Replies: 68 comments 47 replies
-
Subdomain enumeration |
Beta Was this translation helpful? Give feedback.
-
It would be sound too lazy but I would like in have new implementation where info low medium high severity results will store in respective files. I know there’s flag to see results by severity. But if we implement this then it’ll be more easy for checking. |
Beta Was this translation helpful? Give feedback.
-
An option to quickly execute sub domain enum, nuclei and pipe other commonly used tools for easy and quickly formatting the results from all those tools. |
Beta Was this translation helpful? Give feedback.
-
Hi @ehsandeep added info impact in nuclei-tempaltes. |
Beta Was this translation helpful? Give feedback.
-
I would suggest a feature where nuclei will save the output of the scan results according to the scan. For ex- if the result gives out Info-Disclosure, CVE, API Key Disclosure,etc then all the result be saved in there respective folders. It would be helpful to see the segregated results. |
Beta Was this translation helpful? Give feedback.
-
I always thought nuclei has amazing potential to grow. I would suggest to make use of automation through integration with amass for subdomain enumeration. Imagine the power behind this. Fast and automatic. |
Beta Was this translation helpful? Give feedback.
-
🚀 Might sound crazy, but how about Web3 templates? How would templatizing solidity scans be? The market is very new and I am not sure if this is possible. But given that we have automated scanners for Web3, this should be in the reach I guess. |
Beta Was this translation helpful? Give feedback.
-
A search engine functionality to search templates using a specific keyword for ex :- if we search for WordPress templates related to that could be displayed, this would ease the search of templates and instead of scanning all general category, we could scan according to target P.s. general category here means all templates under low severity and like that |
Beta Was this translation helpful? Give feedback.
-
Sub domain enumeration need to include. Love this project |
Beta Was this translation helpful? Give feedback.
-
Nuclei is a powerfull tool. I love to use |
Beta Was this translation helpful? Give feedback.
-
Currently, I'm happy with the features nuclei provides. It's an amazing project and helped alot. I'm new in cybersecurity and current features are enough for me. Kudos to you all. |
Beta Was this translation helpful? Give feedback.
-
If there is a pdf/docx report generating option then it would be cool |
Beta Was this translation helpful? Give feedback.
-
I want nuclei to automatically input the API key automatically from scanning using these template /file/keys to /token-spray template. So nuclei will work amazingly like trufflehog But we need to create a apikey template with nice regex |
Beta Was this translation helpful? Give feedback.
-
The JSON output gives a curl request which is great. |
Beta Was this translation helpful? Give feedback.
-
JA3/JA3s as we have in HTTPX. |
Beta Was this translation helpful? Give feedback.
-
Great tool but here are some hopefully helpful ideas:
Also, I think at some points the documentation lacks and could be better. But I understand that's time-consuming and it's an open source project. In particular I miss documentation regarding the use of more advanced regex. Like with matcher groups, non-matcher groups but also escaping characters in regex et cetera. Also documentation regarding TLS and WHOIS is very limited. |
Beta Was this translation helpful? Give feedback.
-
A feature like a VPN or any to not getting IP blocked or blacklisted. |
Beta Was this translation helpful? Give feedback.
-
Removing "[INF] Skipped xxxx from target list as found unresponsive 30 times" as output |
Beta Was this translation helpful? Give feedback.
-
I believe it would be grateful if nuclei can be integrated with AWS API gateway ( like IProtate Burp Ext ) to spin up requests through Amazon API gateway to avoid IP based blockings and get more efficient results I have seen the present Nuclei engine has feature of similar to the above on Refer : #2634 |
Beta Was this translation helpful? Give feedback.
-
Hello @projectdiscovery team, It would be more helpful if get an implementation to compare matchers for fuzzing templates with part as ;
This can be helpful in detecting & confirming issues on time based and also to avoid false positives, For ex ;
Thanks & Regards, |
Beta Was this translation helpful? Give feedback.
-
supports redis and implements distributed scanning |
Beta Was this translation helpful? Give feedback.
-
I want to see a burp plugin which can be integrated with nuclei to perform authenticated scan like its available in jaeles project |
Beta Was this translation helpful? Give feedback.
-
when will you support fuzzing on path, header, body and cookie |
Beta Was this translation helpful? Give feedback.
-
Shell Exec
COMMAND LINE / accessing variablesEg.: nuclei --var HOST='https://blog.mrcl0wn.com/' -t my-template-wp-db.yaml --shell-exec 'python exploit.py -t "HOST"' COMMAND LINE / accessing dynamic variablesnuclei -u 'https://142.251.132.X' -t ipwhois-shell-exec.yaml TEMPLATEEg.: id: check-string-shell-exec
info:
name: Check String and Shell Exec
author: Mrcl0wn
description: Check String and Execute the commands via shell and return the complete output as a string
tags: shell
self-contained: true
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: body
words:
- "STRING VULN"
- type: status
status:
- 200
shell-exec:
- type: cmd
cmd:
- 'python exeploit.py {{BaseURL}}' |
Beta Was this translation helpful? Give feedback.
-
I think it is a very good suggestion that the result can be output HTML report, which will help us see the vulnerability more clearly |
Beta Was this translation helpful? Give feedback.
-
It would be great if it is possible for a matcher to be associated to a specific request. For example, let's say I want to test if after 5 attempts, I won't be able to input any username and password. To test that, I would send 6 requests and the block will happen only on the 6th one. The nuclei template that I write will need to trigger if the block didn't happen on the 6th request, but if I write a matcher, it would be also triggered by the first 5 which is kinda annoying. So it would be great if you would be able to associate the matcher to a specific request and not all of them. |
Beta Was this translation helpful? Give feedback.
-
When there are multiple requests in a template, when using the - j parameter to output JSON format results, only the detailed data of one of the multiple requests will be saved in the results. Can other requests related to the vulnerability also be returned. |
Beta Was this translation helpful? Give feedback.
-
A progressbar or pressing a button, e.g. "s" for a status (done, remaining requests, rate/s so far, ETA) would be cool. |
Beta Was this translation helpful? Give feedback.
-
I hope to provide a service or API interface, through which I can upload URLs and yaml content, so that I can better use go code for integrated development |
Beta Was this translation helpful? Give feedback.
-
A nice modern web GUI for interacting with the tool and managing bug bounty results, maybe throw in some ChatGPT API options too |
Beta Was this translation helpful? Give feedback.
-
Hello 👋🏻
We are keeping this discussion open, so everyone can share and exchange ideas.
Let us know what features would you like to see implemented, or ideas around how we could ease and improve the automation of your security processes.
p.s. don't forget to look at the existing feature requests first
Beta Was this translation helpful? Give feedback.
All reactions