Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Overview


Nuclei

Fast and customisable vulnerability scanner based on simple YAML based DSL.

HowInstallFor Security EngineersFor DevelopersDocumentationCreditsLicenseJoin Discord


Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei.

We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers. It is preloaded with ready to use templates using -update-templates flag.

How it works

nuclei-flow

Install Nuclei

▶ GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei

More installation methods can be found here.

Download Templates

You can download and update the nuclei templates using update-templates flag of nuclei that downloads all the available nuclei-templates from Github project, a community curated list of templates that are ready to use.

▶ nuclei -update-templates

Nuclei is designed to used with custom templates according to the target and workflow, you can write your own checks for your specific workflow and needs, please refer to nuclei templating guide to write your own custom templates.

Running Nuclei

Scanning for CVEs on given list of URLs.

▶ nuclei -l target_urls.txt -t cves/

More detailed examples of running nuclei can be found here.

For Security Engineers

Nuclei offers great number of features that are helpful for security engineers to customise workflow in their organisation. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create their suite of custom checks with Nuclei.

  • Varieties of protocols supported: TCP, DNS, HTTP, File, etc
  • Achieve complex vulnerability steps with workflows and dynamic requests.
  • Easy to integrate into CI/CD, designed to be easily integrated into regression cycle to actively check the fix and re-appearance of vulnerability.

Learn More

For bugbounty hunters:

Nuclei allows you to customise your testing approach with your own suite of checks and easily run across your bug bounty programs. Moroever, Nuclei can be easily integrated into any continuous scanning workflow.

  • Designed to be easily integrated into other tool workflow.
  • Can process thousands of hosts in few minutes.
  • Easily automate your custom testing approach with our simple YAML DSL.

Please check our other open-source projects that might fit into your bug bounty workflow: github.com/projectdiscovery, we also host daily refresh of DNS data at Chaos.

For pentesters:

Nuclei immensely improve how you approach security assessment by augmenting the manual repetitve processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.

Pen-testers get the full power of our public templates and customization capabilities to speed-up their assessment process, and specifically with the regression cycle where you can easily verify the fix.

  • Easily create your compliance, standards suite (e.g. OWASP Top 10) checklist.
  • With capabilities like fuzz and workflows, complex manual steps and repetitive assessment can be easily automated with Nuclei.
  • Easy to re-test vulnerability-fix by just re-running the template.

For Developers and Organisations

Nuclei is built with simplicity in mind, with the community backed templates by hundreds of security researchers, it allows you to stay updated with latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify the fixes and eliminate vulnerabilities from occuring in future.

  • CI/CD: Engineers are already utilising Nuclei within their CI/CD pipeline, it allows them to constantly monitor their staging and production environments with customised templates.
  • Continuous Regression Cycle: With Nuclei, you can create your custom template on every new identified vulnerability and put into Nuclei engine to eliminate in the continuous regression cycle.

We have a discussion thread around this, there are already some bug bounty programs giving incentives to hackers on writing nuclei templates with every submission, that helps them to eliminate the vulnerability across all their assets, as well as to eliminate future risk in reappearing on productions. If you're interested in implementing it in your organisation, feel free to reach out to us. We will be more than happy to help you in the getting started process, or you can also post into the discussion thread for any help.

regression-cycle-with-nuclei

Learn More

Resources

Credits

Thanks to all the amazing community contributors for sending PRs. Do also check out the below similar open-source projects that may fit in your workflow:

FFuF, Qsfuzz, Inception, Snallygaster, Gofingerprint, Sn1per, Google tsunami, Jaeles, ChopChop

License

Nuclei is distributed under MIT License

Join Discord Check Nuclei Documentation

Comments
  • [issue] runtime error

    [issue] runtime error

    Describe the bug I updated my nuclei install to version 2.4.1 and now it errors out every time i try to run it. Be advised I think upgrade over brew install and i am running Darwin HQSML-1689616 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. This is related to #888

    Nuclei version Please share the version of the nuclei you are running with nuclei -version See above and below

    Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

                         __     _
       ____  __  _______/ /__  (_)
      / __ \/ / / / ___/ / _ \/ /
     / / / / /_/ / /__/ /  __/ /
    /_/ /_/\__,_/\___/_/\___/_/   2.4.1
    
    		projectdiscovery.io
    
    [ERR] Could not read nuclei-ignore file: open /Users/gbiago909/.config/nuclei/.nuclei-ignore: no such file or directory
    [INF] Using Nuclei Engine 2.4.1
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x49052fb]
    
    goroutine 1 [running]:
    github.com/projectdiscovery/nuclei/v2/internal/runner.(*Runner).RunEnumeration(0xc0000e6000, 0x0, 0x0)
    	github.com/projectdiscovery/nuclei/v2/internal/runner/runner.go:345 +0xd5b
    main.main()
    	command-line-arguments/main.go:30 +0x87
    
    Status: Completed Type: Bug 
    opened by gbiagomba 39
  • Nuclei Crashes on a huge list of urls

    Nuclei Crashes on a huge list of urls

    Nuclei version:

    2.7.7

    Current Behavior:

    When running nuclei on a list of targets more than 5K, it seems to crash after running for 10 minutes.

    Expected Behavior:

    It should not crash.

    Steps To Reproduce:

    1. nuclei -l urls.txt -t any.yaml -rl 40 -o any.txt
    2. KILLED message appears after a while on bash.

    Anything else:

    image

    Priority: High Status: Completed Type: Bug 
    opened by IfrahIman 33
  • [issue] panic: runtime error: invalid memory address or nil pointer dereference

    [issue] panic: runtime error: invalid memory address or nil pointer dereference

    Describe the bug I was running a test to see if I could run most of the templates with a single call to a url. This is the custom workflow I ran by echoing in a single url to nuclei.

    id: unguided
    info:
      name: Workflow to run most of the templates
      author: Jeffrey Shran
    
    variables:
      cves: cves/
      default_credentials: default-credentials/
      dns: dns/
      files: files/
      generic_detections: generic-detections/
      panels: panels/
      security_misconfiguration: security-misconfiguration/
      subdomain_takeover: subdomain-takeover/
      technologies: technologies/
      tokens: tokens/
      vulnerabilities: vulnerabilities/
    
    logic:
      |
      cves()
      default_credentials()
      dns()
      files()
      generic_detections()
      panels()
      security_misconfiguration()
      subdomain_takeover()
      technologies()
      tokens()
      vulnerabilities()
    

    The command I ran is as follows:

    echo "https://example.com" | nuclei -c 200 -t ~/unguided.yaml -o example_com.nuclei.unguided

    Nuclei runs for 30-45 seconds then produces the error in the screenshot below.

    Nuclei version Current Version: 2.1.0

    Screenshot of the error or bug image

    Status: Completed 
    opened by JeffreyShran 19
  • Nuclei stops to query additional paths when first path/URL is not reachable in case of ports

    Nuclei stops to query additional paths when first path/URL is not reachable in case of ports

    Hello,

    I am not sure if I should not post this issue on the Nuclei github directly.

    I am trying to perform a template which just match a file. The specificity here is that i add a check on another port :

     - "{{BaseURL}}/myfile.txt"
     - "{{BaseURL}}:8080/myfile.txt"
    

    (The text context is the following: The file is available on port 8080. Server don't answer on port 80, the base URL)

    Problem is that this doesn't work, Nuclei seems to stop the check as the server is not responding :

    [INF] [MyTemplate] Loaded template File Detection Template (@Ohlala) [info]
    [WRN] Could not execute step: could not make http request: GET http://###REDACTED#####/myfile.txt giving up after 2 attempts: Get "http://REDACTED/myfile.txt": dial tcp REDACTED:80: connect: connection refused
    

    However, when using a proxy there is no problem and i got the match with the 8080 port.

    Any idea ?

    Type: Bug 
    opened by acarnage 17
  • Reporting to Github issues fails if the issue-label field is not set

    Reporting to Github issues fails if the issue-label field is not set

    Describe the bug For the following reporting configuration, nuclei fails to report with error 422 Validation Failed [{Resource:Label Field:name Code:missing_field Message:}]

    allow-list:
        severity: info, low, medium, high, critical
    github: 
        username: "0xcrypto"
        owner: "bb-research"
        token: "REDACTED"
        project-name: "hackberry_xyz"
    

    Nuclei version v2.5.2

    Screenshot of the error or bug image

    good first issue Status: Completed Type: Bug Hacktoberfest 
    opened by 0xcrypto 15
  • Headless Browsing Login on Websites not Working

    Headless Browsing Login on Websites not Working

    Describe the bug Headless Browsing login flow on websites not working

    Nuclei version Nuclei v 2.5.2

    Screenshot of the error or bug Has anyone tried authenticating into a modern website via Nuclei headless browsing? I've been trying to log into Trello but the login flow which should lead me here after inputting my email(tested on regular browser): Screen Shot 2021-10-07 at 2 09 53 PM

    in Nuclei headless seems to instead lead me back to this page: Screen Shot 2021-10-07 at 2 11 13 PM

    Status: Completed Type: Bug 
    opened by ctao5660 15
  • Enumeration progressbar

    Enumeration progressbar

    This is an initial implementation for a progress tracking system that informs the user of the enumeration state by providing visual feedback via progress bars.

    This is by no means a "pull-request" in the sense "please pull this into your repo else i'm mad", but this is meant to be here for tracking and discussion purposes, please feel free to make it to pieces :)

    These changes provides the following:

    • a single progress bar when a single template is specified

      • this will track the total number of requests, for the specified template, for all the specified hosts Screenshot 2020-07-11 at 23 33 00
    • two progress bars when a template directory is specified

      • progress bar 1 will track the total number of requests, for all the specified templates, for all the specified hosts
      • progress bar 2 will track the total number of requests, for the current template, for all the specified hosts Screenshot 2020-07-11 at 23 33 16

    There were some things to consider in doing this, so i had to make some choices in order to have an initial implementation working, i'll depict the main points here.

    progress bar library

    There are quite a bit of libraries for this, but to my understanding the best one is probably https://github.com/vbauerster/mpb, supporting multiple progress bars out-of-the-box.

    enumeration support

    Only HTTP requests support has been implemented, once this is good and stable i can start working on both the DNS requests and the Workflow integration.

    stdout/stderr output

    At this time, both stdout and stderr are buffered and they are both shown at the end of the enumeration phase.

    Progress bars always write to stderr.

    I've started working on this with the idea to provide the same original behavior, showing both during the enumeration process. This quite worked, but not all the times, especially when fast stdout is written to the screen, mangled output is not what you want in most cases.

    -no-progressbar flag proposal

    At this time there is no way to switch off the progress bar, but it may be sensible to let users choose to not have visual feedback at all and process stdout as usual instead: for this i propose to add a -no-progressbar flag to actually disable the visual progress feedback.

    refactoring

    In order to know the total number of hosts and requests per template beforehand, i had to refactor the code a bit: this may not be ideal or the "projectdiscovery" way, please let me know!

    Priority: Medium 
    opened by manuelbua 14
  • Loading thousands of urls in list file will lock the executing threads

    Loading thousands of urls in list file will lock the executing threads

    goroutine 24336 [runnable, locked to thread]:
    syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2c0d4, 0x0, 0x0)
            C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
    syscall.Closesocket(0xc009a4b310)
            C:/Program Files/Go/src/syscall/zsyscall_windows.go:1343 +0x5c
    internal/poll.(*FD).destroy(0xc014ba8c80)
            C:/Program Files/Go/src/internal/poll/fd_windows.go:373 +0x9a
    internal/poll.(*FD).decref(0x2b7be2e0)
            C:/Program Files/Go/src/internal/poll/fd_mutex.go:213 +0x54
    internal/poll.(*FD).Close(0xc014ba8c80)
            C:/Program Files/Go/src/internal/poll/fd_windows.go:395 +0x69
    net.(*netFD).Close(0xc014ba8c80)
            C:/Program Files/Go/src/net/fd_posix.go:38 +0x38
    net.(*conn).Close(0xc000689980)
            C:/Program Files/Go/src/net/net.go:207 +0x45
    github.com/miekg/dns.(*Client).Exchange(0xc0006f9b30, 0xc003a39c00, {0xc010fe4d9
    0, 0x19f0172})
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
    0x131
    github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
    0xc0019f6dc0, 0x1a}, {0xc009a4b61c, 0x2, 0x50a697})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:248 +0x593
    github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:100
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
    140, {0xc0019f6dc0, 0x1a})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
    0x1a2f8e8, 0xc003f9c540}, {0x1410156, 0x3}, {0xc0019f6dc0, 0x118}, 0x0, 0x0, 0x0
    , ...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
    net/http.(*Transport).dial(0xc003f9c540, {0x1a2f8e8, 0xc003f9c540}, {0x1410156,
    0xc0068d7b60}, {0xc0019f6dc0, 0xc0068d7ad0})
            C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
    net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f9c540}, {{}, 0x0
    , {0xc002f3f140, 0x5}, {0xc0019f6dc0, 0x1e}, 0x0})
            C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
    net/http.(*Transport).dialConnFor(0x1a17740, 0xc0058dcd10)
            C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
    created by net/http.(*Transport).queueForDial
            C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7
    
