Grizzly Cyber Wiki
  • 👋Grizzly Cyber Security
  • ❓What is Cyber Wiki?
  • Web Testing
    • 🔑Session Token and APIs
      • Testing API Keys
      • Testing JSON WEB TOKENS
    • 🔍Discovery & Scanning
      • Custom Subdomain Wordlists
      • Subdomain Enumeration
      • Dir & Page Enumeration
      • Nuclei
    • 💉Injection Testing
      • CSV Injection
  • Wireless Testing
    • ðŸ“ķWPA2 Cracking
  • Miscellaneous
    • ðŸ’ŧHow to Proxy Linux Traffic
    • ðŸĪŠUseful Unique Resources
    • 📃Cheat Sheets
      • IDOR Cheat Sheet
      • NMAP Cheat Sheet
Powered by GitBook
On this page
  1. Web Testing
  2. Discovery & Scanning

Nuclei

Quick guide to using Nuclei effectively.

PreviousDir & Page EnumerationNextInjection Testing

Last updated 2 years ago

Nuclei is great scanning tool that can be used to search for low hanging fruit and a variety of deep routed issues that you may never typically search for manually. For example, you might use it to search for CVEs that you may never know existed in a platform when testing manually. Unless you were to find an associated banner or particular software version, something you may never find.

We typically suggest the following nuclei command as a good start for finding many types of issue in a slow enough manner to not disrupt a web service:

nuclei -u URL -rl 50 -c 5 -t cnvd/,cves/,default-logins/,dns/,exposed-panels/,exposures/,file/,fuzzing/,miscellaneous/,misconfiguration/,network/,osint/,ssl/,technologies/,vulnerabilities/

Lets break this down:

-u is the URL to test

-rl is rate limiting, set to 50 requests per second (prevents web service disruption)

-c is the number of templates to be executed in parallel

-t is the templates to use which find the vulnerabilities

If the web service you are attacking is stable you may want to up the -rl but on the other hand, if the web service is flaky you could drop the -rl number for good measure.

Really, the only thing you should be changing is the templates under -t. For a full list of templates, look here

🔍
https://github.com/projectdiscovery/nuclei-templates