website as input for nuclei

[underdarknl]

Website as input — analysis

A Website OOI combines IP+port+hostname, giving one scan per unique service endpoint — no duplicate work, and port/scheme-aware. Nuclei's -u flag accepts scheme://hostname:port, so it would work.

However, the input OOI arrives as a flat dict with Reference strings, not resolved objects:

{
  "object_type": "Website",
  "ip_service": "IPService|internet|192.168.1.5|tcp|443|https",  # Reference string
  "hostname": "Hostname|internet|example.com",                    # Reference string
}

To construct the nuclei target URL, the main.py would need to parse hostname, port, and scheme from these Reference strings. That's doable but fragile (relies on the PK format).

Proposed approach

Step 1 (this PR): Change all three nuclei boefjes to consume ["Hostname"] only. Simple, no duplicates, already works with the current main.py. This fixes the crash bug and eliminates duplicate scans.

Step 2 (follow-up PR): Add Website support to the shared main.py with proper Reference parsing, so nuclei scans become port/scheme-aware. This also needs normalizer updates to handle Website as input OOI for findings.

I'll update this PR with nuclei-exposed-panels consuming ["Hostname"] only. The Website support can be a separate, well-tested follow-up.

Originally posted by @hasecon in #5052 (comment)

[underdarknl]

The python model should allow for splitting the Primary key into its parts based on the primarykey. and as such this should not be fragile as the model is strict and matches the objects.
However, this is only a valid route if 'next to the hostname/port' we can in fact clamp down nuclei to only scan the given IP+with the hostname. Because we can otherwise expect nuclei to be exectuted on each listed IP with non-deterministic and possibly duplicate results due to unknown ip-selection.