Quick guide to using Nuclei effectively.

Nuclei is great scanning tool that can be used to search for low hanging fruit and a variety of deep routed issues that you may never typically search for manually. For example, you might use it to search for CVEs that you may never know existed in a platform when testing manually. Unless you were to find an associated banner or particular software version, something you may never find.

We typically suggest the following nuclei command as a good start for finding many types of issue in a slow enough manner to not disrupt a web service:

nuclei -u URL -rl 50 -c 5 -t cnvd/,cves/,default-logins/,dns/,exposed-panels/,exposures/,file/,fuzzing/,miscellaneous/,misconfiguration/,network/,osint/,ssl/,technologies/,vulnerabilities/

Lets break this down:

-u is the URL to test

-rl is rate limiting, set to 50 requests per second (prevents web service disruption)

-c is the number of templates to be executed in parallel

-t is the templates to use which find the vulnerabilities

If the web service you are attacking is stable you may want to up the -rl but on the other hand, if the web service is flaky you could drop the -rl number for good measure.

Really, the only thing you should be changing is the templates under -t. For a full list of templates, look here

Last updated