Discover more from Learn Pentesting like a Pro!
🔝 How to use Nuclei for vulnerability scanning
Nuclei is a tool developed by Project Discovery team, as they say it is a Fast and customizable vulnerability scanner based on simple YAML based DSL.
It is similar to Nmap NSE script engine but much more easy to develop as only uses YAML files.
First of all, in order to install nuclei you need to download the nuclei executable (https://github.com/projectdiscovery/nuclei/releases/download/v2.6.5/nuclei_2.6.5_linux_amd64.zip) or compile from the original sources: https://github.com/projectdiscovery/nuclei
Like this stuff?! Subscribe for free to receive new posts.
To compile it you will need the latest Go version (1.17) and run the following commands:
git clone https://github.com/projectdiscovery/nuclei.git cd nuclei/v2/cmd/nuclei go build sudo mv nuclei /usr/local/bin/
To check that everything was installed successfully, try with:
Once ready, this is some quick list of commands to execute:
This is the output from updating the templates for the first time:
$ nuclei -ut __ _ ____ __ _______/ /__ (_) / __ \/ / / / ___/ / _ \/ / / / / / /_/ / /__/ / __/ / /_/ /_/\__,_/\___/_/\___/_/ 2.6.5 projectdiscovery.io [WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] nuclei-templates are not installed, installing... [INF] Successfully downloaded nuclei-templates (v8.9.1) to /home/user/nuclei-templates. GoodLuck!
You can browse the templates in ~/nuclei-templates:
$ ls ~/nuclei-templates/ cnvd cves exposures helpers misconfiguration takeovers token-spray CODE_OF_CONDUCT.md default-logins file iot network technologies TOP-10.md CONTRIBUTING.md dns fuzzing LICENSE.md PULL_REQUEST_TEMPLATE.md TEMPLATES-STATS.json vulnerabilities contributors.json exposed-panels headless miscellaneous ssl TEMPLATES-STATS.md workflows
Search for sensitive API disclosures:
nuclei -u $URL -t exposures/apis/
Look all plugins under exposures:
Scan for Wordpress vulnerabilities:
nuclei -u $URL -t vulnerabilities/wordpress/
Let's try with my (old) website :D
$ nuclei -u https://pentestwiki.org -t vulnerabilities/wordpress/ __ _ ____ __ _______/ /__ (_) / __ \/ / / / ___/ / _ \/ / / / / / /_/ / /__/ / __/ / /_/ /_/\__,_/\___/_/\___/_/ 2.6.5 projectdiscovery.io [WRN] Use with caution. You are responsible for your actions. [WRN] Developers assume no liability and are not responsible for any misuse or damage. [INF] Using Nuclei Engine 2.6.5 (latest) [INF] Using Nuclei Templates 8.9.1 (latest) [INF] Templates added in last update: 45 [INF] Templates loaded for scan: 133 [INF] Templates clustered: 4 (Reduced 2 HTTP Requests) [INF] Using Interactsh Server: oast.live [2022-03-22 07:13:31] [wordpress-xmlrpc-file] [http] [info] https://pentestwiki.org/xmlrpc.php [2022-03-22 07:13:32] [wordpress-user-enum] [http] [info] https://pentestwiki.org/?author=1 [author/jacobo] [2022-03-22 07:13:32] [wordpress-xmlrpc-listmethods] [http] [info] https://pentestwiki.org/xmlrpc.php [2022-03-22 07:13:33] [wp-license-file] [http] [info] https://pentestwiki.org/license.txt [2022-03-22 07:13:34] [wordpress-rdf-user-enum] [http] [info] https://pentestwiki.org/feed/rdf [jacobo]