Nuclei Scanner Tech Conference 2026 — เครื่องมือ
Nuclei Scanner
Nuclei Scanner Template Vulnerability CVE Misconfigurations Bug Bounty CI/CD Enterprise Security ProjectDiscovery YAML Go Protocol
| Feature | Description | Template Count | Use Case |
|---|---|---|---|
| CVE Detection | Known vulnerabilities | 3000+ | Patch management |
| Misconfigurations | Server/app misconfig | 1000+ | Hardening |
| Exposed Panels | Admin panels, dashboards | 500+ | Attack surface |
| Default Logins | Default credentials | 300+ | Access control |
| Takeovers | DNS/subdomain takeover | 100+ | Domain security |
| Technologies | Tech stack detection | 500+ | Reconnaissance |
Installation and Usage
# === Nuclei Setup and Scanning ===
# Install
# go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# or
# docker pull projectdiscovery/nuclei:latest
# Update templates
# nuclei -update-templates
# Basic scan
# nuclei -u https://target.com
# Scan with specific severity
# nuclei -u https://target.com -severity critical, high
# Scan with specific templates
# nuclei -u https://target.com -t cves/ -t misconfigurations/
# Scan multiple targets
# nuclei -l targets.txt -severity critical, high -o results.txt
# JSON output for automation
# nuclei -u https://target.com -json -o results.json
# Rate limiting
# nuclei -u https://target.com -rate-limit 100 -bulk-size 25 -concurrency 10
# Scan with custom headers
# nuclei -u https://target.com -H "Authorization: Bearer TOKEN"
# Exclude certain templates
# nuclei -u https://target.com -exclude-tags dos, fuzz
from dataclasses import dataclass
@dataclass
class ScanProfile:
profile: str
templates: str
severity: str
rate_limit: int
duration: str
use_case: str
profiles = [
ScanProfile("Quick Scan", "-t exposed-panels/ -t technologies/",
"info, low", 150, "1-5 min", "Every PR / deploy"),
ScanProfile("Standard Scan", "-t cves/ -t misconfigurations/",
"medium, high, critical", 100, "10-30 min", "Weekly"),
ScanProfile("Full Scan", "All templates",
"all", 50, "1-4 hours", "Monthly / quarterly"),
ScanProfile("Bug Bounty", "-t cves/ -t takeovers/ -t exposures/",
"high, critical", 100, "30-60 min", "Per program"),
ScanProfile("Compliance", "-t misconfigurations/ -t ssl/",
"medium, high", 100, "15-30 min", "Compliance audit"),
]
print("=== Scan Profiles ===")
for p in profiles:
print(f" [{p.profile}] Templates: {p.templates}")
print(f" Severity: {p.severity} | Rate: {p.rate_limit}/s")
print(f" Duration: {p.duration} | Use: {p.use_case}")Custom Template
# === Custom Nuclei Template ===
# my-custom-check.yaml
# id: my-admin-panel-check
# info:
# name: Admin Panel Detection
# author: myteam
# severity: medium
# description: Detects exposed admin panels
# tags: admin, panel, exposure
#
# http:
# - method: GET
# path:
# - "{{BaseURL}}/admin"
# - "{{BaseURL}}/admin/login"
# - "{{BaseURL}}/wp-admin"
# - "{{BaseURL}}/administrator"
# - "{{BaseURL}}/panel"
#
# matchers-condition: and
# matchers:
# - type: status
# status:
# - 200
# - type: word
# words:
# - "login"
# - "password"
# - "admin"
# condition: or
#
# extractors:
# - type: regex
# regex:
# - ''
# group: 1
# Advanced: Multi-step with variables
# id: api-key-leak
# info:
# name: API Key Leak Detection
# author: myteam
# severity: high
#
# http:
# - method: GET
# path:
# - "{{BaseURL}}/.env"
# - "{{BaseURL}}/config.json"
# - "{{BaseURL}}/.git/config"
#
# matchers:
# - type: regex
# regex:
# - "(?i)(api[_-]?key|api[_-]?secret|access[_-]?token)\\s*[=:]\\s*['\"]?([a-zA-Z0-9_-]{20,})"
#
# extractors:
# - type: regex
# name: leaked_key
# regex:
# - "(?i)(api[_-]?key|api[_-]?secret)\\s*[=:]\\s*['\"]?([a-zA-Z0-9_-]{20,})"
# group: 2
# Validate template
# nuclei -validate -t my-custom-check.yaml
# nuclei -t my-custom-check.yaml -u https://target.com -debug
@dataclass
