Table of Contents
Authors
Within the v2.3.0 release, we've introduced File based scanning capabilities into the Nuclei engine. If you are already a Nuclei user, you will find it familiar because it follows the same principles as the HTTP based templates. We wanted to provide a similar approach to make writing your own file based templates simple and convenient.
File protocol
The File protocol template extension makes pattern-based file matching possible by enabling Nuclei to scan the desired parts of the file system.
File protocol applicability
🔎 Secrets scanning
🕵🏻 Source code scanning
Leaking keys and secrets in GitHub projects are common issues that are always worth looking for. Now it's possible to write Nuclei templates that scan for known secret or source-code patterns, stored HTTP responses on the system, and more.
Nuclei Mobile Templates created by 0xgaurang are good examples of source-code analysis, relying on file support, to detect common security issues in Android applications.
File Template examples
File based template scanning for Slack webhook token:-
yaml
1id: slack-webhook
2
3info:
4 name: Slack Webhook
5 author: gaurang
6 severity: high
7 tags: keys,file
8
9file:
10 - extensions:
11 - all
12
13 extractors:
14 - type: regex
15 regex:
16 - "<https://hooks.slack.com/services/T[0-9A-Za-z\\\\\\\\-_]{10}/B[0-9A-Za-z\\\\\\\\-_]{10}/[0-9A-Za-z\\\\\\\\-_]{23}>"
Another example of File based template scanning that detects improper certificate-validation in decompiled smali files:
yaml
1id: improper-certificate-validation
2
3info:
4 name: Improper Certificate Validation
5 author: gaurang
6 severity: medium
7 tags: android,file
8
9file:
10 - extensions:
11 - all
12
13 matchers:
14 - type: word
15 words:
16 - "Landroid/webkit/SslErrorHandler;->proceed()V"
To run, we need to feed a directory of our interest as input along with a file template.
bash
1nuclei -target decompile_apk_folder -t file_templates.yaml
For detailed documentation on writing file based templates, please check out the templating guide document and existing file based templates in nuclei-templates project.
Got some questions? Feel free to tweet us at @pdnuclei or jump in our Discord server to discuss more security and automation.
Reference