Nuclei Release

Nuclei v2.4.0 - Uniform, Stable & More Powerful

ProjectDiscovery
ProjectDiscovery
3 min read
Nuclei v2.4.0 - Uniform, Stable & More Powerful

The new nuclei v2.4.0 release includes a slew of bug fixes and feature enhancements that improve the overall uniformity, stability, and functionality of the tool.

Uniform

This version includes improvements to the template execution process, with the nuclei-templates repository now serving as the default entry point. This means that when no templates are specified, the Nuclei engine executes all public templates (those that are not excluded) on the targets that have been specified.

nuclei -u https://example.com

Running default nuclei scan on a single URL


The template filtering system has also been made more consistent across the CLI, Config file. Templates can now be filtered or executed based on a number of different criteria, including severity, author, and tags. Workflows now have the ability to make use of the filters as well.

Stable

A number of crashes have been resolved in the Nuclei Engine, resulting in the engine becoming more stable. A complete list of all of the changes can be found here.

Overlapping configurations in the form of templates, tags, and configuration files have all been optimized, and the execution logic has been clearly defined.

Powerful

Nuclei will now automatically download the nuclei-templates latest tag if it detects that it is not installed in the user's home directory by default or on a custom path specified in the config file. Every 24 hours, the templates repository is checked for new updates and, if any are available, they are downloaded and installed.

Workflows now support template execution based on tags. Likewise, you can specify which tags you want to run in place of the templates.

workflows:
  - template: technologies/tech-detect.yaml
    matchers:
      - name: wordpress
        subtemplates:
          - tags: wordpress,wp-plugin

Running WordPress Templates By Tags

The author flag now allows templates to be run or filtered by the author.

nuclei -author dhiyaneshdk
nuclei -t cves/ -author geeknik

Running or filtering templates with authors

include-tags and include-templates are two types of include directives. Flags have been introduced to allow users to overwrite the default exclusion list, which was previously unavailable. You can just use these two flags to include a template or a tag that is declared in exclusion if you wish to do it that way.

nuclei -include-tags fuzzing,dos
nuclei -include-templates cves/2020/CVE-2020-11451.yaml

Include Tags or Templates From Exclusion List

The ability to send payloads has been added to network templates. This enables network requests to be fuzzed with various nuclei payload attack types, which is useful.

id: network-payload-example

info:
  name: Network Protocol Payload Support Example
  author: pdteam
  severity: info

network:
  - payloads:
      username:
        - anonymous
        - admin
      password:
        - password
        - anonymous
    attack: clusterbomb
    inputs:
      - data: "USER {{username}}\r\nPASS {{password}}\r\n"
    host:
      - "{{Hostname}}:21"
    matchers:
      - type: word
        words:
          - "230"

Payload Support for Network Requests

Furthermore, Dynamic Extractors are now accessible for the TCP/IP network protocol, which was previously unavailable. Similar to HTTP support, you can use this approach to record portions of a network response and reuse them for your future request using the same mechanism. An example of the FTP protocol is shown in the next section.

id: dynamic-network-extractors

info:
  name: Dynamic Network Extractors Test
  author: test
  severity: info

network:
  - inputs:
      - data: "USER anonymous\r\n"
        read: 1024
        name: step1
      - data: "PASS {{user}}\r\n"
        read: 1024
        name: step2
    host:
      - "{{Hostname}}"
    read-size: 1024

    matchers:
      - type: word
        words:
          - "530 Login incorrect." 
        part: data

    extractors:
      - type: regex
        name: user
        internal: true
        group: 1
        regex:
          - "Please specify ([a-z]+) password."
        part: step1

An example for Network Protocol Dynamic Extractors

The validate flag has also been added, which performs validation on templates and workflows that have been processed.

What next for nuclei?

We plan to implement a self-hosted Web Dashboard for nuclei scans/reporting/template management and REST API enabled queue-based scanning in the next major release of nuclei, which we expect to be in Nuclei v3 *️⃣.

In the meantime, we'll keep working on enhancements, bug fixes, and feature additions. If you have a suggestion for a feature or something you'd like to see implemented in the future, please let us know. Please feel free to tweet us at @pdnuclei or Join our discord community server.

*️⃣
2023-04-10 Update: These features are coming with Nuclei Cloud! For more information on Nuclei Cloud, see our blog post here.

You might also like

Subscribe to our newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!
--