Nuclei scan using Swagger file.

[mikemicky4321]

Hello Team,
Firstly thanks for creating this wonderful tool. We are trying use nuclei using swagger file. I had followed the following method. I am getting below error. Could you please help me?

[mikemicky4321]

We are using openapi file but getting below error. It was observed that nuclei was not collecting endpoints from the openapi file and not performing any scan. Could you please help us?

Swagger file or openapi file can be found at https://github.com/microsoft/restler-fuzzer/tree/main/demo_server

[tarunKoyalwar]

@mikemicky4321 , flags -list and -target are mutually exclusive , that means when using new input formats using -im only -list should be used or expected

You can confirm this by looking at screenshot you shared specifically Targets Loaded for current scan: 1 , if openapi file was used it would be more than 1 since it contains more than 1 request defination in it , but in your case you --target was being used and that too with -im which caused this 400 Bad request

• this is correct usage format

$  nuclei -l swagger.json -im openapi -dast -id erlang-daemon                     1 ↵

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.3

		projectdiscovery.io

[ERR] openapi: Found 1 missing parameters, use -skip-format-validation flag to skip requests or update missing parameters generated in required_openapi_params.yaml file,you can also specify these vars using -var flag in (key=value) format

you can see when we use -input-mode we have implement validation of missing & required variables along with auth , which can either be skipped ( will skip that request completely since that was marked as required in swagger schema ) or those missing variables can be specificed in the autogenerated required_openapi_params.yaml file in same directory , in this case it was

$ cat required_openapi_params.yaml                                              
var:
    - postId=

we have also added detailed document of this feature with examples at https://docs.projectdiscovery.io/tools/nuclei/input-formats

[mikemicky4321]

Hello @tarunKoyalwar and @ehsandeep ,
Firstly thanks for your detailed response. I understand and could produce some results. The endpoints in the swagger files are non-authenticated. So I have used the below command and observed it was using fuzzing templates. So, I have to use both -dast and fuzzing templates which makes nuclei to perform the fuzzing in general right? Please correct me if I am wrong.

These are the available fuzzing templates right? (https://github.com/projectdiscovery/fuzzing-templates). May I know why nuclei didn't perform xss templates here?

Checking Authorization and Authentication
I have a unique test case, After providing swagger file and authentication parameters, I would like to check which endpoints it is working and also if possible without having token if the endpoints are reaching. If this is possible it would be really great.