0xkayala / nucleifuzzer Goto Github PK

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

Home Page: https://github.com/0xKayala/NucleiFuzzer

Shell 100.00%

nuclei nuclei-templates fuzzing-templates nucleifuzzer

nucleifuzzer's Introduction

NucleiFuzzer = Nuclei + Paramspider

NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei fuzzing templates to scan for vulnerabilities. NucleiFuzzer streamlines the process, making it easier for security professionals and web developers to detect and address security risks efficiently. Download NucleiFuzzer to protect your web applications from vulnerabilities and attacks.

Note: Nuclei + Paramspider = NucleiFuzzer

Important: Make sure the tools Nuclei, httpx & Paramspider are installed on your machine and executing correctly to use the NucleiFuzzer without any issues.

Tools included:

ParamSpider git clone https://github.com/0xKayala/ParamSpider.git

Nuclei git clone https://github.com/projectdiscovery/nuclei.git

Templates:

Fuzzing Templates git clone https://github.com/0xKayala/fuzzing-templates.git

Screenshot

Output

Usage

nf -h

This will display help for the tool. Here are the options it supports.

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications

Usage: /usr/local/bin/nf [options]

Options:
  -h, --help              Display help information
  -d, --domain <domain>   Domain to scan for XSS, SQLi, SSRF, Open-Redirect..etc vulnerabilities
  -f, --file <filename>   File containing multiple domains/URLs to scan

Installation:

To install NucleiFuzzer, follow these steps:

git clone https://github.com/0xKayala/NucleiFuzzer.git && cd NucleiFuzzer && sudo chmod +x install.sh && ./install.sh && nf -h && cd ..

Examples:

Here are a few examples of how to use NucleiFuzzer:

Run NucleiFuzzer on a single domain:
```
nf -d example.com
```
Run NucleiFuzzer on multiple domains from a file:
```
nf -f file.txt
```

Practical Demonstration:

For a Practical Demonstration of the NucleiFuzzer tool see the below video 👇

Star History

Contributing

Contributions are welcome! If you'd like to contribute to NucleiFuzzer, please follow these steps:

Fork the repository.
Create a new branch.
Make your changes and commit them.
Submit a pull request.

Made by Satya Prakash | 0xKayala \

A Security Researcher and Bug Hunter \

Connect with me:

Support me:

nucleifuzzer's People

Contributors

Stargazers

Watchers

Forkers

gmh5225 assassinukg haka110 navin-hacsociety mnagarajapppa 0xsebin thanhnx9 ihappyk ronin-dojo sainath-reddiee ramachokkalingam zzhsec atlassion excloudx6 onesorzer0es sec-fork rajasingh010 cheahengsoon latkes randomactsofsecurity cvlabsio ssghost steiner-254 t3nz3nsow infernalheaven vimyumy jesusmariabermudez truenix ckevens 0xruta ak4l3r3 zxc2007 anonexploiter darkprof83 g6kg dev2x0 noorahsmith arjunacoks wjqyg adriyansyah-mf marciowb danzee1 oakkaya ratlesv royzsec devbox10 boretkiterie attacker-codeninja tripse amrit-prasad abd-4fg keephowling jeshi2 caretakerport take0versget mauriceoboya peff1235 northernxploit jeffmartson im-hanzou 0xw1zard 0xsojalsec tucommenceapousser sittiksimano ca0x0 dvir-levy rdx11 hmidani-abdelilah subedibibek-cmd tehseensagar anindya14 vertuzero9 allanvictor ukaserge nxg-7 0xzipp0 afmirandad tomatotech90 startagain2016 trevor3000 wuxueeee orinocoz gsatyadev cyb3rm3g tellnol437 cristiancmoises joelindra napster007 ronin-dojo taoke-one alexsandershaw lkmadman r00x-dev pakkiraja r4ds3c egida adminsecfr popmedd zyairelai d4rkusxx

nucleifuzzer's Issues

Unable to run nf -h

Followed the installation procedure. Says it installed successfully.. however running nf -h says I have no permission but running with sudo also does not work .