    goroutine 24337 [IO wait]:
    internal/poll.runtime_pollWait(0xc86bf7b8, 0x77)
            C:/Program Files/Go/src/runtime/netpoll.go:303 +0x85
    internal/poll.(*pollDesc).wait(0x43, 0xc009a57088, 0x0)
            C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x32
    internal/poll.execIO(0xc003c89768, 0x16591f0)
            C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe5
    internal/poll.(*FD).Write(0xc003c89680, {0xc00aa0fc70, 0x42, 0x43})
            C:/Program Files/Go/src/internal/poll/fd_windows.go:637 +0x33b
    net.(*netFD).Write(0xc003c89680, {0xc00aa0fc70, 0x12d00a0, 0x13c12a0})
            C:/Program Files/Go/src/net/fd_posix.go:74 +0x29
    net.(*conn).Write(0xc019f61b08, {0xc00aa0fc70, 0xc09950b40001001c, 0xc009a571b8}
    )
            C:/Program Files/Go/src/net/net.go:195 +0x45
    github.com/miekg/dns.(*Conn).Write(0xc002e92d80, {0xc00aa0fc70, 0x42, 0x43})
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:379 +
    0x115
    github.com/miekg/dns.(*Conn).WriteMsg(0xc002e92d80, 0x1b1559330d)
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:368 +
    0xe5
    github.com/miekg/dns.(*Client).exchangeContext(0xc00011c380, {0x1a2f8b0, 0xc0000
    2a0e0}, 0xc009a57548, 0xc002e92d80)
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:240 +
    0x367
    github.com/miekg/dns.(*Client).exchangeWithConnContext(0x0, {0x1a2f8b0, 0xc00002
    a0e0}, 0x0, 0x0)
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:195 +
    0x1dc
    github.com/miekg/dns.(*Client).ExchangeWithConn(0xc00011c380, 0x1a2f8b0, 0xc0000
    2a0e0)
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:190 +
    0x30
    github.com/miekg/dns.(*Client).Exchange(0xc0006f9b00, 0xc003a39cb0, {0xc01888bd2
    0, 0x19f0172})
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
    0x10e
    github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
    0xc0019f6e60, 0x1a}, {0xc009a5761c, 0x2, 0x50a697})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:248 +0x593
    github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:100
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
    140, {0xc0019f6e60, 0x1a})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
    0x1a2f8e8, 0xc003f9c780}, {0x1410156, 0x3}, {0xc0019f6e60, 0x118}, 0x0, 0x0, 0x0
    , ...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
    net/http.(*Transport).dial(0xc003f9c780, {0x1a2f8e8, 0xc003f9c780}, {0x1410156,
    0xc0068d7b60}, {0xc0019f6e60, 0xc0068d7ad0})
            C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
    net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f9c780}, {{}, 0x0
    , {0xc00608c630, 0x5}, {0xc0019f6e60, 0x1e}, 0x0})
            C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
    net/http.(*Transport).dialConnFor(0x1a17740, 0xc0058dcdc0)
            C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
    created by net/http.(*Transport).queueForDial
            C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7
    
