#Future Feature Releases

Is there any possibilities on future releases of nuclei as more customizable like, excluding specific templates for specific assets ( like which has a known issues/intentional behaviour or from BBP-POV some programs exclude xss/redirects as out-of-scope, when mass scanning it is not possible to exclude some ids for specific assets

From my perspective, You could totally do different runs for different programs vs scattershot everything against everything. At some point a tool is a tool and down to the user on how they use it.

How would you exclude a template from an asset with a known issue if you dont know about the asset yet?

@finite juniper

Let me clarify in detail what I tried to ask ;

• I said on first run I scanned a list of hosts ( eg: 1000 ) and 10 of them were vulnerable to xss and I disclosed it to the company
• I don't want to spam the server again on second run with the same payloads of already discovered xss until fix
• At this point we also can't know other server also can be vulnerable so need to run the payloads only for those
• Also we can't exclude the xss hosts as it may be vulnerable to another issue

So excluding specific templates for specific can be a better feature for these things I believe

How would you present that to the tool to know what to run where?

target set A) Everything but the 10 - Run everything. Target set B) The 10 - Everything but the xss templates. Run Target Set A and Target Set B

seems straight forward enough, but I am surely missing something

I cant see how you would tell the tool to do something like this if it had the option without having something like this anyways, so at that point, doing that seems like it is already capable

I'm unsure !!, may be like => -ehosts1 oos-hosts.txt -eid1 open-redirect,xss