nuclei-templates/README.md

362 lines
15 KiB
Markdown
Raw Normal View History

2020-08-18 06:19:18 +00:00
# Nuclei Templates
[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)
2020-08-16 16:12:21 +00:00
[![GitHub Release](https://img.shields.io/github/release/projectdiscovery/nuclei-templates)](https://github.com/projectdiscovery/nuclei-templates/releases)
2020-08-18 06:19:18 +00:00
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/projectdiscovery/nuclei-templates/issues)
2020-08-16 16:12:21 +00:00
[![Follow on Twitter](https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter)](https://twitter.com/pdnuclei)
[![Chat on Discord](https://img.shields.io/discord/695645237418131507.svg?logo=discord)](https://discord.gg/KECAGdH)
2020-09-03 20:02:06 +00:00
Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/nuclei) which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via **pull requests** or [Github issue](https://github.com/projectdiscovery/nuclei-templates/issues/new?assignees=&labels=&template=submit-template.md&title=%5Bnuclei-template%5D+) and grow the list.
An overview of the nuclei template directory including number of templates and HTTP request associated with each directory.
2020-09-18 14:56:20 +00:00
### nuclei templates `v7.0.5`
2020-09-03 20:02:06 +00:00
2020-09-18 14:56:20 +00:00
| Template Directory | Number of Templates |
|---------------------------|--------------------------|
| cves |106 |
| default-credentials |03 |
| dns |04 |
| files |40 |
| generic-detections |03 |
| panels |35 |
| security-misconfiguration |23 |
| subdomain-takeover |02 |
| technologies |27 |
| tokens |07 |
| vulnerabilities |31 |
| workflows |15 |
2020-09-03 20:02:06 +00:00
2020-09-18 14:56:20 +00:00
### nuclei templates `v7.0.5` tree overview
2020-04-04 16:21:58 +00:00
2020-08-08 07:26:51 +00:00
<details>
<summary>Template Directory</summary>
```
├── cves
2020-09-18 14:56:20 +00:00
│   ├── CVE-2005-2428.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2017-10075.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2017-14537.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2017-14849.yaml
│   ├── CVE-2017-5638.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2017-7391.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2017-7529.yaml
│   ├── CVE-2017-9506.yaml
│   ├── CVE-2017-9841.yaml
│   ├── CVE-2018-0296.yaml
│   ├── CVE-2018-1000129.yaml
│   ├── CVE-2018-11409.yaml
│   ├── CVE-2018-11759.yaml
│   ├── CVE-2018-1247.yaml
│   ├── CVE-2018-1271.yaml
│   ├── CVE-2018-13379.yaml
│   ├── CVE-2018-14728.yaml
│   ├── CVE-2018-16341.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2018-16763.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2018-18069.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2018-19386.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2018-19439.yaml
│   ├── CVE-2018-20824.yaml
│   ├── CVE-2018-2791.yaml
│   ├── CVE-2018-3714.yaml
│   ├── CVE-2018-3760.yaml
│   ├── CVE-2018-5230.yaml
