Nuclei is becoming a de-facto tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. It is often used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. The tool is essentially useful during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable.
-
Download latest release of nuclei from git link to download nuclei - https://github.com/projectdiscovery/nuclei/releases/download/v2.3.1/nuclei_2.3.1_linux_amd64.tar.gz
-
Copy latest release of nuclei templates from git link to download nuclei templates - https://codeload.github.com/projectdiscovery/nuclei-templates/tar.gz/refs/tags/v8.1.7
-
Untar nuclei and copy to /usr/local/bin
# tar -zxvf nuclei_2.3.1_linux_amd64.tar.gz
# mv nuclei /usr/local/bin
- Untar nuclei templates
# tar -zxvf nuclei-templates-8.1.7.tar.gz
# pwd
/home/joshi/nuclei-templates-8.1.7
# nuclei -h
Some major options are listed below:
| Flag | Description | Example |
|---|---|---|
| -c | Number of concurrent requests (default 10) | nuclei -c 100 |
| -l | List of urls to run templates | nuclei -l urls.txt |
| -t | Templates input file/files to check across hosts | nuclei -t git-core.yaml |
| -t | Templates input file/files to check across hosts | nuclei -t “path/*.yaml” |
| -nC | Don’t Use colors in output | nuclei -nC |
| -o | File to save output result (optional) | nuclei -o output.txt |
| -silent | Show only found results in output | nuclei -silent |
| -retries | Number of times to retry a failed request (default 1) | nuclei -retries 1 |
| -timeout | Seconds to wait before timeout (default 5) | nuclei -timeout 5 |
| -v | Show Verbose output | nuclei -v |
| -version | Show version of nuclei | nuclei -version |
- create a url.txt files with target urls.
# cat urls.txt
http://www.test.com
- Run nuclei scanner with multiple templates
# nuclei -l urls.txt /home/joshi/nuclei-templates-8.1.7
- Another variation of nuclei scanner with multiple templates (specific to ,say, misconfiguration and cves)
# nuclei -l urls.txt /home/joshi/nuclei-templates-8.1.7/cves/2020 -t /home/joshi/nuclei-templates-8.1.7/vulnerabilities -t /home/joshi/nuclei-templates-8.1.7/misconfiguration
# nuclei -l urls.txt /home/joshi/nuclei-templates-8.1.7/exposures/configs/
The following url lists various commands that you can use to find out different security issues: https://nuclei.projectdiscovery.io/nuclei/get-started/#nuclei-installation