Nuclei FAQ

Nuclei is a powerful open-source vulnerability scanner that is fast and customizable. It uses simple templates (YAML-based) that describe how to detect, prioritize, and remediate security vulnerabilities for the Nuclei scanning engine. The two components, the Nuclei engine - is the core of the project. It allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. The Nuclei templates - are custom-created or ready-to-use community-contributed vulnerability templates.

Nuclei was created to solve many of the limitations of traditional scanners, which always lacked the features to allow easy-to-write custom checks on top of their engine. Nuclei was built with a focus on simplicity, modularity, and the ability to scale scanning for many assets.

Ultimately, we wanted to create something simple enough to be used by everyone with the complexity to integrate well with the intricacies of the modern technical stack. Nuclei’s features are implemented and tailored to allow rapid prototyping for complex security checks.

Nuclei is actively maintained and supported by ProjectDiscovery. In general, we release every two weeks and continue to refine, update, and expand Nuclei and its associated capabilities. Our team also actively monitors for announcements about new CVEs, exploits, and other vulnerabilities to quickly provide a response to address those issues.

We recently released Nuclei v3, read more about that release on our blog.

Nuclei is open-source! The best way to support Nuclei is to contribute new templates.

In addition, we are always interested in hearing about how our community uses Nuclei to solve unique security problems and would love to discuss more. If you want to share the process of a solution you found in walk-through on our blog, we are happy to publish your guest post on the ProjectDiscovery blog.

Review more details about the project through GitHub or reach out to us on Discord.

Nuclei can be installed with several different options including: Go, Brew, and Dccoker. Check out the Nuclei install page for details on all of the options.

Nuclei supports the following type of modules.

• HTTP
• DNS
• TCP
• HEADLESS
• JAVASCRIPT
• CODE
• FILE

Nuclei can detect security vulnerabilities in Web Applications, Networks, DNS based misconfiguration, and Secrets scanning in source code or in files on the local file system.

In addition, you can now connect your Nuclei setup to ProjectDiscovery Cloud Platform (PDCP) to view your scans. Check out more information on PDCP Free and our upcoming Teams release.

To learn more about Nuclei templates, check out the GitHub repository, or and explore additional documentation here.

After detecting a security issue we always recommend that you validate it a second time before reporting it.

To validate: If you have both a vulnerable target and template, rerun the template with -debug flag to inspect the output against the expected matcher defined in the template. Use this to confirm the identified vulnerability.

Once you confirm the result, report it!

By default, Nuclei will make several thousand requests (both HTTP protocol and other services) against a single target when running all nuclei-templates. This is the result of running over 3500 templates (with an active and growing template library).

By default, the following templates are excluded from default scans.

We consider two factors for “safety” within the context of Nuclei.

• The traffic Nuclei creates against the target
• The impact templates have on the target

Traffic

Nuclei usually makes fewer HTTP requests than the number of templates selected for a scan due to its intelligent request reduction. While some templates contain multiple requests, this rule holds true across most scan configurations.

Templates

The library of Nuclei templates houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see the list here).

To ensure these templates are not run accidentally they are tagged and excluded from the default scan. These templates can be only executed when explicitly invoked using the -itags option.

Nuclei is an open-source project distributed under the MIT License.

Please join our Discord server, or contact us via Twitter.

Nuclei uses templates to scan for potential vulnerabilities. These templates are files that contain information on identifying certain types of vulnerabilities. Think of the templates as a building blueprint. On its own a blueprint cannot cause harm, as it only describes how a building or construct (in this example, a vulnerability) can be built or identified.

For example:

• Webshell.Generic.118 is a template to check for the vulnerability CVE-2017-12615, which is a specific vulnerability in some versions of Apache Tomcat.
• Backdoor.Generic.LinuxTsunami is a template that can identify the infamous Linux Tsunami backdoor if it were present on a system.
• kingdee-erp-rce.yaml is a template designed to identify a remote code execution vulnerability in Kingdee ERP software.

These files are being flagged as malware by anti-malware solutions because they contain patterns that match known vulnerabilities. It’s similar to a textbook on viruses being detected as an actual virus.

Remember, these templates can’t “harm” your computer, they are not executing any malicious code on your system. However, if used as part of a vulnerability scanning process against an insecure system, they could help identify weaknesses.

Headless mode on machines based on Linux (OS or containers, eg. Docker) might face runtime errors due to missing dependencies related to specific OS-shared libraries used by chrome binary. Usually, these errors can be fixed by pre-installing the browser on the specific distribution. Here is a list of the steps needed for the most common distributions. Ubuntu

With snap:

sudo snap install chromium

Without snap:

sudo apt update
sudo snap refresh
sudo apt install zip curl wget git
sudo snap install golang --classic
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - 
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
sudo apt update 
sudo apt install google-chrome-stable

In case you are unable to install the browser, or want to install only the minimum required dependencies, run the following command:

sudo apt-get install libnss3 libgconf-2-4

If you encounter an error similar to “libnss3.so: cannot open shared object file: No such file or directory,” try running the following command to install the dev version:

sudo apt-get install libnss3-dev

Error type examples:

Error:      	Expected nil, but got: &errors.errorString{s:"[launcher] Failed to launch the browser, the doc might help https://go-rod.github.io/#/compatibility?id=os: /root/.cache/rod/browser/chromium-1018003/chrome-linux/chrome: error while loading shared libraries: libnss3.so: cannot open shared object file: No such file or directory\n"}

could not create browser

Command '/usr/bin/chromium-browser' requires the chromium snap to be installed.
Please install it with:
snap install chromium