provocativo_
back to the arsenal
// arsenal·Web AppSecIntermediateFOSS

Nuclei

Template-based vulnerability scanner from ProjectDiscovery — community-maintained CVE templates.

Web AppSec

$ nuclei --help

Nuclei

// what it is

Description

YAML-driven scanner with thousands of community templates targeting specific CVEs, misconfigurations, and exposures. The 'plug-and-play' way to check whether a host is vulnerable to last week's CVE.

// use cases

What people use it for

  • Mass-check exposure to a specific CVE
  • Misconfiguration sweeps across an asset list
  • Continuous attack-surface monitoring

// commands

The commands you'll type

Run all templates

$ nuclei -l hosts.txt -t cves/

Single CVE template

$ nuclei -u https://target -t cves/2021/CVE-2021-44228.yaml

// facts

category
Web AppSec
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Web AppSec

Web AppSecIntermediate

Burp Suite

PortSwigger's intercepting HTTP proxy — the de facto web app testing platform.

Freemium
LIN·WIN·MAC
open entry →
Web AppSecBeginner

OWASP ZAP

The free, OWASP-stewarded alternative to Burp.

FOSS
LIN·WIN·MAC
open entry →
Web AppSecBeginner

Nikto

Loud-but-fast web server scanner — checks for thousands of misconfigurations.

FOSS
LIN·WIN·MAC
open entry →