Nuclei Budget Mode

[Sh4d0wHunt3rX]

Hey @liquidsec , sorry to take your time man, I had some questions about budget mode in nuclei.

1. In budget mode, how nuclei decides to use which templates? Is it completely handled by bbot? How we can know which templates it used?

2. How to tell nuclei to include some specific templates in budget mode?

3. I want to use budget mode, but only with severity medium, high and critical. However, in the image, 824 didn't change and was it including unknown, low and info too ?

Thanks a lot for your help❤️ 🙏

[liquidsec]

Hey, sorry for taking so long to get to this, just been super busy.

The way it decides is basically by how thoroughly it can collapse the list. So if you say I only want 1 request, its going to get you the best bang for your buck, so you get whichever templates have the most common endpoint (which is just '/'). If you did 3, you'd get the 3 most common, etc.

It should still adhere to any specific restrictions you add. The message you referred to is the total number of templates "loaded" - in this case loaded means - available to nuclei. I realize that is a bit misleading, but behind the scenes its actually just producing a smaller set of templates and telling nuclei to load those instead. Its not actually telling you which ones it's using.

As far as knowing which ones, providing insight into that would be pretty clunky and not worth the added complication IMO.

If that is confusing, I might consider tweaking that message a bit to reflect what's really happening. A better message might be:" 824 templates available to nuclei" or something. But when nuclei actually runs, if you haven't silenced the messages from nuclei itself, you should see the true count.

[Sh4d0wHunt3rX]

Thanks a lot for the explanation. Just how I can I include some specific templates in addition to budget mode? So, I can be sure those templates will be used, no matter what.

[liquidsec]

Honestly I think trying to use specific templates and also using Budget mode are just fundamentally incompatible. Currently, there is no way to support this.

If this is something you really want to do, my recommendation would be to steal the code that is parsing the templates and making the "budget" copy, and turn it into a standalone script, and have it actually write them out to disk. Then add whatever you want to run all the time, then just point nuclei at your custom list.

The only other way this could work is if we had a whole separate module for nuclei budget, and you could then run them both concurrently. It wouldn't be hard to do this yourself, but I would be hesitant to split this out officially.