Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Expose IP information of the hostname and matched timestamp in the JSON output #468

Closed
2 tasks done
ehsandeep opened this issue Jan 5, 2021 · 4 comments
Closed
2 tasks done

[feature] Expose IP information of the hostname and matched timestamp in the JSON output #468

ehsandeep opened this issue Jan 5, 2021 · 4 comments
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v2.3.0

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Jan 5, 2021
edited
Loading

Example:-

{
  "author": "Dawid Czarnecki",
  "severity": "info",
  "description": "Checks if the HSTS is enabled by looking for Strict Transport Security response header.",
  "matched": "https://docs.hackerone.com",
  "template": "missing-hsts",
  "type": "http",
  "host": "https://docs.hackerone.com",
  "ip": "185.199.111.153",
  "timestamp":"Wed Jan 13 00:56:52 IST 2021",
  "name": "Strict Tranposrt Security Not Enforced"
}

When IP is not applicable, in case of DNS template or when IP used to scan the HTTP/NETWORK template, the IP field will become null.

Progress:-

  • timestamp
  • ip
@ehsandeep ehsandeep added Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Type: Enhancement Most issues will probably ask for additions or changes. labels Jan 5, 2021
@p-l-
Copy link
Contributor

p-l- commented Jan 5, 2021

Hi!

What would also be nice is to have a way to force a specific IP address for a target. ZGrab2 has implemented this by letting the user specifying both a name and an IP address for a target.

This could be useful, for example, when different servers serve a same name (but behave differently, maybe one is the main server and has more files, or one server has been updated and another has a vulnerable version of a tool, etc.), or when we can reach an IP "behind" Cloudflare-like services.

What do you think? (i.e., would it be 1. useful, and 2. easy to implement?)

@p-l- p-l- mentioned this issue Jan 6, 2021
Merged
@ehsandeep ehsandeep changed the title [feature] Expose IP information of the hostname in the JSON output [feature] Expose IP information of the hostname and matched timestamp in the JSON output Jan 6, 2021
@ehsandeep
Copy link
Member Author

Hi @p-l-,

We updated the issue to include matched timestamp as well, about your 2nd suggestion, we already implemented something similar in the dev branch 4f5fb2b here, to feed a list with hostname,ip format, where that specific IP will be used to connect the hostname, the most common use case for detecting the vhost and same as what you suggested here, we are testing it for now, most probably will be pushed to master in the next release of nuclei.

@p-l-
Copy link
Contributor

p-l- commented Jan 6, 2021

HI @bauthard,

That's awesome! Thanks a lot.

@ehsandeep ehsandeep added Status: In Progress This issue is being worked on, and has someone assigned. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jan 15, 2021
@ehsandeep ehsandeep added this to the 2.3.0 milestone Jan 19, 2021
@p-l-
Copy link
Contributor

p-l- commented Jan 29, 2021

Thanks!

@ehsandeep ehsandeep mentioned this issue Aug 8, 2021
Closed
@p-l- p-l- mentioned this issue Nov 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v2.3.0
Development

No branches or pull requests
2 participants
@p-l- @ehsandeep