From fea633e8607373d1abf5aebdca963d56b3d220e5 Mon Sep 17 00:00:00 2001
From: Parth Malhotra <28601533+parthmalhotra@users.noreply.github.com>
Date: Tue, 25 Jun 2024 13:13:15 +0530
Subject: [PATCH] Update pentest.yml

---
 profiles/pentest.yml | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/profiles/pentest.yml b/profiles/pentest.yml
index 2546416b85..4dafb859cb 100644
--- a/profiles/pentest.yml
+++ b/profiles/pentest.yml
@@ -1,10 +1,27 @@
-# This is a configuration file for the pentest template profile.
-# Additional configuration profiles can be created for different types of nuclei scans.
-# They should be placed under the 'config' directory at:
-# https://github.com/projectdiscovery/nuclei-templates
-# Here is an example of how to use a config profile:
-# nuclei -config config/pentest.yml -list target_list_to_scan.txt
-
+# Nuclei Configuration Profile for Penetration Testing
+#
+# This configuration file is specifically tailored for performing penetration testing using Nuclei.
+#
+# Purpose:
+# This profile is focused on identifying security vulnerabilities across various protocols and services, including HTTP, TCP, JavaScript, DNS, and SSL. It excludes templates related to Denial of Service (DoS), fuzzing, and Open Source Intelligence (OSINT) to ensure focused and efficient penetration testing.
+#
+# Included Templates:
+# This configuration references specific templates designed for penetration testing:
+# - http: Templates for detecting vulnerabilities in HTTP-based services.
+# - tcp: Templates for detecting vulnerabilities in TCP-based services.
+# - javascript: Templates written using javasxript protocol for detecting vulnerabilities in applications.
+# - dns: Templates for detecting vulnerabilities in DNS services.
+# - ssl: Templates for detecting SSL/TLS related issues.
+#
+# Excluded Tags:
+# This configuration excludes templates tagged with 'dos', 'fuzz', and 'osint' to avoid unnecessary and potentially disruptive tests:
+# - dos: Templates for Denial of Service attacks.
+# - fuzz: Templates for fuzzing.
+# - osint: Templates for Open Source Intelligence gathering.
+#
+# Running this profile
+# You can run this profile using the following command:
+# nuclei -profile pentest -u https://example.com
 
 type:
   - http
@@ -16,4 +33,4 @@ type:
 exclude-tags:
   - dos
   - fuzz
-  - osint
\ No newline at end of file
+  - osint