- Hive Five
- Posts
- Finding Bugs With Nuclei: Templates, Resources, and Tools
Finding Bugs With Nuclei: Templates, Resources, and Tools
Collection of 40,000+ Nuclei templates, Extracting Data from Targets, Using Nuclei for OSINT, and more...
Nuclei scans stuff for vulnerabilities. What does it scan? Modern applications, infrastructure, cloud platforms, and networks.
How does it work? Templates. Lots of templates.
These templates are YAML files. Each one typically has:
A unique ID for the template
Essential information and metadata relevant to the template
The designated protocol, such as HTTP, DNS, File, etc.
Details specific to the chosen protocol, like the requests made in the HTTP protocol
A series of matchers to ascertain the presence of findings
Necessary extractors for data retrieval from the results
Why YAML? Because YAML is easy for humans to read and write, and easy for machines to parse.
The cool thing about templates is that you can write your own. Found a new vulnerability? Write a template (and share it with the community).
Nuclei is open-source and you find it on GitHub.
Table of Contents
Templates
Official Community curated list of templates for the nuclei engine to find security vulnerabilities. MORE
Mobile Nuclei Templates to aid mobile security assessments. MORE
Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security. MORE
Collection of 100+ Nuclei template repositories. MORE
Resources
The Ultimate Guide to Finding Bugs With Nuclei. Efficient, extensible, flexible, open-source vulnerability scanning. MORE
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too. MORE
This blog post will demonstrate how to create a synergy between GitHub Actions and Trickest Platform. You only need to push nuclei templates and root domains to the repository and wait for new results. MORE
Why you should create your own Nuclei templates. MORE
You know what's an amazing tool? Nuclei.
Folks are finding stuff automatically & even some net-new findings. Cool!
Did it tell you it found CVE-2018-11784? Well.. it may have found an Open Redirect, but I'm betting it's not Apache Struts 2, and thus not that CVE.
1/3
— vortex (@vortexau)
1:40 AM • Sep 7, 2021
Learn how to contribute a Nuclei Template to the public repository of nuclei templates, allowing thousands of security engineers to run millions of scans a month with YOUR template. MORE
Extracting Data from Targets using Nuclei. MORE
Using Nuclei for OSINT, a 5-minute basic guide. Nuclei is a tool for scanning websites for vulnerabilities, but it can be used for various investigative or scientific purposes. MORE
Five types of Nuclei Templates you might not know about. MORE
Tools
Cent is a simple tool that allows you to organize all the community's Nuclei templates in one place. MORE
Dashboard for Nuclei Results ProjectDiscovery Cloud Platform Integration. MORE
Nuclei AI Browser Extension simplifies the creation of vulnerability templates by enabling users to extract vulnerability information from any web page. Quickly and efficiently create nuclei templates and save valuable time and effort. MORE
Projectdiscovery-driven ASM bot using subfinder, httpx, dnsx, nuclei, and notify. Originally written for Hacking Together an ASM Platform Using ProjectDiscovery Tools. MORE
Nuclei templates in a web app by dwisiswant0. MORE
And there you have it! We've explored the ins and outs of Nuclei and its powerful templates. I hope this curated collection from the free Hive Five newsletter has given you valuable insights and practical knowledge.
Did I miss anything? Let me know and I'll make sure to include it in a future update.