Nuclei - Automated Vulnerability Scanning Tool

Nuclei is an awesome vulnerability scanning tool developed by projectdiscovery that helps security guys to find security issues automatically based on simple YAML-based templates. This tool is highly customizable and helps in identifying vulnerabilities by scanning numerous protocols such as HTTP, DNS, TCP etc.

Vulnerability templates are heart of tool and are available on github. These templates are developed by more than 100 security researchers and maintained by projectdiscovery.

Templates are categorizes based on cves, vulnerabilities, exposed panels, takeovers, misconfigurations, technologies, default-logins etc.

Installation

Must ensure installation of go language before installing nuclei. Use below one liner command for clean installation. If you still have some issue, refer official website.

sudo apt install golang

Now all set for installation of nuclei by using below one liner command:

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Update

It is recommended to update nuclei just after installation. You can use below command to update templates.

nuclei -update-templates

After successful update, if you run same command again you get a message "Your nuclei-templates are up-to-date" with version number.

This step completes the update process of nuclei.

Available templates types in database of nuclei

cvesvulnerabilitiesexposed-panelstakeovers
exposurestechnologiesmisconfigurationworkflows
miscellaneousdefault-loginsfiledns
fuzzinghelpersiot

You can list out all available templates by traversing in nuclei-templates directory

ls ~/nuclei-templates/

Explore Usage of Tool

You can display all supported commands that guides you further tool usage.

nuclei --help

First run against target

You can run and test your target using below one liner command. This command will test the target against all cves available in database.

Here, target file have list of urls that need to be scan and it is using with -l option. Option -t pair with type of templates (e.g. cves).

If no issues found, display message will be "No results found. Better luck next time!".

nuclei -l <target-list> -t cves

Test target with workflow

By using workflow, you can run multiple templates by using single workflow file.

nuclei -w workflows/wordpress-workflow.yaml -l <target-list>

You can also list out all workflows by using ls command and use multiple workflows with nuclei against target at same time

nuclei -w workflows/wordpress-workflow.yaml -w workflows/airflow-workflow.yaml -l <target-list>

Test target based on severity

Below command used to scan a target based on severity

nuclei -t cves/ -severity critical -l <target-list>

Scan target but exclude some specific type of templates

You can scan a target by using all templates but exclude some specific type of templates

nuclei -l <target-list> -t nuclei-templates/ -exclude iot/ -exclude technologies

Support standard input

nuclei takes care of your convenience and supports standard inputs i.e. STDIN. This will enable you chaining multiple tools in one liner commands.

cat <target-list> | ./nuclei -t nuclei-templates/

Conclusion

Nuclei is a powerful and customizable vulnerability scanner based on YAML-based templates and able to find security issues in Networks, Web Applications, DNS based misconfiguration etc. If you have not used this tool yet, I recommend to add this tool in your arsenal. This is basic tutorial but enough to start with nuclei. If you are interested in referring in-depth guide, visit the official documentation of nuclei.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.