Bellow is the exact command

[krakensub@centos-8gb-pa tools]$ sudo git clone https://github.com/0xKayala/NucleiFuzzer.git
Cloning into 'NucleiFuzzer'...
remote: Enumerating objects: 197, done.
remote: Counting objects: 100% (96/96), done.
remote: Compressing objects: 100% (68/68), done.
remote: Total 197 (delta 43), reused 75 (delta 28), pack-reused 101
Receiving objects: 100% (197/197), 51.95 KiB | 1.73 MiB/s, done.
Resolving deltas: 100% (63/63), done.
[krakensub@centos-8gb-pa tools]$ cd NucleiFuzzer/
[krakensub@centos-8gb-pa NucleiFuzzer]$ sudo chmod +x install.sh
[krakensub@centos-8gb-pa NucleiFuzzer]$ ./install.sh
NucleiFuzzer has been installed successfully! Now Enter the command 'nf' to run the tool.
[krakensub@centos-8gb-pa NucleiFuzzer]$ nf -h
-bash: /usr/local/bin/nf: Permission denied
[krakensub@centos-8gb-pa NucleiFuzzer]$ sudo nf -h
sudo: nf: command not found
[krakensub@centos-8gb-pa NucleiFuzzer]$ sudo ./install.sh
mv: cannot stat 'NucleiFuzzer.sh': No such file or directory
NucleiFuzzer has been installed successfully! Now Enter the command 'nf' to run the tool.

如何批量扫描

Please, -f for file.txt

thankyou sir

ParamSpider - urllib3 issue

I've installed it as advised, but there is a lib dependency, as shown below.

I tried to install the lib requested manually, with no lucky.

urllib3 1.26.5

Error:

Installing Nuclei...                                                                                                                              
Running ParamSpider on vulnweb.com
/usr/local/lib/python3.11/dist-packages/requests/__init__.py:102: RequestsDependencyWarning: urllib3 (**1.26.5**) or chardet (5.2.0)/charset_normalizer (2.0.12) doesn't match a supported version!
  warnings.warn("urllib3 ({}) or chardet ({})/charset_normalizer ({}) doesn't match a supported "

Thank you.

Giving multiple domains

How to give multiple domains as a text file?

Error: No such option: -s

Hello! How to fix this?
Error: No such option: -s

Can someone execute the below two versions of "NucleiFuzzer" scripts from your end and let me know the working version so that I will update the tool.

Version: 1

#!/bin/bash

# ASCII art
printf "\e[91m
    _   __           __     _ ______
   / | / /_  _______/ /__  (_) ____/_  __________  ___  _____
  /  |/ / / / / ___/ / _ \/ / /_  / / / /_  /_  / / _ \/ ___/
 / /|  / /_/ / /__/ /  __/ / __/ / /_/ / / /_/ /_/  __/ /
/_/ |_/\__,_/\___/_/\___/_/_/    \__,_/ /___/___/\___/_/

                               Made by Satya Prakash (0xKayala)
\e[0m"

# Help menu
display_help() {
    echo -e "NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications\n\n"
    echo -e "Usage: $0 [options]\n\n"
    echo "Options:"
    echo "  -h, --help              Display help information"
    echo "  -d, --domain <domain>   Single domain to scan for XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities"
    echo "  -f, --file <filename>   File containing multiple domains/URLs to scan"
    exit 0
}

# Get the current user's home directory
home_dir=$(eval echo ~$USER)

# Check if ParamSpider is already cloned and installed
if [ ! -d "$home_dir/ParamSpider" ]; then
    echo "Cloning ParamSpider..."
    git clone https://github.com/0xKayala/ParamSpider "$home_dir/ParamSpider"
fi

# Check if fuzzing-templates is already cloned.
if [ ! -d "$home_dir/fuzzing-templates" ]; then
    echo "Cloning fuzzing-templates..."
    git clone https://github.com/0xKayala/fuzzing-templates.git "$home_dir/fuzzing-templates"
fi

# Check if nuclei is installed, if not, install it
if ! command -v nuclei &> /dev/null; then
    echo "Installing Nuclei..."
    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
fi

# Check if httpx is installed, if not, install it
if ! command -v httpx &> /dev/null; then
    echo "Installing httpx..."
    go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
fi

# Parse command line arguments
while [[ $# -gt 0 ]]
do
    key="$1"
    case $key in
        -h|--help)
            display_help
            ;;
        -d|--domain)
            domain="$2"
            shift
            shift
            ;;
        -f|--file)
            filename="$2"
            shift
            shift
            ;;
        *)
            echo "Unknown option: $key"
            display_help
            ;;
    esac
done

# Step 2: Ask the user to enter the domain name or specify the file
if [ -z "$domain" ] && [ -z "$filename" ]; then
    echo "Please provide a domain with -d or a file with -f option."
    display_help
fi

# Combined output file for all domains
output_file="output/allurls.txt"

# Step 3: Get the vulnerable parameters based on user input
if [ -n "$domain" ]; then
    echo "Running ParamSpider on $domain"
    python3 "$home_dir/ParamSpider/paramspider.py" -d "$domain" --exclude png,jpg,gif,jpeg,swf,woff,gif,svg --level high --quiet -o "output/$domain.txt"
    cat "output/$domain.txt" >> "$output_file"  # Append to the combined output file
elif [ -n "$filename" ]; then
    echo "Running ParamSpider on URLs from $filename"
    while IFS= read -r line; do
        python3 "$home_dir/ParamSpider/paramspider.py" -d "$line" --exclude png,jpg,gif,jpeg,swf,woff,gif,svg --level high --quiet -o "output/$line.txt"
        cat "output/$line.txt" >> "$output_file"  # Append to the combined output file
    done < "$filename"
fi

# Step 4: Check whether URLs were collected or not
if [ ! -s "output/$domain.txt" ] && [ ! -s "$output_file" ]; then
    echo "No URLs Found. Exiting..."
    exit 1
fi

# Step 5: Run the Nuclei Fuzzing templates on the collected URLs
echo "Running Nuclei on collected URLs"
if [ -n "$domain" ]; then
    cat "output/$domain.txt" | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -rl 05
elif [ -n "$filename" ]; then
    cat "$output_file" | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -rl 05
fi

# Step 6: End with a general message as the scan is completed
echo "Scan is completed - Happy Fuzzing"

Version: 2

#!/bin/bash

# ASCII art
printf "\e[91m
    _   __           __     _ ______
   / | / /_  _______/ /__  (_) ____/_  __________  ___  _____
  /  |/ / / / / ___/ / _ \/ / /_  / / / /_  /_  / / _ \/ ___/
 / /|  / /_/ / /__/ /  __/ / __/ / /_/ / / /_/ /_/  __/ /
/_/ |_/\__,_/\___/_/\___/_/_/    \__,_/ /___/___/\___/_/

                               Made by Satya Prakash (0xKayala)
\e[0m"

# Help menu
display_help() {
    echo -e "NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications\n\n"
    echo -e "Usage: $0 [options]\n\n"
    echo "Options:"
    echo "  -h, --help              Display help information"
    echo "  -d, --domain <domain>   Single domain to scan for XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities"
    echo "  -f, --file <filename>   File containing multiple domains/URLs to scan"
    exit 0
}

# Get the current user's home directory
home_dir=$(eval echo ~$USER)

# Check if ParamSpider is already cloned and installed
if [ ! -d "$home_dir/ParamSpider" ]; then
    echo "Cloning ParamSpider..."
    git clone https://github.com/0xKayala/ParamSpider "$home_dir/ParamSpider"
fi

# Check if fuzzing-templates is already cloned.
if [ ! -d "$home_dir/fuzzing-templates" ]; then
    echo "Cloning fuzzing-templates..."
    git clone https://github.com/0xKayala/fuzzing-templates.git "$home_dir/fuzzing-templates"
fi

# Check if nuclei is installed, if not, install it
if ! command -v nuclei &> /dev/null; then
    echo "Installing Nuclei..."
    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
fi

# Check if httpx is installed, if not, install it
if ! command -v httpx &> /dev/null; then
    echo "Installing httpx..."
    go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
fi

# Parse command line arguments
while [[ $# -gt 0 ]]
do
    key="$1"
    case $key in
        -h|--help)
            display_help
            ;;
        -d|--domain)
            domain="$2"
            shift
            shift
            ;;
        -f|--file)
            filename="$2"
            shift
            shift
            ;;
        *)
            echo "Unknown option: $key"
            display_help
            ;;
    esac
done

# Step 2: Ask the user to enter the domain name or specify the file
if [ -z "$domain" ] && [ -z "$filename" ]; then
    echo "Please provide a domain with -d or a file with -f option."
    display_help
fi

# Combined output file for all domains
output_file="output/allurls.txt"

# Step 3: Get the vulnerable parameters based on user input
if [ -n "$domain" ]; then
    echo "Running ParamSpider on $domain"
    python3 "$home_dir/ParamSpider/paramspider.py" -d "$domain" --exclude png,jpg,gif,jpeg,swf,woff,gif,svg --level high --quiet -o "output/$domain.txt"
    cat "output/$domain.txt" >> "$output_file"
elif [ -n "$filename" ]; then
    echo "Running ParamSpider on URLs from $filename"
    while IFS= read -r line; do
        python3 "$home_dir/ParamSpider/paramspider.py" -d "$line" --exclude png,jpg,gif,jpeg,swf,woff,gif,svg --level high --quiet -o "$output_file"
    done < "$filename"
fi

# Step 4: Check whether URLs were collected or not
if [ ! -s "output/$domain.txt" ] && [ ! -s "$output_file" ]; then
    echo "No URLs Found. Exiting..."
    exit 1
fi

# Step 5: Run the Nuclei Fuzzing templates on the collected URLs
echo "Running Nuclei on collected URLs"
if [ -n "$domain" ]; then
    cat "output/$domain.txt" | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -rl 05
elif [ -n "$filename" ]; then
    cat "$output_file" | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -rl 05
fi

# Step 6: End with a general message as the scan is completed
echo "Scan is completed - Happy Fuzzing"

Previous Version: Old

#!/bin/bash

# ASCII art
printf "\e[91m
    _   __           __     _ ______
   / | / /_  _______/ /__  (_) ____/_  __________  ___  _____
  /  |/ / / / / ___/ / _ \/ / /_  / / / /_  /_  / / _ \/ ___/
 / /|  / /_/ / /__/ /  __/ / __/ / /_/ / / /_/ /_/  __/ /
/_/ |_/\__,_/\___/_/\___/_/_/    \__,_/ /___/___/\___/_/

                               Made by Satya Prakash (0xKayala)
\e[0m"

# Help menu
display_help() {
    echo -e "NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications\n\n"
    echo -e "Usage: $0 [options]\n\n"
    echo "Options:"
    echo "  -h, --help              Display help information"
    echo "  -d, --domain <domain>   Domain to scan for XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities"
    exit 0
}

# Get the current user's home directory
home_dir=$(eval echo ~$USER)

# Check if ParamSpider is already cloned and installed
if [ ! -d "$home_dir/ParamSpider" ]; then
    echo "Cloning ParamSpider..."
    git clone https://github.com/0xKayala/ParamSpider "$home_dir/ParamSpider"
fi

# Check if fuzzing-templates is already cloned.
if [ ! -d "$home_dir/fuzzing-templates" ]; then
    echo "Cloning fuzzing-templates..."
    git clone https://github.com/0xKayala/fuzzing-templates.git "$home_dir/fuzzing-templates"
fi

# Check if nuclei is installed, if not, install it
if ! command -v nuclei &> /dev/null; then
    echo "Installing Nuclei..."
    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
fi

# Check if httpx is installed, if not, install it
if ! command -v httpx &> /dev/null; then
    echo "Installing httpx..."
    go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
fi

# Step 1: Parse command line arguments
while [[ $# -gt 0 ]]
do
    key="$1"
    case $key in
        -h|--help)
            display_help
            ;;
        -d|--domain)
            domain="$2"
            shift
            shift
            ;;
        *)
            echo "Unknown option: $key"
            display_help
            ;;
    esac
done

# Step 2: Ask the user to enter the domain name
if [ -z "$domain" ]; then
    echo "Enter the domain name (eg: target.com):"
    read domain
fi

# Step 3: Get the vulnerable parameters of the given domain name using ParamSpider tool and save the output into a text file
echo "Running ParamSpider on $domain"
python3 "$home_dir/ParamSpider/paramspider.py" -d "$domain" --exclude png,jpg,gif,jpeg,swf,woff,gif,svg --level high --quiet -o output/$domain.txt

# Check whether URLs were collected or not
if [ ! -s output/$domain.txt ]; then
    echo "No URLs Found. Exiting..."
    exit 1
fi

# Step 4: Run the Nuclei Fuzzing templates on $domain.txt file
echo "Running Nuclei on $domain.txt"
cat output/$domain.txt | httpx -silent -mc 200,301,302,403 | nuclei -t "$home_dir/fuzzing-templates" -rl 05

# Step 5: End with a general message as the scan is completed
echo "Scan is completed - Happy Fuzzing"

set an output to Nuclei Scan

it would be great if nuclei scan would save the results in an output file. :)