│   ├── CVE-2018-7490.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2019-1010287.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-10475.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2019-11043.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2019-11248.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-11510.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2019-11580.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-12314.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2019-12461.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2019-12593.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-14322.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2019-14696.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-14974.yaml
│   ├── CVE-2019-15043.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2019-16278.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2019-16662.yaml
2020-08-16 16:12:21 +00:00
│   ├── CVE-2019-16759-1.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-16759.yaml
│   ├── CVE-2019-17382.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2019-17558.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-18394.yaml
│   ├── CVE-2019-19368.yaml
│   ├── CVE-2019-19781.yaml
│   ├── CVE-2019-19908.yaml
│   ├── CVE-2019-19985.yaml
│   ├── CVE-2019-2588.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2019-2725.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-3396.yaml
│   ├── CVE-2019-3799.yaml
│   ├── CVE-2019-5418.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2019-6112.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2019-6715.yaml
│   ├── CVE-2019-7256.yaml
2020-08-16 16:12:21 +00:00
│   ├── CVE-2019-7609.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2019-8449.yaml
│   ├── CVE-2019-8451.yaml
│   ├── CVE-2019-8903.yaml
│   ├── CVE-2019-8982.yaml
2020-08-16 16:12:21 +00:00
│   ├── CVE-2019-9978.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-10199.yaml
│   ├── CVE-2020-10204.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2020-11034.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-1147.yaml
│   ├── CVE-2020-12720.yaml
│   ├── CVE-2020-13167.yaml
2020-08-16 16:12:21 +00:00
│   ├── CVE-2020-13379.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2020-15129.yaml
│   ├── CVE-2020-15505.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2020-15920.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2020-16139.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2020-17505.yaml
│   ├── CVE-2020-17506.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-2096.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2020-2140.yaml
│   ├── CVE-2020-24223.yaml
2020-09-18 14:56:20 +00:00
│   ├── CVE-2020-25540.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-3187.yaml
│   ├── CVE-2020-3452.yaml
│   ├── CVE-2020-5284.yaml
│   ├── CVE-2020-5405.yaml
│   ├── CVE-2020-5410.yaml
2020-09-03 20:02:06 +00:00
│   ├── CVE-2020-5412.yaml
2020-09-05 19:49:07 +00:00
│   ├── CVE-2020-5776.yaml
│   ├── CVE-2020-5777.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-5902.yaml
│   ├── CVE-2020-6287.yaml
│   ├── CVE-2020-7209.yaml
│   ├── CVE-2020-7961.yaml
│   ├── CVE-2020-8091.yaml
│   ├── CVE-2020-8115.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2020-8163.yaml
2020-08-08 07:26:51 +00:00
│   ├── CVE-2020-8191.yaml
│   ├── CVE-2020-8193.yaml
│   ├── CVE-2020-8194.yaml
│   ├── CVE-2020-8512.yaml
│   ├── CVE-2020-8982.yaml
│   ├── CVE-2020-9484.yaml
2020-08-30 08:04:09 +00:00
│   ├── CVE-2020-9496.yaml
2020-08-08 07:26:51 +00:00
│   └── CVE-2020-9757.yaml
2020-08-16 16:12:21 +00:00
├── default-credentials
│   ├── grafana-default-credential.yaml
│   ├── rabbitmq-default-admin.yaml
│   └── tomcat-manager-default.yaml
2020-08-08 07:26:51 +00:00
├── dns
│   ├── azure-takeover-detection.yaml
│   ├── cname-service-detector.yaml
│   ├── dead-host-with-cname.yaml
│   └── servfail-refused-hosts.yaml
├── files
│   ├── apc-info.yaml
│   ├── cgi-test-page.yaml
│   ├── dir-listing.yaml
│   ├── docker-registry.yaml
2020-08-30 08:04:09 +00:00
│   ├── druid-monitor.yaml
2020-08-08 07:26:51 +00:00
│   ├── drupal-install.yaml
2020-08-30 08:04:09 +00:00
│   ├── ds_store.yaml
2020-08-08 07:26:51 +00:00
│   ├── elasticsearch.yaml
2020-09-03 20:02:06 +00:00
│   ├── error-logs.yaml
2020-08-08 07:26:51 +00:00
│   ├── exposed-kibana.yaml
│   ├── exposed-svn.yaml
│   ├── filezilla.yaml
│   ├── firebase-detect.yaml
│   ├── git-config.yaml
│   ├── htaccess-config.yaml
│   ├── jkstatus-manager.yaml
│   ├── jolokia.yaml
│   ├── laravel-env.yaml
│   ├── lazy-file.yaml
2020-09-18 14:56:20 +00:00
│   ├── ntlm-directories.yaml
2020-08-08 07:26:51 +00:00
│   ├── phpinfo.yaml
│   ├── public-tomcat-instance.yaml
2020-09-03 20:02:06 +00:00
│   ├── robots.txt.yaml
2020-08-08 07:26:51 +00:00
│   ├── security.txt.yaml
│   ├── server-status-localhost.yaml
2020-09-05 19:49:07 +00:00
│   ├── sql-dump.yaml
2020-08-08 07:26:51 +00:00
│   ├── telerik-dialoghandler-detect.yaml
│   ├── telerik-fileupload-detect.yaml
│   ├── tomcat-scripts.yaml
│   ├── wadl-files.yaml
│   ├── web-config.yaml
2020-09-18 14:56:20 +00:00
│   ├── wordpress-db-backup.yaml
2020-09-03 20:02:06 +00:00
│   ├── wordpress-debug-log.yaml
2020-08-08 07:26:51 +00:00
│   ├── wordpress-directory-listing.yaml
2020-09-18 14:56:20 +00:00
│   ├── wordpress-emergency-script.yaml
│   ├── wordpress-installer-log.yaml
│   ├── wordpress-tmm-db-migrate.yaml
2020-08-08 07:26:51 +00:00
│   ├── wordpress-user-enumeration.yaml
│   ├── wp-xmlrpc.yaml
│   └── zip-backup-files.yaml
2020-08-16 16:12:21 +00:00
├── generic-detections
│   ├── basic-xss-prober.yaml
│   ├── general-tokens.yaml
│   └── top-15-xss.yaml
2020-08-08 07:26:51 +00:00
├── panels
2020-09-18 14:56:20 +00:00
│   ├── adminer-panel.yaml
2020-08-08 07:26:51 +00:00
│   ├── atlassian-crowd-panel.yaml
│   ├── cisco-asa-panel.yaml
│   ├── citrix-adc-gateway-detect.yaml
│   ├── compal.yaml
│   ├── crxde.yaml
│   ├── docker-api.yaml
│   ├── fortinet-fortigate-panel.yaml
│   ├── globalprotect-panel.yaml
│   ├── grafana-detect.yaml
2020-09-05 19:49:07 +00:00
│   ├── iomega-lenovo-emc-shared-nas-detect.yaml
2020-08-08 07:26:51 +00:00
│   ├── jenkins-asyncpeople.yaml
│   ├── jmx-console.yaml
│   ├── kubernetes-pods.yaml
2020-09-18 14:56:20 +00:00
│   ├── mobileiron-login.yaml
2020-08-08 07:26:51 +00:00
│   ├── mongo-express-web-gui.yaml
2020-09-18 14:56:20 +00:00
│   ├── netscaler-gateway.yaml
2020-08-08 07:26:51 +00:00
│   ├── parallels-html-client.yaml
2020-08-30 08:04:09 +00:00
│   ├── pfsense-web-gui.yaml
2020-08-08 07:26:51 +00:00
│   ├── phpmyadmin-panel.yaml
2020-09-05 19:49:07 +00:00
