Review details on matchers for Nuclei
Matcher Type | Part Matched |
---|---|
status | Integer Comparisons of Part |
size | Content Length of Part |
word | Part for a protocol |
regex | Part for a protocol |
binary | Part for a protocol |
dsl | Part for a protocol |
xpath | Part for a protocol |
Response Part | Description | Example |
---|---|---|
content_length | Content-Length Header | content_length >= 1024 |
status_code | Response Status Code | status_code==200 |
all_headers | Unique string containing all headers | len(all_headers) |
body | Body as string | len(body) |
header_name | Lowercase header name with - converted to _ | len(user_agent) |
raw | Headers + Response | len(raw) |
body
if not defined.
Example matchers for HTTP response body using the AND condition:
negative: true
in the matchers block.
Here is an example syntax using negative
condition, this will return all the URLs not having PHPSESSID
in the response header.
flow
based templates, there might be a case where we need to validate/match first request then proceed to next request and a good example of this is CVE-2023-6553
In this template, we are first checking if target is actual using Backup Migration
plugin using matchers and if true then proceed to next request with help of flow
But this will print two results, one for each request match since we are using the first request matchers as a pre-condition to proceed to next request we can mark it as internal using internal: true
in the matchers block.
matchers
that apply globally across all HTTP responses received from running other templates. This makes them super useful for things like passive detection, fingerprinting, spotting errors, WAF detection, identifying unusual behaviors, or even catching secrets and information leaks. By setting global-matchers
to true, you’re enabling the template to automatically match events triggered by other templates without having to configure them individually.
matchers
; you can also define extractors
in a global matchers template.global-matchers
set to true. It looks for specific patterns, like an asymmetric private key or a Slack webhook, across all HTTP requests. Now, when you run this template along with others, the global matcher will automatically check for those patterns in all HTTP responses. You don’t have to set up individual matchers in every single template for it to work.
To run it, use a command like this:
-enable-global-matchers
/-egm
flag or programmatically via nuclei.EnableGlobalMatchersTemplates
if you’re working with the Nuclei SDK.