Nuclei FAQ
Common questions and answers about Nuclei
General
Questions and answers on general topics for Nuclei.
What is Nuclei?
What is Nuclei?
Nuclei is a powerful open-source vulnerability scanner that is fast and customizable. It uses simple templates (YAML-based) that describe how to detect, prioritize, and remediate security vulnerabilities for the Nuclei scanning engine. The two components, the Nuclei engine - is the core of the project. It allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. The Nuclei templates - are custom-created or ready-to-use community-contributed vulnerability templates.
What was the motivation to create Nuclei?
What was the motivation to create Nuclei?
Nuclei was created to solve many of the limitations of traditional scanners, which always lacked the features to allow easy-to-write custom checks on top of their engine. Nuclei was built with a focus on simplicity, modularity, and the ability to scale scanning for many assets.
Ultimately, we wanted to create something simple enough to be used by everyone with the complexity to integrate well with the intricacies of the modern technical stack. Nuclei’s features are implemented and tailored to allow rapid prototyping for complex security checks.
How well-maintained is Nuclei?
How well-maintained is Nuclei?
Nuclei is actively maintained and supported by ProjectDiscovery. In general, we release every two weeks and continue to refine, update, and expand Nuclei and its associated capabilities. Our team also actively monitors for announcements about new CVEs, exploits, and other vulnerabilities to quickly provide a response to address those issues.
We recently released Nuclei v3, read more about that release on our blog.
How can I support or contribute to this project? 💙
How can I support or contribute to this project? 💙
Nuclei is open-source! The best way to support Nuclei is to contribute new templates.
In addition, we are always interested in hearing about how our community uses Nuclei to solve unique security problems and would love to discuss more. If you want to share the process of a solution you found in walk-through on our blog, we are happy to publish your guest post on the ProjectDiscovery blog.
Review more details about the project through GitHub or reach out to us on Discord.
Usage
Question and answers about using Nuclei.
How do I install Nuclei?
How do I install Nuclei?
Nuclei can be installed with several different options including: Go, Brew, and Dccoker. Check out the Nuclei install page for details on all of the options.
What modules does Nuclei support?
What modules does Nuclei support?
What kind of scans can Nuclei perform?
What kind of scans can Nuclei perform?
Nuclei can detect security vulnerabilities in Web Applications, Networks, DNS based misconfiguration, and Secrets scanning in source code or in files on the local file system.
In addition, you can now connect your Nuclei setup to ProjectDiscovery Cloud Platform (PDCP) to view your scans. Check out more information on PDCP Free and our upcoming Teams release.
Where can I learn more about Nuclei Templates?
Where can I learn more about Nuclei Templates?
To learn more about Nuclei templates, check out the GitHub repository, or and explore additional documentation here.
What do I do with Nuclie scan results?
What do I do with Nuclie scan results?
After detecting a security issue we always recommend that you validate it a second time before reporting it.
To validate:
If you have both a vulnerable target and template, rerun the template with -debug
flag to inspect the output against the expected matcher defined in the template. Use this to confirm the identified vulnerability.
Once you confirm the result, report it!
How much traffic does Nuclei generate?
How much traffic does Nuclei generate?
By default, Nuclei will make several thousand requests (both HTTP protocol and other services) against a single target when running all nuclei-templates. This is the result of running over 3500 templates (with an active and growing template library).
By default, the following templates are excluded from default scans.
Is it safe to run Nuclei?
Is it safe to run Nuclei?
We consider two factors for “safety” within the context of Nuclei.
- The traffic Nuclei creates against the target
- The impact templates have on the target
Traffic
Nuclei usually makes fewer HTTP requests than the number of templates selected for a scan due to its intelligent request reduction. While some templates contain multiple requests, this rule holds true across most scan configurations.
Templates
The library of Nuclei templates houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see the list here).
To ensure these templates are not run accidentally they are tagged and excluded from the default scan. These templates can be only executed when explicitly invoked using the -itags
option.
What are the specifics for Nuclei's license?
What are the specifics for Nuclei's license?
Nuclei is an open-source project distributed under the MIT License.
What do I do if I have more questions? 🙋
What do I do if I have more questions? 🙋
Please join our Discord server, or contact us via Twitter.
Troubleshooting
Questions and answers about troubleshooting scenarios for Nuclei.
Why is Nuclei(Template) being flagged as malware?
Why is Nuclei(Template) being flagged as malware?
Nuclei uses templates to scan for potential vulnerabilities. These templates are files that contain information on identifying certain types of vulnerabilities. Think of the templates as a building blueprint. On its own a blueprint cannot cause harm, as it only describes how a building or construct (in this example, a vulnerability) can be built or identified.
For example:
Webshell.Generic.118
is a template to check for the vulnerability CVE-2017-12615, which is a specific vulnerability in some versions of Apache Tomcat.Backdoor.Generic.LinuxTsunami
is a template that can identify the infamous Linux Tsunami backdoor if it were present on a system.kingdee-erp-rce.yaml
is a template designed to identify a remote code execution vulnerability in Kingdee ERP software.
These files are being flagged as malware by anti-malware solutions because they contain patterns that match known vulnerabilities. It’s similar to a textbook on viruses being detected as an actual virus.
Remember, these templates can’t “harm” your computer, they are not executing any malicious code on your system. However, if used as part of a vulnerability scanning process against an insecure system, they could help identify weaknesses.
Missing dependencies in headless mode on Linux
Missing dependencies in headless mode on Linux
Headless mode on machines based on Linux (OS or containers, eg. Docker) might face runtime errors due to missing dependencies related to specific OS-shared libraries used by chrome binary. Usually, these errors can be fixed by pre-installing the browser on the specific distribution. Here is a list of the steps needed for the most common distributions. Ubuntu
With snap:
Without snap:
In case you are unable to install the browser, or want to install only the minimum required dependencies, run the following command:
If you encounter an error similar to “libnss3.so: cannot open shared object file: No such file or directory,” try running the following command to install the dev version:
Error type examples:
Other FAQs
Check out the Nuclei Template FAQ for more questions and answers about temlates.