mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 23:35:27 +00:00
readme updates
This commit is contained in:
sandeep
parent
5f0b7eb19b
commit
50f2ff51a8
82
README.md
82
README.md
@ -157,6 +157,7 @@ TEMPLATES:
|
|||||||
-as, -automatic-scan automatic web scan using wappalyzer technology detection to tags mapping
|
-as, -automatic-scan automatic web scan using wappalyzer technology detection to tags mapping
|
||||||
-t, -templates string[] list of template or template directory to run (comma-separated, file)
|
-t, -templates string[] list of template or template directory to run (comma-separated, file)
|
||||||
-turl, -template-url string[] template url or list containing template urls to run (comma-separated, file)
|
-turl, -template-url string[] template url or list containing template urls to run (comma-separated, file)
|
||||||
|
-ai, -prompt string generate and run template using ai prompt
|
||||||
-w, -workflows string[] list of workflow or workflow directory to run (comma-separated, file)
|
-w, -workflows string[] list of workflow or workflow directory to run (comma-separated, file)
|
||||||
-wurl, -workflow-url string[] workflow url or list containing workflow urls to run (comma-separated, file)
|
-wurl, -workflow-url string[] workflow url or list containing workflow urls to run (comma-separated, file)
|
||||||
-validate validate the passed templates to nuclei
|
-validate validate the passed templates to nuclei
|
||||||
@ -167,6 +168,9 @@ TEMPLATES:
|
|||||||
-sign signs the templates with the private key defined in NUCLEI_SIGNATURE_PRIVATE_KEY env variable
|
-sign signs the templates with the private key defined in NUCLEI_SIGNATURE_PRIVATE_KEY env variable
|
||||||
-code enable loading code protocol-based templates
|
-code enable loading code protocol-based templates
|
||||||
-dut, -disable-unsigned-templates disable running unsigned templates or templates with mismatched signature
|
-dut, -disable-unsigned-templates disable running unsigned templates or templates with mismatched signature
|
||||||
|
-esc, -enable-self-contained enable loading self-contained templates
|
||||||
|
-egm, -enable-global-matchers enable loading global matchers templates
|
||||||
|
-file enable loading file templates
|
||||||
|
|
||||||
FILTERING:
|
FILTERING:
|
||||||
-a, -author string[] templates to run based on authors (comma-separated, file)
|
-a, -author string[] templates to run based on authors (comma-separated, file)
|
||||||
@ -178,10 +182,10 @@ FILTERING:
|
|||||||
-it, -include-templates string[] path to template file or directory to be executed even if they are excluded either by default or configuration
|
-it, -include-templates string[] path to template file or directory to be executed even if they are excluded either by default or configuration
|
||||||
-et, -exclude-templates string[] path to template file or directory to exclude (comma-separated, file)
|
-et, -exclude-templates string[] path to template file or directory to exclude (comma-separated, file)
|
||||||
-em, -exclude-matchers string[] template matchers to exclude in result
|
-em, -exclude-matchers string[] template matchers to exclude in result
|
||||||
-s, -severity value[] templates to run based on severity. Possible values - info, low, medium, high, critical, unknown
|
-s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical, unknown
|
||||||
-es, -exclude-severity value[] templates to exclude based on severity. Possible values - info, low, medium, high, critical, unknown
|
-es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown
|
||||||
-pt, -type value[] templates to run based on protocol type. Possible values - dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
-pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
||||||
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values - dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
||||||
-tc, -template-condition string[] templates to run based on expression condition
|
-tc, -template-condition string[] templates to run based on expression condition
|
||||||
|
|
||||||
OUTPUT:
|
OUTPUT:
|
||||||
@ -226,7 +230,7 @@ CONFIGURATIONS:
|
|||||||
-ca, -client-ca string client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
|
-ca, -client-ca string client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
|
||||||
-sml, -show-match-line show match lines for file templates, works with extractors only
|
-sml, -show-match-line show match lines for file templates, works with extractors only
|
||||||
-ztls use ztls library with autofallback to standard one for tls13 [Deprecated] autofallback to ztls is enabled by default
|
-ztls use ztls library with autofallback to standard one for tls13 [Deprecated] autofallback to ztls is enabled by default
|
||||||
-sni string tls sni hostname to use (default - input domain name)
|
-sni string tls sni hostname to use (default: input domain name)
|
||||||
-dka, -dialer-keep-alive value keep-alive duration for network requests.
|
-dka, -dialer-keep-alive value keep-alive duration for network requests.
|
||||||
-lfa, -allow-local-file-access allows file (payload) access anywhere on the system
|
-lfa, -allow-local-file-access allows file (payload) access anywhere on the system
|
||||||
-lna, -restrict-local-network-access blocks connections to the local / private network
|
-lna, -restrict-local-network-access blocks connections to the local / private network
|
||||||
@ -240,7 +244,7 @@ CONFIGURATIONS:
|
|||||||
-hae, -http-api-endpoint string experimental http api endpoint
|
-hae, -http-api-endpoint string experimental http api endpoint
|
||||||
|
|
||||||
INTERACTSH:
|
INTERACTSH:
|
||||||
-iserver, -interactsh-server string interactsh server url for self-hosted instance (default - oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
|
-iserver, -interactsh-server string interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
|
||||||
-itoken, -interactsh-token string authentication token for self-hosted interactsh server
|
-itoken, -interactsh-token string authentication token for self-hosted interactsh server
|
||||||
-interactions-cache-size int number of requests to keep in the interactions cache (default 5000)
|
-interactions-cache-size int number of requests to keep in the interactions cache (default 5000)
|
||||||
-interactions-eviction int number of seconds to wait before evicting requests from cache (default 60)
|
-interactions-eviction int number of seconds to wait before evicting requests from cache (default 60)
|
||||||
@ -249,13 +253,19 @@ INTERACTSH:
|
|||||||
-ni, -no-interactsh disable interactsh server for OAST testing, exclude OAST based templates
|
-ni, -no-interactsh disable interactsh server for OAST testing, exclude OAST based templates
|
||||||
|
|
||||||
FUZZING:
|
FUZZING:
|
||||||
-ft, -fuzzing-type string overrides fuzzing type set in template (replace, prefix, postfix, infix)
|
-ft, -fuzzing-type string overrides fuzzing type set in template (replace, prefix, postfix, infix)
|
||||||
-fm, -fuzzing-mode string overrides fuzzing mode set in template (multiple, single)
|
-fm, -fuzzing-mode string overrides fuzzing mode set in template (multiple, single)
|
||||||
-fuzz enable loading fuzzing templates (Deprecated; use -dast instead)
|
-fuzz enable loading fuzzing templates (Deprecated: use -dast instead)
|
||||||
-dast enable / run dast (fuzz) nuclei templates
|
-dast enable / run dast (fuzz) nuclei templates
|
||||||
-dfp, -display-fuzz-points display fuzz points in the output for debugging
|
-dts, -dast-server enable dast server mode (live fuzzing)
|
||||||
-fuzz-param-frequency int frequency of uninteresting parameters for fuzzing before skipping (default 10)
|
-dtr, -dast-report write dast scan report to file
|
||||||
-fa, -fuzz-aggression string fuzzing aggression level controls payload count for fuzz (low, medium, high) (default "low")
|
-dtst, -dast-server-token string dast server token (optional)
|
||||||
|
-dtsa, -dast-server-address string dast server address (default "localhost:9055")
|
||||||
|
-dfp, -display-fuzz-points display fuzz points in the output for debugging
|
||||||
|
-fuzz-param-frequency int frequency of uninteresting parameters for fuzzing before skipping (default 10)
|
||||||
|
-fa, -fuzz-aggression string fuzzing aggression level controls payload count for fuzz (low, medium, high) (default "low")
|
||||||
|
-cs, -fuzz-scope string[] in scope url regex to be followed by fuzzer
|
||||||
|
-cos, -fuzz-out-scope string[] out of scope url regex to be excluded by fuzzer
|
||||||
|
|
||||||
UNCOVER:
|
UNCOVER:
|
||||||
-uc, -uncover enable uncover engine
|
-uc, -uncover enable uncover engine
|
||||||
@ -302,23 +312,24 @@ HEADLESS:
|
|||||||
-lha, -list-headless-action list available headless actions
|
-lha, -list-headless-action list available headless actions
|
||||||
|
|
||||||
DEBUG:
|
DEBUG:
|
||||||
-debug show all requests and responses
|
-debug show all requests and responses
|
||||||
-dreq, -debug-req show all sent requests
|
-dreq, -debug-req show all sent requests
|
||||||
-dresp, -debug-resp show all received responses
|
