Some time ago we created the Findomain+ integration with Nuclei for vulnerability discovery, today we are going to take it to the next level.
Nuclei currently only run against ports 443 or 80 of (sub)domains found and that have an HTTP server running. Starting today we will be running Nuclei against all open ports of the subdomain, as long as they respond to an HTTP GET request. The way this new feature will work is as follows:
- The Smart Nuclei Alerts process continues to work as it does now.
- Once all the processes finish and we know the ports that are open on the target, a dedicated Nuclei process will be launched to search for vulnerabilities.
- Once the process is finished, the results will be sent by email.
This represents an important advance in the discovery of vulnerabilities, many times there are vulnerable services running on ports other than the usual ones, sometimes forgotten and exposing confidential information, administration panels, users, and passwords, among other things.
We hope you like this feature and that you get a lot of use out of it! With much love from the Findomain App team.
If you have any questions or ideas Email us, send us a Twitter DM, or chat with us on Discord. Check out our Monitoring and vulnerability discovery service.
Regards,
Findomain Team