Nuclei
Last updated
Last updated
Notes from my practice but also from XSSrat course
Nuclei is an open source and community powered vulnerability scanner.
Nuclei requires the latest version of GO
sudo apt update
sudo apt install nuclei
Or you can install Go first and then nuclei as follows as per the official documentation.
$ rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
(put this in $HOME/.profile or /etc/profile
)
More info
go env -w GOPATH=$HOME/go
More info
Install go with snapd
sudo systemctl start snapd
sudo snap install go --classic
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Add Homebrew to your PATH
(echo; echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"') >> /home/gabrielle/.profile
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
Install gcc (recommended by brew)
brew install gcc
brew install nuclei
nuclei -u https://example.com/
(it can be an url or an host)
Update templates nuclei -ut
Launch scan on 10.10.2.4 nuclei -v -t ssh-pass-auth.yaml 10.10.2.4
Validate your template will work nuclei -t template.yaml -validate
Launch a specific template against a target nuclei -v -t ssh-auth-methods.yaml -u <target-ip_or_file-with-target-list>
ID
Metadata
Name author description tag
Requests
Method
Path
Redirects:TRUE
MAX-REDIRECTS:3
Dynamic variables
GE{{BASEURL}}
Replaced on runtime with the input url (target file)
{{ROOTURL}}
Replaced on runtime by root url (target file)
{{HOSTNAME}}
Replaced on runtime by hostname including port of the target
{{HOST}}
Replaced on runtime in the request by host (target file)
{{PORT}}
Replaced on runtime by input port (target file)
{{PATH}}
Replaced on runtime by input path (target file)