Nuclei

Nuclei is a fast, template-based vulnerability scanner. It uses YAML templates to define vulnerability checks, making it highly customizable and easy to extend for new vulnerabilities.

Basic Usage

# Scan single target with all templates
nuclei -u https://target.com

# Scan with specific template
nuclei -u https://target.com -t cves/CVE-2021-44228.yaml

# Scan list of targets
nuclei -l targets.txt

# Filter by severity
nuclei -u https://target.com -severity critical,high

# Filter by tags
nuclei -u https://target.com -tags cve,rce

Template Structure

id: example-vuln
info:
  name: Example Vulnerability
  severity: high
  tags: example,cve

requests:
  - method: GET
    path:
      - "{{BaseURL}}/vulnerable-endpoint"
    matchers:
      - type: word
        words:
          - "vulnerable response"

Template Types

• HTTP: Web vulnerability checks
• DNS: DNS misconfigurations
• TCP/UDP: Network service checks
• File: Local file analysis
• Headless: Browser-based testing

Template Library

Nuclei-templates repository contains thousands of community-contributed templates for CVEs, misconfigurations, and common vulnerabilities.

Advantages

• Fast, concurrent scanning
• Easy to write custom templates
• Large community template library
• Good for CI/CD integration

See Also

• OWASP ZAP
• Burp Suite
• ffuf