Blog
-

2 min read

Secrets Scanning with Nuclei

Nuclei & Templates
Secrets Scanning with Nuclei

Share

Within the v2.3.0 release, we've introduced File based scanning capabilities into the Nuclei engine. If you are already a Nuclei user, you will find it familiar because it follows the same principles as the HTTP based templates. We wanted to provide a similar approach to make writing your own file based templates simple and convenient.

File protocol

The File protocol template extension makes pattern-based file matching possible by enabling Nuclei to scan the desired parts of the file system.

File protocol applicability

🔎 Secrets scanning
🕵🏻 Source code scanning

Leaking keys and secrets in GitHub projects are common issues that are always worth looking for. Now it's possible to write Nuclei templates that scan for known secret or source-code patterns, stored HTTP responses on the system, and more.

Nuclei Mobile Templates created by 0xgaurang are good examples of source-code analysis, relying on file support, to detect common security issues in Android applications.

File Template examples

File based template scanning for Slack webhook token:-

yaml

1
id: slack-webhook
2


3
info:
4
  name: Slack Webhook
5
  author: gaurang
6
  severity: high
7
  tags: keys,file
8


9
file:
10
  - extensions:
11
      - all
12


13
    extractors:
14
      - type: regex
15
        regex:
16
          - "<https://hooks.slack.com/services/T[0-9A-Za-z\\\\\\\\-_]{10}/B[0-9A-Za-z\\\\\\\\-_]{10}/[0-9A-Za-z\\\\\\\\-_]{23}>"

Another example of File based template scanning that detects improper certificate-validation in decompiled smali files:

yaml

1
id: improper-certificate-validation
2


3
info:
4
  name: Improper Certificate Validation
5
  author: gaurang
6
  severity: medium
7
  tags: android,file
8


9
file:
10
  - extensions:
11
      - all
12


13
    matchers:
14
      - type: word
15
        words:
16
          - "Landroid/webkit/SslErrorHandler;->proceed()V"

To run, we need to feed a directory of our interest as input along with a file template.

bash

1
nuclei -target decompile_apk_folder -t file_templates.yaml
Nuclei%20v2%203%200%20Release%20ca1b0069b3954a7abce67d6828d4eb26/local-file-scan.gif

For detailed documentation on writing file based templates, please check out the templating guide document and existing file based templates in nuclei-templates project.

Got some questions? Feel free to tweet us at @pdnuclei or jump in our Discord server to discuss more security and automation.

Reference