IdeaPad Duet ChromebookのLinuxにNucleiをインストール

先日、IdeaPad Duet ChromebookのLinuxにGo言語をインストールしたので、今度はNucleiをインストールしてみます。

IdeaPad Duet ChromebookのLinuxにGo言語(Golang)をインストール

Nuclei – Community Powered Vulnerability Scanner
https://nuclei.projectdiscovery.io/

projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei

projectdiscovery/nuclei-templates
https://github.com/projectdiscovery/nuclei-templates

git clone

user01@penguin:~$ git clone https://github.com/projectdiscovery/nuclei.git
Cloning into 'nuclei'...
remote: Enumerating objects: 560, done.
remote: Counting objects: 100% (560/560), done.
remote: Compressing objects: 100% (360/360), done.
remote: Total 7674 (delta 308), reused 375 (delta 177), pack-reused 7114
Receiving objects: 100% (7674/7674), 9.71 MiB | 313.00 KiB/s, done.
Resolving deltas: 100% (5055/5055), done.

user01@penguin:~$ git clone https://github.com/projectdiscovery/nuclei.git

Cloning into 'nuclei'...

remote: Enumerating objects: 560, done.

remote: Counting objects: 100% (560/560), done.

remote: Compressing objects: 100% (360/360), done.

remote: Total 7674 (delta 308), reused 375 (delta 177), pack-reused 7114

Receiving objects: 100% (7674/7674), 9.71 MiB | 313.00 KiB/s, done.

Resolving deltas: 100% (5055/5055), done.

go build

“go mod tidy”が必要と。よく分かっていませんが実行します。

user01@penguin:~$ cd nuclei/v2/cmd/nuclei/
user01@penguin:~/nuclei/v2/cmd/nuclei$ go build .
go: updates to go.mod needed; to update it:
	go mod tidy

user01@penguin:~$ cd nuclei/v2/cmd/nuclei/

user01@penguin:~/nuclei/v2/cmd/nuclei$ go build .

go: updates to go.mod needed; to update it:

go mod tidy

go mod tidy

user01@penguin:~/nuclei/v2/cmd/nuclei$ go mod tidy
go: downloading github.com/stretchr/testify v1.6.1
go: downloading golang.org/x/sync v0.0.0-20190423024810-112230192c58
go: downloading gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
go: downloading github.com/onsi/ginkgo v1.7.0
go: downloading github.com/onsi/gomega v1.4.3
go: downloading gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading golang.org/x/text v0.3.3
go: downloading github.com/hpcloud/tail v1.0.0
go: downloading github.com/golang/protobuf v1.3.2
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading gopkg.in/fsnotify.v1 v1.4.7
go: downloading github.com/fsnotify/fsnotify v1.4.7

user01@penguin:~/nuclei/v2/cmd/nuclei$ go mod tidy

go: downloading github.com/stretchr/testify v1.6.1

go: downloading golang.org/x/sync v0.0.0-20190423024810-112230192c58

go: downloading gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405

go: downloading github.com/onsi/ginkgo v1.7.0

go: downloading github.com/onsi/gomega v1.4.3

go: downloading gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c

go: downloading github.com/pmezard/go-difflib v1.0.0

go: downloading github.com/davecgh/go-spew v1.1.1

go: downloading golang.org/x/text v0.3.3

go: downloading github.com/hpcloud/tail v1.0.0

go: downloading github.com/golang/protobuf v1.3.2

go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7

go: downloading gopkg.in/fsnotify.v1 v1.4.7

go: downloading github.com/fsnotify/fsnotify v1.4.7

go build

実行ファイルが出来ました

user01@penguin:~/nuclei/v2/cmd/nuclei$ go build .
user01@penguin:~/nuclei/v2/cmd/nuclei$ ls -l
total 13796
-rw-r--r-- 1 user01 user01      401 Mar  1 1:55 main.go
-rwxr-xr-x 1 user01 user01 14119947 Mar  1 1:58 nuclei

user01@penguin:~/nuclei/v2/cmd/nuclei$ go build .

user01@penguin:~/nuclei/v2/cmd/nuclei$ ls -l

total 13796

-rw-r--r-- 1 user01 user01 401 Mar 1 1:55 main.go

-rwxr-xr-x 1 user01 user01 14119947 Mar 1 1:58 nuclei

PATHの通っている場所にコピーしておきます。

user01@penguin:~/nuclei/v2/cmd/nuclei$ sudo cp nuclei /usr/local/bin

1	user01@penguin:~/nuclei/v2/cmd/nuclei$ sudo cp nuclei /usr/local/bin

nucleiのテンプレート更新

nucleiは直ぐに利用できるテンプレートが用意されています。下記のコマンドでテンプレートをダウンロードしますが保存場所は$HOMEでした。

user01@penguin:~$ nuclei -update-templates

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.2.1-dev

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Successfully updated nuclei-templates (v8.1.0). Enjoy!

user01@penguin:~$ ls -l nuclei-templates/
total 12
-rwxr-xr-x 1 user01 user01 3359 Mar  1 15:01 CODE_OF_CONDUCT.md
drwxr-xr-x 1 user01 user01   88 Mar  1 15:01 cves
drwxr-xr-x 1 user01 user01  158 Mar  1 15:01 default-logins
drwxr-xr-x 1 user01 user01  324 Mar  1 15:01 dns
drwxr-xr-x 1 user01 user01 3538 Mar  1 15:01 exposed-panels
drwxr-xr-x 1 user01 user01   60 Mar  1 15:01 exposed-tokens
drwxr-xr-x 1 user01 user01   54 Mar  1 15:01 exposures
drwxr-xr-x 1 user01 user01  180 Mar  1 15:01 fuzzing
drwxr-xr-x 1 user01 user01   16 Mar  1 15:01 helpers
-rwxr-xr-x 1 user01 user01 1079 Mar  1 15:01 LICENSE.md
drwxr-xr-x 1 user01 user01  612 Mar  1 15:01 miscellaneous
drwxr-xr-x 1 user01 user01 2132 Mar  1 15:01 misconfiguration
-rwxr-xr-x 1 user01 user01 4051 Mar  1 15:01 README.md
drwxr-xr-x 1 user01 user01   46 Mar  1 15:01 takeovers
drwxr-xr-x 1 user01 user01 2064 Mar  1 15:01 technologies
drwxr-xr-x 1 user01 user01  182 Mar  1 15:01 vulnerabilities
drwxr-xr-x 1 user01 user01 1030 Mar  1 15:01 workflows

user01@penguin:~$ nuclei -update-templates

__ _

____ __ _______/ /__ (_)

/ __ \/ / / / ___/ / _ \/ /

/ / / / /_/ / /__/ / __/ /

/_/ /_/\__,_/\___/_/\___/_/ v2.2.1-dev

projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions

[WRN] Developers assume no liability and are not responsible for any misuse or damage.

[INF] Successfully updated nuclei-templates (v8.1.0). Enjoy!

