First of all, we want to apologize for the delay, we know this new integration was scheduled for 01/01/2021 but we are excited to announce our new Nuclei integration today, 21/01/2021. Now we will explain how it works.
About Nuclei
Nuclei is a very powerful tool, it allows you to perform automatic vulnerability scans based on templates predefined by the user.
Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable.
– Nuclei Project
Learn more about this wonderful tool at https://github.com/projectdiscovery/nuclei
Our Integration
Our private version of Findomain handles all the integrations we have with external tools such as ffuf, nmap, amass, subfinder, chrome, etc. and it also manages the databases, the case of Nuclei is no exception.
Our service will execute Nuclei on ports 80 and 443 that are not part of wildcard subdomains, in case of finding vulnerabilities the file will be attached to the email containing the new subdomains alerts and saved in the FTP server. By default, we will only send alerts for high and critical vulnerabilities. In summary, by default Nuclei runs as follows:
nuclei -silent -l nuclei_targets_file -t nuclei_templates_path -severity "high,critical" -o nuclei_output_file
Nuclei templates are updated automatically before each run.
Users in control
Although we control the command line, the user has the option to modify key options/files within nuclei.
- .nuclei-ignore
Nuclei has the option of using a .nuclei-ignore file to exclude irrelevant templates, in our case, this file is available inside the nuclei-templates
folder in the user’s root directory. You can learn more about this file at https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion.
- -severity option
The -severity
option can be modified by the user making use of the nuclei_templates_severity
variable within the Findomain config.toml
file. By default, the variable has the value of “high,critical” (as we mentioned earlier, these are the two severities that we evaluate by default). You can learn more about this option at https://github.com/projectdiscovery/nuclei#usage
- Templates
The user can upload or delete templates inside the nuclei-templates
folder.
Special thanks to the Project Discovery Team for creating awesome tools and contributing to the hacking world.
Other information
In all this time, we have optimized all our existing processes, fixed errors and made sure that the data we deliver is as accurate as possible before releasing this integration. Among the improvements we highlight:
- Screenshots are now complete.
- Nmap scanning has been improved.
- Empty files will not be sent in emails.
- Our support channels have been added to each email alert.
- Improvement in the handling of attachments by mail.
With this we conclude this article, we hope that it has been to your liking and that everything has been clear. If you have any questions or ideas, send us an email to monitoring[at]findomain.app or write to us on Twitter.
Regards,
Findomain Team