Tool Help Code

┌──(kali㉿kali)-[~]
└─$ nf -h                             

                     __     _ ____                         
   ____  __  _______/ /__  (_) __/_  __________  ___  _____
  / __ \/ / / / ___/ / _ \/ / /_/ / / /_  /_  / / _ \/ ___/
 / / / / /_/ / /__/ /  __/ / __/ /_/ / / /_/ /_/  __/ /    
/_/ /_/\__,_/\___/_/\___/_/_/  \__,_/ /___/___/\___/_/   v1.0.1

                               Made by Satya Prakash (0xKayala)

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications


Usage: /usr/local/bin/nf [options]


Options:
  -h, --help              Display help information
  -d, --domain <domain>   Single domain to scan for XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities
  -f, --file <filename>   File containing multiple domains/URLs to scan

No templates error

[INF] Supplied input was automatically deduplicated (12 removed).
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.7.8 (latest)
[WRN] Scan results upload to cloud is disabled.
[WRN] Loaded 21 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 224
[INF] No results found. Better luck next time!
[FTL] Could not run nuclei: no templates provided for scan
Scan is completed - Happy Fuzzing

nf -d vulnweb.com

I have the fuzzing-templates installed aswell in my root directory.

after giving domain name

└─# nf -d testphp.vulnweb.com

                 __     _ ____

____ __ / / () _/ __________ ___ _____
/ __ / / / / / / _ / / // / / / / / / _ / /
/ / / / // / // / __/ / __/ // / / // // __/ /
// //_,/___//_/// _,/ ///_/_/ v1.0.2

                           Made by Satya Prakash (0xKayala)

Running ParamSpider on testphp.vulnweb.com

     ___                               _    __
    / _ \___ ________ ___ _  ___ ___  (_)__/ /__ ____
   / ___/ _ `/ __/ _ `/  ' \(_-</ _ \/ / _  / -_) __/
  /_/   \_,_/_/  \_,_/_/_/_/___/ .__/_/\_,_/\__/_/
                              /_/

                        - coded with <3 by Devansh Batham

[!] URLS containing these extensions will be excluded from the results : ['.png', '.jpg', '.gif', '.jpeg', '.swf', '.woff', '.svg', '.pdf', '.json', '.css', '.js', '.webp', '.woff', '.woff2', '.eot', '.ttf', '.otf', '.mp4', '.txt']

[+] Total number of retries: 0
[+] Total unique urls found : 216
[+] Output is saved here : output/testphp.vulnweb.com.yaml

[!] Total execution time : 1.5574s
Running Nuclei on collected URLs
flag provided but not defined: -fuzz
Scan is completed - Happy Fuzzing

nucllie fuzzer not running automatic we need to give this command nuclei -t fuzzing-templates -list fuzz_endpoints.txt all the time

No url Found

How to fix this?

root@xxx:~/# nucleifuzzer -d example.com

    _   __           __     _ ______                         
   / | / /_  _______/ /__  (_) ____/_  __________  ___  _____
  /  |/ / / / / ___/ / _ \/ / /_  / / / /_  /_  / / _ \/ ___/
 / /|  / /_/ / /__/ /  __/ / __/ / /_/ / / /_/ /_/  __/ /    
/_/ |_/\__,_/\___/_/\___/_/_/    \__,_/ /___/___/\___/_/

                               Made by Satya Prakash (0xKayala)

Running ParamSpider on example.com
  File "/root/ParamSpider/paramspider.py", line 42
    url = f"https://web.archive.org/cdx/search/cdx?url=*.{args.domain}/*&output=txt&fl=original&collapse=urlkey&page=/"
                                                                                                                      ^
SyntaxError: invalid syntax
No URLs Found. Exiting...
root@xxx:~/# nucleifuzzer -d https://example.com

    _   __           __     _ ______                         
   / | / /_  _______/ /__  (_) ____/_  __________  ___  _____
  /  |/ / / / / ___/ / _ \/ / /_  / / / /_  /_  / / _ \/ ___/
 / /|  / /_/ / /__/ /  __/ / __/ / /_/ / / /_/ /_/  __/ /    
/_/ |_/\__,_/\___/_/\___/_/_/    \__,_/ /___/___/\___/_/

                               Made by Satya Prakash (0xKayala)

Running ParamSpider on https://example.com
  File "/root/ParamSpider/paramspider.py", line 42
    url = f"https://web.archive.org/cdx/search/cdx?url=*.{args.domain}/*&output=txt&fl=original&collapse=urlkey&page=/"
                                                                                                                      ^
SyntaxError: invalid syntax
No URLs Found. Exiting...

