Integrating Nuclei for automatic vulnerability discovery

First of all, we want to apologize for the delay, we know this new integration was scheduled for 01/01/2021 but we are excited to announce our new Nuclei integration today, 21/01/2021. Now we will explain how it works.

About Nuclei

Nuclei is a very powerful tool, it allows you to perform automatic vulnerability scans based on templates predefined by the user.

Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable.

– Nuclei Project

Learn more about this wonderful tool at https://github.com/projectdiscovery/nuclei

Our Integration

Our private version of Findomain handles all the integrations we have with external tools such as ffuf, nmap, amass, subfinder, chrome, etc. and it also manages the databases, the case of Nuclei is no exception.

Our service will execute Nuclei on ports 80 and 443 that are not part of wildcard subdomains, in case of finding vulnerabilities the file will be attached to the email containing the new subdomains alerts and saved in the FTP server. By default, we will only send alerts for high and critical vulnerabilities. In summary, by default Nuclei runs as follows:

nuclei -silent -l nuclei_targets_file -t nuclei_templates_path -severity "high,critical" -o nuclei_output_file

Nuclei templates are updated automatically before each run.

Users in control

Although we control the command line, the user has the option to modify key options/files within nuclei.

  • .nuclei-ignore

Nuclei has the option of using a .nuclei-ignore file to exclude irrelevant templates, in our case, this file is available inside the nuclei-templates folder in the user’s root directory. You can learn more about this file at https://github.com/projectdiscovery/nuclei#using-nuclei-ignore-file-for-template-exclusion.

  • -severity option

The -severity option can be modified by the user making use of the nuclei_templates_severity variable within the Findomain config.toml file. By default, the variable has the value of “high,critical” (as we mentioned earlier, these are the two severities that we evaluate by default). You can learn more about this option at https://github.com/projectdiscovery/nuclei#usage

  • Templates

The user can upload or delete templates inside the nuclei-templates folder.

Special thanks to the Project Discovery Team for creating awesome tools and contributing to the hacking world.

Other information

In all this time, we have optimized all our existing processes, fixed errors and made sure that the data we deliver is as accurate as possible before releasing this integration. Among the improvements we highlight:

  • Screenshots are now complete.
  • Nmap scanning has been improved.
  • Empty files will not be sent in emails.
  • Our support channels have been added to each email alert.
  • Improvement in the handling of attachments by mail.

With this we conclude this article, we hope that it has been to your liking and that everything has been clear. If you have any questions or ideas, send us an email to monitoring[at]findomain.app or write to us on Twitter.

Regards,
Findomain Team