nuclei
Basic Usage Example
This tool offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. It is used to send requests across target(s) based on a template, leading to zero false positives and providing fast scanning on a large number of hosts.
Providing template
By default, nuclei tool uses ready-to-go community-curated templates. If you find more appropriate to write and use your own template(s), provide GitHub repository URL containing your template(s), as a nuclei template
input's value:
In the examples below, we're performing scanning with community-curated nuclei templates.
Vulnerability Scanning of One Domain
Pass a domain (e.g. trickest.io) to the target
input, as string
type value:
Vulnerability Scanning of Multiple Domain
Pass a list of domains to the urls-list
input, as file type value:
trickest.com
trickest.io
Improvements
Using single template file
If you want to pass to nuclei
private uploaded file as a single template, you can use custom-script
like below. Script will copy template file to input folder and pass it further to nuclei
.
Improving scanning performance
Tool options related to speed
Nuclei has some options that will make it faster depending on your list of targets. You can take a look at: bulk-size
and rate-limit
threads.
Tool options related to filtering
It might be a good idea to filter the templates that are passed to nuclei, using one or more of the following options: severity
and exclude-severity
(info and low templates may or may not be worth it for you), and automatic-scan
that will let nuclei run templates based on the discovered technologies.
Tool options related to debugging
It's always good to have more debug info using the verbose
and stats
flags so that you can analyze the tool's stdout and figure out ways to make it go faster.