Skip to content

fix aws signer missing template variables #3206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 24, 2023
Merged

fix aws signer missing template variables #3206

merged 3 commits into from
Jan 24, 2023

Conversation

@tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Jan 16, 2023
edited
Loading

Proposed changes

  • Fix issue where aws signer did not use variables from template
  • AWS Signer now uses variables from both template itself and CLI with preference given to CLI (i.e can override with CLI option)

closes #3202

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Jan 16, 2023 

$ ./nuclei -t ~/test/aws-caller.yaml  -v        

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.7

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.7 (latest)
[INF] Using Nuclei Templates 9.3.4 (latest)
[INF] Templates added in last update: 15
[INF] Templates loaded for scan: 1
[VER] [sts-get-caller-identity] Sent HTTP request to https://sts.us-east-1.amazonaws.com
[sts-get-caller-identity] [http] [info] https://sts.us-east-1.amazonaws.com

Template

id: sts-get-caller-identity
info:
  name: STS get-caller-identity
  author: princechaddha
  severity: info

self-contained: true
signature: aws

variables:
  service: sts
  region: us-east-1

requests:
  - raw:
      - |
        POST https://sts.us-east-1.amazonaws.com HTTP/1.1
        Host: sts.us-east-1.amazonaws.com
        Content-Type: application/x-www-form-urlencoded; charset=utf-8
        User-Agent: aws-cli/2.1.28 Python/3.8.8 Darwin/21.6.0 exe/x86_64 prompt/off command/sts.get-caller-identity
        Content-Length: 43

        Action=GetCallerIdentity&Version=2011-06-15

    matchers:
      - type: word
        words:
          - "<GetCallerIdentityResult>"

      - type: status
        status:
          - 200

@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Jan 16, 2023
edited
Loading

@ehsandeep @princechaddha , Currently these variables are not evaluated before passing to aws signer, should they be evaluated ??

@tarunKoyalwar tarunKoyalwar linked an issue Jan 16, 2023 that may be closed by this pull request
AWS Templates Variable issue #3202
Closed
@tarunKoyalwar tarunKoyalwar self-assigned this Jan 16, 2023
Mzack9999
Mzack9999 requested changes Jan 20, 2023
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think region should default to us-east-2 if not specified (could you confirm @princechaddha )

@princechaddha
Copy link
Member

princechaddha commented Jan 22, 2023

Yes @Mzack9999 the default region can be us-east-2 if not specified.

@princechaddha
Copy link
Member

princechaddha commented Jan 22, 2023
edited
Loading

I can confirm now the variables for AWS are picked up from the templates

pwnmachine@Princes-MacBook-Pro nuclei % go run . -t ~/Documents/GitHub/nuclei-templates/cloud/aws/sts/aws-sts-service.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.7

             projectdiscovery.io

[INF] Using Nuclei Engine 2.8.7 (latest)
[INF] Using Nuclei Templates 9.3.5 (latest)
[INF] Templates added in last update: 61
[INF] Templates loaded for scan: 1
[aws-sts-service] [http] [info] https://sts.amazonaws.com

@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Jan 22, 2023

@princechaddha , added following default variables any other defaults you think we should include

var AwsDefaultVars = map[string]interface{}{
	"region":  "us-east-2",
	"service": "sts",
}

@ehsandeep ehsandeep merged commit edcab07 into dev Jan 24, 2023
@ehsandeep ehsandeep deleted the issue-3202-aws-variable branch January 24, 2023 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@princechaddha princechaddha Awaiting requested review from princechaddha

Assignees

@tarunKoyalwar tarunKoyalwar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWS Templates Variable issue

5 participants

@tarunKoyalwar @princechaddha @ehsandeep @Mzack9999