Adding Parameters
A walkthrough of adding additional parameters to ProjectDiscovery scan configuration
Summary
Some Nuclei templates, to adapt to running in our cloud platform, may require additional parameters. A common example is Nuclei templates that need parameters like username and password to authenticate.
This page provides a common example to show you the steps required to set up scan parameters. Using the scan configuration you can take advantage of these types of Nuclei templates within ProjectDiscovery.
Authentication Example
In this example we’re going to look at a Nuclei template that requires WordPress authentication.
WordPress authentication is required for over 150 different Nuclei templates, and in each of these the templates can’t be executed without configuring additional parameters.
For example:
In the first request there are two variables that are not defined in the template.
Users are expected to pass the values of these variables {{username}}
and {{password}}
.
In Nuclei from the CLI you would simply run the following command:
nuclei -id CVE-2023-1890 -var username=admin -var password=password123 -target https://example.com
However, ProjectDiscovery requires some additional configuration to include these parameters in a scan.
Variable Configuration in ProjectDiscovery
To configure these required scan parameters in ProjectDiscovery you can create a Scan Configuration to pass these variables along in any scans you create. You can choose to enable this configuration for all scans by default, or apply the configuration manually when you set up a new scan.
Complete these steps to set up an username and password parameters for a scan that includes WordPress authentication within the Nuclei templates.
Navigate to Scans
Select Configurations. Next select Scan Options and New Config.
Complete Scan configuration
- Enter WP Login as the configuration name
- Under Template variables enter key with the desired username and value with the corresponding password
- Update Enable for all scans based on your preferences. Keeping it selected (default) will pass the new variables for any templates that has these variables defined.
Complete your config
Select Create to create the new scan configuration.
What’s Next?
Now that you have created a new scan configuration if set to “Enable for all scans” will appear as a configuration for any new scans you create.
- If this is not enabled you will be able to choose the configuration for any scan you create.
Create a new scan and select any WordPress templates you want to include. You can also create a custom template profile to define a specific group of WP templates.
Was this page helpful?