Nuclei is a tool that is used to send requests across the given target based on a template leading to zero false positives and providing fast scanning on a large number of hosts. It offers to scan for a variety of protocols including TCP, DNS, HTTP, FILE, etc.
Nuclei use the YAML based template which provides flexibility so that all kinds of security checks can be modeled with Nuclei.
There are three different ways to install the nuclei.
Installing using Binary
It is the easiest way to install, download the pre-built binaries from the releases page. Download the only binary which is compatible with your system. Extract them using tar and move the binary to your $PATH.
tar -xzvf nuclei-linux-amd64.tar.gz mv nuclei /usr/bin/ nuclei -h
For the next two methods, it requires the latest go version install in your system. You can check the install version by using the command “go version“ if go is not installed you can follow this link to install the go.
Installing using Source
GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei
Installing using Github
git clone https://github.com/projectdiscovery/nuclei.git cd nuclei/v2/cmd/nuclei/ go build . mv nuclei /usr/local/bin/ nuclei -h
Downloading Nuclei Templates
How Nuclei Works
Running single template.
nuclei -l urls.txt -t files/git-core.yaml -o git-core.txt
Running multiple templates with speed.
nuclei -l urls.txt -t files/ -t tokens/ -t cves/ -pbar -c 100 -o output.txt
- -l:- List of URLs to run templates on
- -t:- Template input file/files to run on the host. Can be used multiple times.
- -c:- Number of concurrent requests.
- -o:- File to write output
- -pbar:- Enable the progress bar.
What Bunny rating does it get?
The tool is free from false results, fully configurable templates and can be used for large scale scanning, as a result, we will be awarding this tool a rating of 4.5 out of 5 bunnies.
Want to learn more about ethical hacking?
We have a networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.