how to make nuclei check both http and https

[arfan]

There is one vulnerable site where .env file is detected when using https but not http. currently I can modify the template to be like this

requests:

• method: GET
  path:
  • "http://{{BaseURL}}/.env"
  • "https://{{BaseURL}}/.env"

Is it possible to make it automatically detect using http and https? without specifying it in the template?

[ehsandeep]

@arfan nuclei do not check for HTTP scheme, it's expected input from the users, it will check for http:// or https:// depending on what you feed as input URLs for nuclei.

[arfan]

what will happen if user did not put http or https ?

for example:

nuclei -u somedomain.com

I notice the result is a lot less compared to when we specify it.

regards

[ehsandeep]

what will happen if user did not put http or https ?

that's invalid input from the user end, see the examples of running nuclei - https://nuclei.projectdiscovery.io/nuclei/get-started/#running-nuclei, URLs are the expected input for the nuclei.