nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Top Related Projects
Quick Overview
The projectdiscovery/nuclei-templates repository is a collection of community-contributed templates for the Nuclei vulnerability scanner. These templates enable users to detect a wide range of security issues, from common vulnerabilities to complex misconfigurations, across various technologies and platforms.
Pros
- Extensive collection of templates covering a broad spectrum of vulnerabilities
- Community-driven, ensuring regular updates and additions
- Easy to use with the Nuclei scanner
- Customizable and extendable for specific use cases
Cons
- Quality of templates may vary due to community contributions
- Potential for false positives if templates are not properly maintained
- Requires careful use to avoid overwhelming target systems
- May not cover all possible vulnerabilities or edge cases
Getting Started
To use these templates with Nuclei:
- Install Nuclei:
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest - Clone the templates repository:
git clone https://github.com/projectdiscovery/nuclei-templates.git - Run Nuclei with the templates:
nuclei -u https://example.com -t nuclei-templates/
For more detailed usage and configuration options, refer to the Nuclei documentation.
Competitor Comparisons
Automatic SQL injection and database takeover tool
Pros of sqlmap
- Specialized tool for SQL injection attacks, offering deep and comprehensive SQL vulnerability testing
- Extensive database support, including MySQL, Oracle, PostgreSQL, and more
- Automated exploitation of SQL injection vulnerabilities, saving time for security professionals
Cons of sqlmap
- Limited to SQL injection vulnerabilities, unlike Nuclei-templates' broader scope
- Steeper learning curve due to its complex features and command-line interface
- May trigger more aggressive alerts on web application firewalls compared to Nuclei's templates
Code Comparison
sqlmap example:
python sqlmap.py -u "http://example.com/vulnerable.php?id=1" --dbs
Nuclei-templates example:
id: sql-injection
info:
name: SQL Injection Detection
severity: high
requests:
- method: GET
path: "{{BaseURL}}/?id=1'"
The sqlmap code demonstrates a direct command to test for SQL injection vulnerabilities, while the Nuclei-templates YAML file shows a more generalized template approach for detecting various vulnerabilities, including SQL injection.
Both repositories serve different purposes in the security testing ecosystem. sqlmap excels in deep SQL injection testing, while Nuclei-templates offers a broader, more flexible approach to vulnerability scanning across multiple attack vectors.
In-depth attack surface mapping and asset discovery
Pros of Amass
- Comprehensive subdomain enumeration and network mapping capabilities
- Active and passive data collection methods for thorough reconnaissance
- Integrates with multiple external data sources for enhanced results
Cons of Amass
- Steeper learning curve due to its extensive feature set
- May generate more noise in results compared to targeted vulnerability scanning
- Requires more system resources for large-scale scans
Code Comparison
Amass (Go):
func (e *Enumeration) executeAlterations(names []string) {
for _, name := range names {
e.executeAlteration(name)
}
}
Nuclei-templates (YAML):
id: example-template
info:
name: Example Template
author: John Doe
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/example"
matchers:
- type: word
words:
- "Example Response"
While Amass focuses on subdomain enumeration and network mapping using Go, Nuclei-templates provides a framework for vulnerability scanning using YAML-based templates. Amass offers broader reconnaissance capabilities, while Nuclei-templates excels in targeted vulnerability detection with easily customizable templates.
A Tool for Domain Flyovers
Pros of Aquatone
- Focused on web-based reconnaissance and screenshot capture
- User-friendly and easy to integrate into existing workflows
- Provides visual output for easier analysis of target websites
Cons of Aquatone
- Limited scope compared to Nuclei-templates' broader vulnerability scanning capabilities
- Less frequent updates and smaller community contributions
- Lacks the extensive template library found in Nuclei-templates
Code Comparison
Aquatone (Ruby):
def run_command(cmd)
Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr|
while line = stdout.gets
puts line
end
end
end
Nuclei-templates (YAML):
id: example-template
info:
name: Example Template
author: John Doe
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/example"
matchers:
- type: word
words:
- "Example Response"
While Aquatone focuses on web reconnaissance with Ruby-based scripts, Nuclei-templates uses YAML-based templates for broader vulnerability scanning. Aquatone is more specialized for visual analysis, while Nuclei-templates offers a wider range of security checks and community-driven template development.
Most advanced XSS scanner.
Pros of XSStrike
- Focused specifically on XSS detection and exploitation
- Includes an intelligent payload generator
- Offers a command-line interface for easy integration into workflows
Cons of XSStrike
- Limited to XSS vulnerabilities, while nuclei-templates covers a broader range of security issues
- Less frequent updates compared to the actively maintained nuclei-templates
- Smaller community and fewer contributors
Code Comparison
XSStrike:
def generate_payloads(occurences, response):
payloads = []
for i, occurence in enumerate(occurences):
context = occurence['context']
breaker = occurence['break']
special = occurence['special']
attribute = occurence['attribute']
payload = fuzzer(context, special, breaker, attribute)
payloads.append(payload)
return payloads
nuclei-templates:
id: cve-2021-41773
info:
name: Apache 2.4.49 - Path Traversal
author: daffainfo
severity: high
description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.
reference:
- https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782
Protect and discover secrets using Gitleaks 🔑
Pros of gitleaks
- Focused specifically on detecting secrets and sensitive information in Git repositories
- Lightweight and easy to integrate into CI/CD pipelines
- Supports custom regex patterns for detecting specific types of secrets
Cons of gitleaks
- Limited to secret detection, while nuclei-templates covers a broader range of security checks
- May produce more false positives compared to nuclei-templates' curated templates
- Requires more manual configuration for custom secret patterns
Code Comparison
gitleaks:
func (d *Detector) Detect() ([]Report, error) {
var reports []Report
for _, f := range d.files {
for _, r := range d.rules {
if r.Match(f.Content) {
reports = append(reports, Report{...})
}
}
}
return reports, nil
}
nuclei-templates:
id: example-template
info:
name: Example Template
severity: info
requests:
- method: GET
path:
- "{{BaseURL}}/example"
matchers:
- type: word
words:
- "example response"
The code snippets illustrate the different approaches: gitleaks focuses on pattern matching for secrets, while nuclei-templates use YAML-based templates for various security checks.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Nuclei Templates
Community curated list of templates for the nuclei engine to find security vulnerabilities in applications.
Documentation ⢠Contributions ⢠Discussion ⢠Community ⢠FAQs ⢠Join Discord
Templates are the core of the nuclei scanner which powers the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issues to grow the list.
Nuclei Templates overview
An overview of the nuclei template project, including statistics on unique tags, author, directory, severity, and type of templates. The table below contains the top ten statistics for each matrix; an expanded version of this is available here, and also available in JSON format for integration.
Nuclei Templates Top 10 statistics
678 directories, 9242 files. |
ð Documentation
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new or your own custom templates. We have also added a set of templates to help you understand how things work.
ðª Contributions
Nuclei-templates is powered by major contributions from the community. Template contributions , Feature Requests and Bug Reports are more than welcome.
ð¬ Discussion
Have questions / doubts / ideas to discuss? Feel free to open a discussion on Github discussions board.
ð¨âð» Community
You are welcome to join the active Discord Community to discuss directly with project maintainers and share things with others around security and automation. Additionally, you may follow us on Twitter to be updated on all the things about Nuclei.
Thanks again for your contribution and keeping this community vibrant. :heart:
Top Related Projects
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot