Skip to content

reewardius/nuclei-dast-templates

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
blind-xss
blind-xss
 
 
crlf
crlf
 
 
csv
csv
 
 
lfi
lfi
 
 
oob sqli
oob sqli
 
 
rce
rce
 
 
redirect
redirect
 
 
reflected
reflected
 
 
sqli
sqli
 
 
ssrf
ssrf
 
 
ssti
ssti
 
 
xss
xss
 
 
xxe
xxe
 
 
README.md
README.md
 
 
health-detect.yaml
health-detect.yaml
 
 

Repository files navigation

nuclei-dast-templates

Crawl and fuzz all HTTP (path,header,cookie,body,query) and their possible values:

katana -u http://testphp.vulnweb.com -aff -iqp -j -o katana.jsonl && \
nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates/ -dast -tags full -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Skip fuzzing of HTTP headers and cookies:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates/ -dast -etags fuzzing-req-header,fuzzing-req-cookie -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

General Tags

fuzzing-req-query
fuzzing-req-body
fuzzing-req-path
fuzzing-req-cookie
fuzzing-req-header
full

The following tags can be used to perform fuzzing scans on different parts of an HTTP request

Fuzzing Vulnerability Tags

blind-xss
fuzzing-req-crlf
fuzzing-req-csv
fuzzing-req-lfi
fuzzing-req-oob
fuzzing-req-rce
fuzzing-req-redirect
fuzzing-req-reflected
fuzzing-req-ssrf
fuzzing-req-ssti
fuzzing-req-sqli
fuzzing-req-xss
fuzzing-req-xxe

Fuzzing query parameters:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates -tags fuzzing-req-query -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Fuzzing the request body:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates -tags fuzzing-req-body -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Fuzzing cookies in the request:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates -tags fuzzing-req-cookie -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Fuzzing request headers:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates -tags fuzzing-req-header -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Fuzzing the request path:

nuclei -l katana.jsonl -im jsonl -t nuclei-dast-templates -tags fuzzing-req-path -fuzz-param-frequency 10000 -stats -pc 250 -c 100 -rl 1000 -bs 100

Features

  • Easily customize your scan by using tags that focus on different parts of HTTP requests (query, body, cookies, headers, and path).
  • Fuzz multiple areas of HTTP requests to identify vulnerabilities like SQL injection, XSS, and other common web security flaws.
  • Works seamlessly with Katana for crawling and Nuclei for vulnerability scanning, providing an efficient and automated security testing pipeline.
  • Skip fuzzing on specific request sections (like headers or cookies) by excluding the relevant tags.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

14 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published