Nuclei and the ProjectDiscovery community thrive on the ability to write exploits/checks in a fast and simple YAML format. We work consistently to improve our Nuclei templates to encourage those as the standard for writing security checks. We understand the limitations and are always working to address those, while we work on expanding our capabilities.
Nuclei currently supports writing templates for complex HTTP, DNS, SSL protocol exploits/checks through a powerful and easy to use DSL in the Nuclei engine. However, we understand the current support may not be enough for addressing vulnerabilities across all protocols and in non-remote domains of security like local privilege escalation checks, kernel etc.
Support for provider or driver-specific exploits
Some vulnerabilities are specific to software or a driver. For example, a Redis buffer overflow exploit, an exploit of specific VPN software, or exploits that are not part of the Internet Engineering Task Force (IETF) standard protocols.
Security is not limited to network exploits. Nuclei provides support for security beyond network issues like:
- Local privilege escalation checks
- Kernel exploits
- Account misconfigurations
- System misconfigurations
Complex network protocol exploits
Scalable and maintainable exploits
One off exploit detection written in code are not scalable and maintainable due to nature of language, boilerplate code, and other factors. Our goal is to provide the tools to allow you to write the minimum code required to run detection of the exploit and let Nuclei do the rest.
Leveraging Turing complete language
- Nuclei v3.0.0 or above