# This is a configuration file for the recommended template profile. # Additional configuration profiles can be created for different types of nuclei scans. # They should be placed under the 'config' directory at: # https://github.com/projectdiscovery/nuclei-templates # Here is an example of how to use a config profile: # nuclei -config config/recommended.yml -list target_list_to_scan.txt severity: - critical - high - medium - low - unknown type: - http - tcp - javascript exclude-tags: - tech - dos - fuzz - creds-stuffing - token-spray - osint exclude-id: - CVE-2021-45967 - CVE-2021-36380 - CVE-2021-33544 - CVE-2021-32305 - CVE-2021-31755 - CVE-2021-28164 - CVE-2021-27931 - CVE-2021-26855 - CVE-2021-25052 - CVE-2021-1498 - CVE-2020-7796 - CVE-2020-5775 - CVE-2020-35713 - CVE-2020-26919 - CVE-2020-25223 - CVE-2020-24148 - CVE-2020-10770 - CVE-2019-9978 - CVE-2019-8451 - CVE-2019-3929 - CVE-2019-2767 - CVE-2019-2616 - CVE-2019-20224 - CVE-2019-19824 - CVE-2019-10758 - CVE-2018-16167 - CVE-2018-15517 - CVE-2018-1000600 - CVE-2017-9506 - CVE-2017-3506 - CVE-2017-18638 - CVE-2016-1555 - CVE-2015-8813 - CVE-2014-3206 - CVE-2009-4223 - CNVD-2021-09650 - generic-tokens - credentials-disclosure - targa-camera-ssrf - cloudflare-external-image-resize - linkerd-ssrf-detection - ssrf-via-oauth-misconfig - tls-sni-proxy - xmlrpc-pingback-ssrf - hashicorp-consul-rce - mirai-unknown-rce - optilink-ont1gew-gpon-rce - sar2html-rce - zimbra-preauth-ssrf - wp-under-construction-ssrf - wp-xmlrpc-pingback-detection - fastjson-1-2-41-rce - fastjson-1-2-42-rce - fastjson-1-2-43-rce - fastjson-1-2-62-rce - fastjson-1-2-67-rce - fastjson-1-2-68-rce - request-based-interaction - open-proxy-internal - open-proxy-localhost - open-proxy-portscan