Update recommended.yml
Parth Malhotra
GitHub
parent
d22905cde8
commit
4f4d2f08f5
|
|
@ -1,9 +1,90 @@
|
|||
# This is a configuration file for the recommended template profile.
|
||||
# Additional configuration profiles can be created for different types of nuclei scans.
|
||||
# They should be placed under the 'config' directory at:
|
||||
# https://github.com/projectdiscovery/nuclei-templates
|
||||
# Here is an example of how to use a config profile:
|
||||
# nuclei -config config/recommended.yml -list target_list_to_scan.txt
|
||||
# Nuclei Configuration Profile for Recommended Detection
|
||||
#
|
||||
# This configuration file is specifically tailored for performing recommended scans using Nuclei.
|
||||
#
|
||||
# Purpose:
|
||||
# This profile is focused on identifying a wide range of security vulnerabilities across various protocols and services. It includes templates with different severity levels and excludes certain tags and template IDs to provide a balanced and focused detection approach.
|
||||
#
|
||||
# Included Templates:
|
||||
# This configuration references specific templates designed for comprehensive security scanning:
|
||||
# - severity: Templates with critical, high, medium, low, and unknown severity levels.
|
||||
# - type: Templates for detecting vulnerabilities in HTTP, TCP, and templates written in javascript protocol.
|
||||
#
|
||||
# Excluded Tags:
|
||||
# This configuration excludes templates tagged with the following to avoid unnecessary and potentially disruptive tests:
|
||||
# - tech
|
||||
# - dos
|
||||
# - fuzz
|
||||
# - creds-stuffing
|
||||
# - token-spray
|
||||
# - osint
|
||||
#
|
||||
# Excluded IDs:
|
||||
# This configuration excludes specific template IDs to further refine the detection scope:
|
||||
# - CVE-2021-45967
|
||||
# - CVE-2021-36380
|
||||
# - CVE-2021-33544
|
||||
# - CVE-2021-32305
|
||||
# - CVE-2021-31755
|
||||
# - CVE-2021-28164
|
||||
# - CVE-2021-27931
|
||||
# - CVE-2021-26855
|
||||
# - CVE-2021-25052
|
||||
# - CVE-2021-1498
|
||||
# - CVE-2020-7796
|
||||
# - CVE-2020-5775
|
||||
# - CVE-2020-35713
|
||||
# - CVE-2020-26919
|
||||
# - CVE-2020-25223
|
||||
# - CVE-2020-24148
|
||||
# - CVE-2020-10770
|
||||
# - CVE-2019-9978
|
||||
# - CVE-2019-8451
|
||||
# - CVE-2019-3929
|
||||
# - CVE-2019-2767
|
||||
# - CVE-2019-2616
|
||||
# - CVE-2019-20224
|
||||
# - CVE-2019-19824
|
||||
# - CVE-2019-10758
|
||||
# - CVE-2018-16167
|
||||
# - CVE-2018-15517
|
||||
# - CVE-2018-1000600
|
||||
# - CVE-2017-9506
|
||||
# - CVE-2017-3506
|
||||
# - CVE-2017-18638
|
||||
# - CVE-2016-1555
|
||||
# - CVE-2015-8813
|
||||
# - CVE-2014-3206
|
||||
# - CVE-2009-4223
|
||||
# - CNVD-2021-09650
|
||||
# - generic-tokens
|
||||
# - credentials-disclosure
|
||||
# - targa-camera-ssrf
|
||||
# - cloudflare-external-image-resize
|
||||
# - linkerd-ssrf-detection
|
||||
# - ssrf-via-oauth-misconfig
|
||||
# - tls-sni-proxy
|
||||
# - xmlrpc-pingback-ssrf
|
||||
# - hashicorp-consul-rce
|
||||
# - mirai-unknown-rce
|
||||
# - optilink-ont1gew-gpon-rce
|
||||
# - sar2html-rce
|
||||
# - zimbra-preauth-ssrf
|
||||
# - wp-xmlrpc-pingback-detection
|
||||
# - fastjson-1-2-41-rce
|
||||
# - fastjson-1-2-42-rce
|
||||
# - fastjson-1-2-43-rce
|
||||
# - fastjson-1-2-62-rce
|
||||
# - fastjson-1-2-67-rce
|
||||
# - fastjson-1-2-68-rce
|
||||
# - request-based-interaction
|
||||
# - open-proxy-internal
|
||||
# - open-proxy-localhost
|
||||
# - open-proxy-portscan
|
||||
#
|
||||
# Running this profile
|
||||
# You can run this profile using the following command:
|
||||
# nuclei -profile recommended -u https://example.com
|
||||
|
||||
severity:
|
||||
- critical
|
||||
|
|
|
|||
Loading…
Reference in New Issue