Custom nuclei template works with default cli, but not with -nh

[bhrott]

Nuclei version:

v3.2.2

Current Behavior:

When I run:

nuclei -t template-get.yaml -u 127.0.0.1:5000

It returns a success result:

[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[my-hello-request] [http] [info] http://127.0.0.1:5000/hello

But when I run the same command with -nh, it's not returning:

[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] No results found. Better luck next time!

Expected Behavior:

The scan should return the expected result:

[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[my-hello-request] [http] [info] http://127.0.0.1:5000/hello

Steps To Reproduce:

I created a simple python api:

from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/hello', methods=['GET'])
def hello():
    return jsonify({'message': 'Hello, World!'})

It's running on http://127.0.0.1:5000

And write this template:

id: my-hello-request

info:
  name: Sample Login Request
  author: guiadeappsec
  severity: info
  description: Execute a basic request to /hello on a web application.
  tags: hello

http:
  - method: GET
    path:
      - "{{BaseURL}}/hello"
    matchers:
      - type: status
        status:
          - 200

Run those commands:

• Success: nuclei -t template-get.yaml -u 127.0.0.1:5000
• Error: nuclei -t template-get.yaml -u 127.0.0.1:5000 -nh

[ehsandeep]

@bhrott if you are not specifying url scheme, nuclei try to auto probe as default which is happening in 1st case, and you are disabling probbing behavior by specifying -nh option, as result nuclei will not probe and fail, so this is working as expected, it's not working in 2nd case, as you are specifically disabling the auto probe.

if you wanted to use -nh option you need to pass input with URL scheme i.e nuclei -t template-get.yaml -u http://127.0.0.1:5000 -nh

[bhrott]

Thanks @ehsandeep ✌️