Performing security assessment of an application is time-consuming. It’s always better and time-saving to automate steps whenever possible. Once you’ve found a security vulnerability, you can prepare a nuclei template by defining the required HTTP request to reproduce the issue, and test the same vulnerability across multiple hosts with ease. It’s worth mentioning ==you write the template once and use it forever==, as you don’t need to manually test that specific vulnerability any longer.
Here are few examples from the community making use of templates to automate the security findings:
Nuclei templates can be executed using a template name or with tags, using
-tags flag, respectively.
nuclei -tags cve -list target_urls.txt
You are always welcome to share your nuclei templates with the community. You can either open a GitHub issue with the template details or open a GitHub pull request with your nuclei templates. If you don’t have a GitHub account, you can also make use of the discord server to share the template with us.
The nuclei template project is a community-contributed project. The ProjectDiscovery team manually reviews templates before merging them into the project. Still, there is a possibility that some templates with weak matchers will slip through the verification. This could produce false-positive results. Templates are only as good as their matchers.
If you identified templates producing false positive/negative results, here are few steps that you can follow to fix them quickly.
Please open a GitHub issue with details, and we will work to address the problem and update the template.
Please open a GitHub pull request with fix.
The nuclei templates project houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see the list here). To ensure these templates are not accidentally run, they are tagged and excluded them from the default scan. These templates can be only executed when explicitly invoked using the
When you download or update nuclei templates using the nuclei binary, it downloads all the templates from the latest release. All templates added after the release exist in the master branch and are added to nuclei when a new template release is created.