ProjectDiscovery
Replies: 5 comments 6 replies
-
Beta Was this translation helpful? Give feedback.
-
|
I'm cloudbased and don't run containers, so this isn't able to hack anything I have built. I have several WAFs and ACLs in place and multiple layers of security to prevent this bad behavior. But telling people basic ways to block it isn't actually helpful because you can get around these methods easily. Simple way to take accountability is to track each user as they download the repo. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @griff4594, Please have a look at the past and similar discussions around the same topic projectdiscovery/nuclei-templates#752 and projectdiscovery/nuclei-templates#771 As this is a FOSS project, we can not or don't want to control or limit or identify users running nuclei engine, we have added default UA for the identification in case server admin want to block the traffic. let me know if you have more ideas on this subject? |
Beta Was this translation helpful? Give feedback.
-
|
I'm a Software Architect and knowing what I was building I would have identified the case use of people using this as a hacking/exploit tool against any ULA. I would have built an encrypted api to log where my application has gone to prevent abuse of it. This just says you are either dangerously naive, stupid, OR a hacker/exploiter yourself. ULAs are ignored almost always, don't pretend like that would be a stopping point for anyone and it's insulting you are hiding behind that. |
Beta Was this translation helpful? Give feedback.
-
|
you are taking down my posts and replies?? |
Beta Was this translation helpful? Give feedback.
-
|
Hey, yes we deleted your last comment as we do not allow anyone to make personal comments on this platform. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
SAYS RIGHT THERE! HACKER!! |
Beta Was this translation helpful? Give feedback.
-
|
ONE OF YOUR CONTRIBUTERS |
Beta Was this translation helpful? Give feedback.
-
|
@griff4594 This is by no means the way to engage in Open Source discussion. You're going personal towards other people, posting their screenshots and calling them names. The term hacker can refer to many different things and may not necessarily come with malicious intent. See http://www.catb.org/jargon/html/H/hacker.html. Regarding tracking users that download and scan using nuclei, that is not something we are concerned with or is correct to do. The software is distributed under MIT license and can be used by people as their needs. What you are asking is spying on people using our software which is something we cannot do and is against our core values. I'm closing this thread and locking the conversation and also deleting the screenshots you posted. Thank you for understanding and feel free to Open Issues further on the Repo, just not in the same manner. |
Beta Was this translation helpful? Give feedback.
-
|
Its not personal, it is a statement of fact that your contributors consists
of hackers.
…On Thu, Feb 4, 2021 at 12:07 PM PD-Team ***@***.***> wrote:
Hey, yes we deleted your last comment as we do not allow anyone to make
personal comments on this platform.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#526 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7QQWKGUHBMARV2TSMRWI3S5LV67ANCNFSM4XCJT7HQ>
.
--
Kevin Griffiths
email: [email protected]
phone: 385-309-8526
|
Beta Was this translation helpful? Give feedback.
-
Describe the bug
You really need to add some type of ping back to another remote server so instances of abusing this application can be tracked. My company is currently being attacked by this application and it isn't the first time. Take some accountability and prevent users from abusing this codeset.
Nuclei version
ALL
Screenshot of the error or bug
Beta Was this translation helpful? Give feedback.
All reactions