daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Community curated list of templates for the nuclei engine to find security vulnerabilities.
1,032 Commits
12 Branches
0 Tags
148 MiB
JavaScript 100%
 
Go to file
bauthard 73affa7162
Merge pull request #372 from oways/patch-4 
Create drupal-user-enum-redirect.yaml
 		2020-08-31 13:17:29 +05:30
.github Update issue templates 2020-08-29 02:52:19 +05:30
cves Update CVE-2020-2140.yaml 2020-08-31 13:09:38 +05:30
default-credentials fix minor yamllint issues 2020-08-25 22:18:58 +02:00
dns uniform severity update 2020-08-04 03:22:00 +05:30
files Merge pull request #371 from geraldino2/master 2020-08-30 21:28:44 +05:30
generic-detections updating templates 2020-08-15 14:18:23 +05:30
panels Update pfsense-web-gui.yaml 2020-08-30 00:25:24 +05:30
payloads Add dedicated payloads dir - CVE-2020-6287 2020-07-21 13:54:02 +07:00
security-misconfiguration moved to correct folder and updated severity 2020-08-31 13:15:28 +05:30
subdomain-takeover Update detect-all-takeovers.yaml 2020-08-05 00:56:22 +05:30
technologies Update favicon-detection.yaml 2020-08-31 00:01:26 -05:00
tokens Update google-api-key.yaml 2020-08-29 09:39:04 +05:30
vulnerabilities moved to correct folder and updated severity 2020-08-31 13:15:28 +05:30
workflows Update wordpress-workflow.yaml 2020-08-30 12:42:58 -03:00
.gitignore Update .gitignore 2020-07-29 13:21:06 +05:30
.nuclei-ignore Update .nuclei-ignore 2020-08-26 00:37:11 +05:30
.pre-commit-config.yaml Add pre-commit and yamllint configuration 2020-05-24 23:20:42 +02:00
.yamllint Fixed linting rules for more relaxed 2020-05-25 17:27:54 +05:30
LICENSE.md updating templates 2020-08-15 14:18:23 +05:30
README.md Update README.md 2020-08-30 13:34:09 +05:30

README.md

Nuclei Templates

License GitHub Release contributions welcome Follow on Twitter Chat on Discord

Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests and grow the list.

