Bug Culture Wiki
Pages (Latest 3 updated) : Menu (Edit):
Add new Edit Delete History Source
Contents:
  1. Nuclei Usage
    1. Basic Vulnerability Scan
      1. Code:
      2. Explanation:
    2. Scan Using All Templates While Skipping httpx
      1. Code:
      2. Explanation:
    3. Scan a List of URLs from a File
      1. Code:
      2. Explanation:
    4. Authenticated Web Application Scanning
      1. Code:
      2. Explanation:
    5. Use Specific Template or Template Directory
      1. Code:
      2. Explanation:
    6. Scan with a Specific Severity Level
      1. Code:
      2. Explanation:
    7. Scan with Custom Headers
      1. Code:
      2. Explanation:
    8. Rate Limit Requests
      1. Code:
      2. Explanation:
    9. Scan with Proxy
      1. Code:
      2. Explanation:
    10. Output Results to a File
      1. Code:
      2. Explanation:
    11. Scan for Specific CVE
      1. Code:
      2. Explanation:
    12. Run in Debug Mode
      1. Code:
      2. Explanation:
    13. Update Nuclei and Templates
      1. Code:
      2. Explanation:

Nuclei Usage

Nuclei is a powerful vulnerability scanner that uses YAML-based templates to identify security issues in various targets. Below are common usage examples.

Basic Vulnerability Scan

Code:

nuclei -u https://<url>/

Explanation:

  • Scans the given URL using the default template set.

Scan Using All Templates While Skipping httpx

Code:

nuclei -t ~/nuclei-templates/ -u https://<url>/ -ni -no-dup -no-httpx

Explanation:

  • -t ~/nuclei-templates/ specifies the directory containing Nuclei templates.
  • -u https://<url>/ sets the target URL.
  • -ni disables interactions.
  • -no-dup avoids duplicate requests.
  • -no-httpx disables httpx-based resolution.

Scan a List of URLs from a File

Code:

nuclei -l urls.txt

Explanation:

  • -l urls.txt loads a file containing multiple URLs to scan.

Authenticated Web Application Scanning

Code:

nuclei -t ~/nuclei-templates/ -u https://<url>/ -ni -no-dup -no-httpx -H "Cookie: test"

Explanation:

  • -H "Cookie: test" is the session value to authenticate to the application.

Use Specific Template or Template Directory

Code:

nuclei -t ~/nuclei-templates/cves/ -u https://<url>/

Explanation:

  • -t ~/nuclei-templates/cves/ runs only CVE-related templates.

Scan with a Specific Severity Level

Code:

nuclei -t ~/nuclei-templates/ -u https://<url>/ -severity critical

Explanation:

  • -severity critical filters results to show only critical vulnerabilities.

Scan with Custom Headers

Code:

nuclei -u https://<url>/ -H "Authorization: Bearer <token>"

Explanation:

  • -H allows adding custom headers, useful for authenticated scans.

Rate Limit Requests

Code:

nuclei -u https://<url>/ -rate-limit 50

Explanation:

  • -rate-limit 50 limits the scan to 50 requests per second.

Scan with Proxy

Code:

nuclei -u https://<url>/ -proxy http://127.0.0.1:8080

Explanation:

  • -proxy routes requests through a proxy (e.g., Burp Suite).

Output Results to a File

Code:

nuclei -u https://<url>/ -o results.txt

Explanation:

  • -o results.txt saves the scan results to a file.

Scan for Specific CVE

Code:

nuclei -u https://<url>/ -t cves/2023/CVE-2023-1234.yaml

Explanation:

  • Runs a specific CVE template against the target.

Run in Debug Mode

Code:

nuclei -u https://<url>/ -debug

Explanation:

  • -debug provides more detailed output, useful for troubleshooting.

Update Nuclei and Templates

Code:

nuclei -update-templates

Explanation:

  • Ensures you are using the latest Nuclei templates.