nuclipy
A simple template based vulnerability scanner (Inspired by ProjectDiscovery's Nuclei)
Installation
git clone https://github.com/prasant-paudel/nuclipy
Dependencies
nuclipy depends upon the python modules requests, argparse and PyYaml.
These dependencies can be installed using the requirements file:
- Installation on Windows:
python -m pip install -r requirements.txt
- Installation on Linux:
sudo pip3 install -r requirements.txt
Usage
| Short from | Long form | Description |
|---|---|---|
| -h | --help | Show the help menu |
| -u | --hostname | Hostname to scan for vulnerabilities |
| -U | --hostnames | File containing target hostnames |
| -t | --template | Template id or path of template |
| -T | --threads | Number of threads (default=10) |
| -o | --output | Output file |
How to use templates?
You can find some templates in templates/ directory.
- Use one template
python nuclipy.py -u example.com -t git-config.yaml - Use all templates
python nuclipy.py -u example.com -t all
How to write your own templates?
id: git-config
name: Git Config Exposure
severity: medium
requests:
- method: GET
paths:
- "HOSTNAME/.git/config"
patterns:
- \[core\]-
id: id_of_the_template, usually resembles to the filename of the template without extension -
name: Name of the template to show in the results -
severity: severity of the vulnerability (high,low,mediumorinfo) -
requests: Some request attributes and List ofpathsandpatterns-
method: HTTP request method (GETorPOST) -
redirects: Allow redirection or not (tureorfalse) -
paths: List of paths to send requests -
patterns: List of Regular Expressioins to match in the responses (withANDcondition)
-