Template Directory 
├── cves
│   ├── CVE-2017-10075.yaml
│   ├── CVE-2017-14849.yaml
│   ├── CVE-2017-5638.yaml
│   ├── CVE-2017-7529.yaml
│   ├── CVE-2017-9506.yaml
│   ├── CVE-2017-9841.yaml
│   ├── CVE-2018-0296.yaml
│   ├── CVE-2018-1000129.yaml
│   ├── CVE-2018-11409.yaml
│   ├── CVE-2018-11759.yaml
│   ├── CVE-2018-1247.yaml
│   ├── CVE-2018-1271.yaml
│   ├── CVE-2018-13379.yaml
│   ├── CVE-2018-14728.yaml
│   ├── CVE-2018-16341.yaml
│   ├── CVE-2018-18069.yaml
│   ├── CVE-2018-19439.yaml
│   ├── CVE-2018-20824.yaml
│   ├── CVE-2018-2791.yaml
│   ├── CVE-2018-3714.yaml
│   ├── CVE-2018-3760.yaml
│   ├── CVE-2018-5230.yaml
│   ├── CVE-2018-7490.yaml
│   ├── CVE-2019-10475.yaml
│   ├── CVE-2019-11248.yaml
│   ├── CVE-2019-11510.yaml
│   ├── CVE-2019-11580.yaml
│   ├── CVE-2019-12314.yaml
│   ├── CVE-2019-14322.yaml
│   ├── CVE-2019-14974.yaml
│   ├── CVE-2019-15043.yaml
│   ├── CVE-2019-16759-1.yaml
│   ├── CVE-2019-16759.yaml
│   ├── CVE-2019-17382.yaml
│   ├── CVE-2019-18394.yaml
│   ├── CVE-2019-19368.yaml
│   ├── CVE-2019-19781.yaml
│   ├── CVE-2019-19908.yaml
│   ├── CVE-2019-19985.yaml
│   ├── CVE-2019-2588.yaml
│   ├── CVE-2019-2725.yaml
│   ├── CVE-2019-3396.yaml
│   ├── CVE-2019-3799.yaml
│   ├── CVE-2019-5418.yaml
│   ├── CVE-2019-6112.yaml
│   ├── CVE-2019-7609.yaml
│   ├── CVE-2019-8449.yaml
│   ├── CVE-2019-8451.yaml
│   ├── CVE-2019-8903.yaml
│   ├── CVE-2019-8982.yaml
│   ├── CVE-2019-9978.yaml
│   ├── CVE-2020-10199.yaml
│   ├── CVE-2020-10204.yaml
│   ├── CVE-2020-1147.yaml
│   ├── CVE-2020-12720.yaml
│   ├── CVE-2020-13167.yaml
│   ├── CVE-2020-13379.yaml
│   ├── CVE-2020-17505.yaml
│   ├── CVE-2020-17506.yaml
│   ├── CVE-2020-2096.yaml
│   ├── CVE-2020-3187.yaml
│   ├── CVE-2020-3452.yaml
│   ├── CVE-2020-5284.yaml
│   ├── CVE-2020-5405.yaml
│   ├── CVE-2020-5410.yaml
│   ├── CVE-2020-5902.yaml
│   ├── CVE-2020-6287.yaml
│   ├── CVE-2020-7209.yaml
│   ├── CVE-2020-7961.yaml
│   ├── CVE-2020-8091.yaml
│   ├── CVE-2020-8115.yaml
│   ├── CVE-2020-8163.yaml
│   ├── CVE-2020-8191.yaml
│   ├── CVE-2020-8193.yaml
│   ├── CVE-2020-8194.yaml
│   ├── CVE-2020-8512.yaml
│   ├── CVE-2020-8982.yaml
│   ├── CVE-2020-9484.yaml
│   ├── CVE-2020-9496.yaml
│   └── CVE-2020-9757.yaml
├── default-credentials
│   ├── grafana-default-credential.yaml
│   ├── rabbitmq-default-admin.yaml
│   └── tomcat-manager-default.yaml
├── dns
│   ├── azure-takeover-detection.yaml
│   ├── cname-service-detector.yaml
│   ├── dead-host-with-cname.yaml
│   └── servfail-refused-hosts.yaml
├── files
│   ├── apc-info.yaml
│   ├── cgi-test-page.yaml
│   ├── dir-listing.yaml
│   ├── docker-registry.yaml
│   ├── druid-monitor.yaml
│   ├── drupal-install.yaml
│   ├── ds_store.yaml
│   ├── elasticsearch.yaml
│   ├── exposed-kibana.yaml
│   ├── exposed-svn.yaml
│   ├── filezilla.yaml
│   ├── firebase-detect.yaml
│   ├── git-config.yaml
│   ├── htaccess-config.yaml
│   ├── jkstatus-manager.yaml
│   ├── jolokia.yaml
│   ├── laravel-env.yaml
│   ├── lazy-file.yaml
│   ├── phpinfo.yaml
│   ├── public-tomcat-instance.yaml
│   ├── security.txt.yaml
│   ├── server-status-localhost.yaml
│   ├── telerik-dialoghandler-detect.yaml
│   ├── telerik-fileupload-detect.yaml
│   ├── tomcat-scripts.yaml
│   ├── wadl-files.yaml
│   ├── web-config.yaml
│   ├── wordpress-directory-listing.yaml
│   ├── wordpress-user-enumeration.yaml
│   ├── wp-xmlrpc.yaml
│   └── zip-backup-files.yaml
├── generic-detections
│   ├── basic-xss-prober.yaml
│   ├── general-tokens.yaml
│   └── top-15-xss.yaml
├── panels
│   ├── atlassian-crowd-panel.yaml
│   ├── cisco-asa-panel.yaml
│   ├── citrix-adc-gateway-detect.yaml
│   ├── compal.yaml
│   ├── crxde.yaml
│   ├── docker-api.yaml
│   ├── fortinet-fortigate-panel.yaml
│   ├── globalprotect-panel.yaml
│   ├── grafana-detect.yaml
│   ├── jenkins-asyncpeople.yaml
│   ├── jmx-console.yaml
│   ├── kubernetes-pods.yaml
│   ├── mongo-express-web-gui.yaml
│   ├── parallels-html-client.yaml
│   ├── pfsense-web-gui.yaml
│   ├── phpmyadmin-panel.yaml
│   ├── pulse-secure-panel.yaml
│   ├── rabbitmq-dashboard.yaml
│   ├── sap-netweaver-detect.yaml
│   ├── sap-recon-detect.yaml
│   ├── sophos-fw-version-detect.yaml
│   ├── supervpn-panel.yaml
│   ├── swagger-panel.yaml
│   ├── tikiwiki-cms.yaml
│   ├── traefik-dashboard
│   ├── weave-scope-dashboard-detect.yaml
│   ├── webeditors.yaml
│   └── workspaceone-uem-airWatch-dashboard-detect.yaml
├── payloads
│   └── CVE-2020-6287.xml
├── security-misconfiguration
│   ├── basic-cors-flash.yaml
│   ├── basic-cors.yaml
│   ├── front-page-misconfig.yaml
│   ├── jira-service-desk-signup.yaml
│   ├── jira-unauthenticated-dashboards.yaml
│   ├── jira-unauthenticated-popular-filters.yaml
│   ├── jira-unauthenticated-projects.yaml
│   ├── jira-unauthenticated-user-picker.yaml
│   ├── missing-x-frame-options.yaml
│   ├── put-method-enabled.yaml
│   ├── rack-mini-profiler.yaml
│   ├── springboot-detect.yaml
│   ├── wamp-xdebug-detect.yaml
│   └── wordpress-accessible-wpconfig.yaml
├── subdomain-takeover
│   ├── detect-all-takeovers.yaml
│   └── s3-subtakeover.yaml
├── technologies
│   ├── artica-web-proxy-detect.yaml
│   ├── bigip-config-utility-detect.yaml
│   ├── citrix-vpn-detect.yaml
│   ├── clockwork-php-page.yaml
│   ├── couchdb-detect.yaml
│   ├── favicon-detection.yaml
│   ├── github-enterprise-detect.yaml
│   ├── gitlab-detect.yaml
│   ├── graphql.yaml
│   ├── home-assistant.yaml
│   ├── jaspersoft-detect.yaml
│   ├── jira-detect.yaml
│   ├── liferay-portal-detect.yaml
│   ├── linkerd-badrule-detect.yaml
│   ├── linkerd-ssrf-detect.yaml
│   ├── netsweeper-webadmin-detect.yaml
│   ├── prometheus-exposed-panel.yaml
│   ├── s3-detect.yaml
│   ├── sap-netweaver-as-java-detect.yaml
│   ├── sap-netweaver-detect.yaml
│   ├── sql-server-reporting.yaml
│   ├── tech-detect.yaml
│   ├── weblogic-detect.yaml
│   └── werkzeug-debugger-detect.yaml
├── tokens
│   ├── amazon-mws-auth-token-value.yaml
│   ├── aws-access-key-value.yaml
│   ├── credentials-disclosure.yaml
│   ├── google-api-key.yaml
│   ├── http-username-password.yaml
│   ├── mailchimp-api-key.yaml
│   └── slack-access-token.yaml
├── vulnerabilities
│   ├── cached-aem-pages.yaml
│   ├── couchdb-adminparty.yaml
│   ├── crlf-injection.yaml
│   ├── discourse-xss.yaml
│   ├── eclipse-help-system-xss.yaml
│   ├── git-config-nginxoffbyslash.yaml
│   ├── ibm-infoprint-directory-traversal.yaml
│   ├── microstrategy-ssrf.yaml
│   ├── moodle-filter-jmol-lfi.yaml
│   ├── moodle-filter-jmol-xss.yaml
│   ├── nginx-module-vts-xss.yaml
│   ├── open-redirect.yaml
│   ├── oracle-ebs-bispgraph-file-access.yaml
│   ├── pdf-signer-ssti-to-rce.yaml
│   ├── rce-shellshock-user-agent.yaml
│   ├── rce-via-java-deserialization.yaml
│   ├── sick-beard-xss.yaml
│   ├── springboot-actuators-jolokia-xxe.yaml
│   ├── symfony-debugmode.yaml
│   ├── tikiwiki-reflected-xss.yaml
│   ├── tomcat-manager-pathnormalization.yaml
│   ├── twig-php-ssti.yaml
│   ├── wems-manager-xss.yaml
│   ├── wordpress-duplicator-path-traversal.yaml
│   ├── wordpress-wordfence-xss.yaml
│   └── x-forwarded-host-injection.yaml
└── workflows
    ├── artica-web-proxy-workflow.yaml
    ├── bigip-pwner-workflow.yaml
    ├── cisco-asa-workflow.yaml
    ├── grafana-workflow.yaml
    ├── jira-exploitaiton-workflow.yaml
    ├── liferay-rce-workflow.yaml
    ├── netsweeper-preauth-rce-workflow.yaml
    ├── rabbitmq-workflow.yaml
    ├── sap-netweaver-workflow.yaml
    ├── springboot-pwner-workflow.yaml
    ├── vbulletin-workflow.yaml
    └── wordpress-workflow.yaml

13 directories, 235 templates.

Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.

Notes:

  1. Use YAMLlint (e.g. yamllint) to validate new templates when sending pull requests.
  2. Use YAML Formatter (e.g. jsonformatter) to format new templates when sending pull requests.

Thanks again for your contribution and keeping the community vibrant. ❤️