Nuclei — The best tool for automating Vulnerability testing.

Hello everyone,

I am Nitin yadav(KD) back again with another write-up on the best tool for finding easy vulnerabilities. Please ignore my mistakes. So without further wasting time let's roll to the bug and how I found it.

Photo by Varvara Grabova on Unsplash

This time I thought of finding the bugs which I never look for so. And as you can see people saying about recon and make your own methodology. So I thought of giving it a try and started making my own methodology. And frankly speaking, it really helps. As I don't hunt on the same program if I am not finding bugs I switch to another program but this time I decide to not change the program I have to find some bugs there and at least test the program for 1 month. So It was a private program and I started testing and also take notes of that.

How did I start?

I thought of testing the program using the owasp checklist

As I move further I found some bugs but after some days it became boring. So I thought of a shortcut

How I got easy bugs?

As you have read my last blog If not you can find it here —

My Easiest Critical Bug

Here I talked about a great tool and really it helps. I thought of using Nuclei and started it on in-scope domains.

But my bad luck this time. I got nothing and I stopped testing.

But after some time I thought that the templates used in nuclei are the same as everyone is using them so what's the difference and how can I find bugs using the same templates like everyone else are using so I started looking for the templates which are not given by Project Discovery team and got some templates by some of the cool researchers out there.

And I load the templates and then as I always do. Relax and let the tool do its work within just half an hour I found 4 or 5 bugs and that means

Photo by Mufid Majnun on Unsplash

As by manually testing I don't think I may find those bugs so I think both are important and I reported the bugs and after that

Relax and wait for a response from the team

References:

Nuclei Templates -

GitHub - pikpikcu/nuclei-templates: Community curated list of template files for the nuclei engine…

GitHub - esetal/nuclei-bb-templates: nuclei-bb-templates

GitHub - panch0r3d/nuclei-templates

OWASP Checklist -

GitHub - 0xRadi/OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist

As a beginner I find it easy to learn from videos so I thought of starting a youtube channel Where I post POC for beginners as well as others too to learn something new I post POC videos every day so if you are interested you can give it a try.

Youtube channel -

CyberHacks

If you want to talk ask me any questions or send me any suggestions you can message me on https://twitter.com/Nitinydv14

Photo by Matt Botsford on Unsplash

I hope you enjoy this one and I see you next time ;)

Take care, happy hacking!