How to set params from OpenAPI "requestBody"?

[chelalex]

I used to start scanning OpenAPI via Nuclei 3.4.10:

nuclei -l openapi.json -im openapi -c 50 -bulk-size 50 -rate-limit 200 -sresp

While scanning Nuclei is using required_openapi_params.yaml variables to set them into OpenAPI endpoints like this:

        "parameters": [
          {
            "name": "index",
            "in": "path",
            "description": "index",
            "required": true,
            "style": "simple",
            "schema": {
              "description": "index",
              "type": "string"
            },
            "example": "index1"
          }
        ],

but Nuclei doesn't set these values into requestBody params:

        "requestBody": {
          "description": "my description",
          "required": true,
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/<...>/<...>/MultipleRequest"
              },
              "example": {
                "node": "node1",
                "values": {
                  "index-name": "index1",
                  "keys": "key1"
                }
              }
            }
          }
        },

      "MultipleRequest": {
        "description": "multiple request",
        "title": "MultipleRequest",
        "required": [
          "node",
          "values"
        ],
        "type": "object",
        "properties": {
          "node": {
            "type": "string",
            "description": "node",
            "maxLength": 128
          },
          "values": {
            "type": "array",
            "maxItems": 100,
            "description": "key array",
            "items": {
              "$ref": "#/<...>/<...>/myindex"
            }
          }
        },
        "additionalProperties": false
      },

How can I solve this problem?

required_openapi_params.yaml:

var:
    - index-name=my_index
    - index=my_index
    - key=Key1

[tal7aouy]

Hi! This is a known limitation in how Nuclei handles OpenAPI requestBody parameters vs. path/query parameters.

A few things to try:

1. Use -var flag directly on the CLI to pass body params:

   nuclei -l openapi.json -im openapi -c 50 -bulk-size 50 -rate-limit 200 -sresp \
     -var index-name=my_index -var index=my_index -var key=Key1
   

2. Check your required_openapi_params.yaml — make sure the variable names exactly match the property names defined in the MultipleRequest schema (node, values, etc.), not just the path parameters.

3. Provide a full example value for the requestBody schema in your OpenAPI spec under the example field — Nuclei may use those examples to populate body params automatically.

4. As a workaround, consider writing a custom Nuclei template that explicitly defines the POST body for that endpoint, giving you full control over the request body content.

This issue may also be worth tracking as a bug/feature request in the projectdiscovery/nuclei repo if it's not yet documented behavior.