Perspective: nuclei by projectdiscovery

Nuclei, a fast and customisable vulnerability scanner based on simple YAML based DSL...

What is nuclei?

Fast and customisable vulnerability scanner based on simple YAML based DSL. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei."

projectdiscoveryhttps://github.com/projectdiscovery/nuclei

Nuclei is a shiny new tool by projectdiscovery, which recently has recieved a lot of attention and is rising in popularity. This is why we are sharing some insights on this subject from our perspective.
Nuclei is not only a fast web vulnerability-scanner framework, but also a perfect example of how open-source software is able to bring people together and to collaborate towards a common project. With the goal to ease the work for all.
At cyllective, we have made frequent use of the whole stack, which projectdiscovery offers so openly and we would like to thank, as well as congratulate the team over at projectdiscovery, for this wonderful project and making the tools accessible.

The projectdiscovery stack

projectdiscovery stack image

Their $1.7m seed funding is, to say the least, well deserved (if not even mildly underrated). As their projects, not just nuclei, are inspiring in the fashion in which they are managed and presented in. Within this post we’ll focus on nuclei.

How does nuclei work?

The tagline of the project sums up its functionality quite well, to further illustrate the simplicitiy we’ve included the following screenshot of the README.md, located at https://github.com/projectdiscovery/nuclei

nuclei workflow

Nuclei Templates

The templates make up the inner workings of nuclei

nuclei templates

This screenshot was taken from: https://blog.projectdiscovery.io/community-powered-scanning-with-nuclei Within the last 9 months they went from under 50 to over 100 security researchers contributing to the project.

We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers...

projectdiscoveryhttps://github.com/projectdiscovery/nuclei-templates

The repository is located at: https://github.com/projectdiscovery/nuclei-templates

nuclei templates

A snapshot taken from https://github.com/projectdiscovery/nuclei-templates
By now many reseachers have contributed a lot to this community effort and the momentum seems to build even further. ❤️

nuclei included

The fact that nuclei is awesome seems to be shared by others as well.
https://twitter.com/pry0cc/status/1313168273035284490

The documentation is located here

Ben Bidmead aka @pry0cc has built a tool called axiom to handle the automation and distribution of discovery tools, such as nuclei - amongst many others.

axiom

This was presented during this years excellent NahamCon2021 - https://www.nahamcon.com

In this talk, I give a crash-course on axiom and how to use it! I also perform a live demo of axiom using 170 instances!

@pry0cchttps://www.youtube.com/watch?v=t-FCvQK2Y88

The slides and further reading material can be found over at the Github repo: https://github.com/pry0cc/nahamcon-axiom-demo-2021

Kudos to all the people involved with the NahamCon2021 lineup, as well as the organizer Ben Sadeghipour aka @NahamSec and friends :]

Giving back to the community

Because of all this momentum, the positivity surrounding it and because we do make frequent use of the provided tools, we have decided to join the fun and contributed quite a few technology detection templates to the nuclei-templates repository ourselves. We did this to further enhance nuclei’ detection capabilities and aid our fellow researchers, as well as the community at large.

template PR

https://github.com/projectdiscovery/nuclei-templates/search?q=cyllective

We’re looking forward to the future of this project and hope others will also contribute to the project. ❤️