-dresp, -debug-resp show all received responses
|
||||||
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
|
-p, -proxy string[] list of http/socks5 proxy to use (comma separated or file input)
|
||||||
-pi, -proxy-internal proxy all internal requests
|
-pi, -proxy-internal proxy all internal requests
|
||||||
-ldf, -list-dsl-function list all supported DSL function signatures
|
-ldf, -list-dsl-function list all supported DSL function signatures
|
||||||
-tlog, -trace-log string file to write sent requests trace log
|
-tlog, -trace-log string file to write sent requests trace log
|
||||||
-elog, -error-log string file to write sent requests error log
|
-elog, -error-log string file to write sent requests error log
|
||||||
-version show nuclei version
|
-version show nuclei version
|
||||||
-hm, -hang-monitor enable nuclei hang monitoring
|
-hm, -hang-monitor enable nuclei hang monitoring
|
||||||
-v, -verbose show verbose output
|
-v, -verbose show verbose output
|
||||||
-profile-mem string optional nuclei memory profile dump file
|
-profile-mem string generate memory (heap) profile & trace files
|
||||||
-vv display templates loaded for scan
|
-vv display templates loaded for scan
|
||||||
-svd, -show-var-dump show variables dump for debugging
|
-svd, -show-var-dump show variables dump for debugging
|
||||||
-ep, -enable-pprof enable pprof debugging server
|
-vdl, -var-dump-limit int limit the number of characters displayed in var dump (default 255)
|
||||||
-tv, -templates-version shows the version of the installed nuclei-templates
|
-ep, -enable-pprof enable pprof debugging server
|
||||||
-hc, -health-check run diagnostic check up
|
-tv, -templates-version shows the version of the installed nuclei-templates
|
||||||
|
-hc, -health-check run diagnostic check up
|
||||||
|
|
||||||
UPDATE:
|
UPDATE:
|
||||||
-up, -update update nuclei engine to the latest released version
|
-up, -update update nuclei engine to the latest released version
|
||||||
@ -331,6 +342,7 @@ STATISTICS:
|
|||||||
-sj, -stats-json display statistics in JSONL(ines) format
|
-sj, -stats-json display statistics in JSONL(ines) format
|
||||||
-si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)
|
-si, -stats-interval int number of seconds to wait between showing a statistics update (default 5)
|
||||||
-mp, -metrics-port int port to expose nuclei metrics on (default 9092)
|
-mp, -metrics-port int port to expose nuclei metrics on (default 9092)
|
||||||
|
-hps, -http-stats enable http status capturing (experimental)
|
||||||
|
|
||||||
CLOUD:
|
CLOUD:
|
||||||
-auth configure projectdiscovery cloud (pdcp) api key (default true)
|
-auth configure projectdiscovery cloud (pdcp) api key (default true)
|
||||||
@ -348,19 +360,19 @@ AUTHENTICATION:
|
|||||||
|
|
||||||
EXAMPLES:
|
EXAMPLES:
|
||||||
Run nuclei on single host:
|
Run nuclei on single host:
|
||||||
$ nuclei -target example.com
|
$ nuclei -target example.com
|
||||||
|
|
||||||
Run nuclei with specific template directories:
|
Run nuclei with specific template directories:
|
||||||
$ nuclei -target example.com -t http/cves/ -t ssl
|
$ nuclei -target example.com -t http/cves/ -t ssl
|
||||||
|
|
||||||
Run nuclei against a list of hosts:
|
Run nuclei against a list of hosts:
|
||||||
$ nuclei -list hosts.txt
|
$ nuclei -list hosts.txt
|
||||||
|
|
||||||
Run nuclei with a JSON output:
|
Run nuclei with a JSON output:
|
||||||
$ nuclei -target example.com -json-export output.json
|
$ nuclei -target example.com -json-export output.json
|
||||||
|
|
||||||
Run nuclei with sorted Markdown outputs (with environment variables):
|
Run nuclei with sorted Markdown outputs (with environment variables):
|
||||||
$ MARKDOWN_EXPORT_SORT_MODE=template nuclei -target example.com -markdown-export nuclei_report/
|
$ MARKDOWN_EXPORT_SORT_MODE=template nuclei -target example.com -markdown-export nuclei_report/
|
||||||
|
|
||||||
Additional documentation is available at: https://docs.nuclei.sh/getting-started/running
|
Additional documentation is available at: https://docs.nuclei.sh/getting-started/running
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user