Feeding Nuclei!

Lately, I have been trying different ways to use tools I have been using for some time. A good example of this is Nuclei. I have been using the same switches, every now and then using workflows, using fuzzing templates, and if I really want to try something crazy write multi-stage temples.

This had me thinking of all the things I can do with Nuclei that I don’t leverage in testing that I should. Normally I would use Nuclei on a set of IP addresses a subnet or just a single website. Once the scan was completed and it didn’t find anything I would move on to the next tool. With that single website, I would use the Domain like example.com and that’s it. A few times I would feed some different URLs from the website and it would have different results but I didn’t think much about it. But after some thinking about websites and how they can be very dynamic and how not all websites are used the same. This had me thinking…

Since Nuclei can scan those URLs and find a bunch of things like what HTTP Verbs an endpoint uses, cookies issues, misconfigurations, and vulnerabilities of course. I decided to write a Python script that would take a Burp output in XML, parse the file, extract the URLs, and then feed them to Nuclei.

I created NucleiFeeder:
https://github.com/clarkvoss/NucleiFeeder

It’s simple. Start by firing up the free version of Burp Community Edition. Pick a website. I’m using http://testasp.vulnweb.com/. Then navigate around like you normally would. Click on everything you can and once you have all the URLs and requests right-click on the main site URL and click save selected items like below. Place the file where you like.

Next a few quick edits to the script. At the bottom of the script edit the # Example usage section and add the location of your Burp output file and the location of your nuclei templates and you are set!

# Example usage
xml_file = "burp_output.xml"  # Path to Burp XML file
nuclei_templates = "nuclei-templates"  # Path to Nuclei templates
process_burp_xml(xml_file, nuclei_templates)

Now it’s time to run the script. Run the command below:

python3 ./NucleiFeeder.py

This will take that XML. Take all the URLs from that file and feed them to Nuclei!

You can change the Nuclei switches in the script to your liking. You may notice some of the results will be duplicated but on a large site, it will start to show small differences that you can leverage for others more advanced attacks.

I just pimped your Nuclei! Now go out and find some bugs! If I can find them, so can you, don’t get discouraged! I hope you enjoyed reading it.