Nuclei
Quick guide to using Nuclei effectively.
Last updated
Quick guide to using Nuclei effectively.
Last updated
Nuclei is great scanning tool that can be used to search for low hanging fruit and a variety of deep routed issues that you may never typically search for manually. For example, you might use it to search for CVEs that you may never know existed in a platform when testing manually. Unless you were to find an associated banner or particular software version, something you may never find.
We typically suggest the following nuclei command as a good start for finding many types of issue in a slow enough manner to not disrupt a web service:
nuclei -u URL -rl 50 -c 5 -t cnvd/,cves/,default-logins/,dns/,exposed-panels/,exposures/,file/,fuzzing/,miscellaneous/,misconfiguration/,network/,osint/,ssl/,technologies/,vulnerabilities/
Lets break this down:
-u
is the URL to test
-rl
is rate limiting, set to 50 requests per second (prevents web service disruption)
-c
is the number of templates to be executed in parallel
-t
is the templates to use which find the vulnerabilities
If the web service you are attacking is stable you may want to up the -rl
but on the other hand, if the web service is flaky you could drop the -rl
number for good measure.
Really, the only thing you should be changing is the templates under -t.
For a full list of templates, look here