Finding Bugs With Nuclei: Templates, Resources, and Tools

Nuclei scans stuff for vulnerabilities. What does it scan? Modern applications, infrastructure, cloud platforms, and networks.

How does it work? Templates. Lots of templates.

These templates are YAML files. Each one typically has:

• A unique ID for the template

• Essential information and metadata relevant to the template

• The designated protocol, such as HTTP, DNS, File, etc.

• Details specific to the chosen protocol, like the requests made in the HTTP protocol

• A series of matchers to ascertain the presence of findings

• Necessary extractors for data retrieval from the results

Why YAML? Because YAML is easy for humans to read and write, and easy for machines to parse.

The cool thing about templates is that you can write your own. Found a new vulnerability? Write a template (and share it with the community).

Nuclei is open-source and you find it on GitHub.

Table of Contents

• Templates

• Resources

• Tools

Templates

• Official Community curated list of templates for the nuclei engine to find security vulnerabilities. MORE

• Mobile Nuclei Templates to aid mobile security assessments. MORE

• Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security. MORE

• Collection of 100+ Nuclei template repositories. MORE

Resources

• The Ultimate Guide to Finding Bugs With Nuclei. Efficient, extensible, flexible, open-source vulnerability scanning. MORE

• Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too. MORE

• This blog post will demonstrate how to create a synergy between GitHub Actions and Trickest Platform. You only need to push nuclei templates and root domains to the repository and wait for new results. MORE

• Why you should create your own Nuclei templates. MORE

• Jason on using gpt3 + nuclei + burp suite extensions. MORE

• Implementing Nuclei into your Bitbucket CI/CD Pipeline for Scanning Live Web Applications. MORE

• Did you know you can use the "markdown-export" flag to export markdown-styled reports of all nuclei findings? MORE

• Learn how to contribute a Nuclei Template to the public repository of nuclei templates, allowing thousands of security engineers to run millions of scans a month with YOUR template. MORE

• Extracting Data from Targets using Nuclei. MORE

• Using Nuclei for OSINT, a 5-minute basic guide. Nuclei is a tool for scanning websites for vulnerabilities, but it can be used for various investigative or scientific purposes. MORE

• Five types of Nuclei Templates you might not know about. MORE

Tools

• Cent is a simple tool that allows you to organize all the community's Nuclei templates in one place. MORE

• Dashboard for Nuclei Results ProjectDiscovery Cloud Platform Integration. MORE

• Nuclei AI Browser Extension simplifies the creation of vulnerability templates by enabling users to extract vulnerability information from any web page. Quickly and efficiently create nuclei templates and save valuable time and effort. MORE

• Projectdiscovery-driven ASM bot using subfinder, httpx, dnsx, nuclei, and notify. Originally written for Hacking Together an ASM Platform Using ProjectDiscovery Tools. MORE

• Nuclei templates in a web app by dwisiswant0. MORE

And there you have it! We've explored the ins and outs of Nuclei and its powerful templates. I hope this curated collection from the free Hive Five newsletter has given you valuable insights and practical knowledge.

Did I miss anything? Let me know and I'll make sure to include it in a future update.