⚛️Nuclei

What is Nuclei?

Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless, Code etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.

Installation

go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

Usage

# Help Menu
nuclei -h

# Update Nuclei
nuclei -update

# Update Templates
nuclei -update-templates

Nuclei Template Location

/home/user/nuclei-templates

OR

/go/bin/nuclei-templates

Examples

# Tomcat Default Login
nuclei -t tomcat-default-login.yaml -u http://<IP>:<Port>/ -v

# Templates
nuclei -t exposures/configs/git-config.yaml -l urls.txt
nuclei -t cves/2021/ -l urls.txt
nuclei -t cves/2020/ -t exposed-tokens -t misconfiguration -l urls.txt

# Tags
nuclei -tags cve -u urls.txt
nuclei -tags config -t exposures/ -u urls.txt
nuclei -tags lfi,ssrf,rce -t cves/ -l urls.txt

# Workflows
nuclei -w workflows/wordpress-workflow.yaml -l wordpress_urls.txt
nuclei -w workflows/wordpress-workflow.yaml -w workflows/jira-workflow.yaml -l urls.txt

# Severity
nuclei -t cves/ -severity critical -l urls.txt
nuclei -t cves/ -t vulnerabilities -severity critical,high -l urls.txt

REFERENCES

PreviousVulnerability Scanning NextTunneling & Exfiltration

Last updated 3 months ago