nuclei-markdown
Run a Nuclei scan and export the results in markdown format. Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL.
Details
Category: Scanners
Publisher: trickest-mhmdiaa
Created Date: 9/13/2023
Container: quay.io/trickest/nuclei:v3.2.5
Source URL: https://github.com/projectdiscovery/nuclei
Parameters
Command:
-sni - tls sni hostname to use (default: input domain name)Command:
-var - custom vars in key=value formatCommand:
-code - enable loading code protocol-based templatesCommand:
-dast - only run DAST templatesCommand:
-list - List of target URLs/hosts to scanCommand:
-tags - templates to run based on tags (comma-separated)Command:
-type - templates to run based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascriptCommand:
-ztls - use ztls library with autofallback to standard one for tls13Command:
-debug - show all requests and responsesCommand:
-jsonl - write output in JSONL(ines) formatCommand:
-proxy - list of http/socks5 proxy to use (comma separated)Command:
-reset - reset removes all nuclei configuration and data files (including nuclei-templates)Command:
-stats - Display stats of the running scan.Command:
-author - templates to run based on authors (comma-separated)Command:
-config - path to the nuclei configuration fileCommand:
-header - custom header/cookie to include in all http requests in header:value formatCommand:
-no-mhe - disable skipping host from scan based on errorsCommand:
-resume - Resume scan using resume.cfg (clustering will be disabled)Command:
-silent - display findings onlyCommand:
-stream - stream mode - start elaborating without sorting the inputCommand:
-target - target URLs/hosts to scanCommand:
-no-meta - disable printing result metadata in cli outputCommand:
-passive - enable passive HTTP response processing modeCommand:
-project - Use a project folder to avoid sending same request multiple times.Command:
-retries - number of times to retry a failed request (default 1)Command:
-timeout - time to wait in seconds before timeout (default 10)Command:
-uncover - enable uncover engineCommand:
-verbose - show verbose outputCommand:
-env-vars - enable environment variables to be used in templateCommand:
-headless - enable templates that require headless browser support (root user on linux will disable sandbox)Command:
-no-color - disable output content coloring (ANSI escape codes)Command:
-no-httpx - disable httpx probing for non-url inputCommand:
-no-stdin - disable stdin processingCommand:
-omit-raw - omit request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)Command:
-severity - templates to run based on severity. Possible values: info, low, medium, high, critical, unknownCommand:
-templates - template file to runCommand:
-validate - validate the passed templates to nucleiCommand:
-bulk-size - maximum number of hosts to be analyzed in parallel per template (default 25)Command:
-client-ca - client certificate authority file (PEM-encoded) used for authenticating against scanned hostsCommand:
-debug-req - show all sent requestsCommand:
-interface - network interface to use for network scanCommand:
-resolvers - file containing resolver list for nucleiCommand:
-source-ip - source ip address to use for network scanCommand:
-tags - templates to run based on tagsCommand:
-templates - folder of templates to runCommand:
-timestamp - enables printing timestamp in cli outputCommand:
-var - custom vars in key=value formatCommand:
-workflows - list of workflow or workflow directory to run (comma-separated)Command:
-client-key - client key file (PEM-encoded) used for authenticating against scanned hostsCommand:
-debug-resp - show all received responsesCommand:
-exclude-id - templates to exclude based on template ids (comma-separated)Command:
-ip-version - IP version to scan of hostname (4,6) - (default 4)Command:
-proxy - list of http/socks5 proxy to useCommand:
-rate-limit - maximum number of requests to send per second (default 150)Command:
-stats-json - Write statistics data to stdout in JSONL(ines) formatCommand:
-attack-type - type of payload combinations to perform (batteringram,pitchfork,clusterbomb)Command:
-author - templates to run based on authorsCommand:
-client-cert - client certificate file (PEM-encoded) used for authenticating against scanned hostsCommand:
-concurrency - maximum number of templates to be executed in parallel (default 25)Command:
-force-http2 - force http2 connection on requestsCommand:
-template-id - templates to run based on template ids (comma-separated)Command:
-enable-pprof - enable pprof debugging serverCommand:
-exclude-tags - templates to exclude based on tags (comma-separated)Command:
-exclude-type - templates to exclude based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascriptCommand:
-fuzzing-mode - overrides fuzzing mode set in template (multiple, single)Command:
-fuzzing-type - overrides fuzzing type set in template (replace, prefix, postfix, infix)Command:
-hang-monitor - enable nuclei hang monitoringCommand:
-header - custom list of headers/cookies to include in all http requests in header:valueCommand:
-health-check - run diagnostic check upCommand:
-include-tags - tags to be executed even if they are excluded either by default or configurationCommand:
-metrics-port - port to expose nuclei metrics on (default 9092)Command:
-page-timeout - seconds to wait for each page in headless mode (default 20)Command:
-project-path - Use a user defined project folder. Temporary folder is used if not specified but enabled.Command:
-scan-all-ips - scan all the IP's associated with dns recordCommand:
-template-url - template urls to run (comma-separated)Command:
-workflow-url - workflow urls to run (comma-separated)Command:
-exclude-hosts - hosts to exclude to scan from the input list (ip, cidr, hostname)Command:
-max-redirects - max number of redirects to follow for http templates (default 10)Command:
-new-templates - run only new templates added in latest nuclei-templates releaseCommand:
-no-interactsh - disable interactsh server for OAST testing, exclude OAST based templatesCommand:
-omit-template - omit encoded template in the JSON, JSONL outputCommand:
-report-config - nuclei reporting module configuration fileCommand:
-scan-strategy - strategy to use while scanning(auto/host-spray/template-spray) (default auto)Command:
-show-var-dump - show variables dump for debuggingCommand:
-system-chrome - use local installed Chrome browser instead of nuclei installedCommand:
-target - folder containing files to execute file templates onCommand:
-template-url - list of template urls to runCommand:
-uncover-delay - delay between uncover query requests in seconds (0 to disable) (default 1)Command:
-uncover-field - uncover fields to return (ip,port,host) (default ip:port)Command:
-uncover-limit - uncover results to return (default 100)Command:
-uncover-query - uncover search queryCommand:
-workflow-url - list of workflow urls to runCommand:
-automatic-scan - automatic web scan using wappalyzer technology detection to tags mappingCommand:
-dialer-timeout - timeout for network requests.Command:
-js-concurrency - maximum number of javascript runtimes to be executed in parallel (default 120)Command:
-tl - list all available templatesCommand:
-matcher-status - display match failure statusCommand:
-max-host-error - max errors for a host before skipping from scan (default 30)Command:
-proxy-internal - proxy all internal requestsCommand:
-stats-interval - number of seconds to wait between showing a statistics update (default 5)Command:
-templates - list of template to runCommand:
-uncover-engine - uncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye,netlas) (default shodan)Command:
-workflows - list of workflow or workflow directory to runCommand:
-exclude-id - templates to exclude based on template idsCommand:
-show-match-line - show match lines for file templates, works with extractors onlyCommand:
-tls-impersonate - enable experimental client hello (ja3) tls randomizationCommand:
-exclude-matchers - template matchers to exclude in resultCommand:
-exclude-severity - templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknownCommand:
-follow-redirects - enable following redirects for http templatesCommand:
-headless-options - start headless chrome with additional optionsCommand:
-interactsh-token - authentication token for self-hosted interactsh serverCommand:
-no-strict-syntax - Disable strict syntax check on templatesCommand:
-system-resolvers - use system DNS resolving as error fallbackCommand:
-template-id - templates to run based on template idsCommand:
-track-error - adds given error to max-host-error watchlistCommand:
-dialer-keep-alive - keep-alive duration for network requests.Command:
-disable-redirects - disable redirects for http templatesCommand:
-vv - display templates loaded for scanCommand:
-exclude-tags - templates to exclude based on tagsCommand:
-exclude-templates - template or template directory to exclude (comma-separated)Command:
-include-tags - tags to be executed even if they are excluded either by default or configurationCommand:
-include-templates - templates to be executed even if they are excluded either by default or configurationCommand:
-interactsh-server - interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)Command:
-list-dsl-function - list all supported DSL function signaturesCommand:
-rate-limit-minute - maximum number of requests to send per minuteCommand:
-templates-version - shows the version of the installed nuclei-templatesCommand:
-uncover-ratelimit - override ratelimit of engines with unknown ratelimit (default 60 req/min) (default 60)Command:
-disable-clustering - disable clustering of requestsCommand:
-headless-bulk-size - maximum number of headless hosts to be analyzed in parallel per template (default 10)Command:
-input-read-timeout - timeout on input read (default 3m0s)Command:
-response-size-read - max response size to read in bytes (default 10485760)Command:
-response-size-save - max response size to read in bytes (default 1048576)Command:
-template-condition - templates to run based on expression conditionCommand:
-templates - template directory to runCommand:
-leave-default-ports - leave default HTTP/HTTPS ports (eg. host:80,host:443Command:
-payload-concurrency - max payload concurrency for each template (default 25)Command:
-stop-at-first-match - stop processing HTTP requests after the first match (may break template/workflow logic)Command:
-disable-update-check - disable automatic nuclei/templates update checkCommand:
-headless-concurrency - maximum number of headless templates to be executed in parallel (default 10)Command:
-list-headless-action - list available headless actionsCommand:
-exclude-matchers - template matchers to exclude in resultCommand:
-follow-host-redirects - follow redirects on the same hostCommand:
-interactions-eviction - number of seconds to wait before evicting requests from cache (default 60)Command:
-new-templates-version - run new templates added in specific versionCommand:
-exclude-templates - template or template directory to excludeCommand:
-include-templates - templates to be executed even if they are excluded either by default or configurationCommand:
-allow-local-file-access - allows file (payload) access anywhere on the systemCommand:
-interactions-cache-size - number of requests to keep in the interactions cache (default 5000)Command:
-interactions-poll-duration - number of seconds to wait before each interaction poll request (default 5)Command:
-interactions-cooldown-period - extra time for interaction polling before exiting (default 5)Command:
-restrict-local-network-access - blocks connections to the local / private network