projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Home Page:https://github.com/projectdiscovery/nuclei

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

xtremerat-trojan: False Positive on SSH-2.0-X

theMiddleBlue opened this issue · comments

Nuclei Version:

$ nuclei -version
[INF] Nuclei Engine Version: v3.1.10

Template file:

network/c2/xtremerat-trojan.yaml

I think this part is too inclusive (basically matches every response that includes an X) matching, for example, also SSH-2.0-X

matchers:
- type: word
encoding: hex
words:
- "58"

Command to reproduce:

nuclei -t network/c2/xtremerat-trojan.yaml -u target

target: any of the following:
https://www.shodan.io/search?query=%22SSH-2.0-X%22

Fix:

Replacing the current matcher with the following, can it be an option?

matchers:
  - type: regex
    regex: 
      - "^X$"

Thanks for opening this issue @theMiddleBlue , we'll take a look into it!

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

Thank you, I just joined. :) BTW, if my approach makes sense, I can open a pull request.

Hi @theMiddleBlue , feel free to send the PR

Our team members will review it and make changes if necessary

Thanks for joining the discord server 😄