KEMBAR78
Lab Manual Automated Vulnerability Scans Using Nuclei | PDF | Vulnerability (Computing) | Domain Name System
Scribd
Upload
62 views6 pages

Lab Manual Automated Vulnerability Scans Using Nuclei

Uploaded by

kushamrathee15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views6 pages

Lab Manual Automated Vulnerability Scans Using Nuclei

Uploaded by

kushamrathee15
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

AUTOMATE VULNERABILITY SCANS OF WEBSITES USING

NUCLEI
Nuclei is a Fast and Customizable Vulnerability Scanner. Nuclei tool is
Golang Language-based tool used to send requests across multiple targets
based on nuclei templates leading to zero false positive or irrelevant results
and provides fast scanning on various hosts. Nuclei have built-in support to
automatically update the templates to their newer version with more data.
Nuclei-templates projects provide a regular Updates list to ready-to-use
templates regularly. Nuclei offer to scan for various protocols, including
DNS, HTTP, TCP, and many more. All kinds of security checks can be
performed using nuclei templates.
What Information you can get using Nuclei

Nuclei can help you ensure the security of complex networks/applications.


With vulnerability scans, Nuclei can identify security issues on your
network. Once configured, Nuclei can provide detailed information on each
vulnerability, including:

• Severity
• Impact
• Description
• Remediation

In this Exercise, we have created a Bash script to automate the process


of searching for vulnerabilities and subdomains using Nuclei.
Guided Exercise
Step to Perform this Exercise
1. Connect to the kali Linux machine, created by you, using the RDP
protocol. Kali Linux machine is being used as Attacker’s machine.
2. When prompted for the username and password, enter root as
username and toor as password. The root is the administrator user of
the machine.
root
toor

Log In

Once you successfully login in, you will see a screen like this.
3. Right Click on the Screen and Select Open Terminal Here option

4. Now select your target to scan on Nuclei


Type: nuclei -u google.com
Nuclei has started successfully

Here you can see all the subdomains of our target.


Here you can see dns information & vulnerabilities of our target.
Here are some of the best ways to protect your website from
information leakage

• Make sure that everyone involved in producing the website is fully


aware of what information is considered sensitive. Sometimes
seemingly harmless information can be much more useful to an
attacker than people realize. Highlighting these dangers can help make
sure that sensitive information is handled more securely in general by
your organization.

• Audit any code for potential information disclosure as part of your QA


or build processes.
• Use generic error messages as much as possible. Don't provide
attackers with clues about application behaviour unnecessarily.
• Double-check that any debugging or diagnostic features are disabled
in the production environment.
• Make sure you fully understand the configuration settings, and
security implications, of any third-party technology that you
implement. Take the time to investigate and disable any features and
settings that you don't actually need.

You might also like