nuclei-3.2.2.zip

<h1 align="center"> <br> <a href="https://nuclei.projectdiscovery.io"><img src="static/nuclei-logo.png" width="200px" alt="Nuclei"></a> </h1> <h4 align="center">Fast and customisable vulnerability scanner based on simple YAML based DSL.</h4> <p align="center"> <img src="https://img.shields.io/github/go-mod/go-version/projectdiscovery/nuclei"> <a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/downloads/projectdiscovery/nuclei/total"> <a href="https://github.com/projectdiscovery/nuclei/graphs/contributors"><img src="https://img.shields.io/github/contributors-anon/projectdiscovery/nuclei"> <a href="https://github.com/projectdiscovery/nuclei/releases/"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei"> <a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/github/issues-raw/projectdiscovery/nuclei"> <a href="https://github.com/projectdiscovery/nuclei/discussions"><img src="https://img.shields.io/github/discussions/projectdiscovery/nuclei"> <a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a> <a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a> </p> <p align="center"> <a href="#how-it-works">How</a> • <a href="#install-nuclei">Install</a> • <a href="https://docs.projectdiscovery.io/tools/nuclei/">Documentation</a> • <a href="#credits">Credits</a> • <a href="https://nuclei.projectdiscovery.io/faq/nuclei/">FAQs</a> • <a href="https://discord.gg/projectdiscovery">Join Discord</a> </p> <p align="center"> <a href="https://github.com/projectdiscovery/nuclei/blob/main/README.md">English</a> • <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_CN.md">中文</a> • <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_KR.md">Korean</a> • <a href="https://github.com/projectdiscovery/nuclei/blob/main/README_ID.md">Indonesia</a> </p> --- Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless, Code etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a [dedicated repository](https://github.com/projectdiscovery/nuclei-templates) that houses various type of vulnerability templates contributed by **more than 300** security researchers and engineers. ## How it works <h3 align="center"> <img src="static/nuclei-flow.jpg" alt="nuclei-flow" width="700px"></a> </h3> | :exclamation: **Disclaimer** | |---------------------------------| | **This project is in active development**. Expect breaking changes with releases. Review the release changelog before updating. | | This project was primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. | # Install Nuclei Nuclei requires **go1.21** to install successfully. Run the following command to install the latest version - ```sh go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest ``` <details> <summary>Brew</summary> ```sh brew install nuclei ``` </details> <details> <summary>Docker</summary> ```sh docker pull projectdiscovery/nuclei:latest ``` </details> **More installation [methods can be found here](https://docs.projectdiscovery.io/tools/nuclei/install).** <table> <tr> <td> ### Nuclei Templates Nuclei has built-in support for automatic template download/update as default since version [v2.5.2](https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.2). [**Nuclei-Templates**](https://github.com/projectdiscovery/nuclei-templates) project provides a community-contributed list of ready-to-use templates that is constantly updated. You may still use the `update-templates` flag to update the nuclei templates at any time; You can write your own checks for your individual workflow and needs following Nuclei's [templating guide](https://docs.projectdiscovery.io/templates/). The YAML DSL reference syntax is available [here](SYNTAX-REFERENCE.md). </td> </tr> </table> ### Usage ```sh nuclei -h ``` This will display help for the tool. Here are all the switches it supports. ```console Nuclei is a fast, template based vulnerability scanner focusing on extensive configurability, massive extensibility and ease of use. Usage: ./nuclei [flags] Flags: TARGET: -u, -target string[] target URLs/hosts to scan -l, -list string path to file containing a list of target URLs/hosts to scan (one per line) -eh, -exclude-hosts string[] hosts to exclude to scan from the input list (ip, cidr, hostname) -resume string resume scan using resume.cfg (clustering will be disabled) -sa, -scan-all-ips scan all the IP's associated with dns record -iv, -ip-version string[] IP version to scan of hostname (4,6) - (default 4) TARGET-FORMAT: -im, -input-mode string mode of input file (list, burp, jsonl, yaml, openapi, swagger) (default "list") -ro, -required-only use only required fields in input format when generating requests -sfv, -skip-format-validation skip format validation (like missing vars) when parsing input file TEMPLATES: -nt, -new-templates run only new templates added in latest nuclei-templates release -ntv, -new-templates-version string[] run new templates added in specific version -as, -automatic-scan automatic web scan using wappalyzer technology detection to tags mapping -t, -templates string[] list of template or template directory to run (comma-separated, file) -turl, -template-url string[] template url or list containing template urls to run (comma-separated, file) -w, -workflows string[] list of workflow or workflow directory to run (comma-separated, file) -wurl, -workflow-url string[] workflow url or list containing workflow urls to run (comma-separated, file) -validate validate the passed templates to nuclei -nss, -no-strict-syntax disable strict syntax check on templates -td, -template-display displays the templates content -tl list all available templates -sign signs the templates with the private key defined in NUCLEI_SIGNATURE_PRIVATE_KEY env variable -code enable loading code protocol-based templates -dut, -disable-unsigned-templates disable running unsigned templates or templates with mismatched signature FILTERING: -a, -author string[] templates to run based on authors (comma-separated, file) -tags string[] templates to run based on tags (comma-separated, file) -etags, -exclude-tags string[] templates to exclude based on tags (comma-separated, file) -itags, -include-tags string[] tags to be executed even if they are excluded either by default or configuration -id, -template-id string[] templates to run based on template ids (comma-separated, file, allow-wildcard) -eid, -exclude-id string[] templates to exclude based on template ids (comma-separated, file) -it, -include-templates string[] path to template file or directory to be executed even if they are excluded either by default or configuration -et, -exclude-templates string[] path to template file or directory to exclude (comma-separated, file) -em, -exclude-matchers string[] template matchers to exclude in result