[1/5] A small thread.
#nuclei is a really nice and fast scanner by @pdnuclei that is also popular with #bugbounty #hackers.
Being so fast out of box, quite often it can overwhelm the target server(s).
Here are couple of tips on how to improve your #nuclei scanning results:
#nuclei is a really nice and fast scanner by @pdnuclei that is also popular with #bugbounty #hackers.
Being so fast out of box, quite often it can overwhelm the target server(s).
Here are couple of tips on how to improve your #nuclei scanning results:
[2/5] The -rl flag defines the number of requests per second, and it is set to 150 by default.
This can be too much for some sites so drop it down to about 50 (or even less if you fear WAF/IPS blocking you) which should not be too much.
This can be too much for some sites so drop it down to about 50 (or even less if you fear WAF/IPS blocking you) which should not be too much.
[3/5] The -c flag defines the number of templates to run in parallel. In my tests this didn't affect the results a lot until I dropped it to a very low value such as 1 or 2.
Disable the interactsh server if you do not need it with -ni
This will remove OAST tests.
Disable the interactsh server if you do not need it with -ni
This will remove OAST tests.
[4/5] Do some manual recon in advance. For example, if you are just scanning a web site, limit protocols to http with the -pt flag.
If you know the target, use the -tags flag to select only those templates that you really need.
If you know the target, use the -tags flag to select only those templates that you really need.
Something like this usually works the best initially, without triggering some defense mechanisms:
$ nuclei -ni -rl 50 -pt http https://target
$ nuclei -ni -rl 50 -pt http https://target
• • •
Missing some Tweet in this thread? You can try to
force a refresh
