-

3 min read

Nuclei v2.4.0 - Uniform, Stable & More Powerful

Nuclei v2.4.0 - Uniform, Stable & More Powerful

The new nuclei v2.4.0 release includes a slew of bug fixes and feature enhancements that improve the overall uniformity, stability, and functionality of the tool.

Uniform

This version includes improvements to the template execution process, with the nuclei-templates repository now serving as the default entry point. This means that when no templates are specified, the Nuclei engine executes all public templates (those that are not excluded) on the targets that have been specified.

bash

1nuclei -u https://example.com


The template filtering system has also been made more consistent across the CLI, Config file. Templates can now be filtered or executed based on a number of different criteria, including severity, author, and tags. Workflows now have the ability to make use of the filters as well.

Stable

A number of crashes have been resolved in the Nuclei Engine, resulting in the engine becoming more stable. A complete list of all of the changes can be found here.

Overlapping configurations in the form of templates, tags, and configuration files have all been optimized, and the execution logic has been clearly defined.

Powerful

Nuclei will now automatically download the nuclei-templates latest tag if it detects that it is not installed in the user's home directory by default or on a custom path specified in the config file. Every 24 hours, the templates repository is checked for new updates and, if any are available, they are downloaded and installed.

Workflows now support template execution based on tags. Likewise, you can specify which tags you want to run in place of the templates.

yaml

1workflows:
2  - template: technologies/tech-detect.yaml
3    matchers:
4      - name: wordpress
5        subtemplates:
6          - tags: wordpress,wp-plugin

The author flag now allows templates to be run or filtered by the author.

bash

1nuclei -author dhiyaneshdk
2nuclei -t cves/ -author geeknik

include-tags and include-templates are two types of include directives. Flags have been introduced to allow users to overwrite the default exclusion list, which was previously unavailable. You can just use these two flags to include a template or a tag that is declared in exclusion if you wish to do it that way.

bash

1nuclei -include-tags fuzzing,dos
2nuclei -include-templates cves/2020/CVE-2020-11451.yaml

The ability to send payloads has been added to network templates. This enables network requests to be fuzzed with various nuclei payload attack types, which is useful.

yaml

1id: network-payload-example
2
3info:
4  name: Network Protocol Payload Support Example
5  author: pdteam
6  severity: info
7
8network:
9  - payloads:
10      username:
11        - anonymous
12        - admin
13      password:
14        - password
15        - anonymous
16    attack: clusterbomb
17    inputs:
18      - data: "USER {{username}}\r\nPASS {{password}}\r\n"
19    host:
20      - "{{Hostname}}:21"
21    matchers:
22      - type: word
23        words:
24          - "230"

Furthermore, Dynamic Extractors are now accessible for the TCP/IP network protocol, which was previously unavailable. Similar to HTTP support, you can use this approach to record portions of a network response and reuse them for your future request using the same mechanism. An example of the FTP protocol is shown in the next section.

yaml

1id: dynamic-network-extractors
2
3info:
4  name: Dynamic Network Extractors Test
5  author: test
6  severity: info
7
8network:
9  - inputs:
10      - data: "USER anonymous\r\n"
11        read: 1024
12        name: step1
13      - data: "PASS {{user}}\r\n"
14        read: 1024
15        name: step2
16    host:
17      - "{{Hostname}}"
18    read-size: 1024
19
20    matchers:
21      - type: word
22        words:
23          - "530 Login incorrect." 
24        part: data
25
26    extractors:
27      - type: regex
28        name: user
29        internal: true
30        group: 1
31        regex:
32          - "Please specify ([a-z]+) password."
33        part: step1

The validate flag has also been added, which performs validation on templates and workflows that have been processed.

What next for nuclei?

We plan to implement a self-hosted Web Dashboard for nuclei scans/reporting/template management and REST API enabled queue-based scanning in the next major release of nuclei, which we expect to be in Nuclei v3 *️⃣.

In the meantime, we'll keep working on enhancements, bug fixes, and feature additions. If you have a suggestion for a feature or something you'd like to see implemented in the future, please let us know. Please feel free to tweet us at @pdnuclei or Join our discord community server.

*️⃣
2023-04-10 Update: These features are coming with Nuclei Cloud! For more information on Nuclei Cloud, see our blog post here.