# Nuclei > Notes from my practice but also from XSSrat course Nuclei is an open source and community powered vulnerability scanner. * [Github repo](https://github.com/projectdiscovery/nuclei) * [Official Documentation](https://nuclei.projectdiscovery.io/nuclei/get-started/) * [Official blog](https://blog.projectdiscovery.io/) ## Installation Nuclei requires the latest version of GO ### The easy way * `sudo apt update` * `sudo apt install nuclei` > Or you can install Go first and then nuclei as follows as per the official documentation. ### Official way #### Install Go * `$ rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz` * `export PATH=$PATH:/usr/local/go/bin` (put this in `$HOME/.profile or /etc/profile`) * More info [here](https://go.dev/doc/install) * `go env -w GOPATH=$HOME/go` * More info [here](https://github.com/golang/go/wiki/SettingGOPATH) **Install go with snapd** * `sudo systemctl start snapd` * `sudo snap install go --classic` #### Install Nuclei * `go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest` ### Install with Brew #### Install brew * `/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"` * Add Homebrew to your PATH * `(echo; echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"') >> /home/gabrielle/.profile` * `eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"` * Install gcc (recommended by brew) * `brew install gcc` #### Install nuclei * `brew install nuclei` ### Run nuclei * `nuclei -u https://example.com/` (it can be an url or an host) ### Cheat Sheet * Update templates `nuclei -ut` * Launch scan on 10.10.2.4 `nuclei -v -t ssh-pass-auth.yaml 10.10.2.4` * Validate your template will work `nuclei -t template.yaml -validate` * Launch a specific template against a target `nuclei -v -t ssh-auth-methods.yaml -u ` ### Nuclei Templates * [Github repo](https://github.com/projectdiscovery/nuclei-templates) * [Official documentation](https://nuclei.projectdiscovery.io/templating-guide/) #### Anatomy of a template * ID * Metadata * Name author description tag * Requests * Method * Path * Redirects:TRUE * MAX-REDIRECTS:3 **Dynamic variables** * `GE{{BASEURL}}` Replaced on runtime with the input url (target file) * `{{ROOTURL}}` Replaced on runtime by root url (target file) * `{{HOSTNAME}}` Replaced on runtime by hostname including port of the target * `{{HOST}}` Replaced on runtime in the request by host (target file) * `{{PORT}}` Replaced on runtime by input port (target file) * `{{PATH}}` Replaced on runtime by input path (target file) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://csbygb.gitbook.io/pentips/tools/nuclei.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.