Community curated list of templates for the nuclei engine to find security vulnerabilities.

Go to file

geeknik 901777921c Update api-google-drive.yaml (#4520 ) This template is meant to be used like so: `nuclei -t token-spray/api-google-drive.yaml -var token=google_api_key -var referer=https://www.hostname_where_google_api_key_was_found.com` The way the template was edited to include `Referer: {{BaseURL}}` won't work because it adds `Referer: www.googleapis.com` which results in an ipRefererBlocked error from Google. If you can't define the referer, this template is useless and should be deleted. So please accept this change back to my original vision of this template. Thank you.		2022-06-02 00:34:52 +05:30
.github	workflow updates	2022-03-23 20:55:35 +05:30
cnvd	Remove blank cve-id fields from templates. (#4516 )	2022-05-31 20:04:35 +05:30
cves	Auto Generated CVE annotations [Wed Jun 1 14:05:28 UTC 2022] 🤖	2022-06-01 14:05:28 +00:00
default-logins	Update octobercms-default-login.yaml	2022-05-17 11:49:23 +05:30
dns	type typo update	2022-05-23 15:00:21 +05:30
exposed-panels	Update zyxel-firewall-panel.yaml	2022-05-31 13:58:05 +05:30
exposures	Remove blank cve-id fields from templates. (#4516 )	2022-05-31 20:04:35 +05:30
file	Added positive matcher to avoid false positive result. (#4517 )	2022-05-31 20:13:08 +05:30
fuzzing	Remove blank cve-id fields from templates. (#4516 )	2022-05-31 20:04:35 +05:30
headless	Wrapping the JS code with a function (#4438 )	2022-05-18 23:25:25 +05:30
helpers	Merge branch 'master' into master	2022-05-23 13:30:04 +05:30
iot	Remove blank cve-id fields from templates. (#4516 )	2022-05-31 20:04:35 +05:30
miscellaneous	Iterate endpoints from robots.txt (#471 )	2022-05-20 15:13:00 +05:30
misconfiguration	Fix IIS Internal IP Disclosure (#4479 )	2022-05-26 00:50:38 +05:30
network	Remove blank cve-id fields from templates. (#4516 )	2022-05-31 20:04:35 +05:30
ssl	Dashboard Content Enhancements (#4456 )	2022-05-20 17:38:52 -04:00
takeovers	Update github-takeover.yaml	2022-05-31 08:51:59 +03:00
technologies	Extract available endpoints from springboot-actuator (#4497 )	2022-05-29 13:36:51 +05:30
token-spray	Update api-google-drive.yaml (#4520 )	2022-06-02 00:34:52 +05:30
vulnerabilities	Update unauth-message-read.yaml	2022-06-01 18:51:48 +05:30
workflows	Dashboard Content Enhancements (#4426 )	2022-05-18 16:58:07 -04:00
.gitignore	Merge branch 'master' into dynamic_attributes	2021-08-19 16:23:26 +03:00
.new-additions	Auto Generated New Template Addition List [Wed Jun 1 13:55:32 UTC 2022] 🤖	2022-06-01 13:55:32 +00:00
.nuclei-ignore	Update .nuclei-ignore	2022-03-25 23:58:22 +05:30
.pre-commit-config.yml	pre-commit-config update	2021-09-11 12:16:55 +05:30
.yamllint	pre-commit-config update	2021-09-11 12:16:55 +05:30
CODE_OF_CONDUCT.md	Create CODE_OF_CONDUCT.md	2021-01-27 23:10:18 +05:30
CONTRIBUTING.md	Remove:	2022-01-25 14:38:53 -05:00
LICENSE.md	misc changes	2021-01-30 12:15:43 +05:30
PULL_REQUEST_TEMPLATE.md	Fixes contribute link in PR template (#4152 )	2022-04-15 13:30:01 +05:30
README.md	Auto README Update [Mon May 30 23:39:54 UTC 2022] 🤖	2022-05-30 23:39:54 +00:00
TEMPLATES-STATS.json	Auto Generated Templates Stats [Mon May 30 23:39:34 UTC 2022] 🤖	2022-05-30 23:39:34 +00:00
TEMPLATES-STATS.md	Auto Generated Templates Stats [Mon May 30 23:39:34 UTC 2022] 🤖	2022-05-30 23:39:34 +00:00
TOP-10.md	Auto Generated Templates Stats [Mon May 30 23:39:34 UTC 2022] 🤖	2022-05-30 23:39:34 +00:00
contributors.json	Ivanti EPM CSA Code Injection(CVE-2021-44529) (#3937 )	2022-03-20 13:14:37 +05:30
wappalyzer-mapping.yml	Added additional tags mapping file (#4108 )	2022-04-11 18:46:37 +05:30

README.md

Nuclei Templates

Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.

Documentation • Contributions • Discussion • Community • FAQs • Join Discord

Templates are the core of the nuclei scanner which powers the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issues to grow the list.

Nuclei Templates overview

An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is available here, and also available in JSON format for integration.

Nuclei Templates Top 10 statistics

TAG	COUNT	AUTHOR	COUNT	DIRECTORY	COUNT	SEVERITY	COUNT	TYPE	COUNT
cve	1191	daffainfo	565	cves	1196	info	1220	http	3263
panel	524	dhiyaneshdk	424	exposed-panels	533	high	895	file	68
lfi	467	pikpikcu	316	vulnerabilities	458	medium	681	network	50
xss	379	pdteam	266	technologies	258	critical	421	dns	17
wordpress	375	geeknik	181	exposures	205	low	186
rce	302	dwisiswant0	168	misconfiguration	200	unknown	6
exposure	298	princechaddha	139	workflows	187
cve2021	291	0x_akoko	139	token-spray	169
wp-plugin	274	gy741	122	default-logins	96
tech	274	pussycat0x	116	file	68

264 directories, 3622 files.

📖 Documentation

Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new or your own custom templates. We have also added a set of templates to help you understand how things work.

💪 Contributions

Nuclei-templates is powered by major contributions from the community. Template contributions , Feature Requests and Bug Reports are more than welcome.

💬 Discussion

Have questions / doubts / ideas to discuss? Feel free to open a discussion on Github discussions board.

👨‍💻 Community

You are welcome to join the active Discord Community to discuss directly with project maintainers and share things with others around security and automation. Additionally, you may follow us on Twitter to be updated on all the things about Nuclei.

Thanks again for your contribution and keeping this community vibrant. ❤️