# Section 1: Introduction to Nuclei$
## Overview of Nuclei$
Nuclei$ is an incredibly powerful tool that facilitates rapid vulnerability scanning and security assessments, specifically designed for cybersecurity professionals and penetration testers. Built to run on Kali Linux, Nuclei$ is a template-based vulnerability scanner that can help identify a wide range of vulnerabilities in web applications, networks, and server configurations. In this section, we will cover the installation and configuration of Nuclei$, how to use it effectively in real-world scenarios, and provide detailed technical explanations to enhance your understanding of the tool.
## Installation and Configuration on Kali Linux
### Prerequisites
Before you install Nuclei$, ensure that you have Kali Linux up and running. The default installation of Kali Linux includes most necessary tools, but you might want to update your package lists:
"`bash
sudo apt update && sudo apt upgrade
"`
### Installing Nuclei$
Nuclei$ can be easily installed using `go`, the Go programming language's package manager. First, ensure you have Go installed on your system. You can check this by running:
"`bash
go version
"`
If Go is not installed, you can install it using the following command:
"`bash
sudo apt install golang
"`
Next, set up your `GOPATH` (if it is not already set):
"`bash
mkdir -p $HOME/go/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc
source ~/.bashrc
"`
Now, you can proceed to install Nuclei$:
"`bash
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
"`
Once the installation is complete, verify that Nuclei$ has been installed correctly by running:
"`bash
nuclei -version
"`
### Configuration
Nuclei$ comes with several built-in templates that allow for immediate scanning of various vulnerabilities. However, you can customize or create your own templates based on your specific needs.
1. **Clone the Nuclei Template Repository**:
First, you’ll want to clone the official Nuclei templates repository:
git clone https://github.com/projectdiscovery/nuclei-templates.git ~/nuclei-templates
2. **Configure Nuclei$ to Use Your Templates**:
Create or edit the configuration file to point Nuclei$ to your templates by creating a new directory for your configurations:
mkdir -p ~/.config/nuclei
echo 'template-path: "/home//nuclei-templates"' >> ~/.config/nuclei/config.yaml
3. **Updating Templates**:
To ensure you have the latest templates, navigate to your cloned templates directory and pull the latest changes:
cd ~/nuclei-templates
git pull
### Usage of Nuclei$
Nuclei$ offers a plethora of functionalities that can be leveraged for various use cases. Below are step-by-step scenarios demonstrating its usage.
#### Basic Scanning
To scan a target host using Nuclei$, use the following command:
"`bash
nuclei -u http://example.com -t ~/nuclei-templates/technologies/
"`
This command targets `http://example.com` and uses the templates related to technology detection.
#### Scanning with Multiple Templates
You can also specify multiple templates for broader scans:
"`bash
nuclei -u http://example.com -t ~/nuclei-templates/vulnerabilities/ -t ~/nuclei-templates/misconfiguration/
"`
#### Real-World Use Cases
1. **Vulnerability Scanning**:
For a penetration testing engagement, you need to find common vulnerabilities on a web application. Use:
nuclei -u http://target-site.com -t ~/nuclei-templates/vulnerabilities/
The output will provide you with vulnerabilities found, including potential Cross-Site Scripting (XSS), SQL Injection (SQLi), and more.
2. **Subdomain Enumeration**:
Nuclei$ can also utilize templates for discovering subdomains:
nuclei -l subdomains.txt -t ~/nuclei-templates/subdomain-discovery/
Where `subdomains.txt` contains a list of subdomains you've gathered from a reconnaissance phase.
3. **Misconfiguration Detection**:
Misconfigurations are common vulnerabilities that can lead to data breaches. To find these, run:
nuclei -u http://your-app.com -t ~/nuclei-templates/misconfiguration/
4. **Automating with CI/CD Pipelines**:
Nuclei$ can be integrated into CI/CD pipelines for continuous security assessments. Here’s a simple example of a GitHub Actions configuration:
[/dm_code_snippet]yaml
name: Nuclei Scan
on: [push]
jobs:
scan:
runs-on: ubuntu-latest
steps:
– name: Checkout Code
uses: actions/checkout@v2
– name: Install Go
run: |
sudo apt update
sudo apt install -y golang-go
– name: Install Nuclei
run: |
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
– name: Run Nuclei
run: nuclei -u http://your-app.com -t ~/nuclei-templates/vulnerabilities/
[/dm_code_snippet]
### Detailed Technical Explanations
Now, let’s delve deeper into Nuclei$ and its capabilities.
#### Template Structure
Nuclei$ uses YML (YAML) files as templates. Each template can define a range of checks to be performed. Here’s a breakdown of a basic template structure:
"`yaml
id: example-check
info:
name: Example Vulnerability
author: yourname
severity: medium
tags: example, json
requests:
– method: GET
path:
– "{{BaseURL}}/example-path"
matchers:
– type: word
words:
– "Vulnerable"
"`
**Elements Explained**:
– **id**: Unique identifier for the template.
– **info**: Metadata about the template.
– **requests**: Defines the HTTP requests to be made during the scan.
– **matchers**: Contains the conditions that specify how to determine if a vulnerability is present.
#### Custom Template Creation
Creating your own templates can significantly extend Nuclei$'s functionality. Here’s a simple example of how you might create a custom template:
1. Create a new file named `custom-vuln.yaml` in your templates directory.
2. Write your template:
"`yaml
id: custom-xss
info:
name: Custom XSS Vulnerability
author: yourname
severity: high
tags: xss, custom
requests:
– method: GET
path:
– "{{BaseURL}}/search?q="
matchers:
– type: word
words:
– ""
"`
This template checks for a reflected XSS vulnerability by injecting a script tag into a search query.
### External References and Further Reading
To deepen your understanding of using Nuclei$ effectively, here are some valuable resources:
1. [Nuclei$ GitHub Repository](https://github.com/projectdiscovery/nuclei)
2. [Nuclei$ Official Documentation](https://nuclei.projectdiscovery.io/)
3. [YAML Syntax Guide](https://yaml.org/start.html)
4. [Common Vulnerabilities and Exposures (CVE) Database](https://cve.mitre.org/)
5. [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
## Conclusion
In this section, we have covered the essential aspects of Nuclei$, including installation, configuration, and practical use cases. Understanding how to utilize this tool effectively will greatly enhance your capabilities as a penetration tester or cybersecurity professional. As you practice with Nuclei$, you will discover its flexibility and power in automating vulnerability assessments.
In the following sections, we will dive deeper into advanced features, integrations, and case studies to help you master Nuclei$.
Made by pablo rotem / פבלו רותם