    goroutine 24368 [runnable, locked to thread]:
    syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2b0fc, 0x0, 0x0)
            C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
    syscall.Closesocket(0xc009a79310)
            C:/Program Files/Go/src/syscall/zsyscall_windows.go:1343 +0x5c
    internal/poll.(*FD).destroy(0xc0157cc280)
            C:/Program Files/Go/src/internal/poll/fd_windows.go:373 +0x9a
    internal/poll.(*FD).decref(0x2bb25c38)
            C:/Program Files/Go/src/internal/poll/fd_mutex.go:213 +0x54
    internal/poll.(*FD).Close(0xc0157cc280)
            C:/Program Files/Go/src/internal/poll/fd_windows.go:395 +0x69
    net.(*netFD).Close(0xc0157cc280)
            C:/Program Files/Go/src/net/fd_posix.go:38 +0x38
    net.(*conn).Close(0xc000688c50)
            C:/Program Files/Go/src/net/net.go:207 +0x45
    github.com/miekg/dns.(*Client).Exchange(0xc0006f9bc0, 0xc001799070, {0xc002b049d
    0, 0x19f0172})
            C:/Users/DELL i5/go/pkg/mod/github.com/miekg/[email protected]/client.go:170 +
    0x131
    github.com/projectdiscovery/retryabledns.(*Client).QueryMultiple(0xc00011c280, {
    0xc003822d20, 0x14}, {0xc009a7961c, 0x2, 0x50a697})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:248 +0x593
    github.com/projectdiscovery/retryabledns.(*Client).Resolve(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    0.13/client.go:100
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).GetDNSData(0xc000726
    140, {0xc003822d20, 0x14})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:326 +0x2d1
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).dial(0xc000726140, {
    0x1a2f8e8, 0xc003f09ce0}, {0x1410156, 0x3}, {0xc003822d20, 0x118}, 0x0, 0x0, 0x0
    , ...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:160 +0x17a
    github.com/projectdiscovery/fastdialer/fastdialer.(*Dialer).Dial(...)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/[email protected]
    15-0.20220127193345-f06b0fd54d47/fastdialer/dialer.go:101
    net/http.(*Transport).dial(0xc003f09ce0, {0x1a2f8e8, 0xc003f09ce0}, {0x1410156,
    0xc0068d1b60}, {0xc003822d20, 0xc0068d1ad0})
            C:/Program Files/Go/src/net/http/transport.go:1166 +0xda
    net/http.(*Transport).dialConn(0xc00007edc0, {0x1a2f8e8, 0xc003f09ce0}, {{}, 0x0
    , {0xc00551b6b0, 0x5}, {0xc003822d20, 0x18}, 0x0})
            C:/Program Files/Go/src/net/http/transport.go:1604 +0x845
    net/http.(*Transport).dialConnFor(0x1a17740, 0xc005a191e0)
            C:/Program Files/Go/src/net/http/transport.go:1446 +0xb0
    created by net/http.(*Transport).queueForDial
            C:/Program Files/Go/src/net/http/transport.go:1415 +0x3d7
    
    goroutine 24353 [runnable, locked to thread]:
    syscall.Syscall(0x7ffa22051ac0, 0x1, 0x2b2f4, 0x0, 0x0)
            C:/Program Files/Go/src/runtime/syscall_windows.go:483 +0xf4
    syscall.Closesocket(0xc009a6b310)
            C:/Program Files/Go/src/syscall/zsyscall_windows.go
    unc2.1(0x6e34ca, 0x0, {0xc0117563f0, 0xc018e7c210})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/core/execute.go:142 +0x12b
    created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModel
    WithInput.func2
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/core/execute.go:129 +0x6d0
    
    goroutine 81952 [select, 1 minutes]:
    net/http.(*Transport).getConn(0xc00007edc0, 0xc0033bb640, {{}, 0x0, {0xc00270430
    0, 0x5}, {0xc01a21e340, 0x20}, 0x0})
            C:/Program Files/Go/src/net/http/transport.go:1372 +0x5d2
    net/http.(*Transport).roundTrip(0xc00007edc0, 0xc01877c900)
            C:/Program Files/Go/src/net/http/transport.go:581 +0x774
    net/http.(*Transport).RoundTrip(0xc01877c900, 0x1a17120)
            C:/Program Files/Go/src/net/http/roundtrip.go:18 +0x19
    net/http.send(0xc006065100, {0x1a17120, 0xc00007edc0}, {0x13cf400, 0x4d7801, 0x2
    48bfc0})
            C:/Program Files/Go/src/net/http/client.go:252 +0x5d8
    net/http.(*Client).send(0xc0004aab40, 0xc006065100, {0xc0106eafe8, 0x70a8bb, 0x2
    48bfc0})
            C:/Program Files/Go/src/net/http/client.go:176 +0x9b
    net/http.(*Client).do(0xc0004aab40, 0xc006065100)
            C:/Program Files/Go/src/net/http/client.go:725 +0x908
    net/http.(*Client).Do(...)
            C:/Program Files/Go/src/net/http/client.go:593
    github.com/projectdiscovery/retryablehttp-go.(*Client).Do(0xc0003443f0, 0xc01a1c
    fa10)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/retryablehttp-go
    @v1.0.3-0.20220506110515-811d938bd26d/do.go:64 +0x34e
    github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).executeReque
    st(0xc003912480, {0xc0066ef6e0, 0x25}, 0xc0190508c0, 0x0, 0x0, 0xc0106ebc70, 0x4
    0da54)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/protocols/http/request.go:426 +0xec9
    github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithR
    esults.func1({0xc002fa3e60, 0x60}, 0x16570f0, 0x486f9e7b7)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/protocols/http/request.go:271 +0x3cf
    github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithR
    esults(0xc003912480, {0xc0066ef6e0, 0x25}, 0xc01a1cf680, 0xc01a1cf6b0, 0xc01a1cf
    6e0)
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/protocols/http/request.go:324 +0x289
    github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).
    Execute(0xc001b2d380, {0xc0066ef6e0, 0x25})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/protocols/common/executer/executer.go:68 +0x1ae
    github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.f
    unc2.1(0x6e34ca, 0x0, {0xc0066ef6e0, 0xc01651f080})
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/core/execute.go:142 +0x12b
    created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModel
    WithInput.func2
            C:/Users/DELL i5/go/pkg/mod/github.com/projectdiscovery/nuclei/[email protected]
    /pkg/core/execute.go:129 +0x6d0
    
    goroutine 83157 [select]:
    net/http.(*Transport).getConn(0xc00007edc0, 0xc001d56980, {{}, 0x0, {0xc00c572a8
    0, 0x5
    
    Priority: Medium Investigation 
    opened by hassaanahmad813 13
  • [issue] Could not initialize interactsh client when running nuclei

    [issue] Could not initialize interactsh client when running nuclei

    Describe the bug My nuclei work well in version 2.5.0 however, when I updated to the new version 2.5.1, I got the error Could not initialize interactsh client: could not create client: could not make register request, how can I fixed this issue, my command when running nuclei is: nuclei -l urls.txt -t nuclei-templates/ -o output.txt

    Nuclei version 2.5.1

    Screenshot of the error or bug image

    Status: Completed Type: Bug 
    opened by khanhchauminh 12
  • [issue] Scan never finishes

    [issue] Scan never finishes

    Describe the bug After running the scanner for a while it stalls with only 4 remaining hosts, for more than one hour.

    Nuclei version v2.3.2

    Screenshot of the error or bug Screenshot from 2021-03-27 15-51-47

    Status: Completed Type: Bug 
    opened by pdelteil 12
  • Output file being deleted when Nuclei finishes

    Output file being deleted when Nuclei finishes

    Describe the bug I am specifying an output file for Nuclei, and can see it being created. When Nuclei finishes the output file is being deleted.

    Nuclei version 2.1.0

    Screenshot of the error or bug please add the screenshot showing bug or issue you are facing.

    As you can see in the following the /tmp/nuclei.txt file in the bottom panel is created, populated with data, then deleted when Nuclei finishes. I first thought this was related to a particular template however the issue appears transient.

    ezgif-3-f91e896de89d

    opened by joefizz 12
  • Markdown Reporting Index File

    Markdown Reporting Index File

    When using -me files are created in a specified directory. Create an index of those files when a new file is added.

    Please describe your feature request:

    When a scan is running, if a markdown file export is created, create an index.md file which simply lists all the findings with links to each file.

