Nuclei - Automated Vulnerability Scanning Tool
Nuclei is an awesome vulnerability scanning tool developed by projectdiscovery that helps security guys to find security issues automatically based on simple YAML-based templates. This tool is highly customizable and helps in identifying vulnerabilities by scanning numerous protocols such as HTTP, DNS, TCP etc.
Vulnerability templates are heart of tool and are available on github. These templates are developed by more than 100 security researchers and maintained by projectdiscovery.
Templates are categorizes based on cves, vulnerabilities, exposed panels, takeovers, misconfigurations, technologies, default-logins etc.
Installation
Must ensure installation of go language before installing nuclei. Use below one liner command for clean installation. If you still have some issue, refer official website.
sudo apt install golang
Now all set for installation of nuclei by using below one liner command:
GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
Update
It is recommended to update nuclei just after installation. You can use below command to update templates.
nuclei -update-templates
After successful update, if you run same command again you get a message "Your nuclei-templates are up-to-date" with version number.
This step completes the update process of nuclei.
Available templates types in database of nuclei
| cves | vulnerabilities | exposed-panels | takeovers |
| exposures | technologies | misconfiguration | workflows |
| miscellaneous | default-logins | file | dns |
| fuzzing | helpers | iot |
You can list out all available templates by traversing in nuclei-templates directory
ls ~/nuclei-templates/
Explore Usage of Tool
You can display all supported commands that guides you further tool usage.
nuclei --help
First run against target
You can run and test your target using below one liner command. This command will test the target against all cves available in database.
Here, target file have list of urls that need to be scan and it is using with -l option. Option -t pair with type of templates (e.g. cves).
If no issues found, display message will be "No results found. Better luck next time!".
nuclei -l <target-list> -t cves
Test target with workflow
By using workflow, you can run multiple templates by using single workflow file.
nuclei -w workflows/wordpress-workflow.yaml -l <target-list>
You can also list out all workflows by using ls command and use multiple workflows with nuclei against target at same time
nuclei -w workflows/wordpress-workflow.yaml -w workflows/airflow-workflow.yaml -l <target-list>
Test target based on severity
Below command used to scan a target based on severity
nuclei -t cves/ -severity critical -l <target-list>
Scan target but exclude some specific type of templates
You can scan a target by using all templates but exclude some specific type of templates
nuclei -l <target-list> -t nuclei-templates/ -exclude iot/ -exclude technologies
Support standard input
nuclei takes care of your convenience and supports standard inputs i.e. STDIN. This will enable you chaining multiple tools in one liner commands.
cat <target-list> | ./nuclei -t nuclei-templates/
Conclusion
Nuclei is a powerful and customizable vulnerability scanner based on YAML-based templates and able to find security issues in Networks, Web Applications, DNS based misconfiguration etc. If you have not used this tool yet, I recommend to add this tool in your arsenal. This is basic tutorial but enough to start with nuclei. If you are interested in referring in-depth guide, visit the official documentation of nuclei.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
