Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scan error formatting #5628

Merged
merged 1 commit into from
Sep 13, 2024
Merged

scan error formatting #5628

merged 1 commit into from
Sep 13, 2024

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Sep 13, 2024
edited
Loading

Proposed Changes

  • format and improve scan error cleaning using regex

Before

$  nuclei -u apollox.s3.amazonaws.com:21 -id proftpd-backdoor -j -ms -timeout 10 | jq .                                                tarun@Taruns-MacBook-Pro

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.2

		projectdiscovery.io

[INF] Current nuclei version: v3.3.2 (latest)
[INF] Current nuclei-templates version: v10.0.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 255
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
{
  "template": "javascript/backdoor/proftpd-backdoor.yaml",
  "template-url": "https://cloud.projectdiscovery.io/public/proftpd-backdoor",
  "template-id": "proftpd-backdoor",
  "template-path": "/Users/tarun/nuclei-templates/javascript/backdoor/proftpd-backdoor.yaml",
  "info": {
    "name": "ProFTPd-1.3.3c - Backdoor Command Execution",
    "author": [
      "pussycat0x"
    ],
    "tags": [
      "js",
      "network",
      "proftpd",
      "ftp",
      "backdoor"
    ],
    "description": "This backdoor was present in the proftpd-1.3.3c.\n",
    "reference": [
      "https://github.com/shafdo/ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script/blob/main/README.md",
      "https://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_133c_backdoor/"
    ],
    "severity": "critical",
    "metadata": {
      "max-request": 1,
      "shodan-query": "product:\"ProFTPD\""
    }
  },
  "type": "javascript",
  "host": "apollox.s3.amazonaws.com:21",
  "port": "21",
  "url": "apollox.s3.amazonaws.com:21",
  "request": "const data = [\"HELP ACIDBITCHEZ\\n\", \"id\"];\nconst c = require(\"nuclei/net\");\nlet conn = c.Open('tcp', `${Host}:${Port}`);\nlet resp = conn.RecvFullString();\nif (resp.includes(\"ProFTPD 1.3.3c\")) {\n    for (let i = 0; i < data.length; i++) {\n        conn.Send(data[i]);\n        console.log('Sending:', data[i]);\n        let resp = conn.RecvFullString();\n        resp\n    }\n} else {\n    exit();\n}",
  "ip": "16.12.1.9",
  "timestamp": "2024-09-13T19:34:35.932854+05:30",
  "matcher-status": false,
  "error": "21] port closed or filtered"
}

After

$ ./nuclei -u apollox.s3.amazonaws.com:21 -id proftpd-backdoor -j -ms -timeout 10 | jq .                                              tarun@Taruns-MacBook-Pro

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.2

		projectdiscovery.io

[INF] Current nuclei version: v3.3.2 (latest)
[INF] Current nuclei-templates version: v10.0.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 255
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
{
  "template": "javascript/backdoor/proftpd-backdoor.yaml",
  "template-url": "https://cloud.projectdiscovery.io/public/proftpd-backdoor",
  "template-id": "proftpd-backdoor",
  "template-path": "/Users/tarun/nuclei-templates/javascript/backdoor/proftpd-backdoor.yaml",
  "info": {
    "name": "ProFTPd-1.3.3c - Backdoor Command Execution",
    "author": [
      "pussycat0x"
    ],
    "tags": [
      "js",
      "network",
      "proftpd",
      "ftp",
      "backdoor"
    ],
    "description": "This backdoor was present in the proftpd-1.3.3c.\n",
    "reference": [
      "https://github.com/shafdo/ProFTPD-1.3.3c-Backdoor_Command_Execution_Automated_Script/blob/main/README.md",
      "https://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_133c_backdoor/"
    ],
    "severity": "critical",
    "metadata": {
      "max-request": 1,
      "shodan-query": "product:\"ProFTPD\""
    }
  },
  "type": "javascript",
  "host": "apollox.s3.amazonaws.com:21",
  "port": "21",
  "url": "apollox.s3.amazonaws.com:21",
  "request": "const data = [\"HELP ACIDBITCHEZ\\n\", \"id\"];\nconst c = require(\"nuclei/net\");\nlet conn = c.Open('tcp', `${Host}:${Port}`);\nlet resp = conn.RecvFullString();\nif (resp.includes(\"ProFTPD 1.3.3c\")) {\n    for (let i = 0; i < data.length; i++) {\n        conn.Send(data[i]);\n        console.log('Sending:', data[i]);\n        let resp = conn.RecvFullString();\n        resp\n    }\n} else {\n    exit();\n}",
  "ip": "16.12.2.5",
  "timestamp": "2024-09-13T19:31:29.829687+05:30",
  "matcher-status": false,
  "error": "port closed or filtered"
}

@tarunKoyalwar tarunKoyalwar self-assigned this Sep 13, 2024
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review September 13, 2024 14:00
@ehsandeep ehsandeep merged commit 87e99be into dev Sep 13, 2024
9 of 12 checks passed
@ehsandeep ehsandeep deleted the fix-regex-err branch September 13, 2024 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@dogancanbakir dogancanbakir dogancanbakir approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tarunKoyalwar @ehsandeep @dogancanbakir