Adding details about "Nuclei Templates Ignore list"

2020-12-15 01:08:36 +05:30 · 2020-12-15 01:08:36 +05:30 · 6b0ff72085
parent 65400a7cc8
commit 6b0ff72085
1 changed files with 21 additions and 1 deletions
--- a/.nuclei-ignore
+++ b/.nuclei-ignore
@ -1,3 +1,16 @@
+# ==| Nuclei Templates Ignore list |==
+# ====================================
+#
+# This list can be used to define template/s that will be blocked from execution.
+# When a folder/directory is listed under this list, the templates within folder can be executed only when running them directly.
+# For example, "nuclei -t fuzzing" will not work, "nuclei -t fuzzing/wp-plugin-scan.yaml" will be executed.
+# 
+# Why ignore list? - To ensure nuclei is not getting used to hammer the every web server with templates that are meant to be used for specific use cases. 
+# and that doesn't mean nuclei won't let you run these templates. if you know what you are doing, feel free to updates this list locally as per your need.
+#
+# This list also can be used to ignore templates that you wanted to exclude from every scan.
+# More details - https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion
+
 .pre-commit-config.yaml
 cves/CVE-2017-7529.yaml
 cves/CVE-2020-13379.yaml
@ -5,6 +18,13 @@ cves/CVE-2013-2251.yaml
 cves/CVE-2020-16139.yaml
 cves/CVE-2019-15858.yaml
 vulnerabilities/x-forwarded-host-injection.yaml
+
+# Fuzzing is excluded to avoid running bruteforce on every server as default.
 fuzzing/
+
+# Wordlist directory contains payload to be used with templates. 
 wordlists/
-misc/
+misc/
+
+# Workflows are excluded from default run to avoid duplicate scans.
+workflows/