minvws · dekkers · Mar 30, 2023 · Mar 17, 2023 · Mar 20, 2023 · Mar 20, 2023
@@ -0,0 +1,15 @@
+    {
+        "id": "nuclei",
+        "name": "Nuclei-scan",
+        "description": "Nuclei is used to send requests across targets based on a template, providing fast scanning.",
+        "consumes": [
+            "Hostname",
+            "HostnameHTTPURL"
+        ],
+        "produces": [
+            "Finding",
+            "CVEFindinsgType"
+        ],
+        "environment_keys": [],
+        "scan_level": 3
+    }
@@ -0,0 +1,30 @@
+# Nuclei - Project discovery
+
+Nuclei is used to send requests across targets based on a template, leading to zero false positives
+and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols,
+including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating,
+Nuclei can be used to model all kinds of security checks.
+
+Integrated in this Boefje are only the CVE templates for performance reasons.
+
+[More information about Nucelei](https://github.com/projectdiscovery/nuclei)
+
+### Input OOIs
+
+Nuclei expects a Hostname object of a website as input. The scan will then use the [CVE directory](https://github.com/projectdiscovery/nuclei-templates/tree/main/cves)
+to scan for known CVE's
+
+this is handled by the following parameter in the "main.py" file
+
+```
+   "-t", "/root/nuclei-templates/cves/"
+```
+
+### Output OOIs
+
+Nuclei outputs the following OOIs:
+
+|OOI type|Description|
+|---|---|
+|CveFindingType|Returns CVE's found on the target hostnames|
+|Finding|Finding|
@@ -0,0 +1,31 @@
+from typing import Tuple, Union, List
+import docker
+from boefjes.job_models import BoefjeMeta
+
+
+NUCLEI_IMAGE = "projectdiscovery/nuclei:latest"
+
+
+def verify_hostname_meta(input):
+    # if the input object is HostnameHTTPURL then the hostname is located in netloc
+    if "netloc" in input and "name" in input["netloc"]:
+        netloc_name = input["netloc"]["name"]
+        port = input.get("port")
-        port = input.get("port")
+        port = input["port"]
-        port = input.get("port")
+        port = input["port"]
+        return f"{netloc_name}:{port}"
+    else:
+        # otherwise the Hostname input object is used
+        return input["name"]
+
+
+def run(boefje_meta: BoefjeMeta) -> List[Tuple[set, Union[bytes, str]]]:
+    client = docker.from_env()
+
+    # Checks if the url is of object HostnameHTTPURL or Hostname
+    url = verify_hostname_meta(boefje_meta.arguments["input"])
+    output = client.containers.run(
+        NUCLEI_IMAGE,
+        ["-t", "/root/nuclei-templates/cves/", "-u", url, "-json"],
+        remove=True,
+    )
+
+    return [(set(), output)]
@@ -0,0 +1,31 @@
+import json
+from typing import Union, Iterator
+
+from octopoes.models import OOI, Reference
+from octopoes.models.ooi.findings import Finding, CVEFindingType
+
+from boefjes.job_models import NormalizerMeta
+
+
+def run(normalizer_meta: NormalizerMeta, raw: Union[bytes, str]) -> Iterator[OOI]:
+    url_reference = Reference.from_str(normalizer_meta.raw_data.boefje_meta.input_ooi)
+    if raw:
+        for line in raw.splitlines():
+            # Extract and parse values
+            data = json.loads(line)
+            id_ = data["info"]["classification"]["cve-id"][0]
+            description = data["info"]["description"]
+            curl_command = data["curl-command"]
+
+            # Create instances of CVEFindingType and Finding classes
+            cve_finding_type = CVEFindingType(id=id_)
+            yield cve_finding_type
+
+            finding = Finding(
+                finding_type=cve_finding_type.reference,
+                ooi=url_reference,
+                proof=curl_command,
+                description=description,
+                reproduce=None,  # Set this attribute if you have a reproduce value
+            )
+            yield finding
@@ -0,0 +1,10 @@
+{
+    "id": "kat_nuclei_normalize",
+    "consumes": [
+        "nuclei"
+    ],
+    "produces": [
+        "Findings",
+        "CVEFindingType"
+    ]
+}