Loading...
Custom Nuclei YAML templates for automated vulnerability detection — Open Redirect, WP-Setup, IIS, Git Exposure, CORS, Credential Disclosure, Blind SSRF, SQLi, CRLF, and more.
Nuclei by ProjectDiscovery automates security testing using customizable YAML templates. This guide covers custom templates for Open Redirect, WP-Setup, IIS, Git Exposure, CORS, Credential Disclosure, Blind SSRF, SQLi, CRLF, and more.https://github.com/coffinxp/nuclei-templatescat domains.txt | nuclei -t openRedirect.yaml --retries 2https://infosecwriteups.com/from-zero-to-hero-hunting-high-paying-open-redirect-bugs-in-web-apps-fdb80286236ecat domains.txt | nuclei -t wp-setup-config.yamlcat domains.txt | nuclei -t iis.yaml -c 30shortscan https://domain.com -Fcat domains.txt | nuclei -t gitExposed.yaml./gitdumper.sh https://domain.com/.git/ outputdircat domains.txt | nuclei -t cors.yamlcurl -H 'Origin: http://example.com' -I https://domain.com/wp-json/ | grep -i -e 'access-control-allow-origin' -e 'access-control-allow-methods' -e 'access-control-allow-credentials'curl -H 'Origin: http://example.com' -I https://domain.com/wp-json/https://github.com/coffinxp/scripts/blob/main/CorsExploit.htmlcat domains.txt | nuclei -t credentials-disclosure-all.yaml -c 30cat domains.txt | nuclei -t blind-ssrf.yaml -c 30 -dastcat domains.txt | nuclei -t errorsqli.yaml -dastsubfinder -d domain.com -all -silent | httpx-toolkit -path /swagger-api/ -sc -content-length -mc 200https://github.com/coffinxp/swaggerhttps://infosecwriteups.com/the-dark-side-of-swagger-ui-how-xss-and-html-injection-can-compromise-apis-1b670972a443cat domains.txt | nuclei -t cRlf.yaml -rl 50 -c 30curl -I "https://domain.com/%0aSet-Cookie:coffin=hi;"https://infosecwriteups.com/master-crlf-injection-the-underrated-bug-with-dangerous-potential-33bb0d62e031Nuclei custom templates automate security testing with flexibility and accuracy. Master them to enhance your vulnerability scanning — whether beginner or advanced.