LogoLogo
Book a Demo
  • Introduction
  • Getting Started
    • Install
    • Configuration - General
    • Configuration - Code
    • Configuration - Dependencies
    • Configuration - Containers
    • Configuration - Secrets
    • Configuration - Attack Surface Monitoring
  • Features
    • Code Scanning
      • Custom Rules
      • Supported Languages
    • Dependency Scanning
      • Supported Package Managers
    • Secrets Scanning
      • Supported Secret Types
      • Confidential Information
    • Web App Penetration Testing
      • Quickstart
      • Supported Applications
      • Apps in Private Networks
      • Custom Rules
    • Orchestration
  • Integrations
    • GitHub
      • Repository Issue Dashboards
    • Bitbucket
      • Repository Dashboards
    • Slack
      • Install
    • Jira
      • Install
      • Configuration
      • Assignee
      • Priorities
      • Manual Ticket Creation
    • AWS
      • Prerequisites
      • Configuration
  • API Reference
    • Nullify API
      • Authentication
      • Pagination
      • Admin
      • Code Scanning (SAST)
      • Dependency Scanning (SCA)
      • Secrets Scanning
      • Dynamic Scanning (DAST)
  • Enterprise Tier
    • GitHub Install
    • Azure DevOps Install
  • More Info
    • About Us
    • Latest Updates
    • Security
    • Data Handling Policy
Powered by GitBook

© 2023 Nullify | All Rights Reserved.

On this page
  • Setup
  • Writing Rules
  • Example

Was this helpful?

  1. Features
  2. Web App Penetration Testing

Custom Rules

PreviousApps in Private NetworksNextOrchestration

Last updated 4 months ago

Was this helpful?

Nullify performs DAST scanning using a number of tools under the hood to detect vulnerabilities in your APIs.

Nullify allows you to create custom DAST rules to detect vulnerabilities specific to your API.

All Nullify features are supported with custom rules:

  • AI false positive and prioritization

  • Auto-fix

  • Pull request comments

  • Web dashboard metrics and triage page

Setup

Currently, the only way to use custom DAST scanning rules is to create custom rule templates in your global private repository (e.g. .github-private).

Note: Custom DAST rules are only supported in cloud-based scans initiated through the Nullify Web App, CLI, or GitHub Action. Local scans do not support custom rules.

  1. Create a .nullify/nuclei directory in the root of the repository .github-private.

  2. Add custom rule templates in the .nullify/nuclei directory (see example below).

Writing Rules

Custom rules use the same syntax as Nuclei templates.

Example

This example rule detects a simple server-side request forgery (SSRF) vulnerability by attempting to access internal AWS metadata via the HTTP request's query or body.

id: custom-template-ssrf-aws-metadata

info:
  name: Custom Template SSRF AWS Metadata
  author: nullify-custom-dast-rules
  severity: critical
  metadata:
    max-request: 1
  tags: ssrf,dast,aws

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET" || method == "POST"'

    payloads:
      ssrf:
        - "http://169.254.169.254/latest/meta-data/"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "{{ssrf}}"
      - part: body
        mode: single
        fuzz:
          - "{{ssrf}}"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - "ami-id"
          - "instance-id"
          - "local-hostname"
https://docs.projectdiscovery.io/templates/structure