Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
It is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for it is during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable. It uses retryablehttp-go library designed to handle various errors and retries in case of blocking by WAFs, this is also one of our core modules from custom-queries.
We have also open-sourced a dedicated repository to maintain various type of templates, we hope that you will contribute there too. Templates are provided in hopes that these will be useful and will allow everyone to build their own templates for the scanner. Checkout the guide at GUIDE.md for a primer on its templates.
Features
Also Read – Wotop : Web On Top Of Any Protocol
Usage
nuclei -h
This will display help for the tool. Here are all the switches it supports.
Flag | Description | Example |
---|---|---|
-c | Number of concurrent requests (default 10) | nuclei -c 100 |
-l | List of urls to run templates | nuclei -l urls.txt |
-t | Templates input file/files to check across hosts | nuclei -t git-core.yaml |
-t | Templates input file/files to check across hosts | nuclei -t “path/*.yaml” |
-nC | Don’t Use colors in output | nuclei -nC |
-o | File to save output result (optional) | nuclei -o output.txt |
-silent | Show only found results in output | nuclei -silent |
-retries | Number of times to retry a failed request (default 1) | nuclei -retries 1 |
-timeout | Seconds to wait before timeout (default 5) | nuclei -timeout 5 |
-v | Show Verbose output | nuclei -v |
-version | Show version of nuclei | nuclei -version |
Installation Instructions
The installation is easy. You can download the pre-built binaries for your platform from the Releases page. Extract them using tar, move it to your $PATH
and you’re ready to go.
> tar -xzvf nuclei-linux-amd64.tar
> mv nuclei-linux-amd64 /usr/bin/nuclei
> nuclei -h
It requires go1.13+ to install successfully. Run the following command to get the repo –
> GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/cmd/nuclei
In order to update the tool, you can use -u flag with go get
command.
Running
This will run the tool against all the hosts in urls.txt
and returns the matched results.
> nuclei -l urls.txt -t git-core.yaml -o results.txt
You can also pass the list of hosts at standard input (STDIN). This allows for easy integration in automation pipelines.
This will run the tool against all the hosts in urls.txt
and returns the matched results.
> cat urls.txt | nuclei -t git-core.yaml -o results.txt
This will run the tool against all the hosts in urls.txt
with all the templates in the path-to-templates
directory and returns the matched results.
> nuclei -l urls.txt -t “path-to-templates/*.yaml” -o results.txt
> subfinder -d hackerone.com | httprob | nuclei -t “path-to-templates/*.yaml” -o results.txt
It supports glob expression ending in .yaml
meaning multiple templates can be easily passed to be executed one after the other. Please refer to this guide to build your own custom templates.
Credit: projectdiscovery team
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…