Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPE based template execution #2326

Closed
2 tasks done
forgedhallpass opened this issue Jul 21, 2022 · 2 comments
Closed
2 tasks done

CPE based template execution #2326

forgedhallpass opened this issue Jul 21, 2022 · 2 comments
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@forgedhallpass
Copy link
Contributor

forgedhallpass commented Jul 21, 2022
edited by ehsandeep
Loading

A new -cpe flag could be added, based on which value, we could look query CVE IDs from NIST.

nuclei -vv -cpe 2.3:a:glpi-project:glpi:9.5.5 -l targets.txt

Example:

curl "https://services.nvd.nist.gov/rest/json/cpes/1.0/?cpeMatchString=cpe:2.3:a:glpi-project:glpi:9.5.5&addOns=cves" | jq '.result.cpes[].vulnerabilities[]' | tr -d '"' | paste -s -d, - > /tmp/cves.csv

nuclei -vv -id $(cat /tmp/cves.csv)

image

Todos -

  • Update cve-annotate to tag CPE with template
  • Add support for CPE Execution / filtering
@forgedhallpass forgedhallpass added the Type: Enhancement Most issues will probably ask for additions or changes. label Jul 21, 2022
@forgedhallpass
Copy link
Contributor Author

Related:

@forgedhallpass forgedhallpass added the Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix label Aug 2, 2022
@RamanaReddy0M RamanaReddy0M removed their assignment Apr 12, 2023
@ehsandeep ehsandeep mentioned this issue Apr 20, 2023
Closed
@ehsandeep
Copy link
Member

This is now supported into nuclei.

nuclei -tc 'cpe == "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*"' -vv

@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jun 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehsandeep @forgedhallpass @RamanaReddy0M