How to install Nuclei to scan Website security holes

What is Nuclei?

Nuclei is an open source toolkit used to scan Website security holes or find Bugs. Some Bug Hunters are using this tool to receive bonuses from websites with weak security. A special feature that Nuclei is favored by many Hackers is that it has a large user community and the error code templates are always updated regularly, so when a vulnerability has just been released, Nuclei already has a template to scan.

Another highlight is that Nuclei is completely free and you can customize how to scan Website as well as create templates to scan Website bugs to your liking.

Nuclei can scan various protocols, including DNS, HTTP, TCP and many more. All kinds of security checks can be performed using kernel templates.

How to install Nuclei

It is recommended to turn off anti-virus programs on Windows when performing Upgrade Kali Linux to avoid blocking installation packages. To install Nuclei, execute the following commands on Kali Linux:

sudo su

Enter password user

apt-get update -y

apt-get upgrade -y

Because nuclei is written in Goland language, so we need to install Goland on Kali Linux, execute the following commands:

apt install gccgo-go -y
apt install golang-go -y

Install Nuclei to scan Website security holes

git clone; \
cd nuclei/v2/cmd/nuclei; \
go build; \
mv nuclei /usr/local/bin/; \
nuclei -version;

remove nuclei

After the installation is complete, type the command nuclei -h to start

The case of reported nuclei outdated, is because you downloaded the old version. Let’s execute the update template command again.

update kernelUse the command:
go install -v

If successful, you will see the following interface:

nuclei scan for vulnerabilities

How to use Nuclei to scan Website vulnerabilities

To search for Website Bugs, we execute the following command:

nuclei -u địa-chỉ-website

Eg: nuclei -u

In case some Websites will have a firewall (WAF) and block scanning processes, you can reduce the frequency of sending requests to the server by rate-limit. Let’s use the parameter: --rate-limit.

Eg: nuclei -u -rate-limit 1 //ie send 1 second send 1 request

To bypass WAF, you can change the packet header to avoid blocking, with the parameter -h

Eg: nuclei -u -rate-limit 1 -header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)'

In case you want to scan many Web pages, create a file named url.txt, fill in 1 Web page for each line, then use the syntax -list url.txt

You can see more examples when scanning Website vulnerabilities at the nuclei home page.

Leave a Reply