user01@penguin:~$ ls -l nuclei-templates/

total 12

-rwxr-xr-x 1 user01 user01 3359 Mar 1 15:01 CODE_OF_CONDUCT.md

drwxr-xr-x 1 user01 user01 88 Mar 1 15:01 cves

drwxr-xr-x 1 user01 user01 158 Mar 1 15:01 default-logins

drwxr-xr-x 1 user01 user01 324 Mar 1 15:01 dns

drwxr-xr-x 1 user01 user01 3538 Mar 1 15:01 exposed-panels

drwxr-xr-x 1 user01 user01 60 Mar 1 15:01 exposed-tokens

drwxr-xr-x 1 user01 user01 54 Mar 1 15:01 exposures

drwxr-xr-x 1 user01 user01 180 Mar 1 15:01 fuzzing

drwxr-xr-x 1 user01 user01 16 Mar 1 15:01 helpers

-rwxr-xr-x 1 user01 user01 1079 Mar 1 15:01 LICENSE.md

drwxr-xr-x 1 user01 user01 612 Mar 1 15:01 miscellaneous

drwxr-xr-x 1 user01 user01 2132 Mar 1 15:01 misconfiguration

-rwxr-xr-x 1 user01 user01 4051 Mar 1 15:01 README.md

drwxr-xr-x 1 user01 user01 46 Mar 1 15:01 takeovers

drwxr-xr-x 1 user01 user01 2064 Mar 1 15:01 technologies

drwxr-xr-x 1 user01 user01 182 Mar 1 15:01 vulnerabilities

drwxr-xr-x 1 user01 user01 1030 Mar 1 15:01 workflows

nucleiの実行

試しに自社で管理しているサーバをチェックしてみます。使用したテンプレートはcves,dnsです。

対象となるサーバのリストファイルを作成します。

user01@penguin:~$ vi nuclei_list.txt 
user01@penguin:~$ cat nuclei_list.txt 
https://192.168.200.200

user01@penguin:~$ vi nuclei_list.txt

user01@penguin:~$ cat nuclei_list.txt

https://192.168.200.200

それでは実行してみます。

rootlinks@penguin:~$ nuclei -l nuclei_list.txt -t nuclei-templates/cves/ -t nuclei-templates/dns/

                       __     _
     ____  __  _______/ /__  (_)
    / __ \/ / / / ___/ / _ \/ /
   / / / / /_/ / /__/ /  __/ /
  /_/ /_/\__,_/\___/_/\___/_/   v2.2.1-dev

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Loading templates...
[INF] [CVE-2005-2428] CVE-2005-2428 (@CasperGN) [medium]
(snip)
[INF] [spoofable-spf-records-ptr] Find spoofable SPF records containing the PTR mechanism (@binaryfigments) [info]
[INF] Using 212 rules (212 templates, 0 workflows)
[INF] No results found. Happy hacking!

rootlinks@penguin:~$ nuclei -l nuclei_list.txt -t nuclei-templates/cves/ -t nuclei-templates/dns/

__ _

____ __ _______/ /__ (_)

/ __ \/ / / / ___/ / _ \/ /

/ / / / /_/ / /__/ / __/ /

/_/ /_/\__,_/\___/_/\___/_/ v2.2.1-dev

projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions

[WRN] Developers assume no liability and are not responsible for any misuse or damage.

[INF] Loading templates...

[INF] [CVE-2005-2428] CVE-2005-2428 (@CasperGN) [medium]

(snip)

[INF] [spoofable-spf-records-ptr] Find spoofable SPF records containing the PTR mechanism (@binaryfigments) [info]

[INF] Using 212 rules (212 templates, 0 workflows)

[INF] No results found. Happy hacking!

