Hack with Automation !!!

Hi Everyone
In this blog, I will cover the process of automating and identifying the bugs using Nuclei and the methodology of writing the customized nuclei templates

Nuclei

Download and install nuclei using the following command

GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

Note: Make sure that you have already installed the Go version of 1.14 or above in your system.

How it Works

How to Write your Own Nuclei Template

Note : these below mentioned details are needed to write a good nuclei template

Request
Response
Strict Matcher

Let's take an example , you are reading about a bug or vulnerability blog as shown below.

Now we have the request , response and matcher to create a nuclei template.

Scanning for misconfiguration on given list of URLs.

nuclei -l target_urls.txt -t misconfigured-docker.yaml

Now let’s take a another example, you are scrolling through Twitter and found some New Exploit has been released as shown below.

If you know what is the Request, Response, Strict Matcher , it is easy to write a nuclei template.

Scanning for CVE-2020-36289 on given list of URLs.

nuclei -l target_urls.txt -t CVE-2020-36289.yaml

More Nuclei Templates can be found here https://github.com/projectdiscovery/nuclei-templates.

Note:-

Below mentioned are some of the places where you can find source for writing nuclei templates.

Google Dorks - GHDB is an index of search queries to get filtered search results
Vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
PeiQi-WIKI-POC - Place where Exploits of various Tech Stack are Stored
Awesome-CVE-POC - Collection about Proof of Concepts of Common Vulnerabilities and Exposures

Multiple search engines are available for the information gathering of various technologies that are exposed on the Internet. These can prove to be useful while creating the nuclei templates. Some of which are as follows : -