Let’s make fuzzing simpler with the Nuclei

Tram Ho


Lately, I often use automatic recon tools to exploit errors, partly because of simplicity, partly because I help to ignore basic errors that are not worth it, especially with a large number of sub-domains, or scope. Wide range of programs.

During the time searching for automatic tools that can simplify the recon website, the person sitting next to me suggested a pretty good tool. Nuclei

So why am I writing this article, I think Nuclei is quite good, has many modules, can customize rules freely, …
Some information about Nuclei:

Install Nuclei

The installation is very simple and not complicated, there are 3 ways to install Nuclei on your VPS (here I use VPS to save power and run recon on it to avoid affecting real hardware hardware) :

Option 1: Install using binary

Method 2: Installation is taken directly from the source

Nuclei requires to install go1.14 or higher, after you install go1.14 + then run this command to be able to use the nuclei.

Method 3: Installation is still from source, but in another way

Installation is complete, but we have not used the nuclei yet, the nuclei can run when using rules, however the nuclei does support templates which are available to download by

Or can be downloaded from Github

Launch Nuclei

There are quite a few ways to use Nuclei, you can learn through --help , here I am the basic user guide ^^;

Running Nuclei with 1 template

For example, we have a list of domains, we need to check whether in this domain list there is a .git directory error configuration, run the command


  • urls.txt summarizes the list of domains to test
  • files/git-core.yaml is the test template file
  • results.txt is the output file to check later.

Run Nuclei with all templates

This is how I often use, run all of it, I would rather kill the mistake than miss it, run the whole thing as if about 350 templates are right, or have the template updated, you can read the log on the homepage.

Run Nuclei with template exclusion feature

Run the template based on severity

With this command, the nuclei will only run templates that are marked critical as critical and medium.

Run the entire template but exclude a few directories

There are many more features of nuclei waiting for you to discover

Writing template for Nuclei

Here we use a template available of Nuclei looking for directory traversal errors

Here we can see, this template is divided into 3 parts

  • Part 1: specify the id name of this template directory-traversal
  • Part 2: Here write all information related to this vulnerability, what is the name, who is the writer, how dangerous is it, how to describe the vulnerability.
  • Part 3: This part is the most important part, it will show the Nuclei how to run the request, how the results will be determined when it is an error, …

The complete instruction to write template of nuclei is available at https://nuclei.projectdiscovery.io/templating-guide/ , hope you can write good templates to contribute to the nuclei.


Some loopholes I have found when using Nuclei

Command I often use is


Share the news now

Source : Viblo