What is Nuclei?
Nuclei is a fast, template-based vulnerability scanner designed to send requests across targets based on a template, leading to zero false positives and providing fast scanning capabilities. It offers scanning for a variety of protocols including TCP, DNS, HTTP, SSL, File, Whois, Websocket, and more. Nuclei is used by security engineers and bug bounty hunters to quickly identify security vulnerabilities in web applications and infrastructure.
Key Features
- Template-Based Scanning: Uses YAML-based templates to define vulnerabilities, making it easy to create and share custom scans.
- Multi-Protocol Support: Scans across multiple protocols including HTTP, DNS, TCP, File, and more.
- Fast and Efficient: Designed for speed with concurrent execution and optimized scanning algorithms.
- Extensive Template Library: Comes with a large collection of templates for common vulnerabilities and exposures.
- Low False Positives: Template-based approach ensures high accuracy and low false positives.
- CI/CD Integration: Can be integrated into CI/CD pipelines for automated vulnerability scanning.
- Customizable Output: Supports various output formats including JSON, Markdown, and more.
Integration with DevOps Pipeline
Nuclei can be integrated into your DevOps pipeline to automatically scan your applications for vulnerabilities. Here's how you can integrate Nuclei into your pipeline:
1. GitHub Actions Integration
Add Nuclei scanning to your GitHub Actions workflow to scan your application for vulnerabilities.
name: Nuclei Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * *' # Run daily at midnight
jobs:
nuclei-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Nuclei
run: |
wget -q https://github.com/projectdiscovery/nuclei/releases/download/v2.9.4/nuclei_2.9.4_linux_amd64.zip
unzip nuclei_2.9.4_linux_amd64.zip
sudo mv nuclei /usr/local/bin/
nuclei -version
- name: Setup Nuclei Templates
run: |
git clone https://github.com/projectdiscovery/nuclei-templates.git
- name: Run Nuclei Scan
run: |
nuclei -u https://your-application-url.com -t nuclei-templates/ -severity critical,high -o nuclei-results.json -json
- name: Upload Scan Results
uses: actions/upload-artifact@v3
with:
name: nuclei-results
path: nuclei-results.json2. GitLab CI Integration
Add Nuclei scanning to your GitLab CI pipeline to scan your application for vulnerabilities.
stages:
- build
- test
- scan
- deploy
nuclei-scan:
stage: scan
image: alpine:latest
before_script:
- apk add --no-cache wget unzip git
- wget -q https://github.com/projectdiscovery/nuclei/releases/download/v2.9.4/nuclei_2.9.4_linux_amd64.zip
- unzip nuclei_2.9.4_linux_amd64.zip
- mv nuclei /usr/local/bin/
- git clone https://github.com/projectdiscovery/nuclei-templates.git
script:
- nuclei -u https://your-application-url.com -t nuclei-templates/ -severity critical,high -o nuclei-results.json -json
artifacts:
paths:
- nuclei-results.json
expire_in: 1 week3. Jenkins Integration
Add Nuclei scanning to your Jenkins pipeline to scan your application for vulnerabilities.
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building application...'
}
}
stage('Test') {
steps {
echo 'Running tests...'
}
}
stage('Nuclei Scan') {
steps {
sh '''
wget -q https://github.com/projectdiscovery/nuclei/releases/download/v2.9.4/nuclei_2.9.4_linux_amd64.zip
unzip nuclei_2.9.4_linux_amd64.zip
sudo mv nuclei /usr/local/bin/
git clone https://github.com/projectdiscovery/nuclei-templates.git
nuclei -u https://your-application-url.com -t nuclei-templates/ -severity critical,high -o nuclei-results.json -json
'''
archiveArtifacts artifacts: 'nuclei-results.json', fingerprint: true
}
}
stage('Deploy') {
steps {
echo 'Deploying application...'
}
}
}
}Creating Custom Templates
One of the strengths of Nuclei is the ability to create custom templates for specific vulnerabilities. Here's an example of a simple Nuclei template for detecting a SQL injection vulnerability:
id: sql-injection-detection
info:
name: SQL Injection Detection
author: your-name
severity: high
description: Detects SQL injection vulnerabilities in web applications
tags: sqli,injection,webapp
requests:
- method: GET
path:
- "{{BaseURL}}/search?q=1%27%20OR%20%271%27%3D%271"
- "{{BaseURL}}/product?id=1%27%20OR%20%271%27%3D%271"
matchers:
- type: word
words:
- "SQL syntax"
- "mysql_fetch_array()"
- "You have an error in your SQL syntax"
condition: or
- type: status
status:
- 500
- 503Best Practices
- Regularly update Nuclei and its templates to ensure you have the latest vulnerability definitions.
- Create custom templates for vulnerabilities specific to your application or environment.
- Use severity filtering to focus on critical and high-severity vulnerabilities first.
- Integrate Nuclei scanning into your CI/CD pipeline to catch vulnerabilities early.
- Use rate limiting and other scanning optimizations to avoid overwhelming your target systems.
- Implement a process for addressing vulnerabilities found by Nuclei.
- Consider using Nuclei's interactsh integration for detecting out-of-band vulnerabilities.
Conclusion
Nuclei is a powerful and flexible vulnerability scanner that can help you identify security issues in your applications and infrastructure. By integrating Nuclei into your DevOps pipeline and creating custom templates for your specific needs, you can ensure that your systems are regularly checked for known vulnerabilities.