What is Nuclei?
Nuclei is a free and powerful vulnerability scanner, it can perform automatic vulnerability scan for web app, cloud, etc. It uses templates that defines the steps required to detect a vulnerability, anyone can contribute to the templates and published it to the security community to use. The templates can be found via here.
My lab setup.
I installed nuclei inside my Kali Linux virtual machine.
apt update
apt install nuclei
Update the nuclei templates to latest version.
nuclei -ut
Check your nuclei engine version.
nuclei -version
Start the easy mode scan
Scan for a single target.
nuclei -u https://test.com
nuclei -u http://localhost:8080
nuclei -u my.test.com:5759
Scan for multiple targets.
nuclei -l /absolute-path/list-of-targets.txt
Scan with optimizations
Rate limiting requests (-rl) and concurrent templates (-c).
nuclei -u https://test.com -rl <number> -c <number>
nuclei -u https://test.com -rl 5 -c 5
- -rl 5 = restrict outgoing requests to 5 per second
- -c 5 = restrict outgoing requests to 5 concurrent templates
Timeout length (-timeout).
Note that the default value is 5 seconds.
nuclei -l list-of-targets.txt -timeout 1
Scan specific templates (-t) /tags (-tags) /severity (-s).
nuclei -u https://test.com -t file/logs/python-app-sql-exceptions.yaml
nuclei -u https://test.com -t file/logs/python-app-sql-exceptions.yaml -t exposures/files/pyproject-disclosure.yaml
nuclei -u https://test.com -tags jira,generic
nuclei -u https://test.com -s critical,high,medium,low,info
Exclude specific templates (-et) /tags (-etags).
nuclei -u https://test.com -t cves/ -et cves/2020/
nuclei -u https://test.com -t cves/ -etags xss
Scan blocked tags.
nuclei -l list-of-targets.txt -include-tags iot,misc,fuzz
Custom user-agent (-H).
nuclei -u https://test.com -H "User-Agent: custom-string"
Save the scan result (-o).
nuclei -u https://test.com -o nuclei-scan.txt
Burp integration with Nuclei.
Setup nuclei inside the burp suite.
Git clone from the Github.
cd /opt
git clone https://github.com/PortSwigger/nuclei-burp-integration/tree/main
cd nuclei-burp-integration
Open burp suite, extension tab, add burp extensions, add the “nuclei-extensions.py” into burp suite.
Sent request to nuclei scanner.
Open Nuclei tab.
Press “Run Scanning”.
Overview of the issues.