The new nuclei v2.4.0 release includes a slew of bug fixes and feature enhancements that improve the overall uniformity, stability, and functionality of the tool.
Uniform
This version includes improvements to the template execution process, with the nuclei-templates repository now serving as the default entry point. This means that when no templates are specified, the Nuclei engine executes all public templates (those that are not excluded) on the targets that have been specified.
bash
1nuclei -u https://example.com
The template filtering system has also been made more consistent across the CLI, Config file. Templates can now be filtered or executed based on a number of different criteria, including severity
, author
, and tags
. Workflows now have the ability to make use of the filters as well.
Stable
A number of crashes have been resolved in the Nuclei Engine, resulting in the engine becoming more stable. A complete list of all of the changes can be found here.
Overlapping configurations in the form of templates, tags, and configuration files have all been optimized, and the execution logic has been clearly defined.
Powerful
Nuclei will now automatically download the nuclei-templates latest tag if it detects that it is not installed in the user's home directory by default or on a custom path specified in the config file. Every 24 hours, the templates repository is checked for new updates and, if any are available, they are downloaded and installed.
Workflows now support template execution based on tags. Likewise, you can specify which tags you want to run in place of the templates.
yaml
1workflows:
2 - template: technologies/tech-detect.yaml
3 matchers:
4 - name: wordpress
5 subtemplates:
6 - tags: wordpress,wp-plugin
The author flag now allows templates to be run or filtered by the author.
bash
1nuclei -author dhiyaneshdk
2nuclei -t cves/ -author geeknik
include-tags and include-templates are two types of include directives. Flags have been introduced to allow users to overwrite the default exclusion list, which was previously unavailable. You can just use these two flags to include a template or a tag that is declared in exclusion if you wish to do it that way.
bash
1nuclei -include-tags fuzzing,dos
2nuclei -include-templates cves/2020/CVE-2020-11451.yaml
The ability to send payloads has been added to network templates. This enables network requests to be fuzzed with various nuclei payload attack types, which is useful.
yaml
1id: network-payload-example
2
3info:
4 name: Network Protocol Payload Support Example
5 author: pdteam
6 severity: info
7
8network:
9 - payloads:
10 username:
11 - anonymous
12 - admin
13 password:
14 - password
15 - anonymous
16 attack: clusterbomb
17 inputs:
18 - data: "USER {{username}}\r\nPASS {{password}}\r\n"
19 host:
20 - "{{Hostname}}:21"
21 matchers:
22 - type: word
23 words:
24 - "230"
Furthermore, Dynamic Extractors are now accessible for the TCP/IP network protocol, which was previously unavailable. Similar to HTTP support, you can use this approach to record portions of a network response and reuse them for your future request using the same mechanism. An example of the FTP protocol is shown in the next section.
yaml
1id: dynamic-network-extractors
2
3info:
4 name: Dynamic Network Extractors Test
5 author: test
6 severity: info
7
8network:
9 - inputs:
10 - data: "USER anonymous\r\n"
11 read: 1024
12 name: step1
13 - data: "PASS {{user}}\r\n"
14 read: 1024
15 name: step2
16 host:
17 - "{{Hostname}}"
18 read-size: 1024
19
20 matchers:
21 - type: word
22 words:
23 - "530 Login incorrect."
24 part: data
25
26 extractors:
27 - type: regex
28 name: user
29 internal: true
30 group: 1
31 regex:
32 - "Please specify ([a-z]+) password."
33 part: step1
The validate
flag has also been added, which performs validation on templates and workflows that have been processed.
What next for nuclei?
We plan to implement a self-hosted Web Dashboard for nuclei scans/reporting/template management and REST API enabled queue-based scanning in the next major release of nuclei, which we expect to be in Nuclei v3 *️⃣.
In the meantime, we'll keep working on enhancements, bug fixes, and feature additions. If you have a suggestion for a feature or something you'd like to see implemented in the future, please let us know. Please feel free to tweet us at @pdnuclei or Join our discord community server.