│   ├── polycom-admin-detect.yaml
2020-08-08 07:26:51 +00:00
│   ├── pulse-secure-panel.yaml
│   ├── rabbitmq-dashboard.yaml
│   ├── sap-netweaver-detect.yaml
│   ├── sap-recon-detect.yaml
2020-09-18 14:56:20 +00:00
│   ├── sonarqube-login.yaml
2020-08-08 07:26:51 +00:00
│   ├── sophos-fw-version-detect.yaml
│   ├── supervpn-panel.yaml
│   ├── swagger-panel.yaml
│   ├── tikiwiki-cms.yaml
2020-08-30 08:04:09 +00:00
│   ├── traefik-dashboard
2020-09-03 20:02:06 +00:00
│   ├── traefik-dashboard.yaml
2020-08-08 07:26:51 +00:00
│   ├── weave-scope-dashboard-detect.yaml
2020-08-30 08:04:09 +00:00
│   ├── webeditors.yaml
│   └── workspaceone-uem-airWatch-dashboard-detect.yaml
2020-08-08 07:26:51 +00:00
├── payloads
2020-09-05 19:49:07 +00:00
│   ├── CVE-2020-5776.csv
2020-08-08 07:26:51 +00:00
│   └── CVE-2020-6287.xml
├── security-misconfiguration
│   ├── basic-cors-flash.yaml
│   ├── basic-cors.yaml
2020-09-18 14:56:20 +00:00
│   ├── django-debug-detect.yaml
2020-09-03 20:02:06 +00:00
│   ├── drupal-user-enum-ajax.yaml
│   ├── drupal-user-enum-redirect.yaml
2020-08-08 07:26:51 +00:00
│   ├── front-page-misconfig.yaml
│   ├── jira-service-desk-signup.yaml
│   ├── jira-unauthenticated-dashboards.yaml
│   ├── jira-unauthenticated-popular-filters.yaml
│   ├── jira-unauthenticated-projects.yaml
│   ├── jira-unauthenticated-user-picker.yaml
2020-09-18 14:56:20 +00:00
│   ├── larvel-debug.yaml
│   ├── missing-csp.yaml
│   ├── missing-hsts.yaml
2020-08-30 08:04:09 +00:00
│   ├── missing-x-frame-options.yaml
│   ├── put-method-enabled.yaml
2020-08-08 07:26:51 +00:00
│   ├── rack-mini-profiler.yaml
│   ├── springboot-detect.yaml
2020-09-18 14:56:20 +00:00
│   ├── unauthenticated-airflow.yaml
│   ├── unauthenticated-jenkin-dashboard.yaml
2020-08-16 16:12:21 +00:00
│   ├── wamp-xdebug-detect.yaml
2020-09-18 14:56:20 +00:00
│   ├── wordpress-accessible-wpconfig.yaml
│   └── zenphoto-installation-sensitive-info.yaml
2020-08-08 07:26:51 +00:00
├── subdomain-takeover
│   ├── detect-all-takeovers.yaml
│   └── s3-subtakeover.yaml
├── technologies
2020-08-30 08:04:09 +00:00
│   ├── artica-web-proxy-detect.yaml
2020-08-08 07:26:51 +00:00
│   ├── bigip-config-utility-detect.yaml
│   ├── citrix-vpn-detect.yaml
│   ├── clockwork-php-page.yaml
│   ├── couchdb-detect.yaml
2020-08-30 08:04:09 +00:00
│   ├── favicon-detection.yaml
2020-08-08 07:26:51 +00:00
│   ├── github-enterprise-detect.yaml
│   ├── gitlab-detect.yaml
│   ├── graphql.yaml
│   ├── home-assistant.yaml
│   ├── jaspersoft-detect.yaml
│   ├── jira-detect.yaml
│   ├── liferay-portal-detect.yaml
│   ├── linkerd-badrule-detect.yaml
│   ├── linkerd-ssrf-detect.yaml
2020-09-18 14:56:20 +00:00
│   ├── lotus-domino-version.yaml
2020-09-05 19:49:07 +00:00
│   ├── magmi-detect.yaml
2020-08-08 07:26:51 +00:00
│   ├── netsweeper-webadmin-detect.yaml
│   ├── prometheus-exposed-panel.yaml
│   ├── s3-detect.yaml
│   ├── sap-netweaver-as-java-detect.yaml
│   ├── sap-netweaver-detect.yaml
2020-09-18 14:56:20 +00:00
│   ├── shiro-detect.yaml
2020-08-08 07:26:51 +00:00
│   ├── sql-server-reporting.yaml
│   ├── tech-detect.yaml
│   ├── weblogic-detect.yaml
│   └── werkzeug-debugger-detect.yaml
├── tokens
│   ├── amazon-mws-auth-token-value.yaml
│   ├── aws-access-key-value.yaml
2020-08-30 08:04:09 +00:00
│   ├── credentials-disclosure.yaml
2020-08-08 07:26:51 +00:00
│   ├── google-api-key.yaml
│   ├── http-username-password.yaml
│   ├── mailchimp-api-key.yaml
│   └── slack-access-token.yaml
├── vulnerabilities
2020-09-18 14:56:20 +00:00
│   ├── Symantec-Messaging-Gateway.yaml
│   ├── bullwark-momentum-series-directory-traversal.yaml
2020-08-08 07:26:51 +00:00
│   ├── cached-aem-pages.yaml
│   ├── couchdb-adminparty.yaml
│   ├── crlf-injection.yaml
│   ├── discourse-xss.yaml
2020-08-30 08:04:09 +00:00
│   ├── eclipse-help-system-xss.yaml
2020-08-08 07:26:51 +00:00
│   ├── git-config-nginxoffbyslash.yaml
│   ├── ibm-infoprint-directory-traversal.yaml
│   ├── microstrategy-ssrf.yaml
2020-09-18 14:56:20 +00:00
│   ├── mida-eframework-xss.yaml
2020-08-08 07:26:51 +00:00
│   ├── moodle-filter-jmol-lfi.yaml
│   ├── moodle-filter-jmol-xss.yaml
│   ├── nginx-module-vts-xss.yaml
│   ├── open-redirect.yaml
│   ├── oracle-ebs-bispgraph-file-access.yaml
│   ├── pdf-signer-ssti-to-rce.yaml
│   ├── rce-shellshock-user-agent.yaml
│   ├── rce-via-java-deserialization.yaml
2020-08-30 08:04:09 +00:00
│   ├── sick-beard-xss.yaml
2020-08-08 07:26:51 +00:00
│   ├── springboot-actuators-jolokia-xxe.yaml
2020-09-18 14:56:20 +00:00
│   ├── springboot-h2-db-rce.yaml
2020-08-08 07:26:51 +00:00
│   ├── symfony-debugmode.yaml
│   ├── tikiwiki-reflected-xss.yaml
│   ├── tomcat-manager-pathnormalization.yaml
│   ├── twig-php-ssti.yaml
2020-08-30 08:04:09 +00:00
│   ├── wems-manager-xss.yaml
2020-08-08 07:26:51 +00:00
│   ├── wordpress-duplicator-path-traversal.yaml
2020-09-18 14:56:20 +00:00
│   ├── wordpress-emails-verification-for-woocommerce.yaml
2020-08-08 07:26:51 +00:00
│   ├── wordpress-wordfence-xss.yaml
│   └── x-forwarded-host-injection.yaml
└── workflows
2020-08-30 08:04:09 +00:00
├── artica-web-proxy-workflow.yaml
2020-08-08 07:26:51 +00:00
├── bigip-pwner-workflow.yaml
2020-08-30 08:04:09 +00:00
├── cisco-asa-workflow.yaml
2020-08-16 16:12:21 +00:00
├── grafana-workflow.yaml
2020-08-08 07:26:51 +00:00
├── jira-exploitaiton-workflow.yaml
├── liferay-rce-workflow.yaml
2020-09-18 14:56:20 +00:00
├── lotus-domino-workflow.yaml
2020-09-05 19:49:07 +00:00
├── magmi-workflow.yaml
2020-09-18 14:56:20 +00:00
├── mida-eframework-workflow.yaml
2020-08-08 07:26:51 +00:00
├── netsweeper-preauth-rce-workflow.yaml
├── rabbitmq-workflow.yaml
├── sap-netweaver-workflow.yaml
2020-08-16 16:12:21 +00:00
├── springboot-pwner-workflow.yaml
├── vbulletin-workflow.yaml
└── wordpress-workflow.yaml
2020-08-08 07:26:51 +00:00
```
</details>
2020-09-18 14:56:20 +00:00
13 directories, **298 templates**.
2020-08-08 07:26:51 +00:00
2020-08-02 13:12:36 +00:00
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.
2020-06-17 08:50:42 +00:00
2020-06-17 08:56:47 +00:00
------
2020-06-17 08:50:42 +00:00
**Notes:**
1. Use YAMLlint (e.g. [yamllint](http://www.yamllint.com/)) to validate new templates when sending pull requests.
2. Use YAML Formatter (e.g. [jsonformatter](https://jsonformatter.org/yaml-formatter)) to format new templates when sending pull requests.
Thanks again for your contribution and keeping the community vibrant. :heart:
2020-09-03 20:02:06 +00:00