288 lines
9.0 KiB
HTML
288 lines
9.0 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
// Apply theme immediately to prevent flash
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>nuclei Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">nuclei Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>Nuclei is a fast, template-based vulnerability scanner by ProjectDiscovery. It uses YAML templates to define scanning logic, making it highly customizable and community-driven.</p>
|
|
<hr>
|
|
<h2>Basic Usage</h2>
|
|
<ul>
|
|
<li>nuclei -u <url> - Scan single URL</li>
|
|
</ul>
|
|
<ul>
|
|
<li>nuclei -l urls.txt - Scan from file</li>
|
|
</ul>
|
|
<ul>
|
|
<li>nuclei -u <url> -t <template> - Use specific template</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Target Options</h2>
|
|
<ul>
|
|
<li>-u, -target - Target URL</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-l, -list - File with list of targets</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-resume - Resume scan using resume.cfg</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Template Options</h2>
|
|
<ul>
|
|
<li>-t, -templates - Template files/directories</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-tl - List available templates</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-nt, -new-templates - Run newly added templates</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ntv, -new-templates-version - Run templates from specific version</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-as, -automatic-scan - Automatic web scan with wappalyzer</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Filtering Templates</h2>
|
|
<ul>
|
|
<li>-tags <tags> - Filter by tags (comma separated)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-etags <tags> - Exclude tags</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-itags <tags> - Include only specific tags</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-s, -severity <level> - Filter by severity</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-es, -exclude-severity - Exclude severity levels</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-author <author> - Filter by author</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-type <type> - Filter by protocol type</li>
|
|
</ul>
|
|
<h3>Severity Levels</h3>
|
|
<ul>
|
|
<li>info - Informational</li>
|
|
<li>low - Low severity</li>
|
|
<li>medium - Medium severity</li>
|
|
<li>high - High severity</li>
|
|
<li>critical - Critical severity</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Output Options</h2>
|
|
<ul>
|
|
<li>-o, -output - Output file</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-j, -json - JSON output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-irr - Include request/response in output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-nc, -no-color - Disable colors</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-silent - Silent mode (only results)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-v, -verbose - Verbose output</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-debug - Debug output</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Rate Limiting</h2>
|
|
<ul>
|
|
<li>-rl, -rate-limit - Requests per second (default 150)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-rlm, -rate-limit-minute - Requests per minute</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-bs, -bulk-size - Parallel hosts (default 25)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-c, -concurrency - Parallel templates (default 25)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Configuration</h2>
|
|
<ul>
|
|
<li>-config - Config file path</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-H, -header - Custom headers</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-V, -var - Custom variables key=value</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-sr, -store-resp - Store responses</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-srd, -store-resp-dir - Response storage directory</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Proxy Options</h2>
|
|
<ul>
|
|
<li>-proxy - HTTP proxy</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-proxy-socks-url - SOCKS proxy</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-proxy-auth - Proxy authentication</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Update Options</h2>
|
|
<ul>
|
|
<li>-update - Update nuclei</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ut, -update-templates - Update templates</li>
|
|
</ul>
|
|
<ul>
|
|
<li>-ud, -update-directory - Update template directory</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Examples</h2>
|
|
<h3>Basic Scan</h3>
|
|
<pre><code>nuclei -u https://example.com</code></pre>
|
|
<p>Run all templates against target.</p>
|
|
<h3>Specific Template</h3>
|
|
<pre><code>nuclei -u https://example.com -t cves/2021/</code></pre>
|
|
<p>Run 2021 CVE templates.</p>
|
|
<h3>By Severity</h3>
|
|
<pre><code>nuclei -u https://example.com -s critical,high</code></pre>
|
|
<p>Only critical and high severity.</p>
|
|
<h3>By Tags</h3>
|
|
<pre><code>nuclei -u https://example.com -tags cve,rce</code></pre>
|
|
<p>Filter by CVE and RCE tags.</p>
|
|
<h3>Multiple Targets</h3>
|
|
<pre><code>nuclei -l urls.txt -o results.txt</code></pre>
|
|
<p>Scan list, save results.</p>
|
|
<h3>JSON Output</h3>
|
|
<pre><code>nuclei -u https://example.com -j -o results.json</code></pre>
|
|
<p>Output in JSON format.</p>
|
|
<h3>With Custom Headers</h3>
|
|
<pre><code>nuclei -u https://example.com -H "Authorization: Bearer token"</code></pre>
|
|
<p>Scan with auth header.</p>
|
|
<h3>Rate Limited</h3>
|
|
<pre><code>nuclei -u https://example.com -rl 50</code></pre>
|
|
<p>Limit to 50 requests per second.</p>
|
|
<h3>Automatic Scan</h3>
|
|
<pre><code>nuclei -u https://example.com -as</code></pre>
|
|
<p>Auto-detect technologies and scan.</p>
|
|
<h3>New Templates Only</h3>
|
|
<pre><code>nuclei -u https://example.com -nt</code></pre>
|
|
<p>Run only recently added templates.</p>
|
|
<hr>
|
|
<h2>Common Tags</h2>
|
|
<ul>
|
|
<li>cve - CVE vulnerabilities</li>
|
|
<li>rce - Remote code execution</li>
|
|
<li>lfi - Local file inclusion</li>
|
|
<li>sqli - SQL injection</li>
|
|
<li>xss - Cross-site scripting</li>
|
|
<li>ssrf - Server-side request forgery</li>
|
|
<li>exposure - Sensitive data exposure</li>
|
|
<li>tech - Technology detection</li>
|
|
<li>misconfig - Misconfigurations</li>
|
|
<li>takeover - Subdomain takeover</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Template Locations</h2>
|
|
<ul>
|
|
<li>~/nuclei-templates/ - Default templates directory</li>
|
|
<li>Custom templates can be specified with -t flag</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Run -update-templates regularly for new checks</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -as for smart automatic scanning</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Filter by severity to focus on critical issues</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Combine with subfinder and httpx for full recon</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Write custom templates for specific checks</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -silent for clean output in pipelines</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Store responses with -sr for later analysis</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Part of ProjectDiscovery toolkit</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Always get authorization before scanning</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|