Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

Nuclei is a vulnerability scanner, so it can naturally support

common network services, such as HTTP, DNS, and network

sockets, as well as local file scanning. You can use it to send HTTP

requests, DNS queries, and raw bytes over the network, and even

scan files to find credentials (for example, when you identify an

open git repository and want pull it locally to find secrets).

As of this writing, Nuclei has more than 6,000 templates in its

database. In this section, we’ll introduce Nuclei and how to use it.

Understanding Templates

Nuclei templates are based on YAML files that define the

following high level template structure:

A unique identifier for the template

Metadata

Information about the template, such as description, an author, a

severity, and tags (arbitrary labels that can group multiple templates,

such as injection or denial-of-service)

Protocol

The mechanism that the template uses to make its requests; for

example, http is a protocol type that uses HTTP for web requests

Operators

Used for matching patterns against responses received by a template

execution (matchers) and extracting data (extractors), similar to the

filtering performed by tools like grep

Listing 5-12 is a simple example of a Nuclei template that uses

the HTTP protocol to find the default Apache HTML welcome page.

Navigate to http://172.16.10.11/ to see what this page looks like.

id: detect-apache-welcome-page

1 info:

name: Apache2 Ubuntu Default Page

author: Dolev Farhi and Nick Aleks

severity: info

tags: apache

http:

- method: GET

path:

2 - '{{BaseURL}}'