Nuclei Beginner

Secrets Scanning with Nuclei

ProjectDiscovery
ProjectDiscovery
2 min read
Secrets Scanning with Nuclei

Within the v2.3.0 release, we've introduced File based scanning capabilities into the Nuclei engine. If you are already a Nuclei user, you will find it familiar because it follows the same principles as the HTTP based templates. We wanted to provide a similar approach to make writing your own file based templates simple and convenient.

File protocol

The File protocol template extension makes pattern-based file matching possible by enabling Nuclei to scan the desired parts of the file system.

File protocol applicability

🔎 Secrets scanning
🕵🏻 Source code scanning

Leaking keys and secrets in GitHub projects are common issues that are always worth looking for. Now it's possible to write Nuclei templates that scan for known secret or source-code patterns, stored HTTP responses on the system, and more.

Nuclei Mobile Templates created by 0xgaurang are good examples of source-code analysis, relying on file support, to detect common security issues in Android applications.

File Template examples

File based template scanning for Slack webhook token:-

id: slack-webhook

info:
  name: Slack Webhook
  author: gaurang
  severity: high
  tags: keys,file

file:
  - extensions:
      - all

    extractors:
      - type: regex
        regex:
          - "<https://hooks.slack.com/services/T[0-9A-Za-z\\\\\\\\-_]{10}/B[0-9A-Za-z\\\\\\\\-_]{10}/[0-9A-Za-z\\\\\\\\-_]{23}>"

Another example of File based template scanning that detects improper certificate-validation in decompiled smali files:

id: improper-certificate-validation

info:
  name: Improper Certificate Validation
  author: gaurang
  severity: medium
  tags: android,file

file:
  - extensions:
      - all

    matchers:
      - type: word
        words:
          - "Landroid/webkit/SslErrorHandler;->proceed()V"

To run, we need to feed a directory of our interest as input along with a file template.

nuclei -target decompile_apk_folder -t file_templates.yaml

Running Nuclei file template

Nuclei%20v2%203%200%20Release%20ca1b0069b3954a7abce67d6828d4eb26/local-file-scan.gif
File based nuclei template

For detailed documentation on writing file based templates, please check out the templating guide document and existing file based templates in nuclei-templates project.

Got some questions? Feel free to tweet us at @pdnuclei or jump in our Discord server to discuss more security and automation.

Reference

optiv/mobile-nuclei-templates
Contribute to optiv/mobile-nuclei-templates development by creating an account on GitHub.
GitHuboptiv

You might also like

Subscribe to our newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!
--