# nuclei config file
# generated by https://github.com/projectdiscovery/goflags

# target urls/hosts to scan
#target: []

# path to file containing a list of target urls/hosts to scan (one per line)
#list: 

# hosts to exclude to scan from the input list (ip, cidr, hostname)
#exclude-hosts: []

# resume scan using resume.cfg (clustering will be disabled)
#resume: 

# scan all the ip's associated with dns record
#scan-all-ips: false

# ip version to scan of hostname (4,6) - (default 4)
#ip-version: []

# mode of input file (list, burp, jsonl, yaml, openapi, swagger)
#input-mode: list

# use only required fields in input format when generating requests
#required-only: false

# skip format validation (like missing vars) when parsing input file
#skip-format-validation: false

# run only new templates added in latest nuclei-templates release
#new-templates: false

# run new templates added in specific version
#new-templates-version: []

# automatic web scan using wappalyzer technology detection to tags mapping
#automatic-scan: false

# list of template or template directory to run (comma-separated, file)
#templates: []

# template url or list containing template urls to run (comma-separated, file)
#template-url: []

# list of workflow or workflow directory to run (comma-separated, file)
#workflows: []

# workflow url or list containing workflow urls to run (comma-separated, file)
#workflow-url: []

# validate the passed templates to nuclei
#validate: false

# disable strict syntax check on templates
#no-strict-syntax: false

# displays the templates content
#template-display: false

# list all available templates
#tl: false

# list all available tags
#tgl: false

# allowed domain list to load remote templates from
#remote-template-domain: 

# signs the templates with the private key defined in nuclei_signature_private_key env variable
#sign: false

# enable loading code protocol-based templates
#code: false

# disable running unsigned templates or templates with mismatched signature
#disable-unsigned-templates: false

# templates to run based on authors (comma-separated, file)
#author: []

# templates to run based on tags (comma-separated, file)
#tags: []

# templates to exclude based on tags (comma-separated, file)
#exclude-tags: []

# tags to be executed even if they are excluded either by default or configuration
#include-tags: []

# templates to run based on template ids (comma-separated, file, allow-wildcard)
#template-id: []

# templates to exclude based on template ids (comma-separated, file)
#exclude-id: []

# path to template file or directory to be executed even if they are excluded either by default or configuration
#include-templates: []

# path to template file or directory to exclude (comma-separated, file)
#exclude-templates: []

# template matchers to exclude in result
#exclude-matchers: []

# templates to run based on severity. possible values: info, low, medium, high, critical, unknown
#severity: 

# templates to exclude based on severity. possible values: info, low, medium, high, critical, unknown
#exclude-severity: 

# templates to run based on protocol type. possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
#type: 

# templates to exclude based on protocol type. possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
#exclude-type: 

# templates to run based on expression condition
#template-condition: []

# output file to write found issues/vulnerabilities
#output: 

# store all request/response passed through nuclei to output directory
#store-resp: false

# store all request/response passed through nuclei to custom directory
#store-resp-dir: output

# display findings only
#silent: false

# disable output content coloring (ansi escape codes)
#no-color: false

# write output in jsonl(ines) format
#jsonl: false

# include request/response pairs in the json, jsonl, and markdown outputs (for findings only) [deprecated use `-omit-raw`]
#include-rr: true

# omit request/response pairs in the json, jsonl, and markdown outputs (for findings only)
#omit-raw: false

# omit encoded template in the json, jsonl output
#omit-template: false

# disable printing result metadata in cli output
#no-meta: false

# enables printing timestamp in cli output
#timestamp: false

# nuclei reporting database (always use this to persist report data)
#report-db: 

# display match failure status
#matcher-status: false

# directory to export results in markdown format
#markdown-export: 

# file to export results in sarif format
#sarif-export: 

# file to export results in json format
#json-export: 

# file to export results in jsonl(ine) format
#jsonl-export: 

# redact given list of keys from query parameter, request header and body
#redact: []

# path to the nuclei configuration file
#config: 

# template profile config file to run
#profile: 

# list community template profiles
#profile-list: false

# enable following redirects for http templates
#follow-redirects: false

# follow redirects on the same host
#follow-host-redirects: false

# max number of redirects to follow for http templates
#max-redirects: 10

# disable redirects for http templates
#disable-redirects: false

# nuclei reporting module configuration file
#report-config: 

# custom header/cookie to include in all http request in header:value format (cli, file)
#header: []

# custom vars in key=value format
#var: 

# file containing resolver list for nuclei
#resolvers: 

# use system dns resolving as error fallback
#system-resolvers: false

# disable clustering of requests
#disable-clustering: false

# enable passive http response processing mode
#passive: false

# force http2 connection on requests
#force-http2: false

# enable environment variables to be used in template
#env-vars: false

# client certificate file (pem-encoded) used for authenticating against scanned hosts
#client-cert: 

# client key file (pem-encoded) used for authenticating against scanned hosts
#client-key: 

# client certificate authority file (pem-encoded) used for authenticating against scanned hosts
#client-ca: 

# show match lines for file templates, works with extractors only
#show-match-line: false

# use ztls library with autofallback to standard one for tls13 [deprecated] autofallback to ztls is enabled by default
#ztls: false

# tls sni hostname to use (default: input domain name)
#sni: 

# keep-alive duration for network requests.
#dialer-keep-alive: 

# allows file (payload) access anywhere on the system
#allow-local-file-access: false

# blocks connections to the local / private network
#restrict-local-network-access: false

# network interface to use for network scan
#interface: 

# type of payload combinations to perform (batteringram,pitchfork,clusterbomb)
#attack-type: 

# source ip address to use for network scan
#source-ip: 

# max response size to read in bytes
#response-size-read: 0

# max response size to read in bytes
#response-size-save: 1048576

# reset removes all nuclei configuration and data files (including nuclei-templates)
#reset: false

# enable experimental client hello (ja3) tls randomization
#tls-impersonate: false

# experimental http api endpoint
#http-api-endpoint: 

# interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
#interactsh-server: 

# authentication token for self-hosted interactsh server
#interactsh-token: 

# number of requests to keep in the interactions cache
#interactions-cache-size: 5000

# number of seconds to wait before evicting requests from cache
#interactions-eviction: 60

# number of seconds to wait before each interaction poll request
#interactions-poll-duration: 5

# extra time for interaction polling before exiting
#interactions-cooldown-period: 5

# disable interactsh server for oast testing, exclude oast based templates
#no-interactsh: false

# overrides fuzzing type set in template (replace, prefix, postfix, infix)
#fuzzing-type: 

# overrides fuzzing mode set in template (multiple, single)
#fuzzing-mode: 

# enable loading fuzzing templates (deprecated: use -dast instead)
#fuzz: false

# enable / run dast (fuzz) nuclei templates
#dast: false

# display fuzz points in the output for debugging
#display-fuzz-points: false

# frequency of uninteresting parameters for fuzzing before skipping
#fuzz-param-frequency: 10

# fuzzing aggression level controls payload count for fuzz (low, medium, high)
#fuzz-aggression: low

# enable uncover engine
#uncover: false

# uncover search query
#uncover-query: []

# uncover search engine (shodan,censys,fofa,shodan-idb,quake,hunter,zoomeye,netlas,criminalip,publicwww,hunterhow,google) (default shodan)
#uncover-engine: []

# uncover fields to return (ip,port,host)
#uncover-field: ip:port

# uncover results to return
#uncover-limit: 100

# override ratelimit of engines with unknown ratelimit (default 60 req/min)
#uncover-ratelimit: 60

# maximum number of requests to send per second
#rate-limit: 150

# maximum number of requests to send per second
#rate-limit-duration: 

# maximum number of requests to send per minute (deprecated)
#rate-limit-minute: 0

# maximum number of hosts to be analyzed in parallel per template
#bulk-size: 25

# maximum number of templates to be executed in parallel
#concurrency: 25

# maximum number of headless hosts to be analyzed in parallel per template
#headless-bulk-size: 10

# maximum number of headless templates to be executed in parallel
#headless-concurrency: 10

# maximum number of javascript runtimes to be executed in parallel
#js-concurrency: 120

# max payload concurrency for each template
#payload-concurrency: 25

# http probe concurrency with httpx
#probe-concurrency: 50

# time to wait in seconds before timeout
#timeout: 10

# number of times to retry a failed request
#retries: 1

# leave default http/https ports (eg. host:80,host:443)
#leave-default-ports: false

# max errors for a host before skipping from scan
#max-host-error: 30

# adds given error to max-host-error watchlist (standard, file)
#track-error: []

# disable skipping host from scan based on errors
#no-mhe: false

# use a project folder to avoid sending same request multiple times
#project: false

# set a specific project path
#project-path: /tmp

# stop processing http requests after the first match (may break template/workflow logic)
#stop-at-first-match: false

# stream mode - start elaborating without sorting the input
#stream: false

# strategy to use while scanning(auto/host-spray/template-spray)
#scan-strategy: auto

# timeout on input read
#input-read-timeout: 

# disable httpx probing for non-url input
#no-httpx: false

# disable stdin processing
#no-stdin: false

# enable templates that require headless browser support (root user on linux will disable sandbox)
#headless: false

# seconds to wait for each page in headless mode
#page-timeout: 20

# show the browser on the screen when running templates with headless mode
#show-browser: false

# start headless chrome with additional options
#headless-options: []

# use local installed chrome browser instead of nuclei installed
#system-chrome: false

# list available headless actions
#list-headless-action: false

# show all requests and responses
#debug: false

# show all sent requests
#debug-req: false

# show all received responses
#debug-resp: false

# list of http/socks5 proxy to use (comma separated or file input)
#proxy: []

# proxy all internal requests
#proxy-internal: false

# list all supported dsl function signatures
#list-dsl-function: false

# file to write sent requests trace log
#trace-log: 

# file to write sent requests error log
#error-log: 

# show nuclei version
#version: false

# enable nuclei hang monitoring
#hang-monitor: false

# show verbose output
#verbose: false

# optional nuclei memory profile dump file
#profile-mem: 

# display templates loaded for scan
#vv: false

# show variables dump for debugging
#show-var-dump: false

# enable pprof debugging server
#enable-pprof: false

# shows the version of the installed nuclei-templates
#templates-version: false

# run diagnostic check up
#health-check: false

# update nuclei engine to the latest released version
#update: false

# update nuclei-templates to latest released version
#update-templates: false

# custom directory to install / update nuclei-templates
#update-template-dir: 

# disable automatic nuclei/templates update check
#disable-update-check: false

# display statistics about the running scan
#stats: false

# display statistics in jsonl(ines) format
#stats-json: false

# number of seconds to wait between showing a statistics update
#stats-interval: 5

# port to expose nuclei metrics on
#metrics-port: 9092

# configure projectdiscovery cloud (pdcp) api key
#auth: true

# upload scan results to given team id (optional)
#team-id: none

# upload scan results to pdcp dashboard
#cloud-upload: false

# upload scan results to existing scan id (optional)
#scan-id: 

# scan name to set (optional)
#scan-name: 

# path to config file containing secrets for nuclei authenticated scan
#secret-file: []

# prefetch secrets from the secrets file
#prefetch-secrets: false