[FALSE-NEGATIVE] kong-detect misses valid kong endpoint [nuclei-template]

[domwhewell-sage]

Template IDs or paths

- http/technologies/kong-detect.yaml

Environment

- OS: Kali 2024.4
- Nuclei: v3.3.7
- Templates Version: v10.1.1

Steps To Reproduce

1. Run nuclei on a target with kong installed: nuclei -target https://<redacted>:8443/admin/

Relevant dumped responses

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8ff40b0afa06774a-LHR
Content-Type: application/json; charset=utf-8
Date: Thu, 09 Jan 2025 11:21:20 GMT
Server: cloudflare
Set-Cookie: __cf_bm=McOVsoVKR.OWSvWliUk1nlnPHh3I1oR6WKCIDwnbfUQ-1736421680-1.0.1.1-NxZZ1sD3R2I0Qrb3P9VHepqqtwCP7t0nrK0rL2.ewbMfkIJJ9Z5joOUpCyeFI9B9tBtmBhYj_V74rdPt8HQfTw; path=/; expires=Thu, 09-Jan-25 11:51:20 GMT; domain=.<redacted>.com; HttpOnly; Secure; SameSite=None
X-Envoy-Upstream-Service-Time: 6
X-Kong-Admin-Request-Id: cuKUN3lovSCtGPkZT34nOpTIRC8xW661

...stripped
"tagline":"Welcome to kong","node_id":"ae0625c1-a092-483d-ba8c-2f4f04a2447e","version":"3.4.3.13"}

Anything else?

The kong-detect template failed to detect kong on this endpoint as none of the match headers are present (It is behind cloudflare which may be the cause)
The response includes the header X-Kong-Admin-Request-Id which could be added to the template or the tagline "tagline":"Welcome to kong"

[DhiyaneshGeek]

Hi @domwhewell-sage

i have added the additional header and raised a PR #11108

Thanks for flagging the issue