Review examples of JavaScript with Nuclei v3
code:
contains actual JavaScript code that is executed by Nuclei at runtime. In the above template, we are:
nuclei/ssh
module/librarySSHClient
objectInfo
modeargs:
section can be simply understood as variables in JavaScript that are passed at runtime and support DSL usage.
error
variable is exposed in the matcher or extractor with an error message.
pre-condition
is an optional section of JavaScript code that is executed before running “code” and acts as a pre-condition to exploit. In the above template, before attempting brute force, we check if:
true
only then code
is executed; otherwise, it is skipped.nuclei/ssh
module and create a new instance of SSHClient
object.init
is an optional JavaScript section that can be used to initialize the template, and it is executed just after compiling the template and before running it on any target. Although it is rarely needed, it can be used to load and preprocess data before running a template on any target.
For example, in the below code block, we are loading all ssh private keys from nuclei-templates/helpers
directory and storing them as a variable in payloads with the name keys
. If we were loading private keys from the “pre-condition” code block, then it would have been loaded for every target, which is not ideal.
init
block are
Function | Description |
---|---|
updatePayload(key,value) | updates payload with given key and value |
set(key,value) | sets a variable with given key and value |