daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Community curated list of templates for the nuclei engine to find security vulnerabilities.
1,040 Commits
12 Branches
0 Tags
148 MiB
JavaScript 100%
 
Go to file
bauthard a1432f7cde
Merge pull request #378 from CasperGN/master 
robots.txt file module, lotus domino technology module and extension fixing
 		2020-08-31 22:51:53 +05:30
.github Update issue templates 2020-08-29 02:52:19 +05:30
cves Update CVE-2020-2140.yaml 2020-08-31 13:09:38 +05:30
default-credentials fix minor yamllint issues 2020-08-25 22:18:58 +02:00
dns uniform severity update 2020-08-04 03:22:00 +05:30
files Update robots.txt.yaml 2020-08-31 22:47:14 +05:30
generic-detections updating templates 2020-08-15 14:18:23 +05:30
panels renaming to uphold extension 2020-08-31 17:28:19 +02:00
payloads Add dedicated payloads dir - CVE-2020-6287 2020-07-21 13:54:02 +07:00
security-misconfiguration moved to correct folder and updated severity 2020-08-31 13:15:28 +05:30
subdomain-takeover Update detect-all-takeovers.yaml 2020-08-05 00:56:22 +05:30
technologies moving this to tech detect 2020-08-31 22:50:06 +05:30
tokens Update google-api-key.yaml 2020-08-29 09:39:04 +05:30
vulnerabilities moved to correct folder and updated severity 2020-08-31 13:15:28 +05:30
workflows Update wordpress-workflow.yaml 2020-08-30 12:42:58 -03:00
.gitignore Update .gitignore 2020-07-29 13:21:06 +05:30
.nuclei-ignore Update .nuclei-ignore 2020-08-26 00:37:11 +05:30
.pre-commit-config.yaml Add pre-commit and yamllint configuration 2020-05-24 23:20:42 +02:00
.yamllint Fixed linting rules for more relaxed 2020-05-25 17:27:54 +05:30
LICENSE.md updating templates 2020-08-15 14:18:23 +05:30
README.md Update README.md 2020-08-30 13:34:09 +05:30

README.md

Nuclei Templates

License GitHub Release contributions welcome Follow on Twitter Chat on Discord

Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests and grow the list.

Template Directory 
├── cves
│   ├── CVE-2017-10075.yaml
│   ├── CVE-2017-14849.yaml
│   ├── CVE-2017-5638.yaml
│   ├── CVE-2017-7529.yaml
│   ├── CVE-2017-9506.yaml
│   ├── CVE-2017-9841.yaml
│   ├── CVE-2018-0296.yaml
│   ├── CVE-2018-1000129.yaml
│   ├── CVE-2018-11409.yaml
│   ├── CVE-2018-11759.yaml
│   ├── CVE-2018-1247.yaml
│   ├── CVE-2018-1271.yaml
│   ├── CVE-2018-13379.yaml
│   ├── CVE-2018-14728.yaml
│   ├── CVE-2018-16341.yaml
│   ├── CVE-2018-18069.yaml
│   ├── CVE-2018-19439.yaml
│   ├── CVE-2018-20824.yaml
│   ├── CVE-2018-2791.yaml
│   ├── CVE-2018-3714.yaml
│   ├── CVE-2018-3760.yaml
│   ├── CVE-2018-5230.yaml
│   ├── CVE-2018-7490.yaml
│   ├── CVE-2019-10475.yaml
│   ├── CVE-2019-11248.yaml
│   ├── CVE-2019-11510.yaml
│   ├── CVE-2019-11580.yaml
│   ├── CVE-2019-12314.yaml
│   ├── CVE-2019-14322.yaml
│   ├── CVE-2019-14974.yaml
│   ├── CVE-2019-15043.yaml
│   ├── CVE-2019-16759-1.yaml
│   ├── CVE-2019-16759.yaml
│   ├── CVE-2019-17382.yaml
│   ├── CVE-2019-18394.yaml
│   ├── CVE-2019-19368.yaml
│   ├── CVE-2019-19781.yaml
│   ├── CVE-2019-19908.yaml
│   ├── CVE-2019-19985.yaml
│   ├── CVE-2019-2588.yaml
│   ├── CVE-2019-2725.yaml
│   ├── CVE-2019-3396.yaml
│   ├── CVE-2019-3799.yaml
│   ├── CVE-2019-5418.yaml
│   ├── CVE-2019-6112.yaml
│   ├── CVE-2019-7609.yaml
│   ├── CVE-2019-8449.yaml
│   ├── CVE-2019-8451.yaml
│   ├── CVE-2019-8903.yaml
│   ├── CVE-2019-8982.yaml
│   ├── CVE-2019-9978.yaml
│   ├── CVE-2020-10199.yaml
│   ├── CVE-2020-10204.yaml
│   ├── CVE-2020-1147.yaml
│   ├── CVE-2020-12720.yaml
│   ├── CVE-2020-13167.yaml
│   ├── CVE-2020-13379.yaml
│   ├── CVE-2020-17505.yaml
│   ├── CVE-2020-17506.yaml
│   ├── CVE-2020-2096.yaml
│   ├── CVE-2020-3187.yaml
│   ├── CVE-2020-3452.yaml
│   ├── CVE-2020-5284.yaml
│   ├── CVE-2020-5405.yaml
│   ├── CVE-2020-5410.yaml
│   ├── CVE-2020-5902.yaml
│   ├── CVE-2020-6287.yaml
│   ├── CVE-2020-7209.yaml
│   ├── CVE-2020-7961.yaml
│   ├── CVE-2020-8091.yaml
│   ├── CVE-2020-8115.yaml
│   ├── CVE-2020-8163.yaml
│   ├── CVE-2020-8191.yaml
│   ├── CVE-2020-8193.yaml
│   ├── CVE-2020-8194.yaml
│   ├── CVE-2020-8512.yaml
│   ├── CVE-2020-8982.yaml
│   ├── CVE-2020-9484.yaml
│   ├── CVE-2020-9496.yaml
│   └── CVE-2020-9757.yaml
├── default-credentials
│   ├── grafana-default-credential.yaml
│   ├── rabbitmq-default-admin.yaml
│   └── tomcat-manager-default.yaml
├── dns
│   ├── azure-takeover-detection.yaml
│   ├── cname-service-detector.yaml
│   ├── dead-host-with-cname.yaml
│   └── servfail-refused-hosts.yaml
├── files
│   ├── apc-info.yaml
│   ├── cgi-test-page.yaml
│   ├── dir-listing.yaml
│   ├── docker-registry.yaml
│   ├── druid-monitor.yaml
│   ├── drupal-install.yaml
│   ├── ds_store.yaml
│   ├── elasticsearch.yaml
│   ├── exposed-kibana.yaml
│   ├── exposed-svn.yaml
│   ├── filezilla.yaml
│   ├── firebase-detect.yaml
│   ├── git-config.yaml
│   ├── htaccess-config.yaml
│   ├── jkstatus-manager.yaml
│   ├── jolokia.yaml
│   ├── laravel-env.yaml
│   ├── lazy-file.yaml
│   ├── phpinfo.yaml
│   ├── public-tomcat-instance.yaml
│   ├── security.txt.yaml
│   ├── server-status-localhost.yaml
│   ├── telerik-dialoghandler-detect.yaml
│   ├── telerik-fileupload-detect.yaml
│   ├── tomcat-scripts.yaml
│   ├── wadl-files.yaml
│   ├── web-config.yaml
│   ├── wordpress-directory-listing.yaml
│   ├── wordpress-user-enumeration.yaml
│   ├── wp-xmlrpc.yaml
│   └── zip-backup-files.yaml
├── generic-detections
│   ├── basic-xss-prober.yaml
│   ├── general-tokens.yaml
│   └── top-15-xss.yaml
├── panels
│   ├── atlassian-crowd-panel.yaml
│   ├── cisco-asa-panel.yaml
│   ├── citrix-adc-gateway-detect.yaml
│   ├── compal.yaml
│   ├── crxde.yaml
│   ├── docker-api.yaml
│   ├── fortinet-fortigate-panel.yaml
│   ├── globalprotect-panel.yaml
│   ├── grafana-detect.yaml
│   ├── jenkins-asyncpeople.yaml
│   ├── jmx-console.yaml
│   ├── kubernetes-pods.yaml
│   ├── mongo-express-web-gui.yaml
│   ├── parallels-html-client.yaml
│   ├── pfsense-web-gui.yaml
│   ├── phpmyadmin-panel.yaml
│   ├── pulse-secure-panel.yaml
│   ├── rabbitmq-dashboard.yaml
│   ├── sap-netweaver-detect.yaml
│   ├── sap-recon-detect.yaml
│   ├── sophos-fw-version-detect.yaml
│   ├── supervpn-panel.yaml
│   ├── swagger-panel.yaml
│   ├── tikiwiki-cms.yaml
│   ├── traefik-dashboard
│   ├── weave-scope-dashboard-detect.yaml
│   ├── webeditors.yaml
│   └── workspaceone-uem-airWatch-dashboard-detect.yaml
├── payloads
│   └── CVE-2020-6287.xml
├── security-misconfiguration
│   ├── basic-cors-flash.yaml
│   ├── basic-cors.yaml
│   ├── front-page-misconfig.yaml
│   ├── jira-service-desk-signup.yaml
│   ├── jira-unauthenticated-dashboards.yaml
│   ├── jira-unauthenticated-popular-filters.yaml
│   ├── jira-unauthenticated-projects.yaml
│   ├── jira-unauthenticated-user-picker.yaml
│   ├── missing-x-frame-options.yaml
│   ├── put-method-enabled.yaml
│   ├── rack-mini-profiler.yaml
│   ├── springboot-detect.yaml
│   ├── wamp-xdebug-detect.yaml
│   └── wordpress-accessible-wpconfig.yaml
├── subdomain-takeover
│   ├── detect-all-takeovers.yaml
│   └── s3-subtakeover.yaml
├── technologies
│   ├── artica-web-proxy-detect.yaml
│   ├── bigip-config-utility-detect.yaml
│   ├── citrix-vpn-detect.yaml
│   ├── clockwork-php-page.yaml
│   ├── couchdb-detect.yaml
│   ├── favicon-detection.yaml
│   ├── github-enterprise-detect.yaml
│   ├── gitlab-detect.yaml
│   ├── graphql.yaml
│   ├── home-assistant.yaml
│   ├── jaspersoft-detect.yaml
│   ├── jira-detect.yaml
│   ├── liferay-portal-detect.yaml
│   ├── linkerd-badrule-detect.yaml
│   ├── linkerd-ssrf-detect.yaml
│   ├── netsweeper-webadmin-detect.yaml
│   ├── prometheus-exposed-panel.yaml
│   ├── s3-detect.yaml
│   ├── sap-netweaver-as-java-detect.yaml
│   ├── sap-netweaver-detect.yaml
│   ├── sql-server-reporting.yaml
│   ├── tech-detect.yaml
│   ├── weblogic-detect.yaml
│   └── werkzeug-debugger-detect.yaml
├── tokens
│   ├── amazon-mws-auth-token-value.yaml
│   ├── aws-access-key-value.yaml
│   ├── credentials-disclosure.yaml
│   ├── google-api-key.yaml
│   ├── http-username-password.yaml
│   ├── mailchimp-api-key.yaml
│   └── slack-access-token.yaml
├── vulnerabilities
│   ├── cached-aem-pages.yaml
│   ├── couchdb-adminparty.yaml
│   ├── crlf-injection.yaml
│   ├── discourse-xss.yaml
│   ├── eclipse-help-system-xss.yaml
│   ├── git-config-nginxoffbyslash.yaml
│   ├── ibm-infoprint-directory-traversal.yaml
│   ├── microstrategy-ssrf.yaml
│   ├── moodle-filter-jmol-lfi.yaml
│   ├── moodle-filter-jmol-xss.yaml
│   ├── nginx-module-vts-xss.yaml
│   ├── open-redirect.yaml
│   ├── oracle-ebs-bispgraph-file-access.yaml
│   ├── pdf-signer-ssti-to-rce.yaml
│   ├── rce-shellshock-user-agent.yaml
│   ├── rce-via-java-deserialization.yaml
│   ├── sick-beard-xss.yaml
│   ├── springboot-actuators-jolokia-xxe.yaml
│   ├── symfony-debugmode.yaml
│   ├── tikiwiki-reflected-xss.yaml
│   ├── tomcat-manager-pathnormalization.yaml
│   ├── twig-php-ssti.yaml
│   ├── wems-manager-xss.yaml
│   ├── wordpress-duplicator-path-traversal.yaml
│   ├── wordpress-wordfence-xss.yaml
│   └── x-forwarded-host-injection.yaml
└── workflows
    ├── artica-web-proxy-workflow.yaml
    ├── bigip-pwner-workflow.yaml
    ├── cisco-asa-workflow.yaml
    ├── grafana-workflow.yaml
    ├── jira-exploitaiton-workflow.yaml
    ├── liferay-rce-workflow.yaml
    ├── netsweeper-preauth-rce-workflow.yaml
    ├── rabbitmq-workflow.yaml
    ├── sap-netweaver-workflow.yaml
    ├── springboot-pwner-workflow.yaml
    ├── vbulletin-workflow.yaml
    └── wordpress-workflow.yaml

13 directories, 235 templates.

Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.

Notes:

  1. Use YAMLlint (e.g. yamllint) to validate new templates when sending pull requests.
  2. Use YAML Formatter (e.g. jsonformatter) to format new templates when sending pull requests.

Thanks again for your contribution and keeping the community vibrant. ❤️