class TemplateExample:
name: str
severity: str
type: str
matcher: str
finding: str
examples = [
TemplateExample("CVE-2024-XXXX", "critical", "HTTP",
"Status 200 + specific response body",
"Known vulnerability with exploit"),
TemplateExample("Exposed .env file", "high", "HTTP",
"Status 200 + regex for API keys",
"Sensitive credentials exposed"),
TemplateExample("Open redirect", "medium", "HTTP",
"Status 302 + Location header match",
"URL redirect manipulation"),
TemplateExample("Missing security headers", "info", "HTTP",
"Negative match for headers",
"X-Frame-Options, CSP missing"),
TemplateExample("SSL certificate expiry", "low", "SSL",
"Certificate expiry < 30 days",
"SSL cert about to expire"),
]
print("\nTemplate Examples:")
for e in examples:
print(f" [{e.severity.upper()}] {e.name}")
print(f" Type: {e.type} | Matcher: {e.matcher}")
print(f" Finding: {e.finding}")CI/CD and Enterprise
# === CI/CD Integration ===
# GitHub Actions
# name: Nuclei Security Scan
# on:
# push:
# branches: [main]
# schedule:
# - cron: '0 2 * * *'
#
# jobs:
# scan:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - uses: projectdiscovery/nuclei-action@main
# with:
# target: https://myapp.com
# flags: "-severity critical, high -json"
# output: nuclei-results.json
# - name: Parse results
# run: |
# CRITICAL=$(jq '[.[] | select(.info.severity=="critical")] | length' nuclei-results.json)
# if [ "$CRITICAL" -gt 0 ]; then
# echo "CRITICAL vulnerabilities found!"
# exit 1
# fi
# - uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: nuclei-results.sarif
@dataclass
class EnterpriseFeature:
feature: str
description: str
benefit: str
tool: str
features = [
EnterpriseFeature("Asset Discovery", "Discover all subdomains and services",
"Complete attack surface visibility",
"subfinder + httpx + nuclei pipeline"),
EnterpriseFeature("Scheduled Scanning", "Automated recurring scans",
"Continuous security monitoring",
"Cron + nuclei + reporting"),
EnterpriseFeature("Custom Templates", "Organization-specific checks",
"Tailored security testing",
"Private template repository"),
EnterpriseFeature("Integration", "Send findings to tracking systems",
"Streamlined remediation workflow",
"DefectDojo, Jira, Slack webhooks"),
EnterpriseFeature("Compliance", "Map findings to compliance frameworks",
"Audit readiness",
"OWASP Top 10, CIS, PCI DSS tags"),
EnterpriseFeature("Reporting", "Executive and technical reports",
"Stakeholder communication",
"JSON, SARIF, Markdown, HTML"),
]
print("Enterprise Features:")
for f in features:
print(f" [{f.feature}] {f.description}")
print(f" Benefit: {f.benefit}")
print(f" Tool: {f.tool}")เคล็ดลับ
- Update: อัพเดท Templates ทุกสัปดาห์ มี CVE ใหม่ตลอด
- Rate Limit: ตั้ง Rate Limit เหมาะสม ไม่ทำให้ Target ล่ม
- Custom: เขียน Custom Template สำหรับ App เฉพาะขององค์กร
- Pipeline: subfinder → httpx → nuclei เป็น Pipeline มาตรฐาน
- Legal: Scan เฉพาะ Target ที่ได้รับอนุญาตเท่านั้น
Nuclei Scanner คืออะไร
Open Source Vulnerability Scanner ProjectDiscovery Template YAML CVE Misconfigurations Panels Default Logins DNS Takeover Go 6000 Templates