which is not a writable filesystem with lambda, is set to/tmpwhich can cause warm starts to have the same filesystem and perhaps poison future configurations - Lambda function in golang is rebuilt on every apply for ease of development
- When configuration files are updated, you might have to destroy and recreate the infrastructure
This is what must be passed to the lambda function. The Targets can be a list of one or many, the lambda function will handle passing in the -u or -l flag accordingly. The Args input are any valid flags for nuclei. The Output flag allows you to output either the command line output, json findings, or s3 key where the results are uploaded to.
{
"Targets": [
"https://devsecopsdocs.com"
],
"Args": [
"-t",
"dns"
],
"Output": "json"
}
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| archive | 2.2.0 |
| aws | 4.50.0 |
| github | 5.14.0 |
| null | 3.2.1 |
| Name | Version |
|---|---|
| archive | 2.2.0 |
| aws | 4.50.0 |
| github | 5.14.0 |
| null | 3.2.1 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| github_owner | Github owner to use for templates | string |
"projectdiscovery" |
no |
| github_repository | Github repository to use for templates | string |
"nuclei-templates" |
no |
| github_token | Github token to use for private templates, leave empty if you don't need private templates | string |
"" |
no |
| memory_size | n/a | number |
512 |
no |
| nuclei_arch | Nuclei architecture to use | string |
"linux_amd64" |
no |
| nuclei_timeout | Lambda function timeout | number |
900 |
no |
| nuclei_version | Nuclei version to use | string |
"2.8.7" |
no |
| project_name | Name of the project to create and must be unique as S3 bucket names are global | any |
n/a | yes |
| release_tag | Github release tag to use for templates | string |
"v9.3.4" |
no |
| tags | n/a | map(string) |
{ |
no |
| Name | Description |
|---|---|
| dynamodb_state_table | n/a |
| function_name | n/a |