Nuclei - Automated Vulnerability Scanning Tool

Nuclei is an awesome vulnerability scanning tool developed by projectdiscovery that helps security guys to find security issues automatically based on simple YAML-based templates. This tool is highly customizable and helps in identifying vulnerabilities by scanning numerous protocols such as HTTP, DNS, TCP, etc.

Vulnerability templates are heart of tool and are available on github. These templates are developed by more than 100 security researchers and maintained by projectdiscovery.

Templates are categorized based on cves, vulnerabilities, exposed panels, takeovers, misconfigurations, technologies, default-logins, etc.

Installation

Must ensure the installation of go language before installing nuclei. Use the below one-liner command for a clean installation. If you still have some issues, refer official website.

sudo apt install golang

Now all set for installation of nuclei by using the below one-liner command:

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Update

It is recommended to update nuclei just after installation. You can use the below command to update templates.

nuclei -update-templates

After successful update, if you run the same command again you get a message "Your nuclei-templates are up-to-date" with a version number.

This step completes the update process of nuclei.

Available templates types in the database of nuclei

cvesvulnerabilitiesexposed-panelstakeovers
exposurestechnologiesmisconfigurationworkflows
miscellaneousdefault-loginsfiledns
fuzzinghelpersiot

You can list out all available templates by traversing in nuclei-templates directory

ls ~/nuclei-templates/

Explore Usage of Tool

You can display all supported commands that guides you further tool usage.

nuclei --help

First, run against the target

You can run and test your target using the below one-liner command. This command will test the target against all cves available in the database.

Here, the target file has a list of URLs that need to be scanned and it is using with -l option. Option -t pair with the type of templates (e.g. cves).

If no issues are found, the display message will be "No results found. Better luck next time!".

nuclei -l <target-list> -t cves

Test target with workflow

By using workflow, you can run multiple templates by using a single workflow file.

nuclei -w workflows/wordpress-workflow.yaml -l <target-list>

You can also list out all workflows by using the ls command and use multiple workflows with nuclei against the target at the same time

nuclei -w workflows/wordpress-workflow.yaml -w workflows/airflow-workflow.yaml -l <target-list>

Test target based on the severity

The below command is used to scan a target based on the severity

nuclei -t cves/ -severity critical -l <target-list>

Scan target but exclude some specific types of templates

You can scan a target by using all templates but exclude some specific types of templates

nuclei -l <target-list> -t nuclei-templates/ -exclude iot/ -exclude technologies

Support standard input

nuclei take care of your convenience and supports standard inputs i.e. STDIN. This will enable you to chain multiple tools in one-liner commands.

cat <target-list> | ./nuclei -t nuclei-templates/

Conclusion

Nuclei is a powerful and customizable vulnerability scanner based on YAML-based templates and is able to find security issues in Networks, Web Applications, DNS-based misconfiguration etc. If you have not used this tool yet, I recommend adding this tool to your arsenal. This is a basic tutorial but enough to start with nuclei. If you are interested in referring in-depth guide, visit the official documentation of nuclei.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues