You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For anyone running the bbot nuclei module, the silent rejection of some URLs tends to cause confusion:
I'm sure we had a good reason for this setting but to someone used to nuclei, the behavior is unexpected. If we decide to keep it, we need to make sure it's explained well and featured prominently in the documentation.
The text was updated successfully, but these errors were encountered:
Running without directory_only can be extremely dangerous, depending on what other modules are run with it. If you have something spitting out thousands of individual URLS, you are literally going to run nuclei thousands of times in that mode. You're gonna have a VERY BAD time.
The option is there to change it, because there are definitely times you want to, but the downside is really huge for people who don't know exactly what they are doing - hence the default.
I will probably make a preset geared towards doing this type of nuclei scanning that has plenty of safeguards in place. But as it stands right now, this default is putting in some work preventing absolute chaos.
Then when BBOT detects this URL: https://www.davidwalsh.name/demo/window-post-message.php , nuclei template works correctly without needing to use modules.nuclei.directory_only=false ?
For anyone running the bbot nuclei module, the silent rejection of some URLs tends to cause confusion:
I'm sure we had a good reason for this setting but to someone used to nuclei, the behavior is unexpected. If we decide to keep it, we need to make sure it's explained well and featured prominently in the documentation.
The text was updated successfully, but these errors were encountered: