【図表】
出典: https://jpn.nec.com/cybersecurity/blog/211029/index.html
【ツール】
◆Nuclei - Community Powered Vulnerability Scanner
https://nuclei.projectdiscovery.io/
【ダウンロード】
◆Nuclei - Community Powered Vulnerability Scanner
https://nuclei.projectdiscovery.io/
【ブログ】
◆Nucleiを使ってスキャンしてみた (shikata ga nai, 2021/01/13)
https://cysec148.hatenablog.com/entry/2021/01/13/145420
⇒ https://security-tools.hatenablog.com/entry/2021/01/13/000000
◆ペネトレーションツールの紹介 ~nuclei~ (長浜 佑介(NECセキュリティブログ), 2021/10/29)
https://jpn.nec.com/cybersecurity/blog/211029/index.html
⇒ https://security-tools.hatenablog.com/entry/2021/10/29/000000
【検索】
google: Nuclei
google:news: Nuclei
google: site:virustotal.com Nuclei
google: site:github.com Nuclei
■Bing
https://www.bing.com/search?q=Nuclei
https://www.bing.com/news/search?q=Nuclei
https://twitter.com/search?q=%23Nuclei
https://twitter.com/hashtag/v
【関連まとめ記事】
◆ペネトレーションツール (まとめ)
https://security-tools.hatenablog.com/entry/Penetration_Tool
【オプション】
Usage: nuclei [flags] Flags: TARGET: -u, -target string target URLs/hosts to scan -l, -list string path to file containing a list of target URLs/hosts to scan (one per line) TEMPLATES: -t, -templates string template or template directory paths to include in the scan -nt, -new-templates run only new templates added in latest nuclei-templates release -w, -workflows string workflow or workflow directory paths to include in the scan -validate validate the passed templates to nuclei -tl list all available templates FILTERING: -tags string execute a subset of templates that contain the provided tags -etags, -exclude-tags string exclude templates with the provided tags -itags, -include-tags string tags from the default deny list that permit executing more intrusive templates -et, -exclude-templates string template or template directory paths to exclude -it, -include-templates string templates to be executed even if they are excluded either by default or configuration -s, -severity value Templates to run based on severity. Possible values - info,low,medium,high,critical -es, -exclude-severity value Templates to exclude based on severity. Possible values - info,low,medium,high,critical -a, -author string execute templates that are (co-)created by the specified authors OUTPUT: -o, -output string output file to write found issues/vulnerabilities -silent display findings only -nc, -no-color disable output content coloring (ANSI escape codes) -json write output in JSONL(ines) format -irr, -include-rr include request/response pairs in the JSONL output (for findings only) -nm, -no-meta don't display match metadata -nts, -no-timestamp don't display timestamp metadata in CLI output -rdb, -report-db string local nuclei reporting database (always use this to persist report data) -me, -markdown-export string directory to export results in markdown format -se, -sarif-export string file to export results in SARIF format CONFIGURATIONS: -config string path to the nuclei configuration file -rc, -report-config string nuclei reporting module configuration file -H, -header string custom headers in header:value format -V, -var value custom vars in var=value format -r, -resolvers string file containing resolver list for nuclei -sr, -system-resolvers use system DNS resolving as error fallback -passive enable passive HTTP response processing mode -ev, -env-vars enable environment variables to be used in template INTERACTSH: -iserver, -interactsh-server string interactsh server url for self-hosted instance (default "https://interactsh.com") -itoken, -interactsh-token string authentication token for self-hosted interactsh server -interactions-cache-size int number of requests to keep in the interactions cache (default 5000) -interactions-eviction int number of seconds to wait before evicting requests from cache (default 60) -interactions-poll-duration int number of seconds to wait before each interaction poll request (default 5) -interactions-cooldown-period int extra time for interaction polling before exiting (default 5) -ni, -no-interactsh disable interactsh server for OAST testing, exclude OAST based templates RATE-LIMIT: -rl, -rate-limit int maximum number of requests to send per second (default 150) -rlm, -rate-limit-minute int maximum number of requests to send per minute -bs, -bulk-size int maximum number of hosts to be analyzed in parallel per template (default 25) -c, -concurrency int maximum number of templates to be executed in parallel (default 25) OPTIMIZATIONS: -timeout int time to wait in seconds before timeout (default 5) -retries int number of times to retry a failed request (default 1) -mhe, -max-host-error int max errors for a host before skipping from scan (default 30) -project use a project folder to avoid sending same request multiple times -project-path string set a specific project path -spm, -stop-at-first-path stop processing HTTP requests after the first match (may break template/workflow logic) -stream Stream mode - start elaborating without sorting the input HEADLESS: -headless enable templates that require headless browser support -page-timeout int seconds to wait for each page in headless mode (default 20) -sb, -show-browser show the browser on the screen when running templates with headless mode -sc, -system-chrome Use local installed chrome browser instead of nuclei installed DEBUG: -debug show all requests and responses -debug-req show all sent requests -debug-resp show all received responses -proxy, -proxy-url string URL of the HTTP proxy server -proxy-socks-url string URL of the SOCKS proxy server -tlog, -trace-log string file to write sent requests trace log -version show nuclei version -v, -verbose show verbose output -vv display extra verbose information -tv, -templates-version shows the version of the installed nuclei-templates UPDATE: -update update nuclei engine to the latest released version -ut, -update-templates update nuclei-templates to latest released version -ud, -update-directory string overwrite the default directory to install nuclei-templates -duc, -disable-update-check disable automatic nuclei/templates update check STATISTICS: -stats display statistics about the running scan -sj, -stats-json write statistics data to an output file in JSONL(ines) format -si, -stats-interval int number of seconds to wait between showing a statistics update (default 5) -m, -metrics expose nuclei metrics on a port -mp, -metrics-port int port to expose nuclei metrics on (default 9092)