I don't know how to use it, for example I used the test station and it didn't output any vulnerabilities

root@cloud:~/test/NucleiFuzzer# nf -d testphp.vulnweb.com

_   __           __     _ ______

/ | / /_ / / () / __________ ___ _____
/ |/ / / / / / / _ / / / / / / / / / / _ / /
/ /| / // / // / __/ / __/ / // / / // // __/ /
// |/_,/_/_/_/// _,/ ///___/_/

                           Made by Satya Prakash (0xKayala)

Running ParamSpider on testphp.vulnweb.com

     ___                               _    __       
    / _ \___ ________ ___ _  ___ ___  (_)__/ /__ ____
   / ___/ _ `/ __/ _ `/  ' \(_-</ _ \/ / _  / -_) __/
  /_/   \_,_/_/  \_,_/_/_/_/___/ .__/_/\_,_/\__/_/   
                              /_/                    
                        
                        - coded with <3 by Devansh Batham

[!] URLS containing these extensions will be excluded from the results : ['.png', '.jpg', '.gif', '.jpeg', '.swf', '.woff', '.gif', '.svg']

[+] Total number of retries: 0
[+] Total unique urls found : 106
[+] Output is saved here : output/testphp.vulnweb.com.txt

[!] Total execution time : 1.669s
Running Nuclei on testphp.vulnweb.com.txt

                 __     _

____ __ / / ()
/ __ / / / / / / _ / /
/ / / / // / // / __/ /
// //_,/_/_/_/_/ v3.0.3

            projectdiscovery.io

Usage: httpx [OPTIONS] URL

Error: no such option: -s
[INF] Current nuclei version: v3.0.3 (outdated)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 19
[WRN] Executing 21 unsigned templates. Use with caution.
[INF] No results found. Better luck next time!
Scan is completed - Happy Fuzzing

No URLs Found. Exiting...

hello
I can't run nuclei.

[+] Total number of retries: 0
[+] Total unique urls found : 82
[+] Output is saved here : http://testphp.vulnweb.com/-paramspider_output.txt

[!] Total execution time : 8.565s
No URLs Found. Exiting...
thx.

Add -H header

Please add the -H header paramatter

[reflected-xss] [http] [medium] https://######/domain-names/search/?domain=FUZZ'"><28022

The payload will be in the FUZZ right?

Problem with the tool

Hello brother, there is a problem with the tool. Is there a solution?

Error: No such option: -s

.
.
.
[!] Total execution time      : 38.23s
Running Nuclei on collected URLs

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.1

		projectdiscovery.io

Usage: httpx [OPTIONS] URL

Error: No such option: -s
[INF] Current nuclei version: v3.1.1 (outdated)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 20
[WRN] Executing 22 unsigned templates. Use with caution.
[INF] No results found. Better luck next time!
Scan is completed - Happy Fuzzing

FTL error

Hi i have a problem

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Supplied input was automatically deduplicated (11 removed).
[WRN] Found 22 templates with syntax error (use -validate flag for further examination)
[INF] Using Nuclei Engine 2.7.7 (latest)
[INF] Using Nuclei Templates 9.2.2 (latest)
[FTL] Could not run nuclei: no valid templates were found
Scan is completed - Happy Fuzzing

runtime error: invalid memory address or nil pointer dereference

i have this issus any solution ?
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe7a406]

goroutine 202 [running]:
github.com/projectdiscovery/interactsh/pkg/client.(*Client).URL(0x0?)
/home/kali/go/pkg/mod/github.com/projectdiscovery/[email protected]/pkg/client/client.go:569 +0x26

0xkayala / nucleifuzzer Goto Github PK

nucleifuzzer's Introduction

NucleiFuzzer = Nuclei + Paramspider

Tools included:

Templates:

Screenshot

Output

Usage

Installation:

Examples:

Practical Demonstration:

Star History

Contributing

Connect with me:

Support me:

nucleifuzzer's People

Contributors

Stargazers

Watchers

Forkers

nucleifuzzer's Issues

Error:

Recommend Projects

Recommend Topics

Recommend Org