• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Nuclei Usage Technical Documentation

Currently reading:
 Nuclei Usage Technical Documentation

miracle123456

Member
LV
1
Joined
Oct 10, 2024
Threads
10
Likes
2
Awards
4
Credits
567©
Cash
0$

Introduction​

Nuclei is a fast and flexible open-source tool designed for vulnerability scanning, specifically tailored to security researchers, penetration testers, and bug bounty hunters. It allows users to perform high-speed, template-based vulnerability scanning on a wide range of services, protocols, and configurations. Nuclei is highly extensible, leveraging predefined templates and custom ones to scan for specific vulnerabilities, misconfigurations, and exposure risks across various applications and services.

This technical documentation provides detailed instructions for installing, configuring, and using Nuclei effectively, along with explanations of its key features, usage examples, and troubleshooting tips.


Table of Contents​

  1. System Requirements
  2. Installation
    • Linux
    • macOS
    • Windows
  3. Basic Usage
  4. Advanced Features
    • Custom Templates
    • Active and Passive Scanning
    • Burp Suite Integration
  5. Configuration Options
  6. Common Use Cases
  7. Troubleshooting
  8. Contributing
  9. License

1. System Requirements​

Nuclei is compatible with Linux, macOS, and Windows systems. It is designed for efficiency, but to ensure optimal performance, your system should meet the following requirements:
  • Operating System: Linux (Ubuntu, Debian, CentOS), macOS, or Windows (via WSL)
  • Processor: Any modern processor (recommended: 2+ cores)
  • Memory: At least 2 GB RAM (4 GB or more recommended)
  • Disk Space: 50 MB free disk space for installation
  • Dependencies:
    • Go 1.16+ (for building from source)
    • git (for cloning the repository)
    • curl or wget (for downloading templates)
    • Optional: Python 3+ (for additional scripting support)

2. Installation​

Nuclei can be installed from precompiled binaries or built from source. Below are the installation steps for each platform.

2.1 Linux Installation (Ubuntu/Debian)​

  1. Update your package list:
    sudo apt update
  2. Install Go (if not installed):
    sudo apt install golang-go
  3. Clone the Nuclei repository:
    git clone https://github.com/projectdiscovery/nuclei.git
    cd nuclei
  4. Build Nuclei from source:
    go build -o nuclei
  5. Move the binary to your PATH:
    sudo mv nuclei /usr/local/bin/
  6. Verify the installation:
    nuclei -version

2.2 macOS Installation​

  1. Install Homebrew (if not installed):
    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  2. Install Go via Homebrew:
    brew install go
  3. Clone the Nuclei repository:
    git clone https://github.com/projectdiscovery/nuclei.git
    cd nuclei
  4. Build Nuclei from source:
    go build -o nuclei
  5. Move the binary to your PATH:
    sudo mv nuclei /usr/local/bin/
  6. Verify the installation:
    nuclei -version

2.3 Windows Installation (via WSL)​

  1. Install Windows Subsystem for Linux (WSL):
    • Open PowerShell as Administrator and run:
      wsl --install
    • Choose a Linux distribution (e.g., Ubuntu).
  2. Install Go on WSL:
    sudo apt update
    sudo apt install golang-go
  3. Clone the Nuclei repository:
    git clone https://github.com/projectdiscovery/nuclei.git
    cd nuclei
  4. Build Nuclei from source:
    go build -o nuclei
  5. Move the binary to your PATH:
    sudo mv nuclei /usr/local/bin/
  6. Verify the installation:
    nuclei -version
Alternatively, Windows users can download the precompiled binaries from the releases page.


3. Basic Usage​

Once installed, Nuclei can be used via the command-line interface (CLI). Below are examples of basic commands.

3.1 Scan a Single Target​

To run a scan against a single target:
nuclei -target http://example.com
This will scan the target http://example.com using the default templates.

3.2 Scan with a Specific Template​

You can specify a particular template for scanning. For example, to scan for common vulnerabilities using the vulnscan template:
nuclei -target http://example.com -t /path/to/templates/vulnscan.yaml

3.3 Scan Multiple Targets from a File​

To scan multiple targets from a file:
nuclei -target /path/to/targets.txt
Where targets.txt contains a list of URLs or IPs.

3.4 Scan with a Custom Template Directory​

If you have a custom set of templates, you can use the -t option to specify the directory:
nuclei -target http://example.com -t /path/to/custom/templates/


4. Advanced Features​

4.1 Custom Templates​

Nuclei provides a robust template engine that allows you to create custom templates for scanning specific vulnerabilities. Templates are written in YAML format and consist of several components:
  • Info: General information about the template.
  • Requests: HTTP requests to be sent.
  • Matchers: Conditions that define whether a vulnerability has been found.
  • Extractors: Extract data from responses (e.g., sensitive information, error messages).
Example of a basic custom template:

yaml
id: custom-template

info:
name: Custom Vulnerability Detection
author: Your Name
severity: high

requests:
- method: GET
path:
- "{{BaseURL}}/vulnerable-endpoint"
matchers:
- type: word
words:
- "vulnerable"
part: body

4.2 Active and Passive Scanning​

Nuclei supports both active and passive scanning modes. Active scanning sends requests to the target and analyzes the responses. Passive scanning relies on third-party data sources (like response headers or DNS logs) to detect vulnerabilities without actively scanning.

To enable active scanning:
nuclei -target http://example.com -active

To enable passive scanning:
nuclei -target http://example.com -passive

4.3 Burp Suite Integration​

Nuclei can integrate with Burp Suite to extend the scanning capabilities within a penetration testing workflow. This integration allows you to run Nuclei scans directly within Burp Suite.
To run Nuclei from Burp Suite:
  1. Install the Burp Suite Extension for Nuclei from the BApp store.
  2. Configure the extension with the necessary parameters.
  3. Run scans directly from the Burp Suite interface.

5. Configuration Options​

Nuclei provides various configuration options to customize its behavior during scanning. Below are some commonly used options:

6. Common Use Cases​

6.1 Scanning for Web Vulnerabilities​

To perform a vulnerability scan on a web application:
nuclei -target http://example.com -t /path/to/web-vuln-templates/

6.2 Scanning for Exposed Services​

To scan for exposed services across a range of IP addresses:
nuclei -target http://192.168.1.0/24 -t /path/to/service-discovery-templates/

6.3 Reconnaissance of a Domain​

To collect information about a domain, such as DNS misconfigurations, subdomains, etc.:
nuclei -target http://example.com -t /path/to/dns-misconfig-templates/


7. Troubleshooting​

  • Issue: Template not found
    • Solution: Ensure the template path is correct and the template is valid. You can update templates with:
      nuclei -update-templates
  • Issue: Connection Timeout
    • Solution: Increase the timeout using the -timeout flag, or check network connectivity issues.
  • Issue: Permission Denied
    • Solution: Ensure you have the necessary permissions to run Nuclei or write output files.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips
Top Bottom