[Feature Request] Add a flag (e.g., -strict-probe) to stop scanning if internal httpx probe fails (No Fallback) #6651
Description
Discussed in https://github.com/orgs/projectdiscovery/discussions/6648
Originally posted by sixteen250 December 2, 2025
When running Nuclei against a target with an open TCP port that is NOT a Web Service (e.g., a "Zombie Port" like a MySQL/Redis port receiving HTTP requests), Nuclei's internal httpx probe correctly identifies that there is no Web Service (Found 0 URL from httpx).
However, Nuclei currently triggers an Auto Fallback mechanism. It ignores the failed probe and proceeds to scan the target using the raw input, assuming it might be a valid HTTP service. In scenarios with large attack surfaces containing many non-HTTP open ports, this causes Nuclei to waste significant time sending thousands of HTTP requests to non-HTTP ports, waiting for timeouts on every request. Even with -mhe set, the scanning continues because TCP connections are successful, but the application layer times out.
I would like a new flag (e.g., -strict-probe or -no-fallback) that changes this behavior. If the internal httpx probe returns 0 URLs (meaning the target is confirmed not to be a Web Service), Nuclei should immediately stop processing that host and not fallback to raw input scanning.
Currently, the only workaround is using a pipeline: echo target:port | httpx | nuclei However, for users who rely on Nuclei's standalone binary or internal logic (e.g., resuming scans, using input files directly), having this logic native to Nuclei would be much more efficient.
Additional context Example of the current inefficient behavior:
nuclei -duc -stats -u 127.0.0.1:3306 -mhe 3 -c 2 -timeout 3 -pt http
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.5.1
projectdiscovery.io
[WRN] Found 1 templates with runtime error (use -validate flag for further examination)
[INF] Current nuclei version: v3.5.1 (unknown) - remove '-duc' flag to enable update checks
[INF] Current nuclei-templates version: v10.3.0 (unknown) - remove '-duc' flag to enable update checks
[INF] New templates added in latest release: 124
[INF] Templates loaded for current scan: 8239
[INF] Executing 6881 signed templates from projectdiscovery/nuclei-templates
[WRN] Loading 1358 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Running httpx on input host
[INF] Found 0 URL from httpx <-- Probe failed (Correct)
[INF] Templates clustered: 1768 (Reduced 1655 Requests)
[0:00:05] | Templates: 8239 | Hosts: 1 | RPS: 1 | Matched: 0 | Errors: 14 | Requests: 9/15405 (0%)
[INF] Using Interactsh Server: oast.me
[0:00:10] | Templates: 8239 | Hosts: 1 | RPS: 1 | Matched: 0 | Errors: 32 | Requests: 19/15405 (0%)
[0:00:15] | Templates: 8239 | Hosts: 1 | RPS: 1 | Matched: 0 | Errors: 52 | Requests: 30/15405 (0%) <-- Wasting time on a non-web port