nuclei
Basic Usage Example
This tool offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. It is used to send requests across target(s) based on a template, leading to zero false positives and providing fast scanning on a large number of hosts.
Providing template
By default, nuclei tool uses ready-to-go community-curated templates. If you find more appropriate to write and use your own template(s), provide GitHub repository URL containing your template(s), as a nuclei template input's value:
Scanning with your own nuclei templates
In the examples below, we're performing scanning with community-curated nuclei templates.
Vulnerability Scanning of One Domain
Pass a domain (e.g. trickest.io) to the target input, as string type value:
Scanning target with community-curated nuclei templates
Vulnerability Scanning of Multiple Domain
Pass a list of domains to the urls-list input, as file type value:
trickest.com
trickest.io
Scanning targets with community-curated nuclei templates
Improvements
Using single template file
If you want to pass to nuclei private uploaded file as a single template, you can use custom-script like below. Script will copy template file to input folder and pass it further to nuclei.
Custom script command
Improving scanning performance
Tool options related to speed
Nuclei has some options that will make it faster depending on your list of targets. You can take a look at: bulk-size and rate-limit threads.
Tool options related to filtering
It might be a good idea to filter the templates that are passed to nuclei, using one or more of the following options: severity and exclude-severity (info and low templates may or may not be worth it for you), and automatic-scan that will let nuclei run templates based on the discovered technologies.
Tool options related to debugging
It's always good to have more debug info using the verbose and stats flags so that you can analyze the tool's stdout and figure out ways to make it go faster.