Nuclei Schwachstelle Scanner Cheat Blatt
Überblick
Nuclei ist ein schneller, Template-basierter Sicherheitsscanner, der von Project Discovery entwickelt wurde. Es konzentriert sich auf die Bereitstellung umfangreicher Konfigurierbarkeit, massiver Erweiterbarkeit und einfacher Bedienung. Nuclei verwendet YAML-basierte Templates, um Schwachstellenerkennungslogik zu definieren, wodurch es sehr anpassbar und gemeinschaftsgesteuert wird. Der Scanner ist entworfen, um Null falsche Positive zu haben, indem Vorlagen verwendet werden, die die Erkennungsmethodik genau definieren.
Was Nuclei von anderen Sicherheitsscannern unterscheidet, ist sein Template-Ökosystem. Das Community-Maintained nuclei-templates Repository enthält Tausende von gebrauchsfertigen Vorlagen zur Erkennung verschiedener Sicherheitsprobleme, von gemeinsamen Schwachstellen bis hin zu komplexen Sicherheitsfehlern. Dieser Ansatz ermöglicht es Sicherheitsexperten, ihre Erkennungsmethoden zu teilen und von der kollektiven Kenntnis der Sicherheitsgemeinschaft zu profitieren.
Nuclei kann verschiedene Ziele scannen, einschließlich Web-Anwendungen, APIs, Netzwerke, DNS und mehr. Seine modulare Architektur ermöglicht eine einfache Erweiterung, um neue Protokolle und Sicherheitstypen zu unterstützen. Das Tool wird von Sicherheitsforschern, Bug-Bounty-Jägern und Penetration-Testern weit verbreitet, um die Sicherheitserkennung über mehrere Ziele effizient zu automatisieren.
Installation
Verwenden Sie Go
```bash
Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
Verify installation
nuclei -version ```_
Verwendung von Docker
```bash
Pull the latest Docker image
docker pull projectdiscovery/nuclei:latest
Run Nuclei using Docker
docker run -it projectdiscovery/nuclei:latest -h ```_
Verwendung von Homebrew (macOS)
```bash
Install using Homebrew
brew install nuclei
Verify installation
nuclei -version ```_
Verwendung von PDTM (Projekt Discovery Tools Manager)
```bash
Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
Install Nuclei using PDTM
pdtm -i nuclei
Verify installation
nuclei -version ```_
Auf Kali Linux
```bash
Install using apt
sudo apt install nuclei
Verify installation
nuclei -version ```_
Basisnutzung
Scannen eines einzigen Ziels
```bash
Scan a single URL
nuclei -u https://example.com
Scan with increased verbosity
nuclei -u https://example.com -v
Scan with debug information
nuclei -u https://example.com -debug ```_
Scannen mehrerer Ziele
```bash
Scan multiple URLs
nuclei -u https://example.com,https://test.com
Scan from a list of URLs
nuclei -l urls.txt
Scan from STDIN
cat urls.txt|nuclei ```_
Wählen Sie die Option
```bash
Scan with specific template
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml
Scan with multiple templates
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml,cves/2021/CVE-2021-40438.yaml
Scan with template directory
nuclei -u https://example.com -t cves/
Scan with tags
nuclei -u https://example.com -tags cve,oast
Exclude templates by tags
nuclei -u https://example.com -exclude-tags dos,fuzz ```_
Ausgabeoptionen
```bash
Save results to a file
nuclei -u https://example.com -o results.txt
Save results in JSON format
nuclei -u https://example.com -o results.json -j
Save results in SARIF format
nuclei -u https://example.com -o results.sarif -sarif
Save results in Markdown format
nuclei -u https://example.com -o results.md -markdown ```_
Grenzwerte
```bash
Limit requests per second
nuclei -u https://example.com -rate-limit 100
Limit requests per minute
nuclei -u https://example.com -rate-limit-minute 300
Bulk size for concurrent requests
nuclei -u https://example.com -bulk-size 25
Concurrency for template execution
nuclei -u https://example.com -c 50 ```_
Erweiterte Nutzung
Schwere Filterung
```bash
Scan only for critical severity issues
nuclei -u https://example.com -severity critical
Scan for high and critical severity issues
nuclei -u https://example.com -severity high,critical
Exclude low severity issues
nuclei -u https://example.com -exclude-severity low,info ```_
Automatische Vorlage Updates
```bash
Update templates to the latest version
nuclei -update-templates
Update to a specific templates directory
nuclei -update-directory /path/to/templates
Update templates and exit
nuclei -update-templates -ut ```_
Proxy und Netzwerkoptionen
```bash
Use a proxy for HTTP requests
nuclei -u https://example.com -proxy http://127.0.0.1:8080
Use SOCKS5 proxy
nuclei -u https://example.com -proxy socks5://127.0.0.1:1080
Follow redirects
nuclei -u https://example.com -follow-redirects
Follow host redirects
nuclei -u https://example.com -follow-host-redirects ```_
Authentication
```bash
Basic authentication
nuclei -u https://example.com -auth-type basic -auth-user username -auth-pass password
Bearer token authentication
nuclei -u https://example.com -H "Authorization: Bearer YOUR_TOKEN"
Cookie-based authentication
nuclei -u https://example.com -H "Cookie: session=123456" ```_
Interacter Integration
```bash
Enable Interactsh for OOB testing
nuclei -u https://example.com -interactsh-server https://your-interactsh-server.com
Disable Interactsh
nuclei -u https://example.com -no-interactsh
Set Interactsh polling and timeout
nuclei -u https://example.com -interactsh-server https://your-interactsh-server.com -interactions-poll-duration 60 -interactions-cooldown-period 30 ```_
Workflow Ausführung
```bash
Execute a workflow
nuclei -u https://example.com -w workflows/wordpress-workflow.yaml
Execute multiple workflows
nuclei -u https://example.com -w workflows/wordpress-workflow.yaml,workflows/jira-workflow.yaml ```_
Headless Browser Support
```bash
Enable headless browser support
nuclei -u https://example.com -headless
Set browser path
nuclei -u https://example.com -headless -browser-path /path/to/chrome
Set page timeout
nuclei -u https://example.com -headless -page-timeout 20 ```_
Projektleitung
Vorlagenstruktur
Nuclei Templates sind YAML-Dateien mit der folgenden Grundstruktur:
```yaml id: template-id info: name: Template Name author: Author Name | severity: info | low | medium | high | critical | description: Template description tags: tag1,tag2
requests: - method: GET path: - "\\{\\{BaseURL\\}\\}/path" matchers: - type: word words: - "sensitive data" ```_
Erstellen von benutzerdefinierten Vorlagen
```bash
Create a basic template structure
cat > custom-template.yaml << EOF id: custom-template info: name: Custom Template author: Your Name severity: medium description: Detects a custom vulnerability tags: custom
requests: - method: GET path: - "\\{\\{BaseURL\\}\\}/admin" matchers: - type: word words: - "Admin Panel" EOF
Test the custom template
nuclei -u https://example.com -t custom-template.yaml ```_
Vorlagenvalidierung
```bash
Validate a template
nuclei -validate -t custom-template.yaml
Validate all templates in a directory
nuclei -validate -t templates/ ```_
Anmelden
```bash
List all available templates
nuclei -tl
List templates by tags
nuclei -tl -tags cve,2021
List templates by severity
nuclei -tl -severity critical ```_
Integration mit anderen Tools
Pipeline mit httpx
```bash
Discover subdomains and scan them
| subfinder -d example.com | httpx | nuclei -t cves/ |
Scan specific ports
| naabu -host example.com -top-ports 100 -silent | httpx -silent | nuclei -t cves/ | ```_
Integration mit Benachrichtigung
```bash
Send results to Slack
nuclei -u https://example.com -o results.txt|notify -provider slack
Send critical findings to Discord
nuclei -u https://example.com -severity critical -json|notify -provider discord ```_
Integration mit GitHub Aktionen
```yaml
Example GitHub Action workflow
name: Nuclei Scan
on: schedule: - cron: '0 0 * * *' # Run daily at midnight
jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Nuclei Scan uses: projectdiscovery/nuclei-action@main with: target: https://example.com templates: cves/ output: nuclei-results.txt ```_
Best Practices
Leistungsoptimierung
```bash
Use fast templates for initial scanning
nuclei -u https://example.com -tags tech
Exclude time-consuming templates
nuclei -u https://example.com -exclude-templates ssl,fuzzing
Optimize concurrency based on target
nuclei -u https://example.com -c 50 -bulk-size 20
Use rate limiting to avoid overwhelming the target
nuclei -u https://example.com -rate-limit 100 ```_
Gezieltes Scannen
```bash
Scan for specific vulnerability types
nuclei -u https://example.com -tags wordpress,plugin
Scan for recent CVEs
nuclei -u https://example.com -tags cve,2023
Scan based on technology detection
httpx -u https://example.com -tech-detect|nuclei -t technologies/ ```_
Geräuschreduzierung
```bash
Exclude common false positives
nuclei -u https://example.com -exclude-templates false-positives/
Focus on high-impact issues
nuclei -u https://example.com -severity high,critical
Filter out noisy templates
nuclei -u https://example.com -exclude-tags fuzz,dos ```_
Regelmäßige Updates
```bash
Update templates regularly
nuclei -update-templates
Update Nuclei to the latest version
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest ```_
Fehlerbehebung
Gemeinsame Themen
- ** Fehler einstellen** ```bash # Check template syntax nuclei -validate -t custom-template.yaml
# Debug template execution nuclei -u https://example.com -t custom-template.yaml -debug
```_
- *Begrenzung durch Ziel * ```bash # Reduce request rate nuclei -u https://example.com -rate-limit 10
# Add random delays nuclei -u https://example.com -rate-limit 10 -random-delay 5
```_
- *Memory Issues ```bash # Limit template concurrency nuclei -u https://example.com -c 10
# Limit bulk size nuclei -u https://example.com -bulk-size 10
```_
- *Verkehrsfragen ```bash # Increase timeout nuclei -u https://example.com -timeout 10
# Increase retries nuclei -u https://example.com -retries 3
```_
Debugging
```bash
Enable debug mode
nuclei -u https://example.com -debug
Show verbose output
nuclei -u https://example.com -v
Show request and response details
nuclei -u https://example.com -debug -show-request -show-response
Store HTTP requests and responses
nuclei -u https://example.com -store-resp ```_
Konfiguration
Datei konfigurieren
Nuclei verwendet eine Konfigurationsdatei unter $HOME/.config/nuclei/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:
```yaml
Example configuration file
concurrency: 25 rate-limit: 150 bulk-size: 20 templates-directory: /path/to/templates output: /path/to/output.txt json: true severity: - critical - high - medium exclude-severity: - info - low ```_
Umweltvariablen
```bash
Set Nuclei configuration via environment variables
export NUCLEI_CONCURRENCY=25 export NUCLEI_RATE_LIMIT=150 export NUCLEI_TEMPLATES_DIRECTORY=/path/to/templates export NUCLEI_OUTPUT=/path/to/output.txt export NUCLEI_JSON=true ```_
Sachgebiet
Kommandozeilenoptionen
| | Flag | Description | |
| --- | --- |
| | -u, -target | Target URL to scan | |
| | -l, -list | Path to file containing list of URLs to scan | |
| | -t, -templates | Templates to use for scanning | |
| | -tags | Tags to include templates by | |
| | -exclude-tags | Tags to exclude templates by | |
| | -o, -output | File to write output to | |
| | -j, -json | Write output in JSON format | |
| | -c, -concurrency | Number of concurrent requests | |
| | -rate-limit | Maximum number of requests per second | |
| | -timeout | Timeout in seconds for HTTP requests | |
| | -v, -verbose | Show verbose output | |
| | -debug | Show debug information | |
| | -update-templates | Update templates to latest version | |
| | -severity | Filter templates by severity | |
| | -exclude-severity | Exclude templates by severity | |
| | -interactsh-server | Interactsh server URL for OOB testing | |
| | -no-interactsh | Disable Interactsh for OOB testing | |
| | -follow-redirects | Follow HTTP redirects | |
| | -follow-host-redirects | Follow redirects on the same host | |
| | -max-redirects | Maximum number of redirects to follow | |
| | -headless | Enable headless browser support | |
| | -proxy | HTTP/SOCKS5 proxy to use | |
| | -H, -header | Custom header to add to all requests | |
| | -validate | Validate templates | |
| | -tl | List available templates | |
Art der Vorlage
| | Type | Description | | | --- | --- | | | HTTP | Web-based vulnerabilities | | | | DNS | DNS-based vulnerabilities | | | | File | Local file analysis | | | | Network | Network protocol vulnerabilities | | | | Headless | Browser-based vulnerabilities | | | | SSL | SSL/TLS vulnerabilities | | | | Websocket | Websocket vulnerabilities | | | | Whois | Whois data analysis | | | | Javascript | JavaScript analysis | | | | Workflow | Multi-step vulnerability chains | |
Passende Typen
| | Type | Description | |
| --- | --- |
| | word | Match based on response containing specific words | |
| | regex | Match based on regular expressions | |
| | binary | Match based on binary response | |
| | status | Match based on HTTP status code | |
| | size | Match based on response size | |
| | dsl | Match using DSL expressions | |
| | xpath | Match using XPath expressions | |
| | jsonpath | Match using JSONPath expressions | |
| | gval | Match using GVAL expressions | |
| | kval | Match using key-value expressions | |
Auszugsarten
| | Type | Description | |
| --- | --- |
| | regex | Extract data using regular expressions | |
| | kval | Extract key-value pairs | |
| | xpath | Extract data using XPath expressions | |
| | jsonpath | Extract data using JSONPath expressions | |
| | dsl | Extract data using DSL expressions | |
| | gval | Extract data using GVAL expressions | |
Ressourcen
- offizielle Dokumentation
- [GitHub Repository](_LINK_6___ -%20Nuclei%20Templates%20Repository
- [Project Discovery Discord](LINK_6 -%20Nuclei%20Template%20Creation%20Guide
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Nuclei, von grundlegendem Scannen bis hin zur erweiterten Template-Erstellung und Integration mit anderen Werkzeugen. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *