#Running Nuclei in read-only environment

1 messages · Page 1 of 1 (latest)

white scroll
#

I need to launch Nuclei within AWS Lambda. It is a read-only environment. The goal is to trigger the function after each deployment automatically.
I mounted a filesystem to my lambda to write files there (/mnt/nuclei) and specified template and cache dirs location in /mnt/nuclei.
My lambda is an image-based container (public.ecr.aws/lambda/provided:al2) where I copied my Golang code that exec the nuclei (/var/runtime/nuclei).
I've got some errors:

  • failed to create config directory at .nuclei-config/nuclei got: mkdir .nuclei-config: read-only file system
  • failed to write config file at .nuclei-config/nuclei/.templates-config.json got: [:RUNTIME] could not create nuclei config directory at .nuclei-config/nuclei <- mkdir .nuclei-config: read-only file system
  • failed to load provider keys got [uncover:RUNTIME] provider config file .uncover-config/uncover/provider-config.yaml does not exist

I suppose I need to override some path (if possible).
Is there any boilerplate describing how to launch nuclei via an AWS lambda function in a read-only environment?

oak wave
#

Best I can do for now was finding some issues where others were discussing using nuclei with Lambda.

https://github.com/projectdiscovery/nuclei/issues/760

And something called Nuclear Pond. Using third party apps is at your own discretion, but seems someone else has been trying to do this as well. https://www.reddit.com/r/blueteamsec/comments/13t18no/nuclear_pond_a_way_for_you_to_run_nuclei_in_the/

GitHub
Unable to run nuclei inside golang-based container through AWS Lamb...

Describe the bug I have a basic golang container that installs several binaries, including nuclei: FROM golang:alpine ... ENV GO111MODULE=on RUN go get -v github.com/projectdiscovery/nuclei/v2/cmd/...

Reddit
From the blueteamsec community on Reddit: Nuclear Pond - a way for ...

Explore this post and more from the blueteamsec community

white scroll
#

Thank you, @oak wave . I'll take a look.

cursive mica
#

@white scroll you can override config directory to some writeable directory like tmp etc.

To override You need to modify env variable depending on distro

hii , you can modify config or home directory using env variable depending on system you are using

UserConfigDir returns the default root directory to use for user-specific configuration data. Users should create their own application-specific subdirectory within this one and use that.

On Unix systems, it returns $XDG_CONFIG_HOME as specified by https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html if non-empty, else $HOME/.config. On Darwin, it returns $HOME/Library/Application Support. On Windows, it returns %AppData%. On Plan 9, it returns $home/lib.

If the location cannot be determined (for example, $HOME is not defined), then it will return an error.

so on linux you can use XDG_CONFIG_HOME=/my/dir

white scroll
#

I tried to address it with the config file.

Here are some code snippets from the Docker file:

# Build my Golang app here
# FROM public.ecr.aws/lambda/provided:al2 AS build-lambda
# ...

# Setup Nuclei
FROM golang:1.21 AS build-nuclei
ENV GOARCH=arm64
ENV GOOS=linux
ENV CGO_ENABLED=0
RUN go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
RUN nuclei -update-templates

# Copy compiled Golang code and Nuclei to the target image
FROM public.ecr.aws/lambda/provided:al2
COPY --from=build-nuclei /go/bin/nuclei ${LAMBDA_RUNTIME_DIR}/nuclei
COPY --from=build-nuclei /root/nuclei-templates ${LAMBDA_RUNTIME_DIR}
COPY --from=build-nuclei /root/.config/* ${LAMBDA_RUNTIME_DIR}/.config
COPY config/nuclei/project.yaml ${LAMBDA_RUNTIME_DIR}/.config/nuclei/project.yaml
COPY --from=build-lambda /app/main ./main
ENTRYPOINT [ "./main" ]

In the project.yaml I specified mounted to lambda disk where I can write files among other settings:

template_dir:
  - '/mnt/nuclei'

cache_dir:
  - '/mnt/nuclei/cache'

In the Dockerfile, you can see that I copy the config dir: .config . It addressed one of the issues I had before this post. But nuclei tried to create another one, .nuclei-config. I also tried to install nuclei to the target image to avoid copying assets. Still, I got stuck with another installation issue (I asked for advice in the "Failed to solve: process did not complete successfully in Docker" post).

white scroll
#

I tried to run it via nuclei image but got the same error.
Here is my Dockerfile:

# Build lambda function
FROM public.ecr.aws/lambda/provided:al2 AS build-lambda
ENV GOARCH=arm64
ENV GOOS=linux
ENV CGO_ENABLED=0
WORKDIR /app
RUN mkdir -p /opt/extensions
RUN yum -y install go
COPY go.mod go.sum main.go ./
COPY ./internal ./internal
RUN go mod tidy
RUN go mod download
RUN go build -tags lambda.norpc -o main main.go

# Target Image
# ======================================================================================================================
FROM projectdiscovery/nuclei:latest
COPY ./config/nuclei/project.yaml /home/.env-config/nuclei/project.yaml
COPY --from=build-lambda /app/main ./main
ENTRYPOINT [ "./main" ]

The lambda image executes nuclei command with the config path parameter.

The command produces the following errors:

- failed to create config directory at .nuclei-config/nuclei got: mkdir .nuclei-config: read-only file system
- failed to write config file at .nuclei-config/nuclei/.templates-config.json got: [:RUNTIME] could not create nuclei config directory at .nuclei-config/nuclei <- mkdir .nuclei-config: read-only file system
- failed to load provider keys got [uncover:RUNTIME] provider config file .uncover-config/uncover/provider-config.yaml does not exist

The config file is the same as previously:

template_dir:
  - '/mnt/nuclei'

cache_dir:
  - '/mnt/nuclei/cache'
white scroll
#

I was able to run it with HOME=/mnt/nuclei

oak wave
#

Would it be ok if we made this into a GitHub issue so other people can find it?

white scroll
#

yes, I'll publish it after polishing the code