    Create a table which lists the following information where the link is to the markdown file. | Hostname/IP | Finding | Severity | | --- | --- | --- | | example.com | Cross-Site Scripting | Medium |

    Describe the use case of this feature:

    When a lot of markdown results are found, the index will help a user navigate and view them via the index file.

    Priority: Low Type: Enhancement 
    opened by sullo 0
  • build workflow update

    build workflow update

    Proposed changes

    • Added multiple go versions for build test
    image

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [ ] I have added necessary documentation (if appropriate)
    opened by ehsandeep 1
  • Making matcher name case insensitive

    Making matcher name case insensitive

    Proposed changes

    Workflows matchers name are normalized as they are forcefully of type StringSlice, instead template's matcher's name doesn't get any normalization. This PR makes workflow's subtemplates matcher's name case insensitive.

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [ ] I have added necessary documentation (if appropriate)

    Example

    $ cat basic-template.yaml
    id: basic-template
    
    info:
      name: basic-template
      author: capiton
      severity: info
    
    requests:
      - method: GET
        path:
          - "{{RootURL}}"
    
        matchers:
          - type: word
            name: PHP
            condition: and
            words:
              - php
    $ cat basic-workflow.yaml
    id: basic-workflow
    
    info:
      name: Test HTTP Template
      author: capiton
    
    workflows:
      - template: basic-template.yaml
        matchers:
          - name: 
              - PHP
            condition: and
    
            subtemplates:
              - tags: cve
    $ go run . -w basic-workflow.yaml -u http://192.168.1.1
    
    Type: Bug 
    opened by Mzack9999 0
  • Mocking dns server

    Mocking dns server

    Proposed changes

    Closes #2887

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [ ] I have added necessary documentation (if appropriate)
    Type: Bug 
    opened by Mzack9999 0
  • Display tpl contents

    Display tpl contents

    Implements #2827

    Proposed changes

    • New td flag to display the highlighted template contents in combination with tl

    imagen

    • Sorted template list by path

    imagen

    Checklist

    • [x] Pull request is created against the dev branch
    • [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
    • [ ] I have added tests that prove my fix is effective or that my feature works
    • [x] I have added necessary documentation (if appropriate)
    opened by vzamanillo 2
  • DSL variables are not working. with threads

    DSL variables are not working. with threads

    Hi,

    When using the threads option, dsl variables are no longer found.

    [WRN] [test-template] No parameter 'status_code_1' found.
    

    If I remove the threads parameter from the template, it works as expected.

    Type: Bug Type: Question 
    opened by iustin24 1
Releases(v2.7.9)
Owner
ProjectDiscovery
Security Through Intelligent Automation
ProjectDiscovery
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

pry0cc 3k Nov 27, 2022
Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.

Description The Pointer was developed for hunting and mapping Cobalt Strike servers exposed to the Internet. The tool includes the complete methodolog

Pavel Shabarkin 55 Nov 9, 2022
null 0 Feb 2, 2022
Naabu - a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply.

null 0 Jan 2, 2022
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox ?? ?? DalFox is a fast, powerful parameter analysis and XSS scanner, bas

HAHWUL 2.2k Nov 24, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 142 Nov 10, 2022
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Re 55 Nov 24, 2022
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

dw1 868 Nov 27, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

American Express 516 Nov 20, 2022
Portmantool - Port scanning and monitoring tool

portmantool Port scanning and monitoring tool Components runner while true do r

Thomann Bits & Beats 0 Feb 14, 2022
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p

Pinaki 24 Nov 2, 2022
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

GuidePoint Security, LLC 2 Apr 13, 2022
A tool for checking log4shell vulnerability mitigations

log4shell-ldap A tool for checking log4shell vulnerability mitigations. Usage: Build a container image: docker build . -t log4shell Run it: docker run

Jaromir Hamala 27 Jul 15, 2022
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228

log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:

Alexander Bakker 66 Nov 2, 2022
log4jshell vulnerability checker tool

Description log4j-checker tool helps identify whether a certain system is running a vulnerable version of the log4j library. Download and run the tool

null 1 Dec 20, 2021
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

null 53 Nov 23, 2022
Gryffin is a large scale web security scanning platform.

Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w

Yahoo 2.1k Nov 10, 2022