This article will talk about the Nuclei vulnerabilities scanner. This is a flexible program that can be easily configured in accordance with the user requirements.
Nuclei is a tool that is used to send requests through the specified template-based target. As a result, this leads to a small number of false positives and provides fast scanning of a large number of hosts. Nuclei can scan various protocols, including TCP, DNS, HTTP, File and not only.
Nuclei uses a template based on YAML, which ensures such flexibility of the program. All types of security checks can be modeled using this tool.
Installing Nuclei Scanner
There are three different ways with which the user can install the Nuclei program.
Installation with binary codeThis is the easiest way to install: You should download ready-made binary files from this page. The user downloads the only archive, files in which are compatible with its system. After that, it retrieves the content using the TAR command and moves the binary file to its $ PATH.
tar -xzvf nuclei-linux-amd64.tar.gz mv nuclei / usr / bin / nuclei -h
To implement the following two methods, you need to install the latest version of the GO programming language. The user can check the version of the GO installed using the "Go Version" command. If this programming language is not set, then follow the link below to install it.
Installation from the original sourceGo111module = on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
Installation from Github.Git Clone https://github.com/projectdiscovery/nuclei.git CD Nuclei / V2 / CMD / Nuclei / Go Build. MV Nuclei / USR / Local / Bin / Nuclei -h
Loading Nuclei templatesNuclei -Update-Templates
Principle of operation of the Nuclei scannerThe user will check the work of one template.
Nuclei -l URLS.TXT -T Files / Git-Core.Yaml -o Git-Core.txt
It can also run several templates at once.
Nuclei -l URLS.TXT -T Files / -T tokens / -t CVES / -PBAR -C 100 -O Output.txt
- -l: - List of URLs to start templates;
- -t: - input file or file template for starting on the host; can be used several times;
- -c: - the number of simultaneous requests;
- -o: - Creating a file to record the results obtained;
- -PBAR: - View scan progress.
The tool has few false positives, as well as a huge amount of fully customizable patterns. It can be used for large-scale scanning. Nuclei is an excellent choice if the user wants to make a quick and effective search for web system vulnerabilities.
Important! Information solely for academic purposes. Please comply with legislation and do not apply this information for illegal purposes.
More interesting material on cisoclub.ru. Subscribe to us: Facebook | Vk | Twitter | Instagram | Telegram | Zen | Messenger | Icq new | YouTube | Pulse.
Record
Published on site
.