nuclei

Fast and customizable vulnerability scanner based on a simple YAML based DSL. More information: https://docs.projectdiscovery.io/tools/nuclei/overview.

• [u]pdate nuclei [t]emplates to the latest released version (will be downloaded to ~/nuclei-templates):

nuclei -ut

• list all templates with a specific protocol type:

nuclei -tl -pt dns|file|http|headless|tcp|workflow|ssl|websocket|whois|code|javascript

• Run an automatic web scan using wappalyzer technology detection specifying a target uRL/host to scan:

nuclei -as -u scanme.nmap.org

• Run HTTP protocol type templates of high and critical severity, exporting results to markdown files inside a specific directory:

nuclei -severity high,critical -pt http -u http://scanme.sh -me markdown_directory

• Run all templates using a different rate limit and maximum bulk size with silent output (only showing the findings):

nuclei -rl 150 -bs 25 -c 25 -silent -u http://scanme.sh

• Run the WordPress workflow against a WordPress site:

nuclei -w path/to/nuclei-templates/workflows/wordpress-workflow.yaml -u https://sample.wordpress.site

• Run one or more specific [t]emplates or directory with [t]emplates with [v]erbose output in stderr and [o]utput detected issues/vulnerabilities to a file:

nuclei -t path/to/nuclei-templates/http -u http://scanme.sh -v -o results

• Run scan based on one or more template conditions:

nuclei -tc "contains(tags, 'xss') && contains(tags, 'cve')" -u https://vulnerable.website