mirror of
https://github.com/JorySeverijnse/dotfiles.git
synced 2026-01-29 12:28:36 +00:00
518 lines
13 KiB
YAML
518 lines
13 KiB
YAML
# nuclei config file
|
|
# generated by https://github.com/projectdiscovery/goflags
|
|
|
|
# target urls/hosts to scan
|
|
#target: []
|
|
|
|
# path to file containing a list of target urls/hosts to scan (one per line)
|
|
#list:
|
|
|
|
# hosts to exclude to scan from the input list (ip, cidr, hostname)
|
|
#exclude-hosts: []
|
|
|
|
# resume scan using resume.cfg (clustering will be disabled)
|
|
#resume:
|
|
|
|
# scan all the ip's associated with dns record
|
|
#scan-all-ips: false
|
|
|
|
# ip version to scan of hostname (4,6) - (default 4)
|
|
#ip-version: []
|
|
|
|
# mode of input file (list, burp, jsonl, yaml, openapi, swagger)
|
|
#input-mode: list
|
|
|
|
# use only required fields in input format when generating requests
|
|
#required-only: false
|
|
|
|
# skip format validation (like missing vars) when parsing input file
|
|
#skip-format-validation: false
|
|
|
|
# run only new templates added in latest nuclei-templates release
|
|
#new-templates: false
|
|
|
|
# run new templates added in specific version
|
|
#new-templates-version: []
|
|
|
|
# automatic web scan using wappalyzer technology detection to tags mapping
|
|
#automatic-scan: false
|
|
|
|
# list of template or template directory to run (comma-separated, file)
|
|
#templates: []
|
|
|
|
# template url or list containing template urls to run (comma-separated, file)
|
|
#template-url: []
|
|
|
|
# list of workflow or workflow directory to run (comma-separated, file)
|
|
#workflows: []
|
|
|
|
# workflow url or list containing workflow urls to run (comma-separated, file)
|
|
#workflow-url: []
|
|
|
|
# validate the passed templates to nuclei
|
|
#validate: false
|
|
|
|
# disable strict syntax check on templates
|
|
#no-strict-syntax: false
|
|
|
|
# displays the templates content
|
|
#template-display: false
|
|
|
|
# list all available templates
|
|
#tl: false
|
|
|
|
# list all available tags
|
|
#tgl: false
|
|
|
|
# allowed domain list to load remote templates from
|
|
#remote-template-domain:
|
|
|
|
# signs the templates with the private key defined in nuclei_signature_private_key env variable
|
|
#sign: false
|
|
|
|
# enable loading code protocol-based templates
|
|
#code: false
|
|
|
|
# disable running unsigned templates or templates with mismatched signature
|
|
#disable-unsigned-templates: false
|
|
|
|
# templates to run based on authors (comma-separated, file)
|
|
#author: []
|
|
|
|
# templates to run based on tags (comma-separated, file)
|
|
#tags: []
|
|
|
|
# templates to exclude based on tags (comma-separated, file)
|
|
#exclude-tags: []
|
|
|
|
# tags to be executed even if they are excluded either by default or configuration
|
|
#include-tags: []
|
|
|
|
# templates to run based on template ids (comma-separated, file, allow-wildcard)
|
|
#template-id: []
|
|
|
|
# templates to exclude based on template ids (comma-separated, file)
|
|
#exclude-id: []
|
|
|
|
# path to template file or directory to be executed even if they are excluded either by default or configuration
|
|
#include-templates: []
|
|
|
|
# path to template file or directory to exclude (comma-separated, file)
|
|
#exclude-templates: []
|
|
|
|
# template matchers to exclude in result
|
|
#exclude-matchers: []
|
|
|
|
# templates to run based on severity. possible values: info, low, medium, high, critical, unknown
|
|
#severity:
|
|
|
|
# templates to exclude based on severity. possible values: info, low, medium, high, critical, unknown
|
|
#exclude-severity:
|
|
|
|
# templates to run based on protocol type. possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
|
#type:
|
|
|
|
# templates to exclude based on protocol type. possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
|
|
#exclude-type:
|
|
|
|
# templates to run based on expression condition
|
|
#template-condition: []
|
|
|
|
# output file to write found issues/vulnerabilities
|
|
#output:
|
|
|
|
# store all request/response passed through nuclei to output directory
|
|
#store-resp: false
|
|
|
|
# store all request/response passed through nuclei to custom directory
|
|
#store-resp-dir: output
|
|
|
|
# display findings only
|
|
#silent: false
|
|
|
|
# disable output content coloring (ansi escape codes)
|
|
#no-color: false
|
|
|
|
# write output in jsonl(ines) format
|
|
#jsonl: false
|
|
|
|
# include request/response pairs in the json, jsonl, and markdown outputs (for findings only) [deprecated use `-omit-raw`]
|
|
#include-rr: true
|
|
|
|
# omit request/response pairs in the json, jsonl, and markdown outputs (for findings only)
|
|
#omit-raw: false
|
|
|
|
# omit encoded template in the json, jsonl output
|
|
#omit-template: false
|
|
|
|
# disable printing result metadata in cli output
|
|
#no-meta: false
|
|
|
|
# enables printing timestamp in cli output
|
|
#timestamp: false
|
|
|
|
# nuclei reporting database (always use this to persist report data)
|
|
#report-db:
|
|
|
|
# display match failure status
|
|
#matcher-status: false
|
|
|
|
# directory to export results in markdown format
|
|
#markdown-export:
|
|
|
|
# file to export results in sarif format
|
|
#sarif-export:
|
|
|
|
# file to export results in json format
|
|
#json-export:
|
|
|
|
# file to export results in jsonl(ine) format
|
|
#jsonl-export:
|
|
|
|
# redact given list of keys from query parameter, request header and body
|
|
#redact: []
|
|
|
|
# path to the nuclei configuration file
|
|
#config:
|
|
|
|
# template profile config file to run
|
|
#profile:
|
|
|
|
# list community template profiles
|
|
#profile-list: false
|
|
|
|
# enable following redirects for http templates
|
|
#follow-redirects: false
|
|
|
|
# follow redirects on the same host
|
|
#follow-host-redirects: false
|
|
|
|
# max number of redirects to follow for http templates
|
|
#max-redirects: 10
|
|
|
|
# disable redirects for http templates
|
|
#disable-redirects: false
|
|
|
|
# nuclei reporting module configuration file
|
|
#report-config:
|
|
|
|
# custom header/cookie to include in all http request in header:value format (cli, file)
|
|
#header: []
|
|
|
|
# custom vars in key=value format
|
|
#var:
|
|
|
|
# file containing resolver list for nuclei
|
|
#resolvers:
|
|
|
|
# use system dns resolving as error fallback
|
|
#system-resolvers: false
|
|
|
|
# disable clustering of requests
|
|
#disable-clustering: false
|
|
|
|
# enable passive http response processing mode
|
|
#passive: false
|
|
|
|
# force http2 connection on requests
|
|
#force-http2: false
|
|
|
|
# enable environment variables to be used in template
|
|
#env-vars: false
|
|
|
|
# client certificate file (pem-encoded) used for authenticating against scanned hosts
|
|
#client-cert:
|
|
|
|
# client key file (pem-encoded) used for authenticating against scanned hosts
|
|
#client-key:
|
|
|
|
# client certificate authority file (pem-encoded) used for authenticating against scanned hosts
|
|
#client-ca:
|
|
|
|
# show match lines for file templates, works with extractors only
|
|
#show-match-line: false
|
|
|
|
# use ztls library with autofallback to standard one for tls13 [deprecated] autofallback to ztls is enabled by default
|
|
#ztls: false
|
|
|
|
# tls sni hostname to use (default: input domain name)
|
|
#sni:
|
|
|
|
# keep-alive duration for network requests.
|
|
#dialer-keep-alive:
|
|
|
|
# allows file (payload) access anywhere on the system
|
|
#allow-local-file-access: false
|
|
|
|
# blocks connections to the local / private network
|
|
#restrict-local-network-access: false
|
|
|
|
# network interface to use for network scan
|
|
#interface:
|
|
|
|
# type of payload combinations to perform (batteringram,pitchfork,clusterbomb)
|
|
#attack-type:
|
|
|
|
# source ip address to use for network scan
|
|
#source-ip:
|
|
|
|
# max response size to read in bytes
|
|
#response-size-read: 0
|
|
|
|
# max response size to read in bytes
|
|
#response-size-save: 1048576
|
|
|
|
# reset removes all nuclei configuration and data files (including nuclei-templates)
|
|
#reset: false
|
|
|
|
# enable experimental client hello (ja3) tls randomization
|
|
#tls-impersonate: false
|
|
|
|
# experimental http api endpoint
|
|
#http-api-endpoint:
|
|
|
|
# interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
|
|
#interactsh-server:
|
|
|
|
# authentication token for self-hosted interactsh server
|
|
#interactsh-token:
|
|
|
|
# number of requests to keep in the interactions cache
|
|
#interactions-cache-size: 5000
|
|
|
|
# number of seconds to wait before evicting requests from cache
|
|
#interactions-eviction: 60
|
|
|
|
# number of seconds to wait before each interaction poll request
|
|
#interactions-poll-duration: 5
|
|
|
|
# extra time for interaction polling before exiting
|
|
#interactions-cooldown-period: 5
|
|
|
|
# disable interactsh server for oast testing, exclude oast based templates
|
|
#no-interactsh: false
|
|
|
|
# overrides fuzzing type set in template (replace, prefix, postfix, infix)
|
|
#fuzzing-type:
|
|
|
|
# overrides fuzzing mode set in template (multiple, single)
|
|
#fuzzing-mode:
|
|
|
|
# enable loading fuzzing templates (deprecated: use -dast instead)
|
|
#fuzz: false
|
|
|
|
# enable / run dast (fuzz) nuclei templates
|
|
#dast: false
|
|
|
|
# display fuzz points in the output for debugging
|
|
#display-fuzz-points: false
|
|
|
|
# frequency of uninteresting parameters for fuzzing before skipping
|
|
#fuzz-param-frequency: 10
|
|
|
|
# fuzzing aggression level controls payload count for fuzz (low, medium, high)
|
|
#fuzz-aggression: low
|
|
|
|
# enable uncover engine
|
|
#uncover: false
|
|
|
|
# uncover search query
|
|
#uncover-query: []
|
|
|
|
# uncover search engine (shodan,censys,fofa,shodan-idb,quake,hunter,zoomeye,netlas,criminalip,publicwww,hunterhow,google) (default shodan)
|
|
#uncover-engine: []
|
|
|
|
# uncover fields to return (ip,port,host)
|
|
#uncover-field: ip:port
|
|
|
|
# uncover results to return
|
|
#uncover-limit: 100
|
|
|
|
# override ratelimit of engines with unknown ratelimit (default 60 req/min)
|
|
#uncover-ratelimit: 60
|
|
|
|
# maximum number of requests to send per second
|
|
#rate-limit: 150
|
|
|
|
# maximum number of requests to send per second
|
|
#rate-limit-duration:
|
|
|
|
# maximum number of requests to send per minute (deprecated)
|
|
#rate-limit-minute: 0
|
|
|
|
# maximum number of hosts to be analyzed in parallel per template
|
|
#bulk-size: 25
|
|
|
|
# maximum number of templates to be executed in parallel
|
|
#concurrency: 25
|
|
|
|
# maximum number of headless hosts to be analyzed in parallel per template
|
|
#headless-bulk-size: 10
|
|
|
|
# maximum number of headless templates to be executed in parallel
|
|
#headless-concurrency: 10
|
|
|
|
# maximum number of javascript runtimes to be executed in parallel
|
|
#js-concurrency: 120
|
|
|
|
# max payload concurrency for each template
|
|
#payload-concurrency: 25
|
|
|
|
# http probe concurrency with httpx
|
|
#probe-concurrency: 50
|
|
|
|
# time to wait in seconds before timeout
|
|
#timeout: 10
|
|
|
|
# number of times to retry a failed request
|
|
#retries: 1
|
|
|
|
