Learn Pentesting like a Pro!

Share this post

🔝 How to use Nuclei for vulnerability scanning

pentesting.academy

🔝 How to use Nuclei for vulnerability scanning

pentesting.academy
Oct 16, 2021
Share this post

🔝 How to use Nuclei for vulnerability scanning

pentesting.academy

Nuclei is a tool developed by Project Discovery team, as they say it is a Fast and customizable vulnerability scanner based on simple YAML based DSL.

It is similar to Nmap NSE script engine but much more easy to develop as only uses YAML files.

Nuclei Wordpress template in action

First of all, in order to install nuclei you need to download the nuclei executable (https://github.com/projectdiscovery/nuclei/releases/download/v2.6.5/nuclei_2.6.5_linux_amd64.zip) or compile from the original sources: https://github.com/projectdiscovery/nuclei

Like this stuff?! Subscribe for free to receive new posts.

To compile it you will need the latest Go version (1.17) and run the following commands:

git clone https://github.com/projectdiscovery/nuclei.git

cd nuclei/v2/cmd/nuclei

go build

sudo mv nuclei /usr/local/bin/

To check that everything was installed successfully, try with:

nuclei -version

Once ready, this is some quick list of commands to execute:

Update database:

nuclei -ut

This is the output from updating the templates for the first time:

$ nuclei -ut

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.5

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] nuclei-templates are not installed, installing...
[INF] Successfully downloaded nuclei-templates (v8.9.1) to /home/user/nuclei-templates. GoodLuck!

You can browse the templates in ~/nuclei-templates:

$ ls ~/nuclei-templates/
cnvd                cves            exposures  helpers        misconfiguration          takeovers             token-spray
CODE_OF_CONDUCT.md  default-logins  file       iot            network                   technologies          TOP-10.md
CONTRIBUTING.md     dns             fuzzing    LICENSE.md     PULL_REQUEST_TEMPLATE.md  TEMPLATES-STATS.json  vulnerabilities
contributors.json   exposed-panels  headless   miscellaneous  ssl                       TEMPLATES-STATS.md    workflows

Search for sensitive API disclosures:

nuclei -u $URL -t exposures/apis/

Look all plugins under exposures:

ls ~/nuclei-templates/exposures

Scan for Wordpress vulnerabilities:

nuclei -u $URL -t vulnerabilities/wordpress/

Let's try with my (old) website :D

$ nuclei -u https://pentestwiki.org -t vulnerabilities/wordpress/

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.5

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.6.5 (latest)
[INF] Using Nuclei Templates 8.9.1 (latest)
[INF] Templates added in last update: 45
[INF] Templates loaded for scan: 133
[INF] Templates clustered: 4 (Reduced 2 HTTP Requests)
[INF] Using Interactsh Server: oast.live
[2022-03-22 07:13:31] [wordpress-xmlrpc-file] [http] [info] https://pentestwiki.org/xmlrpc.php
[2022-03-22 07:13:32] [wordpress-user-enum] [http] [info] https://pentestwiki.org/?author=1 [author/jacobo]
[2022-03-22 07:13:32] [wordpress-xmlrpc-listmethods] [http] [info] https://pentestwiki.org/xmlrpc.php
[2022-03-22 07:13:33] [wp-license-file] [http] [info] https://pentestwiki.org/license.txt
[2022-03-22 07:13:34] [wordpress-rdf-user-enum] [http] [info] https://pentestwiki.org/feed/rdf [jacobo]
Share this post

🔝 How to use Nuclei for vulnerability scanning

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing