Learn about network requests with Nuclei
read-size
with a non-zero value will do the trick. You can also assign the read data some name, so matching can be done on that part.
{{
and end with }}
and are case-sensitive.
tls://
as prefix before the Hostname and you’re good to go.
port
has been introduced in network templates. This field allows users to specify the port separately instead of including it in the host field.
Previously, if you wanted to write a network template for an exploit targeting SSH, you would have to specify both the hostname and the port in the host field, like this:
xyz-ssh-exploit
template will send one request to scanme.sh:22
and another request to scanme.sh:8443
, which may return unexpected responses and eventually result in errors. This is particularly problematic in automation scenarios.
To address these issues while maintaining the existing functionality, network templates can now be written in the following way:
80
, 443
, 8080
, 8443
, 8081
, 53
). Additionally, the list of default reserved ports can be customized by adding a new field called exclude-ports:
exclude-ports
is used, the default reserved ports list will be overwritten. This means that if you want to run a network template on port 80
, you will have to explicitly specify it in the port field.
Starting from Nuclei v3.1.0 port
field supports comma seperated values and multi ports can be specified in the port field. For example, if you want to run a network template on port 5432
and 5433
, you can specify it in the port field like this:
part
values supported by Network protocol for Matchers / Extractor are -
Value | Description |
---|---|
request | Network Request |
data | Final Data Read From Network Socket |
raw / body / all | All Data received from Socket |
hex
encoded input to detect MongoDB running on servers with working matchers is provided below.