lucid matrix
I am trying to make a template that parses SPF records to do iterative lookups. It performs a match to see if there is an SPF record, and then extracts from the record using positive lookbehind. Here is the code currently:
dns:
- name: "{{FQDN}}"
type: TXT
matchers:
- type: word
words:
- "v=spf1"
extractors:
- type: regex
regex:
- '(?<=include:)[^\s]+'
name: original_includes
The template succeeds when only the matcher is run, but fails when the regex extractor is attempted. The intention is to take this parsed record and iterate over the results using a flow loop like the example from https://docs.projectdiscovery.io/templates/protocols/flow, shown below:
ssl();
for (let vhost of iterate(template["ssl_domains"])) {
set("vhost", vhost);
http();
}
Unfortunately, the documentation on the template aspect of nuclei including what is stored and what can be iterated over is desperately lacking. To make matters worse, the documentation tells you to "just log the template" to figure out what's in it, but the documentation for how to implement log is also a stub. Maybe that's my fault for not knowing enough JS lol. MY assumption is that anything you match or extract will be stored in the template provided you give it a name, and that if you name an extractor will multiple matches the template will receive it as an array. There is no documentation to tell me I am wrong.
Given this context, my questions are as follows:
- How does nuclei store the data from matchers and extractors?
- What type or format of data is allowed in matchers and extractors results?
- Can any matcher or extractor be referred to later in the template?
Any help here would be greatly appreciated. Additionally, if you think there is a better way to do what I am doing feel free to tell me to scrap this train of thought and try it another way.
Thanks :)
left magnet