daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

master changes to dev (#507)

dev
PD-Team 2021-01-30 12:12:19 +05:30 committed by GitHub
parent ee06a6dcd6
commit 978383a01b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 455 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CODE_OF_CONDUCT.md Normal file
View File

@ -0,0 +1,76 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at contact@projectdiscovery.io. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq

2
LICENSE.md
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2020 Exposed Atoms
Copyright (c) 2020 ProjectDiscovery, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

345
README.md
View File

@ -1,268 +1,167 @@
<h1 align="center">
<img src="static/nuclei-logo.png" alt="nuclei" width="200px"></a>
<br>
<a href="https://nuclei.projectdiscovery.io"><img src="static/nuclei-logo.png" width="200px" alt="Nuclei"></a>
</h1>
[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)
[![Go Report Card](https://goreportcard.com/badge/github.com/projectdiscovery/nuclei)](https://goreportcard.com/report/github.com/projectdiscovery/nuclei)
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/projectdiscovery/nuclei/issues)
[![GitHub Release](https://img.shields.io/github/release/projectdiscovery/nuclei)](https://github.com/projectdiscovery/nuclei/releases)
[![Follow on Twitter](https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter)](https://twitter.com/pdnuclei)
[![Docker Images](https://img.shields.io/docker/pulls/projectdiscovery/nuclei.svg)](https://hub.docker.com/r/projectdiscovery/nuclei)
[![Chat on Discord](https://img.shields.io/discord/695645237418131507.svg?logo=discord)](https://discord.gg/KECAGdH)
<h4 align="center">Fast and customisable vulnerability scanner based on simple YAML based DSL.</h4>
<p align="center">
<a href="https://nuclei.projectdiscovery.io/templating-guide/" target="_blank"><img src="static/read-the-docs-button.png" height="42px"/></center></a> <a href="https://github.com/projectdiscovery/nuclei-templates" target="_blank"><img src="static/download-templates-button.png" height="42px"/></a>
<a href="https://goreportcard.com/report/github.com/projectdiscovery/nuclei"><img src="https://goreportcard.com/badge/github.com/projectdiscovery/nuclei"></a>
<a href="https://github.com/projectdiscovery/nuclei/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
<a href="https://github.com/projectdiscovery/nuclei/releases"><img src="https://img.shields.io/github/release/projectdiscovery/nuclei"></a>
<a href="https://twitter.com/pdnuclei"><img src="https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter"></a>
<a href="https://discord.gg/KECAGdH"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord"></a>
</p>
<p align="center">
<a href="#how-it-works">How</a>
<a href="#install-nuclei">Install</a>
<a href="#for-security-engineers">For Security Engineers</a>
<a href="#for-developers-and-organisations">For Developers</a>
<a href="https://nuclei.projectdiscovery.io">Wiki</a>
<a href="#credits">Credits</a>
<a href="#license">License</a>
<a href="https://discord.gg/KECAGdH">Join Discord</a>
</p>
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
---
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable. It uses [retryablehttp-go library](https://github.com/projectdiscovery/retryablehttp-go) designed to handle various errors and retries in case of blocking by WAFs, this is also one of our core modules from custom-queries.
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.
We have also [open-sourced a template repository](https://github.com/projectdiscovery/nuclei-templates) to maintain various type of templates, we hope that you will contribute there too. Templates are provided in hopes that these will be useful and will allow everyone to build their own templates for the scanner. Checkout the templating guide at [**nuclei.projectdiscovery.io**](https://nuclei.projectdiscovery.io/templating-guide/) for a primer on nuclei templates.
## Resources
- [Features](#features)
- [Installation Instructions](#installation-instructions)
- [From Binary](#from-binary)
- [From Source](#from-source)
- [From Github](#from-github)
- [Nuclei templates](#nuclei-templates)
- [Usage](#usage)
- [Running nuclei](#running-nuclei)
- [Running with a single template.](#running-with-single-template)
- [Running with multiple templates.](#running-with-multiple-templates)
- [Running with subfinder](#running-with-subfinder)
- [Running in Docker](#running-in-docker-container)
- [Rate Limits](#rate-limits)
- [Template exclusion](#template-exclusion)
- [Thanks](#thanks)
We have a [dedicated repository](https://github.com/projectdiscovery/nuclei-templates) that houses various type of vulnerability templates contributed by **more than 100** security researchers and engineers. It is preloaded with ready to use templates using `-update-templates` flag.
## Features
## How it works
<h3 align="center">
<img src="static/nuclei-flow.jpg" alt="nuclei-flow" width="700px"></a>
</h3>
# Install Nuclei
```sh
▶ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
```
**More installation [methods can be found here](https://nuclei.projectdiscovery.io/nuclei/get-started/).**
<table>
<tr>
<td>
### Download Templates
You can download and update the nuclei templates using <ins>*update-templates*</ins> flag of nuclei that downloads all the available **nuclei-templates** from [Github project](https://github.com/projectdiscovery/nuclei-templates), a community curated list of templates that are ready to use.
`▶ nuclei -update-templates`
Nuclei is designed to used with custom templates according to the target and workflow, you can write your own checks for your specific workflow and needs, please refer to nuclei **[templating guide](https://nuclei.projectdiscovery.io/templating-guide/)** to write your own custom templates.
</td>
</tr>
</table>
### Running Nuclei
Scanning for CVEs on given list of URLs.
```sh
▶ nuclei -l target_urls.txt -t cves/
```
**More detailed examples of running nuclei can be found [here](https://nuclei.projectdiscovery.io/nuclei/get-started/#using-nuclei).**
# For Security Engineers
Nuclei offers great number of features that are helpful for security engineers to customise workflow in their organisation. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create their suite of custom checks with Nuclei.
- Varieties of protocols supported: TCP, DNS, HTTP, File, etc
- Achieve complex vulnerability steps with workflows and [dynamic requests.](https://blog.projectdiscovery.io/post/nuclei-unleashed/)
- [Easy to integrate into CI/CD](https://handsonappsec.medium.com/build-a-cloud-native-application-security-operations-center-3b4100ea1a79), designed to be easily integrated into regression cycle to actively check the fix and re-appearance of vulnerability.
<h1 align="left">
<img src="static/nuclei-run.png" alt="nuclei" width="700px"></a>
<br>
<a href="https://nuclei.projectdiscovery.io/nuclei/get-started/"><img src="static/learn-more-button.png" width="170px" alt="Learn More"></a>
</h1>
- Simple and modular code base making it easy to contribute.
- Fast And fully configurable using a template based engine.
- Handles edge cases doing retries, backoffs etc for handling WAFs.
- Smart matching functionality for zero false positive scanning.
<table>
<tr>
<td>
## Usage
**For bugbounty hunters:**
```sh
nuclei -h
```
Nuclei allows you to customise your testing approach with your own suite of checks and easily run across your bug bounty programs. Moroever, Nuclei can be easily integrated into any continuous scanning workflow.
This will display help for the tool. Here are all the switches it supports.
- Designed to be easily integrated into other tool workflow.
- Can process thousands of hosts in few minutes.
- Easily automate your custom testing approach with our simple YAML DSL.
| Flag | Description | Example |
| ---------------------- | --------------------------------------------------------- | ----------------------------------------------- |
| bulk-size | Max hosts analyzed in parallel per template ( default 25) | nuclei -bulk-size 25 |
| burp-collaborator-biid | Burp Collaborator BIID | nuclei -burp-collaborator-biid XXXX |
| c | Max templates processed in parallel (default 10) | nuclei -c 10 |
| l | List of urls to run templates | nuclei -l urls.txt |
| target | Target to scan using Templates | nuclei -target hxxps://example.com |
| t | Templates input file/files to check across hosts | nuclei -t git-core.yaml -t cves/ |
| no-color | Don't Use colors in output | nuclei -no-color |
| no-meta | Don't display metadata for the matches | nuclei -no-meta |
| json | Prints and write output in json format | nuclei -json |
| include-rr | Inlcude req/resp of matched output in JSON output | nuclei -json -include-rr |
| o | File to save output result (optional) | nuclei -o output.txt |
| project | Project flag to avoid sending same requests | nuclei -project |
| project-path | Use a user defined project folder | nuclei -project -project-path test |
| stats | Enable the progress bar (optional) | nuclei -stats |
| silent | Show only found results in output | nuclei -silent |
| retries | Number of times to retry a failed request | nuclei -retries 1 |
| timeout | Seconds to wait before timeout (default 5) | nuclei -timeout 5 |
| trace-log | File to write sent requests trace log | nuclei -trace-log logs |
| rate-limit | Maximum requests/second (default 150) | nuclei -rate-limit 150 |
| severity | Run templates based on severity | nuclei -severity critical,high |
| stop-at-first-match | Stop processing http requests at first match | nuclei -stop-at-first-match |
| exclude | Template input dir/file/files to exclude | nuclei -exclude panels -exclude tokens |
| debug | Allow debugging of request/responses. | nuclei -debug |
| update-templates | Download and updates nuclei templates | nuclei -update-templates |
| update-directory | Directory for storing nuclei-templates(optional) | nuclei -update-directory templates |
| tl | List available templates | nuclei -tl |
| templates-version | Shows the installed nuclei-templates version | nuclei -templates-version |
| v | Shows verbose output of all sent requests | nuclei -v |
| version | Show version of nuclei | nuclei -version |
| proxy-url | Proxy URL | nuclei -proxy-url hxxp://127.0.0.1:8080 |
| proxy-socks-url | Socks proxyURL | nuclei -proxy-socks-url socks5://127.0.0.1:8080 |
| random-agent | Use random User-Agents | nuclei -random-agent |
| H | Custom Header | nuclei -H "x-bug-bounty: hacker" |
Please check our other open-source projects that might fit into your bug bounty workflow: [github.com/projectdiscovery](http://github.com/projectdiscovery), we also host daily [refresh of DNS data at Chaos](http://chaos.projectdiscovery.io).
## Installation Instructions
</td>
</tr>
</table>
### From Binary
<table>
<tr>
<td>
The installation is easy. You can download the pre-built binaries for your platform from the [Releases](https://github.com/projectdiscovery/nuclei/releases/) page. Extract them using tar, move it to your `$PATH`and you're ready to go.
**For pentesters:**
```sh
Download latest binary from https://github.com/projectdiscovery/nuclei/releases
Nuclei immensely improve how you approach security assessment by augmenting the manual repetitve processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.
▶ tar -xzvf nuclei-linux-amd64.tar.gz
▶ mv nuclei /usr/local/bin/
▶ nuclei -version
```
Pen-testers get the full power of our public templates and customization capabilities to speed-up their assessment process, and specifically with the regression cycle where you can easily verify the fix.
### From Source
- Easily create your compliance, standards suite (e.g. OWASP Top 10) checklist.
- With capabilities like [fuzz](https://nuclei.projectdiscovery.io/templating-guide/#advance-fuzzing) and [workflows](https://nuclei.projectdiscovery.io/templating-guide/#workflows), complex manual steps and repetitive assessment can be easily automated with Nuclei.
- Easy to re-test vulnerability-fix by just re-running the template.
nuclei requires **go1.14+** to install successfully. Run the following command to get the repo -
</td>
</tr>
</table>
```sh
▶ GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
```
### From Github
# For Developers and Organisations
```sh
▶ git clone https://github.com/projectdiscovery/nuclei.git; cd nuclei/v2/cmd/nuclei/; go build; mv nuclei /usr/local/bin/; nuclei -version
```
Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occuring in future.
## Nuclei templates
- **CI/CD:** Engineers are already [utilising Nuclei within their CI/CD pipeline](https://handsonappsec.medium.com/build-a-cloud-native-application-security-operations-center-3b4100ea1a79), it allows them to constantly monitor their staging and production environments with customised templates.
- **Continuous Regression Cycle:** With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle.
You can download or update the nuclei templates using `update-templates` flag.
We have [a discussion thread around this](https://github.com/projectdiscovery/nuclei-templates/discussions/693), there are already some bug bounty programs giving incentives to hackers on writing nuclei templates with every submission, that helps them to eliminate the vulnerability across all their assets, as well as to eliminate future risk in reappearing on productions. If you're interested in implementing it in your organisation, feel free to [reach out to us](mailto:contact@projectdiscovery.io). We will be more than happy to help you in the getting started process, or you can also post into the [discussion thread for any help](https://github.com/projectdiscovery/nuclei-templates/discussions/693).
```sh
▶ nuclei -update-templates
```
<h3 align="center">
<img src="static/regression-with-nuclei.jpg" alt="regression-cycle-with-nuclei" width="1100px"></a>
</h3>
or download it from [nuclei templates](https://github.com/projectdiscovery/nuclei-templates) Github project.
<h1 align="left">
<a href="https://github.com/projectdiscovery/nuclei-action"><img src="static/learn-more-button.png" width="170px" alt="Learn More"></a>
</h1>
```sh
▶ git clone https://github.com/projectdiscovery/nuclei-templates.git
```
### Resources
**Please refer to nuclei [templating guide](https://nuclei.projectdiscovery.io/templating-guide/) to writing your own custom templates.**
## Running Nuclei
- [Community Powered Scanning with Nuclei](https://blog.projectdiscovery.io/post/nuclei-introduction/)
- [Nuclei Unleashed - Quickly write complex exploits](https://blog.projectdiscovery.io/post/nuclei-unleashed/)
- [Nuclei - Fuzz all the things](https://blog.projectdiscovery.io/post/nuclei-fuzz-all-the-things/)
- [Automate Security Regression Testing With Nuclei](https://handsonappsec.medium.com/automate-security-regression-testing-featuring-nuclei-204b6970be7a) by [@toufik-airane](https://github.com/toufik-airane)
- [Build A Cloud-Native Application Security Operations Center](https://handsonappsec.medium.com/build-a-cloud-native-application-security-operations-center-3b4100ea1a79) by [@toufik-airane](https://github.com/toufik-airane)
- [Weaponizes nuclei Workflows to Pwn All the Things](https://medium.com/@dwi.siswanto98/weaponizes-nuclei-workflows-to-pwn-all-the-things-cd01223feb77) by [@dwisiswant0](https://github.com/dwisiswant0)
- [How to Scan Continuously with Nuclei?](https://medium.com/@dwi.siswanto98/how-to-scan-continuously-with-nuclei-fcb7e9d8b8b9) by [@dwisiswant0](https://github.com/dwisiswant0)
### Running with single template.
This will run `git-core.yaml` template against all the hosts in `urls.txt` and returns the matched results.
### Credits
```sh
▶ nuclei -l urls.txt -t files/git-core.yaml -o results.txt
```
Thanks to all the amazing community [contributors for sending PRs](https://github.com/projectdiscovery/nuclei/graphs/contributors). Do also check out the below similar open-source projects that may fit in your workflow:
You can also pass the list of urls at standard input (STDIN). This allows for easy integration in automation pipelines.
[FFuF](https://github.com/ffuf/ffuf), [Qsfuzz](https://github.com/ameenmaali/qsfuzz), [Inception](https://github.com/proabiral/inception), [Snallygaster](https://github.com/hannob/snallygaster), [Gofingerprint](https://github.com/Static-Flow/gofingerprint), [Sn1per](https://github.com/1N3/Sn1per/tree/master/templates), [Google tsunami](https://github.com/google/tsunami-security-scanner), [Jaeles](https://github.com/jaeles-project/jaeles), [ChopChop](https://github.com/michelin/ChopChop)
```sh
▶ cat urls.txt | nuclei -t files/git-core.yaml -o results.txt
```
### License
💡 Nuclei accepts list of URLs as input, for example here is how `urls.txt` looks like:-
Nuclei is distributed under [MIT License](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md)
```
https://test.some-site.com
http://vuls-testing.com
https://test.com
```
### Running with multiple templates.
This will run the tool against all the urls in `urls.txt` with all the templates in the `cves` and `files` directory and returns the matched results.
```sh
▶ nuclei -l urls.txt -t cves/ -t files/ -o results.txt
```
### Running with subfinder.
```sh
▶ subfinder -d hackerone.com -silent | httpx -silent | nuclei -t cves/ -o results.txt
```
### Running in Docker container
You can use the [nuclei dockerhub image](https://hub.docker.com/r/projectdiscovery/nuclei). Simply run -
```sh
▶ docker pull projectdiscovery/nuclei
```
After downloading or building the container, run the following:
```sh
▶ docker run -it projectdiscovery/nuclei
```
For example, this will run the tool against all the hosts in `urls.txt` and output the results to your host file system:
```sh
▶ cat urls.txt | docker run -v /path/to/nuclei-templates:/app/nuclei-templates -v /path/to/nuclei/config:/app/.nuclei-config.json -i projectdiscovery/nuclei -t /app/nuclei-templates/files/git-config.yaml > results.txt
```
Remember to change `/path-to-nuclei-templates` to the real path on your host file system.
### Rate Limits
Nuclei have multiple rate limit controls for multiple factors including a number of templates to execute in parallel, a number of hosts to be scanned in parallel for each template, and the global number of request / per second you wanted to make/limit using nuclei, as an example here is how all this can be controlled using flags.
- `-c` flag => Limits the number of templates processed in parallel.
- `-bulk-size` flag => Limits the number of hosts processed in parallel for each template.
- `-rate-limit` flag => Global rate limiter that ensures defined number of requests/second across all templates.
If you wanted go fast or control the scans, feel free to play with these flags and numbers, `rate-limit` always ensure to control the outgoing requests regardless the other flag you are using.
### Template Exclusion
[Nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) includes multiple checks including many that are useful for attack surface mapping and not necessarily a security issue, in cases where you only looking to scan few specific templates or directory, here are few options / flags to filter or exclude them from running.
#### Running templates with exclusion
We do not suggest running all the nuclei-templates directory at once, in case of doing so, one can make use of `exclude` flag to exclude specific directory or templates to ignore from scanning.
```sh
nuclei -l urls.txt -t nuclei-templates -exclude panels/ -exclude technologies -exclude files/wp-xmlrpc.yaml
```
Note:- both directory and specific templates case be excluded from scan as shared in the above example.
#### Running templates based on severity
You can run the templates based on the specific severity of the template, single and multiple severity can be used for scan.
```sh
nuclei -l urls.txt -t cves/ -severity critical,medium
```
The above example will run all the templates under `cves` directory with `critical` and `medium` severity.
```sh
nuclei -l urls.txt -t panels/ -t technologies -severity info
```
The above example will run all the templates under `panels` and `technologies` directory with **severity** marked as `info`
#### Using `.nuclei-ignore` file for template exclusion
Since release of nuclei [v2.1.1](https://github.com/projectdiscovery/nuclei/releases/tag/v2.1.1), we have added support of `.nuclei-ignore` file that works along with `update-templates` flag of nuclei, in **.nuclei-ignore** file, you can define all the template directory or template path that you wanted to exclude from all the nuclei scans, to start using this feature, make sure you installed nuclei templates using `nuclei -update-templates` flag, now you can add/update/remove templates in the file that you wanted to exclude from running.
```
nano ~/nuclei-templates/.nuclei-ignore
```
Default **nuclei-ignore** list can be accessed from [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore), in case you don't want to exclude anything, simply remove the `.nuclei-ignore` file.
* * *
# 📋 Notes
- Progress bar is experimental feature, might not work in few cases.
- Progress bar doesn't work with workflows, numbers are not accurate due to conditional execution.
## Thanks
nuclei is made with 🖤 by the [projectdiscovery](https://projectdiscovery.io) team. Community contributions have made the project what it is. See the **[Thanks.md](https://github.com/projectdiscovery/nuclei/blob/master/THANKS.md)** file for more details.
Do also check out these similar awesome projects that may fit in your workflow:
[Burp Suite](https://portswigger.net/burp), [FFuF](https://github.com/ffuf/ffuf), [Jaeles](https://github.com/jaeles-project/jaeles), [Qsfuzz](https://github.com/ameenmaali/qsfuzz), [Inception](https://github.com/proabiral/inception), [Snallygaster](https://github.com/hannob/snallygaster), [Gofingerprint](https://github.com/Static-Flow/gofingerprint), [Sn1per](https://github.com/1N3/Sn1per/tree/master/templates), [Google tsunami](https://github.com/google/tsunami-security-scanner), [ChopChop](https://github.com/michelin/ChopChop)
<h1 align="left">
<a href="https://discord.gg/KECAGdH"><img src="static/Join-Discord.png" width="380" alt="Join Discord"></a> <a href="https://nuclei.projectdiscovery.io"><img src="static/check-nuclei-documentation.png" width="380" alt="Check Nuclei Documentation"></a>
</h1>

253
README_CN.md Normal file
View File

@ -0,0 +1,253 @@
<h1 align="center">
<img src="static/nuclei-logo.png" alt="nuclei" width="200px"></a>
<br>
</h1>
[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)
[![Go Report Card](https://goreportcard.com/badge/github.com/projectdiscovery/nuclei)](https://goreportcard.com/report/github.com/projectdiscovery/nuclei)
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/projectdiscovery/nuclei/issues)
[![GitHub Release](https://img.shields.io/github/release/projectdiscovery/nuclei)](https://github.com/projectdiscovery/nuclei/releases)
[![Follow on Twitter](https://img.shields.io/twitter/follow/pdnuclei.svg?logo=twitter)](https://twitter.com/pdnuclei)
[![Docker Images](https://img.shields.io/docker/pulls/projectdiscovery/nuclei.svg)](https://hub.docker.com/r/projectdiscovery/nuclei)
[![Chat on Discord](https://img.shields.io/discord/695645237418131507.svg?logo=discord)](https://discord.gg/KECAGdH)
<p align="center">
<a href="https://nuclei.projectdiscovery.io/templating-guide/" target="_blank"><img src="static/read-the-docs-button.png" height="42px"/></center></a> <a href="https://github.com/projectdiscovery/nuclei-templates" target="_blank"><img src="static/download-templates-button.png" height="42px"/></a>
</p>
Nuclei是一个基于模板的、可配置攻击目标的扫描快速工具同时还提供了强大的可扩展性和易用性。
基于模板的nuclei被用来发送请求给目标有着实现零误报的优点并且可以对已知的路径进行有效的扫描。nuclei的主要用于在初期的探测阶段快速地对已知的且易于检测的漏洞或者CVE进行扫描。如果存在WAF的话nuclei使用[retryablehttp-go库](https://github.com/projectdiscovery/retryablehttp-go)来处理各种错误,并且重新尝试攻击,这也是我们自定义功能的核心模块之一。
我们也维护一个具有各个类型的模板的[开源库](https://github.com/projectdiscovery/nuclei-templates),我们希望你也能贡献一些模板,贡献的这些模板最好是有效的,并且能允许每个人基于你的模板重新构建。查看[**nuclei.projectdiscovery.io**](https://nuclei.projectdiscovery.io/templating-guide/)这个网站去学习制作模板的入门知识。
## 目录
- [目录](#目录)
- [功能](#功能)
- [安装](#安装)
- [Nuclei模板](#nuclei模板)
- [用法](#用法)
- [运行Nuclei](#运行nuclei)
- [排除模板](#排除模板)
- [致谢](#致谢)
## 功能
<h1 align="left">
<img src="static/nuclei-run.png" alt="nuclei" width="700px"></a>
<br>
</h1>
- 有着易于开发的、简单的、模块化的代码库
- 使用了基于模板的引擎,运行速度极快,可以修改所以配置
- 可以对特殊情况处理、重试、绕过等可以绕过WAF
- 智能匹配,零误报
## 安装
### 二进制文件安装
二进制文件安装很简单,你可以从[Releases](https://github.com/projectdiscovery/nuclei/releases/)页面下载已经构建好的二进制文件压缩包,使用解压工具提取下载的压缩包,并将解压的文件夹移动到$PATH目录就可以直接使用了。
```sh
Download latest binary from https://github.com/projectdiscovery/nuclei/releases
▶ tar -xzvf nuclei-linux-amd64.tar.gz
▶ mv nuclei /usr/local/bin/
▶ nuclei -version
```
### 源码安装
nuclei需要**go1.14+**才能成功安装运行以下命令获取repo
```sh
▶ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
```
### GitHub安装
```sh
▶ git clone https://github.com/projectdiscovery/nuclei.git; cd nuclei/v2/cmd/nuclei/; go build; mv nuclei /usr/local/bin/; nuclei -version
```
## Nuclei模板
你可以使用`update-templates`来下载和更新nuclei模板该命令会从unclei的[模板库]()中下载最新版本,这个由社区来维护的库是可以随时使用的。
```sh
▶ nuclei -update-templates
```
此外您可以根据自己的工作情况或者需求编写模板,请参阅**nuclei[模板向导](https://nuclei.projectdiscovery.io/templating-guide/)去编写自定义模板**
## 用法
```sh
nuclei -h
```
这条命令会显示帮助以下是nuclei支持的所有命令
|命令|描述|例子|
|-----|-----|-----|
|bulk-size|每个模板最大并行的主机数(默认25)|nuclei -bulk-size 25|
|burp-collaborator-biid|使用burp-collaborator插件|nuclei -burp-collaborator-biid XXXX|
|c|并行的最大模板数量(默认10)|nuclei -c 10|
|l|对URL列表进行测试|nuclei -l urls.txt|
|target|对目标进行测试|nuclei -target hxxps://example.com|
|t|要检测的模板种类|nuclei -t git-core.yaml -t cves/|
|no-color|输出不显示颜色|nuclei -no-color|
|no-meta|不显示匹配的元数据|nuclei -no-meta|
|json|输出为json格式|nuclei -json|
|include-rr|json输出格式中包含请求和响应数据|nuclei -json -include-rr|
|o|输出为文件|nuclei -o output.txt|
|project|避免发送相同的请求|nuclei -project|
|stats|使用进度条|nuclei -stats|
|silent|只输出测试成功的结果|nuclei -silent|
|retries|失败后的重试次数|nuclei -retries 1|
|timeout|超时时间(默认为5秒)|nuclei -timeout 5|
|trace-log|输出日志到log文件|nuclei -trace-log logs|
|rate-limit|每秒最大请求数(默认150)|nuclei -rate-limit 150|
|severity|根据严重性选择模板|nuclei -severity critical,high|
|stop-at-first-match|第一次匹配不要处理HTTP请求|nuclei -stop-at-frst-match|
|exclude|排除的模板或文件夹|nuclei -exclude panels -exclude tokens|
|debug|调试请求或者响应|nuclei -debug|
|update-templates|下载或者升级模板|nuclei -update-templates|
|update-directory|选择储存模板的目录(可选)|nuclei -update-directory templates|
|tl|列出可用的模板|nuclei -tl|
|templates-version|显示已安装的模板版本|nuclei -templates-version|
|v|显示发送请求的详细信息|nuclei -v|
|version|显示nuclei的版本号|nuclei -version|
|proxy-url|输入代理地址|nuclei -proxy-url hxxp://127.0.0.1:8080|
|proxy-socks-url|输入socks代理地址|nuclei -proxy-socks-url socks5://127.0.0.1:8080|
|random-agent|使用随机的UA|nuclei -random-agent|
|H|自定义请求头|nuclei -H “x-bug-bounty:hacker”|
## 运行Nuclei
### 运行单个模板
这将对`urls.txt`中所有的主机运行`git-core.yaml`并返回结果到`results.txt`
```sh
▶ nuclei -l urls.txt -t files/git-core.yaml -o results.txt
```
你可以轻松的通过管道使用标准的输入(STDIN)传递URL列表。
```sh
▶ cat urls.txt | nuclei -t files/git-core.yaml -o results.txt
```
💡 Nuclei可以接受如下列表的URL作为输入例如以下URL
```
https://test.some-site.com
http://vuls-testing.com
https://test.com
```
### 运行多个模板
这将会对`urls.txt`中所有的URL运行`cves`和`files`模板检查,并返回输出到`results.txt`
```sh
▶ nuclei -l urls.txt -t cves/ -t files/ -o results.txt
```
### 使用subfinder运行
```sh
▶ subfinder -d hackerone.com -silent | httpx -silent | nuclei -t cves/ -o results.txt
```
### 在docker中运行
你需要使用[nuclei的docker镜像](https://hub.docker.com/r/projectdiscovery/nuclei)来运行
```sh
▶ docker pull projectdiscovery/nuclei
```
下载并构建完成后,运行以下命令:
```sh
▶ docker run -it projectdiscovery/nuclei
```
这将会对`urls.txt`中的URL通过docker中的nuclei进行检测并将结果输出到本机的`results.txt`文件的:
```sh
▶ cat urls.txt | docker run -v /path/to/nuclei-templates:/app/nuclei-templates -v /path/to/nuclei/config:/app/.nuclei-config.json -i projectdiscovery/nuclei -t /app/nuclei-templates/files/git-config.yaml > results.txt
```
记住更改的模板路径到本机
### 速率限制
Nuclei有多种控制速率的方法包括并行执行多个模板、并行检查多个主机以及使nuclei限制全局的请求速率下面就是示例。
- `-c`参数 => 限制并行的模板数
- `-bulk-size`参数 => 限制并行的主机数
- `-rate-limit`参数 => 全局速率限制
如果你想快速扫描或者控制扫描,请使用这些标志并输入限制数,`速率限制`只保证控制传出的请求,与其他参数无关。
### 排除模板
[Nuclei模板](https://github.com/projectdiscovery/nuclei-templates)包含多种检查,其中有许多对攻击有用的检查,但并不是都有用的。如果您只希望扫描少数特定的模板或目录,则可以使用如下的参数筛选模板,或将某些模板排除。
#### 排除模板运行
我们不建议同时运行所有的nuclei模板如果要排除模板可以使用`exclude`参数来排除特定的目录或模板。
```sh
nuclei -l urls.txt -t nuclei-templates -exclude panels/ -exclude technologies -exclude files/wp-xmlrpc.yaml
```
注意:如上述示例中显示的那样,目录和特定模板都将不会扫描
#### 基于严重性运行模板
您可以根据模板的严重性运行模板,扫描时可以选择单个严重性或多个严重性。
```sh
nuclei -l urls.txt -t cves/ -severity critical,medium
```
上面的例子将运行`cves`目录下所有`严重`和`中等`的模板。
```sh
nuclei -l urls.txt -t panels/ -t technologies -severity info
```
上面的例子将运行`panels`和`technologies`目录下严重性标记为`info`的模板
#### 使用`.nuclei-ignore`文件排除模板
自从nuclei的[v2.1.1版本](https://github.com/projectdiscovery/nuclei/releases/tag/v2.1.1)以来,我们添加了对`.nuclei-ignore`文件的支持,该文件与`update-templates`参数一起使用,在 **.nuclei-ignore** 文件中您可以定义要从nuclei扫描中排除的所有模板目录或者模板路径要开始使用此功能请确保使用`nuclei-update-templates`参数安装nuclei模板现在可以根据`.nuclei-ignore`的文件来添加、更新、删除模板文件。
```
nano ~/nuclei-templates/.nuclei-ignore
```
默认的**nuclei忽略**列表可以访问[这里]((https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore),如果不想排除任何内容,只需要删除`.nuclei-ignore`文件。
* * *
### 📋 笔记
- 进度条是实验性功能,在某些情况下可能无法使用。
- 进度条不适用于工作流,因为是条件执行,所以不准确。
## 致谢
也要看看这些类似的好项目,或许它们也适合你:
[Burp Suite](https://portswigger.net/burp), [FFuF](https://github.com/ffuf/ffuf), [Jaeles](https://github.com/jaeles-project/jaeles), [Qsfuzz](https://github.com/ameenmaali/qsfuzz), [Inception](https://github.com/proabiral/inception), [Snallygaster](https://github.com/hannob/snallygaster), [Gofingerprint](https://github.com/Static-Flow/gofingerprint), [Sn1per](https://github.com/1N3/Sn1per/tree/master/templates), [Google tsunami](https://github.com/google/tsunami-security-scanner), [ChopChop](https://github.com/michelin/ChopChop)
--------
Nuclei是由[projectdiscovery](https://projectdiscovery.io)团队用🖤制作的,当然社区也贡献了很多,通过 **[Thanks.md](https://github.com/projectdiscovery/nuclei/blob/master/THANKS.md)**文件以获取更多详细信息。

BIN
static/Join-Discord.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
static/check-nuclei-documentation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
static/download-templates-button.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
static/learn-more-button.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
static/nuclei-flow.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
static/nuclei-run.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
static/read-the-docs-button.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 15 KiB

1
static/regression-cycle.md Normal file
View File

@ -0,0 +1 @@

BIN
static/regression-with-nuclei.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 420 KiB