Avatar
Kişisel Blog

[EN] Nuclei Notes

tools vulnerability scanner tools
Published on 13 Dec 2021

Installation

Go

go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Docker

docker pull projectdiscovery/nuclei:latest

Binary

https://github.com/projectdiscovery/nuclei/releases

tar -xzvf nuclei-*.tar.gz

After Installation

Install Template

nuclei -update-templates

Edit Config

vim $HOME/.config/nuclei/config.yaml

Sample Config

# Headers to include with each request.
header:
  - 'X-BugBounty-Hacker: h1/mnykmct'
  - 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)'

# Templates with tags to run
tags: rce,lfi

# Templates with tags to exclude
exclude-tags: info

# Templates to scan
templates:
  - cves/
  - vulnerabilities/
  - misconfiguration/

# Templates to exclude scan
exclude:
  - vulnerabilities/xxx
  - misconfiguration/xxxx

# Rate limit configuration for scan
rate-limit: 500
bulk-size: 50
concurrency: 50

Running

With Templates

echo 'https://huseyince.com/' | nuclei -t nuclei-templates

# or
nuclei -t nuclei-templates -l urls.txt

With Tags

nuclei -tags cve -l urls.txt

nuclei -tags network -l urls.txt

nuclei -tags logs -l urls.txt

With Workflows

nuclei -w workflows/wordpress-workflow.yaml -l wordpress_urls.txt

With Severity

nuclei -severity critical,high -l urls.txt

With Custom Config

nuclei -config project.yaml -l urls.txt

With Docker

echo huseyince.com | docker run -v $HOME/nuclei-templates:/root/nuclei-templates -i projectdiscovery/nuclei:v2.3.0 -t dns > output.txt

Report

Running With Reporting

nuclei -l urls.txt -t nuclei-templates/ -rc issue-tracker.yaml

Markdown Export (Deprecated: v2.3.8 - Disk Export)

nuclei -l urls.txt -t nuclei-templates/ -include-rr -me reports

Sarif (Static Analysis Results Interchange Format) Export

nuclei -l urls.txt -t nuclei-templates/ -include-rr -se reports

Sample Issue Tracker

allow-list:
  severity: high,critical
deny-list:
  severity: low

# github contains configuration options for github issue tracker
github: 
  # base-url is the optional self-hosted github application url
  base-url: ""
  # username is the username of the github user
  username: ""
  # owner is the owner name of the repository for issues.
  owner: ""
  # token is the token for github account.
  token: ""
  # project-name is the name of the repository.
  project-name: ""
  # issue-label is the label of the created issue type
  issue-label: ""

# gitlab contains configuration options for gitlab issue tracker
gitlab: 
  # base-url is the optional self-hosted gitlab application url
  base-url: ""
  # username is the username of the gitlab user
  username: ""
  # token is the token for gitlab account.
  token: ""
  # project-id is the ID of the repository.
  project-id: ""
  # issue-label is the label of the created issue type
  issue-label: ""

# jira contains configuration options for jira issue tracker
jira:
  # Cloud is the boolean which tells if Jira instance is running in the cloud or on-prem version is used
  cloud: true
  # URL is the jira application url
  url: ""
  # account-id is the account-id of the jira user or username in case of on-prem Jira
  account-id: ""
  # email is the email of the user for jira instance
  email: ""
  # token is the token for jira instance or password in case of on-prem Jira
  token: ""
  # project-name is the name of the project.
  project-name: ""
  # issue-type is the name of the created issue type
  issue-type: ""

For Uniq Issue

nuclei -l urls.txt -t nuclei-templates/ -rc issue-tracker.yaml -report-db prod

Scan Metrics

nuclei -t nuclei-templates/ -l urls.txt -metrics

curl -s localhost:9092/metrics | jq .

related posts

all tags

analiz box coding ctf dropper malware nahamcon netwalker stmctf tools vulnerability scanner vulnhub web windows x86 zararli_yazilim