Nuclei
What is nuclei?
What is nuclei?
Nuclei is a fast and customizable vulnerability scanner based on simple YAML-based templates.
It has two components, 1) Nuclei engine - the core of the project allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. 2) Nuclei templates - ready-to-use community-contributed vulnerability templates.
What was the genesis behind nuclei?
What was the genesis behind nuclei?
Traditional scanners always lacked the features to allow easy-to-write custom checks on top of their engine. And this is why we started developing Nuclei with a core focus on simplicity, modularity, and the ability to scan on many assets.
We wanted something simple enough to be used by everyone while complex enough to integrate into the modern web with its intricacies. The features implemented in nuclei are tailored to allow very rapid prototyping of complex security checks.
What modules does nuclei engine support?
What modules does nuclei engine support?
What kind of scans can I perform with nuclei?
What kind of scans can I perform with nuclei?
Nuclei can be used to detect security vulnerabilities in Web Applications, Networks, DNS based misconfiguration, and Secrets scanning in source code or files on the local file system.
How well-maintained is this project?
How well-maintained is this project?
The nuclei project is actively developed and maintained by the ProjectDiscovery team, and generally releases every 2 weeks.
How can I support/contribute to this project? 💙
How can I support/contribute to this project? 💙
To help keep project momentum, we request everyone to write and share new templates with the community in the template project. Please help us maintain this public, ready to use, and up-to-date nuclei template repository.
If you found an interesting/unique security issue using nuclei and want to share the process walk-through in the form of a blog, we are happy to publish your guest post on the ProjectDiscovery blog.
I found results with nuclei. When should I report it?
I found results with nuclei. When should I report it?
Wait a minute — after nuclei detected a security issue, it’s always advised to have a second look before reporting it. Here’s a tip to confirm/validate the issues.
How do I validate nuclei results?
How do I validate nuclei results?
Once nuclei finds a result, and you have vulnerable target and template, rerun the template with -debug
flag to inspect the output against the expected matcher defined in the template. In this way, you can confirm the identified vulnerability.
How much traffic does nuclei generate?
How much traffic does nuclei generate?
By default nuclei will make several thousand requests (both HTTP protocol and other services) against a single target when running all nuclei-templates. This stems from over 3500 nuclei templates in the [template releases, with more added daily.
Is it safe to run nuclei?
Is it safe to run nuclei?
We consider two factors to say “safe” in context of nuclei -
- The traffic nuclei makes against the target website.
- The impact templates have on the target website.
HTTP Traffic
Nuclei usually makes fewer HTTP requests than the number of templates selected for a scan due to its intelligent request reduction. While some templates contain multiple requests, this rule generally holds true across most scan configurations.
Safe Templates
The nuclei templates project houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see the list here). To ensure these templates are not accidentally run, they are tagged and excluded them from the default scan. These templates can be only executed when explicitly invoked using the -itags
option.
What is nuclei's license?
What is nuclei's license?
Nuclei is an open-source project distributed under the MIT License.
I have more questions! 🙋
I have more questions! 🙋
Please join our Discord server, or contact us via Twitter.
Missing dependencies in headless mode on Linux
Missing dependencies in headless mode on Linux
Headless mode on machines based on Linux (OS or containers, eg. Docker) might face runtime errors due to missing dependencies related to specific OS-shared libraries used by chrome binary. Usually, these errors can be fixed by pre-installing the browser on the specific distribution. Here is a list of the steps needed for the most common distributions. Ubuntu
With snap:
Without snap:
In case you are unable to install the browser, or want to install only the minimum required dependencies, run the following command:
If you encounter an error similar to “libnss3.so: cannot open shared object file: No such file or directory,” try running the following command to install the dev version:
Error type examples: