Web App Pentest with Nuclei

3 min readJul 23, 2023

What is Nuclei?

Nuclei is a free and powerful vulnerability scanner, it can perform automatic vulnerability scan for web app, cloud, etc. It uses templates that defines the steps required to detect a vulnerability, anyone can contribute to the templates and published it to the security community to use. The templates can be found via here.

My lab setup.

I installed nuclei inside my Kali Linux virtual machine.

apt update
apt install nuclei

Update the nuclei templates to latest version.

nuclei -ut

Check your nuclei engine version.

nuclei -version

Start the easy mode scan

Scan for a single target.

nuclei -u https://test.com

nuclei -u http://localhost:8080

nuclei -u my.test.com:5759

Scan for multiple targets.

nuclei -l /absolute-path/list-of-targets.txt

Scan with optimizations

Rate limiting requests (-rl) and concurrent templates (-c).

nuclei -u https://test.com -rl <number> -c <number>

nuclei -u https://test.com -rl 5 -c 5
  • -rl 5 = restrict outgoing requests to 5 per second
  • -c 5 = restrict outgoing requests to 5 concurrent templates

Timeout length (-timeout).

Note that the default value is 5 seconds.

nuclei -l list-of-targets.txt -timeout 1

Scan specific templates (-t) /tags (-tags) /severity (-s).

nuclei -u https://test.com -t file/logs/python-app-sql-exceptions.yaml

nuclei -u https://test.com -t file/logs/python-app-sql-exceptions.yaml -t exposures/files/pyproject-disclosure.yaml

nuclei -u https://test.com -tags jira,generic

nuclei -u https://test.com -s critical,high,medium,low,info

Exclude specific templates (-et) /tags (-etags).

nuclei -u https://test.com -t cves/ -et cves/2020/

nuclei -u https://test.com -t cves/ -etags xss

Scan blocked tags.

nuclei -l list-of-targets.txt -include-tags iot,misc,fuzz

Custom user-agent (-H).

nuclei -u https://test.com -H "User-Agent: custom-string"

Save the scan result (-o).

nuclei -u https://test.com -o nuclei-scan.txt

Burp integration with Nuclei.

Setup nuclei inside the burp suite.

Git clone from the Github.

cd /opt

git clone https://github.com/PortSwigger/nuclei-burp-integration/tree/main

cd nuclei-burp-integration

Open burp suite, extension tab, add burp extensions, add the “nuclei-extensions.py” into burp suite.

Sent request to nuclei scanner.

Open Nuclei tab.

Press “Run Scanning”.

Overview of the issues.