Greeting Everyone! Today we are Going To look One of Best Tool For Penetration Tester which help to scanning target based on templates We are going To use CLI tool Nuclei How Nuclei Help To find Different Web Vulnerability Based On Template .
Nuclei Is design for make Testing Phase For Easy flexibility Nuclei is used to send requests across targets based on Different template and which providing scanning for known paths. Main advantage of Nuclei Which help to find cves, secret keys, server information, technology , or different services .
Why Nuclei?
Nuclei is easy to use and user friendly Which gives us quick action Nuclei Open source Project Which Come with different Recon activity which help Tester to analyze and easy capture Of Security Issue based On template.
Main Advantage Of Nuclei?
• Simple and modular code base making it easy to contribute.
• Fast And fully configurable using a template based engine.
• Handles edge cases doing retries, backoffs etc for handling WAFs.
• Smart matching functionality for zero false positive scanning.
For More Information
How to use nuclei template discovery ?
So Here To setup nuclei we need Golang
Must installed
Install golang : Download : https://golang.org/doc/install?download=go1.14.6.linux-amd64.tar.gz
Go To Download Folder And Run command:
-> tar -C /usr/local -xzf go1.14.6.linux-amd64.tar.gz
Then Add path environment :
-> export PATH=$PATH:/usr/local/go/bin
Now, We have Successfully installed goland on our OS Now, we need to setup nuclei
To install nuclei From Gihtub we will use command:
→ git clone https://github.com/projectdiscovery/nuclei.git
→ cd nuclei/v2/cmd/nuclei/
→ go build .
→ mv nuclei /usr/local/bin/
Now we have successfully Installed Now Nuclei is ready to use
Let’s use nuclei: here to open nuclei Open Your terminal and run command -> nuclei -h
As above Picture using nuclei -h we can check usage. Now, Lets Look for Project Which we are going to use In Our Testing phase To see visit path nuclei
→ cd root/nuclei-templates/ → ls
As We see discovered Template as cves, subdmain-takeover, technology which we are going to use In our testing phase. Now, Let’s See what inside cves Now enter cves Directory by using:
→ cd cves → ls
Now as above picture we have seen There is various CVE Vulnerability Which help to find Domain specific & there are various template which we are going to use in our testing phase .
Now, We are going to find website programming-language-detectUsing template . To check You will find template inside Technology directory,
As above There is different templates which we run specific Or We can run All template in one command ,
Now, → cat domains.txt | nuclei -t /root/nuclei-templates/technologies/programming-language-detect.yaml -o DATA/result.txt
As above command we set domains.list as Our target we give path for nuclei template & we used specific template which help to find programming information & -o we used For output. Now as As Result:
As we detect programming language of our target which saved inside our assign output folder , Now, To Test using all the template we are using command
→ cat domains.txt | nuclei -t /root/nuclei-templates/technologies/ -o DATA/result.txt
As above command help us to test against all template from technology directory So You can test for all possible issue by changing path of template . Is a Good cli based tool which Test based On template which make testing phase more easy & complex.
Today we have discuss nuclei Which help to create templates and automate discovery of our target . A fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. Hope You enjoyed !
For More Reference : https://github.com/projectdiscovery/nuclei
