nuclei-markdown
Run a Nuclei scan and export the results in markdown format. Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL.
Name:nuclei-markdown
Category:Scanners
Publisher:trickest-mhmdiaa
Created:9/13/2023
Container:
quay.io/trickest/nuclei:v3.2.5Output Type:
License:Unknown
Source:View Source
Parameters
-snitls sni hostname to use (default: input domain name)-varcustom vars in key=value format-codeenable loading code protocol-based templates-dastonly run DAST templates-listList of target URLs/hosts to scan-tagstemplates to run based on tags (comma-separated)-typetemplates to run based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript-ztlsuse ztls library with autofallback to standard one for tls13-debugshow all requests and responses-jsonlwrite output in JSONL(ines) format-proxylist of http/socks5 proxy to use (comma separated)-resetreset removes all nuclei configuration and data files (including nuclei-templates)-statsDisplay stats of the running scan.-authortemplates to run based on authors (comma-separated)-configpath to the nuclei configuration file-headercustom header/cookie to include in all http requests in header:value format-no-mhedisable skipping host from scan based on errors-resumeResume scan using resume.cfg (clustering will be disabled)-silentdisplay findings only-streamstream mode - start elaborating without sorting the input-targettarget URLs/hosts to scan-no-metadisable printing result metadata in cli output-passiveenable passive HTTP response processing mode-projectUse a project folder to avoid sending same request multiple times.-retriesnumber of times to retry a failed request (default 1)-timeouttime to wait in seconds before timeout (default 10)-uncoverenable uncover engine-verboseshow verbose output-env-varsenable environment variables to be used in template-headlessenable templates that require headless browser support (root user on linux will disable sandbox)-no-colordisable output content coloring (ANSI escape codes)-no-httpxdisable httpx probing for non-url input-no-stdindisable stdin processing-omit-rawomit request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)-severitytemplates to run based on severity. Possible values: info, low, medium, high, critical, unknown-templatestemplate file to run-validatevalidate the passed templates to nuclei-bulk-sizemaximum number of hosts to be analyzed in parallel per template (default 25)-client-caclient certificate authority file (PEM-encoded) used for authenticating against scanned hosts-debug-reqshow all sent requests-interfacenetwork interface to use for network scan-resolversfile containing resolver list for nuclei-source-ipsource ip address to use for network scan-tagstemplates to run based on tags-templatesfolder of templates to run-timestampenables printing timestamp in cli output-varcustom vars in key=value format-workflowslist of workflow or workflow directory to run (comma-separated)-client-keyclient key file (PEM-encoded) used for authenticating against scanned hosts-debug-respshow all received responses-exclude-idtemplates to exclude based on template ids (comma-separated)-ip-versionIP version to scan of hostname (4,6) - (default 4)-proxylist of http/socks5 proxy to use-rate-limitmaximum number of requests to send per second (default 150)-stats-jsonWrite statistics data to stdout in JSONL(ines) format-attack-typetype of payload combinations to perform (batteringram,pitchfork,clusterbomb)-authortemplates to run based on authors-client-certclient certificate file (PEM-encoded) used for authenticating against scanned hosts-concurrencymaximum number of templates to be executed in parallel (default 25)-force-http2force http2 connection on requests-template-idtemplates to run based on template ids (comma-separated)-enable-pprofenable pprof debugging server-exclude-tagstemplates to exclude based on tags (comma-separated)-exclude-typetemplates to exclude based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript-fuzzing-modeoverrides fuzzing mode set in template (multiple, single)-fuzzing-typeoverrides fuzzing type set in template (replace, prefix, postfix, infix)-hang-monitorenable nuclei hang monitoring-headercustom list of headers/cookies to include in all http requests in header:value-health-checkrun diagnostic check up-include-tagstags to be executed even if they are excluded either by default or configuration-metrics-portport to expose nuclei metrics on (default 9092)-page-timeoutseconds to wait for each page in headless mode (default 20)-project-pathUse a user defined project folder. Temporary folder is used if not specified but enabled.-scan-all-ipsscan all the IP's associated with dns record-template-urltemplate urls to run (comma-separated)-workflow-urlworkflow urls to run (comma-separated)-exclude-hostshosts to exclude to scan from the input list (ip, cidr, hostname)-max-redirectsmax number of redirects to follow for http templates (default 10)-new-templatesrun only new templates added in latest nuclei-templates release-no-interactshdisable interactsh server for OAST testing, exclude OAST based templates-omit-templateomit encoded template in the JSON, JSONL output-report-confignuclei reporting module configuration file-scan-strategystrategy to use while scanning(auto/host-spray/template-spray) (default auto)-show-var-dumpshow variables dump for debugging-system-chromeuse local installed Chrome browser instead of nuclei installed-targetfolder containing files to execute file templates on-template-urllist of template urls to run-uncover-delaydelay between uncover query requests in seconds (0 to disable) (default 1)-uncover-fielduncover fields to return (ip,port,host) (default ip:port)-uncover-limituncover results to return (default 100)-uncover-queryuncover search query-workflow-urllist of workflow urls to run-automatic-scanautomatic web scan using wappalyzer technology detection to tags mapping-dialer-timeouttimeout for network requests.-js-concurrencymaximum number of javascript runtimes to be executed in parallel (default 120)-tllist all available templates-matcher-statusdisplay match failure status-max-host-errormax errors for a host before skipping from scan (default 30)-proxy-internalproxy all internal requests-stats-intervalnumber of seconds to wait between showing a statistics update (default 5)-templateslist of template to run-uncover-engineuncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye,netlas) (default shodan)-workflowslist of workflow or workflow directory to run-exclude-idtemplates to exclude based on template ids-show-match-lineshow match lines for file templates, works with extractors only-tls-impersonateenable experimental client hello (ja3) tls randomization-exclude-matcherstemplate matchers to exclude in result-exclude-severitytemplates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown-follow-redirectsenable following redirects for http templates-headless-optionsstart headless chrome with additional options-interactsh-tokenauthentication token for self-hosted interactsh server-no-strict-syntaxDisable strict syntax check on templates-system-resolversuse system DNS resolving as error fallback-template-idtemplates to run based on template ids-track-erroradds given error to max-host-error watchlist-dialer-keep-alivekeep-alive duration for network requests.-disable-redirectsdisable redirects for http templates-vvdisplay templates loaded for scan-exclude-tagstemplates to exclude based on tags-exclude-templatestemplate or template directory to exclude (comma-separated)-include-tagstags to be executed even if they are excluded either by default or configuration-include-templatestemplates to be executed even if they are excluded either by default or configuration-interactsh-serverinteractsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)-list-dsl-functionlist all supported DSL function signatures-rate-limit-minutemaximum number of requests to send per minute-templates-versionshows the version of the installed nuclei-templates-uncover-ratelimitoverride ratelimit of engines with unknown ratelimit (default 60 req/min) (default 60)-disable-clusteringdisable clustering of requests-headless-bulk-sizemaximum number of headless hosts to be analyzed in parallel per template (default 10)-input-read-timeouttimeout on input read (default 3m0s)-response-size-readmax response size to read in bytes (default 10485760)-response-size-savemax response size to read in bytes (default 1048576)-template-conditiontemplates to run based on expression condition-templatestemplate directory to run-leave-default-portsleave default HTTP/HTTPS ports (eg. host:80,host:443-payload-concurrencymax payload concurrency for each template (default 25)-stop-at-first-matchstop processing HTTP requests after the first match (may break template/workflow logic)-disable-update-checkdisable automatic nuclei/templates update check-headless-concurrencymaximum number of headless templates to be executed in parallel (default 10)-list-headless-actionlist available headless actions-exclude-matcherstemplate matchers to exclude in result-follow-host-redirectsfollow redirects on the same host-interactions-evictionnumber of seconds to wait before evicting requests from cache (default 60)-new-templates-versionrun new templates added in specific version-exclude-templatestemplate or template directory to exclude-include-templatestemplates to be executed even if they are excluded either by default or configuration-allow-local-file-accessallows file (payload) access anywhere on the system-interactions-cache-sizenumber of requests to keep in the interactions cache (default 5000)-interactions-poll-durationnumber of seconds to wait before each interaction poll request (default 5)-interactions-cooldown-periodextra time for interaction polling before exiting (default 5)-restrict-local-network-accessblocks connections to the local / private network