xtremerat-trojan: False Positive on SSH-2.0-X
theMiddleBlue opened this issue · comments
Nuclei Version:
$ nuclei -version
[INF] Nuclei Engine Version: v3.1.10
Template file:
network/c2/xtremerat-trojan.yaml
I think this part is too inclusive (basically matches every response that includes an X
) matching, for example, also SSH-2.0-X
nuclei-templates/network/c2/xtremerat-trojan.yaml
Lines 27 to 31 in f672d53
Command to reproduce:
nuclei -t network/c2/xtremerat-trojan.yaml -u target
target: any of the following:
https://www.shodan.io/search?query=%22SSH-2.0-X%22
Fix:
Replacing the current matcher with the following, can it be an option?
matchers:
- type: regex
regex:
- "^X$"
Thanks for opening this issue @theMiddleBlue , we'll take a look into it!
We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!
Thank you, I just joined. :) BTW, if my approach makes sense, I can open a pull request.
Hi @theMiddleBlue , feel free to send the PR
Our team members will review it and make changes if necessary
Thanks for joining the discord server 😄