File
File Requests¶
Nuclei allows modelling templates that can match/extract on filesystem too.
# Start of file template block
file:
Extensions¶
To match on all extensions (except the ones in default denylist), use the following -
extensions:
- all
You can also provide a list of custom extensions that should be matched upon.
extensions:
- py
- go
A denylist of extensions can also be provided. Files with these extensions will not be processed by nuclei.
extensions:
- all
denylist:
- go
- py
- txt
By default, certain extensions are excluded in nuclei file module. A list of these is provided below-
3g2,3gp,7z,apk,arj,avi,axd,bmp,css,csv,deb,dll,doc,drv,eot,exe,flv,gif,gifv,gz,h264,ico,iso,jar,jpeg,jpg,lock,m4a,m4v,map,mkv,mov,mp3,mp4,mpeg,mpg,msi,ogg,ogm,ogv,otf,pdf,pkg,png,ppt,psd,rar,rm,rpm,svg,swf,sys,tar,tar.gz,tif,tiff,ttf,txt,vob,wav,webm,wmv,woff,woff2,xcf,xls,xlsx,zip
More Options¶
max-size parameter can be provided which limits the maximum size (in bytes) of files read by nuclei engine.
As default the max-size
value is 5MB (5242880), Files larger than the max-size
will not be processed.
no-recursive option disables recursive walking of directories / globs while input is being processed for file module of nuclei.
Matchers / Extractor¶
File protocol supports 2 types of Matchers -
Matcher Type | Part Matched |
---|---|
word | all |
regex | all |
Extractors Type | Part Matched |
---|---|
word | all |
regex | all |
Example File Template¶
The final example template file for a Private Key detection is provided below.
id: google-api-key
info:
name: Google API Key
author: pdteam
severity: info
file:
- extensions:
- all
- txt
extractors:
- type: regex
name: google-api-key
regex:
- "AIza[0-9A-Za-z\\-_]{35}"
# Running file template on http-response/ directory
nuclei -t file.yaml -target http-response/
# Running file template on output.txt
nuclei -t file.yaml -target output.txt
More complete examples are provided here