What is Nuclei

What is Nuclei?

NucleiProjectDiscovery it is a fast and open source security vulnerability scanning software developed by his team, written in Go language, that can be managed with templates (template – in YAML format). Because it is manageable with templates, it makes it possible to look for a specific vulnerability on multiple servers. Nuclei tool TCP, DNS, HTTP etc. on protocols security breach it can scan. It also has a template repository contributed by more than 200’ security researchers and engineers.

Nuclei Installation

Installing Nuclei with Go

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Requires the latest Go version to install successfully.

Installing Nuclei with Brew

brew install nucleus

This method supports MacOS and Linux.

Installing Nuclei with Docker

docker pull projectdiscovery/nuclei:latest

Nuclei Setup from Github

go clone https://github.com/projectdiscovery/nuclei.git; \
cd nucleusi/v2/cmd/nuclei; \
go build; \
mv nucleusi /usr/local/bin/; \
nucleus -version;

Requires the latest Go version to install successfully.

Nuclear binary

After “https://github.com/projectdiscovery/nuclei/releases” downloads the latest file from this address according to your operating system and extracts it from the archive, you can run the binary file.

Nuclei Template Installation and Update

nucleus -ut
nucleus -update

Nuclei Installation

We are now ready to use the Nuclei tool. “ to see all commands and descriptionsnucleus -hYou can use the ” command.

nuclei
Usage:
  nucleus [flags]

Flags:
TARGET:
   -u, -target string[] target URLs/hosts to scan
   -l, -list string path to file containing a list of target URLs/hosts to scan (one per line)

TEMPLATES:
   -tl list all available templates
   -t, -templates string[] template or template directory paths to include in the scan
   -w, -workflows string[] list of workflows to run
   -nt, -new-templates run newly added templates only
   -validate validate the passed templates to nuclei

FILTERING:
   -tags string[] execute a subset of templates that contain the provided tags
   -include-tags string[] tags from the default deny list that permit executing more intrusive templates
   -etags, -exclude-tags string[] exclude templates with the provided tags
   -include-templates string[] templates to be executed even if they are excluded either by default or configuration
   -exclude-templates, -exclude string[] template or template directory paths to exclude
   -severity, -impact value[] Templates to run based on severity. Possible values: info, low, medium, high, critical
   -author string[] execute templates that are (co-)created by the specified authors

OUTPUT:
   -o, -output string output file to write found issues/vulnerabilities
   -silent display finds only
   -v, -verbose show verbose output
   -vv display extra verbose information
   -nc, -no-color disable output content coloring (ANSI escape codes)
   -json write output in JSONL(ines) format
   -irr, -include-rr include request/response pairs in the JSONL output (for finds only)
   -nm, -no-meta don't display match metadata in CLI output
   -nts, -no-timestamp don't display timestamp metadata in CLI output
   -rdb, -report-db string local nuclear reporting database (always use this to persistent report data)
   -me, -markdown-export string directory to export results in markdown format
   -se, -sarif-export string file to export results in SARIF format

CONFIGURATIONS:
   -config string path to the nucleusi configuration file
   -rc, -report-config string nucleus reporting module configuration file
   -H, -header string[] custom heads in header:value format
   -V, -var value custom vars in var=value format
   -r, -resolvers string file containing resolver list for nucleus
   -system-resolvers use system DNS resolving as error fallback
   -passive enable passive HTTP response processing mode
   -env-vars enable environment variables support

INTERACTSH:
   -no-interactsh disable interactsh server for OOB testing
   -interactsh-url string interactsh server url for self-hosted instance (default "https://interact.sh")
   -interactsh-token string authentication token for self-hosted interactsh server
   -interactions-cache-size int number of requests to keep in the interactions cache (default 5000)
   -interactions-eviction int number of seconds to wait before evicting requests from cache (default 60)
   -interactions-poll-duration int number of seconds to wait before each interaction poll request (default 5)
   -interactions-cooldown-period int extra time for interaction polling before exiting (default 5)

RATE-LIMIT:
   -rl, -rate-limit int maximum number of requests to send per second (default 150)
   -rlm, -rate-limit-minute int maximum number of requests to send per minute
   -bs, -bulk-size int maximum number of hosts to be analyzed in parallel per template (default 25)
   -c, -concurrency int maximum number of templates to be executed in parallel (default 10)

OPTIMIZATIONS:
   -timeout int time to wait in seconds before timeout (default 5)
   -retries int number of times to retry a failed request (default 1)
   -max-host-error int max errors for a host before skipping from scan (default 30)
   -project use a project folder to avoid sending same request multiple times
   -project-path string set a specific project path (default "$TMPDIR/")
   -spm, -stop-at-first-path stop processing HTTP requests after the first match (may break template/workflow logic)

HEADLESS:
   -headless enable templates that require headless browser support
   -page-timeout int seconds to wait for each page in headless mode (default 20)
   -show-browser show the browser on the screen when running templates with headless mode

DEBUG:
   -debug show all requests and responses
   -debug-req show all sent requests
   -debug-resp show all received responses
   -proxy, -proxy-url string URL of the HTTP proxy server
   -proxy-socks-url string URL of the SOCKS proxy server
   -trace-log string file to write sent requests trace log
   -version show nucleus version
   -tv, -templates-version shows the version of the installed nuclei-templates

UPDATE:
   -update update nucleus to the latest released version
   -ut, -update-templates update the community templates to latest released version
   -nut, -no-update-templates do not check for nuclei-templates updates
   -ud, -update-directory string overwrite the default nucleus-templates directory (default "$HOME/nuclei-templates")

STATISTICS:
   -stats display statistics about the running scan
   -stats-json write statistics data to an output file in JSONL(ines) format
   -si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)
   -metrics expose nuclei metrics on a port
   -metrics-port int port to expose nuclear metrics on (default 9092)

The most basic use of Nuclei is “nucleus -u https://target.comit is shaped like ”. Since we do not specify a specific template in this usage, it will use all templates by default.

nuclei 2

“ if we want to use specific templates-tWe can use the ” parameter. For example; “nucleusi -u https://target.com -t cves/2020/when we run the ” command, it will use all templates under the “cves/2020/” directory.

nuclei 3

Instead of using more than one template, we can also use a single one. For example; “nucleusi -u https://target.com -t cves/2020/CVE-2020-35736.yaml

nuclei 4

Also “ to exclude some templates in the scan-exclude-templatesWe can use the ” parameter.

nuclei 5

By filtering templates, we can ensure that only templates of the type we want work. Nuclei supports three types of filtering methods.

  • Tags (-tags)
  • Degree of importance (-severity)
  • Author (-author)

To exclude some tags, “-exclude-tags We can use the ” parameter.

Sample Usage: “nucleus -u https://target.com -tags rce,cve -severity critical,high -author XXXX -exclude-tags xss

nuclei 6

“ if we want to scan on multiple targets-list” or “-lWe can use the ” parameter. For example; “nucleusi -l url_listesi.txtWith the ” command, it scans all addresses in the “url_listesi.txt” file.
Note: An address must be written on each line in the file containing the addresses where the scan will be made.

nuclei 7

Nuclei’s reporting module JiraGithub and Gitlabsupports ’. To do this, “ must create the config file of the platform on which the reporting will be made-rc” or “-report-configAfter the ” parameter, the path to the config file must be specified.

Example config file: https://github.com/projectdiscovery/nuclei/blob/master/v2/cmd/nuclei/issue-tracker-config.yaml

Example usage: “nucleus -u https://target.com -rc config.yaml

“ to export the output of the scan as markdown-me” or “-markdown-exportWe can use the ” parameter. “ if we just want to export the output in plain text-oWe can use the ” parameter.

Example usage: “nucleusi -u https://target.com -rc config.yaml -me markdown.txt -o output.txt

Similar Posts

  • GRC – Governance, Risk, Compliance

    Security issues such as data breaches and cyber risks can lead to loss of your sensitive data, financial losses and damage to your reputation. Therefore, institutions need a comprehensive, integrated and sustainable framework to effectively manage these risks. GRC (Governance, Risk, Compliance); It is a holistic management approach that covers governance, risk management and compliance processes.

  • Digital footprint protection tips

    In our hyper-connected world, virtually every interaction leaves a trail. This trail—your digital footprint—is the cumulative record of your online activity, from social media posts and online purchases to search history and device usage. While often invisible, this footprint is a powerful collection of data that can shape your reputation, affect career opportunities, and, if unprotected, expose you to identity theft and privacy risks.

  • What is Artificial Intelligence in Cyber Security?

    Artificial intelligence in cybersecurity is revolutionizing threat detection and response with machine learning algorithms that analyze millions of security events per second and identify patterns that humans cannot perceive. According to IBM’s Artificial Intelligence Security Report, businesses using artificial intelligence in cyber security reduce incident response times by 70% and reach a threat detection rate of 98%. This technology processes large data sets to predict cyber attacks, automate defenses, and adapt to evolving threats faster than traditional security methods. businesses implementing AI-driven security save 150 billion dollars annually thanks to improved threat prevention and reduced breach costs. Security teams leverage artificial intelligence to combat deepfakes, automated phishing, and advanced cyberattacks targeting critical infrastructure.

  • Cyber Security Measures to be Taken in the Office

    Good cybersecurity is key to reducing the risk of cyber attacks in your business, and its main purpose is to protect your devices, the services you access with those devices, and the important information stored on those devices.