212のルールを使用してチェックしましたが脆弱性は見つかりませんでしたと。

user01@penguin:~$ nuclei -h
Usage of nuclei:
  -H value
    	Custom Header.
  -bulk-size int
    	Maximum Number of hosts analyzed in parallel per template (default 25)
  -burp-collaborator-biid string
    	Burp Collaborator BIID
  -c int
    	Maximum Number of templates executed in parallel (default 10)
  -debug
    	Allow debugging of request/responses
  -exclude value
    	Template input dir/file/files to exclude. Can be used multiple times. Supports globbing.
  -include-rr
    	Write requests/responses for matches in JSON output
  -json
    	Write json output to files
  -l string
    	List of URLs to run templates on
  -metrics
    	Expose nuclei metrics on a port
  -metrics-port int
    	Port to expose nuclei metrics on (default 9092)
  -no-color
    	Disable colors in output
  -no-meta
    	Don't display metadata for the matches
  -o string
    	File to write output to (optional)
  -project
    	Use a project folder to avoid sending same request multiple times
  -project-path string
    	Use a user defined project folder, temporary folder is used if not specified but enabled
  -proxy-socks-url string
    	URL of the proxy socks server
  -proxy-url string
    	URL of the proxy server
  -random-agent
    	Use randomly selected HTTP User-Agent header value
  -rate-limit int
    	Rate-Limit (maximum requests/second (default 150)
  -retries int
    	Number of times to retry a failed request (default 1)
  -sandbox
    	Run workflows in isolated sandbox mode
  -severity string
    	Filter templates based on their severity and only run the matching ones. Comma-separated values can be used to specify multiple severities.
  -silent
    	Show only results in output
  -stats
    	Display stats of the running scan
  -stop-at-first-match
    	Stop processing http requests at first match (this may break template/workflow logic)
  -t value
    	Template input dir/file/files to run on host. Can be used multiple times. Supports globbing.
  -target string
    	Target is a single target to scan using template
  -templates-version
    	Shows the installed nuclei-templates version
  -timeout int
    	Time to wait in seconds before timeout (default 5)
  -tl
    	List available templates
  -trace-log string
    	File to write sent requests trace log
  -update-directory string
    	Directory to use for storing nuclei-templates
  -update-templates
    	Update Templates updates the installed templates (optional)
  -v	Show Verbose output
  -version
    	Show version of nuclei
  -workflow-duration int
    	Max time for workflow run on single URL in minutes (default 10)

user01@penguin:~$ nuclei -h

Usage of nuclei:

-H value

Custom Header.

-bulk-size int

Maximum Number of hosts analyzed in parallel per template (default 25)

-burp-collaborator-biid string

Burp Collaborator BIID

-c int

Maximum Number of templates executed in parallel (default 10)

-debug

Allow debugging of request/responses

-exclude value

Template input dir/file/files to exclude. Can be used multiple times. Supports globbing.

-include-rr

Write requests/responses for matches in JSON output

-json

Write json output to files

-l string

List of URLs to run templates on

-metrics

Expose nuclei metrics on a port

-metrics-port int

Port to expose nuclei metrics on (default 9092)

-no-color

Disable colors in output

-no-meta

Don't display metadata for the matches

-o string

File to write output to (optional)

-project

Use a project folder to avoid sending same request multiple times

-project-path string

Use a user defined project folder, temporary folder is used if not specified but enabled

-proxy-socks-url string

URL of the proxy socks server

-proxy-url string

URL of the proxy server

-random-agent

Use randomly selected HTTP User-Agent header value

-rate-limit int

Rate-Limit (maximum requests/second (default 150)

-retries int

Number of times to retry a failed request (default 1)

-sandbox

Run workflows in isolated sandbox mode

-severity string

Filter templates based on their severity and only run the matching ones. Comma-separated values can be used to specify multiple severities.

-silent

Show only results in output

-stats

Display stats of the running scan

-stop-at-first-match

Stop processing http requests at first match (this may break template/workflow logic)

-t value

Template input dir/file/files to run on host. Can be used multiple times. Supports globbing.

-target string

Target is a single target to scan using template

-templates-version

Shows the installed nuclei-templates version

-timeout int

Time to wait in seconds before timeout (default 5)

-tl

List available templates

-trace-log string

File to write sent requests trace log

-update-directory string

Directory to use for storing nuclei-templates

-update-templates

Update Templates updates the installed templates (optional)

-v Show Verbose output

-version

Show version of nuclei

-workflow-duration int

Max time for workflow run on single URL in minutes (default 10)

RootLinks Co., Ltd.

IdeaPad Duet ChromebookのLinuxにNucleiをインストール

Leave a Reply Cancel Reply

2021年3月
日	月	火	水	木	金	土
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

RootLinks Co., Ltd.

IdeaPad Duet ChromebookのLinuxにNucleiをインストール

Related posts:

Leave a Reply Cancel Reply