[FALSE-POSITIVE] api-dbt token spray is showing a positive hit regardless of the token

[fail-open]

Template IDs or paths

http/token-spray/api-dbt.yaml

Environment

- OS: osx
- Nuclei: 3.3.7

Steps To Reproduce

1. Run nuclei -esc -t token-spray/api-dbt.yaml -var token=thisdoesntmattter

Get a hit for api-dbt regardless of what is set for token.

Relevant dumped responses

[api-dbt] Dumped HTTP request for https://cloud.getdbt.com/api/v2/accounts/

GET /api/v2/accounts/ HTTP/1.1
Host: cloud.getdbt.com
User-Agent: Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Authorization: Token thisdoesntmattter
Content-Type: application/json
Accept-Encoding: gzip

[DBG] [api-dbt] Dumped HTTP response https://cloud.getdbt.com/api/v2/accounts/

HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 182
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Mon, 02 Dec 2024 17:43:09 GMT
Referrer-Policy: same-origin
Server: nginx/1.24.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

{"status": {"code": 403, "is_success": false, "user_message": "Access denied: User API Keys are deprecated. Please use account scoped PAT.", "developer_message": null}, "data": null}
[api-dbt:word-1] [http] [info] https://cloud.getdbt.com/api/v2/accounts/

Anything else?

Template is looking for negative keyword check for words that are not the negative hit anymore.

[DhiyaneshGeek]

Hi @fail-open

Thanks for flagging the issue, it was observed that this was fixed in 11326

We are no longer able to reproduce, due to the following reason we are closing this issue

nuclei -esc -id api-dbt -var token=thisdoesntmattter -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

		projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.3.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 119
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] [api-dbt] Dumped HTTP request for https://cloud.getdbt.com/api/v2/accounts/

GET /api/v2/accounts/ HTTP/1.1
Host: cloud.getdbt.com
User-Agent: Mozilla/5.0 (Kubuntu; Linux i686; rv:133.0) Gecko/20100101 Firefox/133.0
Connection: close
Accept: */*
Accept-Language: en
Authorization: Token thisdoesntmattter
Content-Type: application/json
Accept-Encoding: gzip

[DBG] [api-dbt] Dumped HTTP response https://cloud.getdbt.com/api/v2/accounts/

HTTP/1.1 401 Unauthorized
Connection: close
Content-Length: 121
Content-Type: application/json
Cross-Origin-Opener-Policy: same-origin
Date: Tue, 28 Oct 2025 07:06:55 GMT
Referrer-Policy: same-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

{"status": {"code": 401, "is_success": false, "user_message": "Invalid token.", "developer_message": null}, "data": null}
[INF] Scan completed in 1.23668025s. No results found.