Finding Hidden Gems with Nuclei Templates!
Lately, I have been thinking about automation.
Funny, this isn’t something I have thought of in the past. I have just been trying to find some really good bugs, one by one. Saving the world one small to high CVSS score bug at a time. I don’t have much automation built into my current workflow, but after rewatching the @NahamSec course Intro to Bug Bounty Hunting and Web Application Hacking.
https://www.udemy.com/user/ben-sadeghipour/
He talks about automation and I figured why not give it a try!
Let’s start with what this article is about and what it’s not before we go further.
I will go over how I have been using Nuclei, and go over templates I have recently written and what you may be able to find. What it’s not, is a setup guide on automation. I have been experimenting the last few months and find automation can mean many things to many people, so your mileage may vary, I will leave subdomain enumeration and bash scripting, other tools used, and all that stuff, and all the amazing work that is already done to @NahamSec and his great course. Or all of the other resources on this subject.
Just some resources on automation:
https://infosecwriteups.com/intro-to-bug-bounty-automation-tool-chaining-with-bash-13e11348016f
https://gowthams.gitbook.io/bughunter-handbook/automation
Now that we have that out of the way, Nuclei. What I’m I talking about you ask? Nuclei is a fast and customizable vulnerability scanner based on simple YAML templates. Simple, it’s why I’m able to use it!
https://nuclei.projectdiscovery.io/
Nuclei has templates that others have written for you to use and are very good. Ensure you are using those as well by the way, not just mine.
https://github.com/projectdiscovery/nuclei-templates
But lately, I noticed some of the bugs I find don’t have templates written, so I figured why not write some and share?
Ok, on to the good stuff. Do tell me what will I find with these magic, (Not magic) templates you talk about…
You will find DOM Based XSS in SiteMinder Agent, BOOM!
Or
Opentext LiveSite Database info exposed, BAM!
The real power of Nuclei is creating your templates as you can see. The basic idea is to find something and then create a template to easily find it again, and again.
https://github.com/clarkvoss/Nuclei-Templates
You could use other templates that are not in the main templates available in the Nuclei repo. You could use something like cent, which gathers others templates in one directory for you to use.
Lastly, Nuclei is extremely powerful. It has so many features, like pipelining, smuggling, and Race condition capabilities, and Nuclei can be used at such a large scale, it is truly amazing. If you are not using it during your bug hunting or when you pentest, you should, and if you are I hope you are contributing here, and there to help the masses. Now go out and find some bugs! If I can find them, so can you, don’t get discouraged! I hope you enjoyed reading it.
