not finding scurity vulnerabilities #3168

vikisec · 2023-01-06T05:35:12Z

vikisec
Jan 6, 2023

nuclei is not finding security vulnerabilities in a vulnerrable website. tried it with different websites but same result. refer the screen shot attached below

geeknik · 2023-01-06T05:43:07Z

geeknik
Jan 6, 2023

It looks like you're using Nuclei 2.8.3, however, Nuclei 2.8.6 is the latest release version, I'd upgrade to that and try again.

0 replies

vikisec · 2023-01-06T13:33:53Z

vikisec
Jan 6, 2023
Author

same output with latest release still not finding bugs

1 reply

vancong160202 Jul 4, 2024

Have you fixed to detect the vulnerability with juice shop web? If so, please help me how to do it. Thank you

geeknik · 2023-01-06T14:08:49Z

geeknik
Jan 6, 2023

I wish I could say I could reproduce the behavior, but my template testing ground shows nuclei appears to be working as intended...

0 replies

vikisec · 2023-01-07T04:39:31Z

vikisec
Jan 7, 2023
Author

the diffrence is thatt you are loading fuzzing templates in first. i am just giving a target and let all templates scan. just do a test with all templates with "./nuclei - target www.domain.com". and upload the result.

0 replies

geeknik · 2023-01-07T04:49:37Z

geeknik
Jan 7, 2023

Second screenshot is 2583 templates from the 9.3.4 release minus the boring info/low severity ones. I have nothing more to add. Someone else should chime in.

0 replies

ehsandeep · 2023-01-08T14:39:40Z

ehsandeep
Jan 8, 2023
Maintainer

@vikisec nuclei find vulnerability based on the template you were running, and I don't see the target website has any vulnerability that can be detected from the default set of nuclei templates; some of them can be found using fuzzing templates, and you can write more custom template to find more.

2 replies

vikisec Jan 9, 2023
Author

actually i tested on "http://testphp.vulnweb.com/" for target practise, this website had a lot of vulnerrabilities. i scanned it before(few months ago) and find vulnerabilities. now i also test on "https://juice-shop.herokuapp.com/#/" it also had same vulnerabilities but not finding anything on nuclei. but when i scan now all these websites are showing clean output in nuclei . i am sure something wrong with nuclei & thats why i reported.

olearycrew Jan 9, 2023

@vikisec when I go to https://juice-shop.herokuapp.com/#/ there is no application there - just the generic Heroku page. It's possible that it was part of Heroku's free tier and thus is gone now.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ProjectDiscovery

not finding scurity vulnerabilities #3168

{{title}}

Replies: 6 comments 3 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

Select a reply

ProjectDiscovery

not finding scurity vulnerabilities #3168

vikisec Jan 6, 2023

Replies: 6 comments · 3 replies

geeknik Jan 6, 2023

vikisec Jan 6, 2023 Author

vancong160202 Jul 4, 2024

geeknik Jan 6, 2023

vikisec Jan 7, 2023 Author

geeknik Jan 7, 2023

ehsandeep Jan 8, 2023 Maintainer

vikisec Jan 9, 2023 Author

olearycrew Jan 9, 2023

vikisec
Jan 6, 2023

Replies: 6 comments 3 replies

geeknik
Jan 6, 2023

vikisec
Jan 6, 2023
Author

geeknik
Jan 6, 2023

vikisec
Jan 7, 2023
Author

geeknik
Jan 7, 2023

ehsandeep
Jan 8, 2023
Maintainer

vikisec Jan 9, 2023
Author