Hi Everyone
In this blog, I will cover the process of automating and identifying the bugs using Nuclei and the methodology of writing the customized nuclei templates

Nuclei

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Note: Make sure that you have already installed the Go version of 1.14 or above in your system.

How it Works

How to Write your Own Nuclei Template

Note : these below mentioned details are needed to write a good nuclei template

• Request
• Response
• Strict Matcher

Let's take an example , you are reading about a bug or vulnerability blog as shown below.

Now we have the request , response and matcher to create a nuclei template.

• Scanning for misconfiguration on given list of URLs.

nuclei -l target_urls.txt -t misconfigured-docker.yaml

Now let’s take a another example, you are scrolling through Twitter and found some New Exploit has been released as shown below.

If you know what is the Request, Response, Strict Matcher , it is easy to write a nuclei template.

• Scanning for CVE-2020-36289 on given list of URLs.

nuclei -l target_urls.txt -t CVE-2020-36289.yaml

More Nuclei Templates can be found here https://github.com/projectdiscovery/nuclei-templates.

Note:-

Below mentioned are some of the places where you can find source for writing nuclei templates.

• Google Dorks - GHDB is an index of search queries to get filtered search results
• Vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
• PeiQi-WIKI-POC - Place where Exploits of various Tech Stack are Stored
• Awesome-CVE-POC - Collection about Proof of Concepts of Common Vulnerabilities and Exposures

Multiple search engines are available for the information gathering of various technologies that are exposed on the Internet. These can prove to be useful while creating the nuclei templates. Some of which are as follows : -

• Shodan - Search Engine for the Internet of Everything
• Fofa - Cyberspace Surveying and Mapping
• PublicWWW - Source Code Search Engine
• ZoomEye - Cyberspace Search Engine
• Spyse - Internet Assets Search Engine

Nuclei Unleashed

Nuclei is capable of doing the following things

• Author Based Execution

Huge Shout out to Project Discovery Team for creating Amazing Tools

Kudos to all the active contributors out there !!!

Thanks a lot for reading !!!.