nuclei-parse-enrich

module

v0.0.0-...-db57c93 Latest Latest Go to latest Published: Feb 24, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DIVD-NL/nuclei-parse-enrich

Links

Open Source Insights

README ¶

nuclei-parse-enrich

This package can be used to parse and enrich the output of a nuclei scan.

Usage

Input gets written from standard input, unless a file is provided with the -i flag or -f flag. When the -f flag is used, you can enrich on a list of ip's!

Example Usage

$ go run cmd/main.go -i /opt/nuclei-output.json

$ go run cmd/main.go -f /opt/ips_list.txt

$ go build cmd/main.go -o nuclei-enricher

$ cp scan.json /dev/stdin | ./nuclei-enricher --output scan.enriched.json

make sure you ran nuclei with -json flag

By default, output gets written to output.json, but can be specified with use of the -o flag. It will enrich the output with the following information:

RipeStat REST API's:-

ASN Number and Name
Geolocation (Country, City) (if available)
Abuse Contact (if available)
Prefix (as announced by the ASN)

Whois lookup (fallback)

Contact emails (if available)

IPInfo (fallback)

Contact emails (if available)

It will enrich based on the IP address of the host. It mostly queries RipeStat REST APIs. In the event that there is no Abuse Contact information, it will perform a whois lookup or fallback to IPInfo.

For ipinfo support, replace example.env to .env and add your ipinfo token to the ipinfo_token variable.

$ go get github.com/ipinfo/go/v2/ipinfo

Example output.json


{
  "1.2.3.4": {
    "Ip": "1.2.3.4",
    "AbuseSource": "ripeSTAT",
    "Abuse": "info@domain.tld",
    "Prefix": "1.2.3.4/32",
    "Asn": "1234",
    "Holder": "some hosting",
    "Country": "NL",
    "City": "some city",
    "template-id": "title-extract",
    "info": {
      "name": "title-extract",
      "author": [
        "xstp"
      ],
      "tags": [
        "title"
      ],
      "reference": null,
      "severity": "info",
      "description": ""
    },
    "type": "http",
    "host": "http://localhost/test",
    "matched-at": "http://localhost/test",
    "extracted-results": null,
    "ip": "1.2.3.4",
    "timestamp": "2022-06-06T08:37:15.398363+02:00",
    "curl-command": "curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: some-user-agent' 'http://divd.nl/test'",
    "matcher-status": true,
    "matched-line": ""
  }
}

TODO

filter special characters from abuse emails (testing)
goreleaser

Directories ¶

Path	Synopsis
cmd
pkg
enricher
ipinfo
parser
ripestat
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL