nuclei v2.2 releases: fast tool for configurable targeted scanning

nuclei

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

It is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during the initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable. It uses a retryablehttp-go library designed to handle various errors and retries in case of blocking by WAFs, this is also one of our core modules from custom-queries.

Feature

• Simple and modular codebase making it easy to contribute.
• Fast And fully configurable using a template-based engine.
• Handles edge cases doing retries, backoffs, etc for handling WAFs.
• Smart matching functionality for zero false-positive scanning.

Changelog v2.2

Added:-

Fuzzing enhancements:-

e91fd95 Added Turbo intruder support for fuzzing
0ecc798 Added HTTP pipeline support for fuzzing
c7301e4 Added Connection pooling support for fuzzing
37a1589 Added Raw HTTP support for malformed HTTP requests.
bf54f9f Added support for Race condition testing
236f3b2 Added §variable§ marker for fuzzing
0dea929 Added stats in multithreaded requests (fuzzing)

General enhancements:-

d4e03a0 Added YAML syntax support for workflows
5b073c1 Added Project file support for request reuse
8eea734 Added global rate limit support
f85dbaf Added burp collaborator support
8eea734 Added hmap for reducing memory uses
87d2c17 Added clistats in place of a progress bar
7728335 Added support to DSL matcher to match each unique request
9b7de41 Added trace log (-trace-log) support
fefb028 Added -templates-version flag to list template version
4ec229e Added -no-meta flag to ignore meta information
1d04c06 Added dynamic field support in the template info block
a1cc52c Added bulk-size flag
fd1d249 Added response time support to DSL
4e48a5f Added type to specify type of request
5305965 Added mmh3 hashing support in helper functions
e38f164 Added shared resolver cache among various HTTP clients
695c2a2 Added fuzzing payloads output values to json output
c50a57e Added .nuclei-ignore file from current working directory
f26d518 Added comments support in .nuclei-ignore file
e12003c Added stop-at-first-match flag
86ebb27 Added flag to disable host header and content length
75e0796 Added host information in the JSON response by @savushkin-yauheni

Updated:-

9442cfb Updated flag nC to no-color
9442cfb Updated flag json-requests to include-rr
9442cfb Updated flag pbar to stats

Fixed:-

6777069 Fixed a bug with ignoring paths in the input file by @vzamanillo
927270f Fixed a bug with raw requests redirect
a3dc908 Fixed a bug with debug flag to display post body
0a760a4 Fixed a panic with trace log

Use

1. Running nuclei with a single template.

This will run the tool against all the hosts in urls.txt and returns the matched results.

> nuclei -l urls.txt -t git-core.yaml -o results.txt

You can also pass the list of hosts at standard input (STDIN). This allows for easy integration in automation pipelines.

This will run the tool against all the hosts in urls.txt and returns the matched results.

> cat urls.txt | nuclei -t git-core.yaml -o results.txt

2. Running nuclei with multiple templates.

This will run the tool against all the hosts in urls.txt with all the templates in the path-to-templates directory and returns the matched results.

> nuclei -l urls.txt -t "path-to-templates/*.yaml" -o results.txt

3. Automating nuclei with subfinder and any other similar tool.

> subfinder -d hackerone.com | httprob | nuclei -t "path-to-templates/*.yaml" -o results.txt

Nuclei supports glob expression ending in .yaml meaning multiple templates can be easily passed to be executed one after the other. Please refer to this guide to build your own custom templates.

Download

Copyright (c) 2020 Exposed Atoms