Nuclei - Automated Vulnerability Scanning Tool
Nuclei is an awesome vulnerability scanning tool developed by projectdiscovery that helps security guys to find security issues automatically based on simple YAML-based templates. This tool is highly customizable and helps in identifying vulnerabilities by scanning numerous protocols such as HTTP, DNS, TCP, etc.
Vulnerability templates are heart of tool and are available on github. These templates are developed by more than 100 security researchers and maintained by projectdiscovery.
Templates are categorized based on cves, vulnerabilities, exposed panels, takeovers, misconfigurations, technologies, default-logins, etc.
Installation
Must ensure the installation of go language before installing nuclei. Use the below one-liner command for a clean installation. If you still have some issues, refer official website.
sudo apt install golang
Now all set for installation of nuclei by using the below one-liner command:
GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
Update
It is recommended to update nuclei just after installation. You can use the below command to update templates.
nuclei -update-templates
After successful update, if you run the same command again you get a message "Your nuclei-templates are up-to-date" with a version number.
This step completes the update process of nuclei.
Available templates types in the database of nuclei
| cves | vulnerabilities | exposed-panels | takeovers |
| exposures | technologies | misconfiguration | workflows |
| miscellaneous | default-logins | file | dns |
| fuzzing | helpers | iot |
You can list out all available templates by traversing in nuclei-templates directory
ls ~/nuclei-templates/
Explore Usage of Tool
You can display all supported commands that guides you further tool usage.
nuclei --help
First, run against the target
You can run and test your target using the below one-liner command. This command will test the target against all cves available in the database.
Here, the target file has a list of URLs that need to be scanned and it is using with -l option. Option -t pair with the type of templates (e.g. cves).
If no issues are found, the display message will be "No results found. Better luck next time!".
nuclei -l <target-list> -t cves
Test target with workflow
By using workflow, you can run multiple templates by using a single workflow file.
nuclei -w workflows/wordpress-workflow.yaml -l <target-list>
You can also list out all workflows by using the ls command and use multiple workflows with nuclei against the target at the same time
nuclei -w workflows/wordpress-workflow.yaml -w workflows/airflow-workflow.yaml -l <target-list>
Test target based on the severity
The below command is used to scan a target based on the severity
nuclei -t cves/ -severity critical -l <target-list>
Scan target but exclude some specific types of templates
You can scan a target by using all templates but exclude some specific types of templates
nuclei -l <target-list> -t nuclei-templates/ -exclude iot/ -exclude technologies
Support standard input
nuclei take care of your convenience and supports standard inputs i.e. STDIN. This will enable you to chain multiple tools in one-liner commands.
cat <target-list> | ./nuclei -t nuclei-templates/
Conclusion
Nuclei is a powerful and customizable vulnerability scanner based on YAML-based templates and is able to find security issues in Networks, Web Applications, DNS-based misconfiguration etc. If you have not used this tool yet, I recommend adding this tool to your arsenal. This is a basic tutorial but enough to start with nuclei. If you are interested in referring in-depth guide, visit the official documentation of nuclei.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
