Secrets Scanning with Nuclei

Secrets Scanning with Nuclei

Within the v2.3.0 release, we've introduced File based scanning capabilities into the Nuclei engine. If you are already a Nuclei user, you will find it familiar because it follows the same principles as the HTTP based templates. We wanted to provide a similar approach to make writing your own file based templates simple and convenient.

File protocol

The File protocol template extension makes pattern-based file matching possible by enabling Nuclei to scan the desired parts of the file system.

File protocol applicability

🔎 Secrets scanning
🕵🏻 Source code scanning

Leaking keys and secrets in GitHub projects are common issues that are always worth looking for. Now it's possible to write Nuclei templates that scan for known secret or source-code patterns, stored HTTP responses on the system, and more.

Nuclei Mobile Templates created by 0xgaurang are good examples of source-code analysis, relying on file support, to detect common security issues in Android applications.

File Template examples

File based template scanning for Slack webhook token:-

id: slack-webhook

  name: Slack Webhook
  author: gaurang
  severity: high
  tags: keys,file

  - extensions:
      - all

      - type: regex
          - "<[0-9A-Za-z\\\\\\\\-_]{10}/B[0-9A-Za-z\\\\\\\\-_]{10}/[0-9A-Za-z\\\\\\\\-_]{23}>"

Another example of File based template scanning that detects improper certificate-validation in decompiled smali files:

id: improper-certificate-validation

  name: Improper Certificate Validation
  author: gaurang
  severity: medium
  tags: android,file

  - extensions:
      - all

      - type: word
          - "Landroid/webkit/SslErrorHandler;->proceed()V"

To run, we need to feed a directory of our interest as input along with a file template.

nuclei -target decompile_apk_folder -t file_templates.yaml

Running Nuclei file template

File based nuclei template

For detailed documentation on writing file based templates, please check out the templating guide document and existing file based templates in nuclei-templates project.

Got some questions? Feel free to tweet us at @pdnuclei or jump in our Discord server to discuss more security and automation.


Contribute to optiv/mobile-nuclei-templates development by creating an account on GitHub.

Subscribe to our newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!