# leave default http/https ports (eg. host:80,host:443)
|
|
#leave-default-ports: false
|
|
|
|
# max errors for a host before skipping from scan
|
|
#max-host-error: 30
|
|
|
|
# adds given error to max-host-error watchlist (standard, file)
|
|
#track-error: []
|
|
|
|
# disable skipping host from scan based on errors
|
|
#no-mhe: false
|
|
|
|
# use a project folder to avoid sending same request multiple times
|
|
#project: false
|
|
|
|
# set a specific project path
|
|
#project-path: /tmp
|
|
|
|
# stop processing http requests after the first match (may break template/workflow logic)
|
|
#stop-at-first-match: false
|
|
|
|
# stream mode - start elaborating without sorting the input
|
|
#stream: false
|
|
|
|
# strategy to use while scanning(auto/host-spray/template-spray)
|
|
#scan-strategy: auto
|
|
|
|
# timeout on input read
|
|
#input-read-timeout:
|
|
|
|
# disable httpx probing for non-url input
|
|
#no-httpx: false
|
|
|
|
# disable stdin processing
|
|
#no-stdin: false
|
|
|
|
# enable templates that require headless browser support (root user on linux will disable sandbox)
|
|
#headless: false
|
|
|
|
# seconds to wait for each page in headless mode
|
|
#page-timeout: 20
|
|
|
|
# show the browser on the screen when running templates with headless mode
|
|
#show-browser: false
|
|
|
|
# start headless chrome with additional options
|
|
#headless-options: []
|
|
|
|
# use local installed chrome browser instead of nuclei installed
|
|
#system-chrome: false
|
|
|
|
# list available headless actions
|
|
#list-headless-action: false
|
|
|
|
# show all requests and responses
|
|
#debug: false
|
|
|
|
# show all sent requests
|
|
#debug-req: false
|
|
|
|
# show all received responses
|
|
#debug-resp: false
|
|
|
|
# list of http/socks5 proxy to use (comma separated or file input)
|
|
#proxy: []
|
|
|
|
# proxy all internal requests
|
|
#proxy-internal: false
|
|
|
|
# list all supported dsl function signatures
|
|
#list-dsl-function: false
|
|
|
|
# file to write sent requests trace log
|
|
#trace-log:
|
|
|
|
# file to write sent requests error log
|
|
#error-log:
|
|
|
|
# show nuclei version
|
|
#version: false
|
|
|
|
# enable nuclei hang monitoring
|
|
#hang-monitor: false
|
|
|
|
# show verbose output
|
|
#verbose: false
|
|
|
|
# optional nuclei memory profile dump file
|
|
#profile-mem:
|
|
|
|
# display templates loaded for scan
|
|
#vv: false
|
|
|
|
# show variables dump for debugging
|
|
#show-var-dump: false
|
|
|
|
# enable pprof debugging server
|
|
#enable-pprof: false
|
|
|
|
# shows the version of the installed nuclei-templates
|
|
#templates-version: false
|
|
|
|
# run diagnostic check up
|
|
#health-check: false
|
|
|
|
# update nuclei engine to the latest released version
|
|
#update: false
|
|
|
|
# update nuclei-templates to latest released version
|
|
#update-templates: false
|
|
|
|
# custom directory to install / update nuclei-templates
|
|
#update-template-dir:
|
|
|
|
# disable automatic nuclei/templates update check
|
|
#disable-update-check: false
|
|
|
|
# display statistics about the running scan
|
|
#stats: false
|
|
|
|
# display statistics in jsonl(ines) format
|
|
#stats-json: false
|
|
|
|
# number of seconds to wait between showing a statistics update
|
|
#stats-interval: 5
|
|
|
|
# port to expose nuclei metrics on
|
|
#metrics-port: 9092
|
|
|
|
# configure projectdiscovery cloud (pdcp) api key
|
|
#auth: true
|
|
|
|
# upload scan results to given team id (optional)
|
|
#team-id: none
|
|
|
|
# upload scan results to pdcp dashboard
|
|
#cloud-upload: false
|
|
|
|
# upload scan results to existing scan id (optional)
|
|
#scan-id:
|
|
|
|
# scan name to set (optional)
|
|
#scan-name:
|
|
|
|
# path to config file containing secrets for nuclei authenticated scan
|
|
#secret-file: []
|
|
|
|
# prefetch secrets from the secrets file
|
|
#prefetch-secrets: false |