Posted: . At: 11:09 AM. This was 5 months ago. Post ID: 18870
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


A much more advanced vulnerability scanning tool for 2024.

by

I have found a much more advanced vulnerability scanning tool to use in 2024. This is the Nuclei scanner. This requires Go version 2.21, but this does work on Ubuntu 23.04.

Install this very easily.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

After a lengthy installation process, this scanner will be installed. I installed this as a normal user and not root. But I had to add the PATH that this was installed under.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ PATH=$PATH:$HOME/go/bin/

Then the nuclei executable was added to the PATH. Then I could perform a simple scan against a vulnerable host on the Internet…

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ nuclei -u http://210.113.102.182

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

                projectdiscovery.io

[INF] nuclei-templates are not installed, installing...
[INF] Successfully installed nuclei-templates at /home/jcartwright/nuclei-templates
[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 7324
[INF] Executing 7341 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Templates clustered: 1254 (Reduced 1222 Requests)
[INF] Using Interactsh Server: oast.live
[options-method] [http] [info] http://210.113.102.182 [GET,POST,OPTIONS,HEAD]
[CVE-2018-16836] [http] [critical] http://210.113.102.182/theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd
[dir-listing] [http] [info] http://210.113.102.182
[apache-detect] [http] [info] http://210.113.102.182 [Apache/2.4.41 (Ubuntu)]
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:strict-transport-security] [http] [info] http://210.113.102.182
[http-missing-security-headers:content-security-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:x-frame-options] [http] [info] http://210.113.102.182
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://210.113.102.182
[http-missing-security-headers:clear-site-data] [http] [info] http://210.113.102.182
[http-missing-security-headers:permissions-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:x-content-type-options] [http] [info] http://210.113.102.182
[http-missing-security-headers:referrer-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://210.113.102.182
[waf-detect:apachegeneric] [http] [info] http://210.113.102.182/
[generic-linux-lfi] [http] [high] http://210.113.102.182/etc/passwd
[ssh-auth-methods] [javascript] [info] 210.113.102.182:22 [["publickey","password"]]
[ssh-server-enumeration] [javascript] [info] 210.113.102.182:22 [SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9]
[ssh-sha1-hmac-algo] [javascript] [info] 210.113.102.182:22
[ssh-password-auth] [javascript] [info] 210.113.102.182:22
[openssh-detect] [tcp] [info] 210.113.102.182:22 [SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.9]

Run this command to keep the templates up to date.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ nuclei -update-templates

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

                projectdiscovery.io

[INF] No new updates found for nuclei templates

Download extra templates for vulnerability scanning from this repository. This will enhance your vulnerability scanning abilities.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ git clone https://github.com/projectdiscovery/nuclei-templates.git
Cloning into 'nuclei-templates'...
remote: Enumerating objects: 417490, done.
remote: Counting objects: 100% (6752/6752), done.
remote: Compressing objects: 100% (2910/2910), done.
remote: Total 417490 (delta 4280), reused 4284 (delta 3807), pack-reused 410738
Receiving objects: 100% (417490/417490), 97.36 MiB | 5.58 MiB/s, done.
Resolving deltas: 100% (355671/355671), done.

There are thousands of files in this repo, this will be very useful for enhancing a scan.

This seems to be better.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ nuclei -u http://210.113.102.182 -t nuclei-templates/http/

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

                projectdiscovery.io

[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 2
[INF] Templates loaded for current scan: 6819
[INF] Executing 6824 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Templates clustered: 1220 (Reduced 1192 Requests)
[INF] Using Interactsh Server: oast.live
[options-method] [http] [info] http://210.113.102.182 [GET,POST,OPTIONS,HEAD]
[CVE-2018-16836] [http] [critical] http://210.113.102.182/theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd
[dir-listing] [http] [info] http://210.113.102.182
[apache-detect] [http] [info] http://210.113.102.182 [Apache/2.4.41 (Ubuntu)]
[http-missing-security-headers:x-frame-options] [http] [info] http://210.113.102.182
[http-missing-security-headers:clear-site-data] [http] [info] http://210.113.102.182
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:strict-transport-security] [http] [info] http://210.113.102.182
[http-missing-security-headers:content-security-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:permissions-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://210.113.102.182
[http-missing-security-headers:x-content-type-options] [http] [info] http://210.113.102.182
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://210.113.102.182
[http-missing-security-headers:referrer-policy] [http] [info] http://210.113.102.182
[waf-detect:apachegeneric] [http] [info] http://210.113.102.182/
[generic-linux-lfi] [http] [high] http://210.113.102.182/etc/passwd

Using this to scan a WordPress website reveals any outdated plugins and other interesting errors that could be a vector for any attacks. Outdated plugins can have exploits, especially if they are very old.

Here is a sample from a scan on a WordPress website.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ nuclei -u http://www.myspecialbook.com/web -t nuclei-templates/http/

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

                projectdiscovery.io

[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 2
[INF] Templates loaded for current scan: 6819
[INF] Executing 6824 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Templates clustered: 1220 (Reduced 1192 Requests)
[INF] Using Interactsh Server: oast.pro
[wordpress-contact-form-7:outdated_version] [http] [info] http://www.myspecialbook.com/web/wp-content/plugins/contact-form-7/readme.txt [5.7.6]
[old-copyright] [http] [info] http://www.myspecialbook.com/web/ [Copyright 2018 ]
[http-missing-security-headers:permissions-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:x-frame-options] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:referrer-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:strict-transport-security] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:content-security-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:clear-site-data] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:x-content-type-options] [http] [info] http://www.myspecialbook.com/web/
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://www.myspecialbook.com/web/
[wordpress-login] [http] [info] http://www.myspecialbook.com/web/wp-login.php
[wordpress-readme-file] [http] [info] http://www.myspecialbook.com/web/readme.html

This is a great way to find all vulnerabilities in your website and secure it against attack.

Run this command to update nuclei.

Bash
┏jcartwright@jcartwright-System-Version╼╸╸╸╸╸╸╾
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━◉:~$ nuclei -update

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

		projectdiscovery.io

23.70 MiB / 23.70 MiB [-------------------------------------------------------] 100.00% 5.67 MiB p/s
[INF] Verified Integrity of nuclei_3.1.1_linux_amd64.zip

[INF] nuclei sucessfully updated 3.1.0 -> 3.1.1 (latest)

                                                                              
  ## What's Changed                                                           
                                                                              
   Added support for arbitrary string input for TLS SNI annotation by @jimen0
  in https://github.com/projectdiscovery/nuclei/pull/4462                     
   Fixed panic + refactor headless waitevent action by @tarunKoyalwar in     
  https://github.com/projectdiscovery/nuclei/pull/4465                        
   Fixed wait time + added timeout for ssh connection by @dogancanbakir in   
  https://github.com/projectdiscovery/nuclei/pull/4467                        
   Fixed issue with headless result upload by @tarunKoyalwar in              
  https://github.com/projectdiscovery/nuclei/pull/4469                        
                                                                              
  Full Changelog:                                                             
  https://github.com/projectdiscovery/nuclei/compare/v3.1.0...v3.1.1

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.