Статья Поиск потенциально уязвимых хостов при помощи сканера nuclei

[Prokhorenco]

Hail Mary Mass Spray & Pray​

sudo masscan --rate=<foo_int> --interface <bar_vpn_interface> -Pn -p<ports> -iL ranges.txt -oJ targets.log && grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" > unsorted.txt && sort unsorted.txt | uniq > targets.txt && cat targets.txt | httpx -random-agent -nf -rl 5000 -t 1000 -p <ports> -stats -silent | nuclei -t vulnerabilities/ -t cves/ -t exposures/ -t exposed-panels/ -t network/ -t miscellaneous/ -t misconfiguration/ -stats -bs 100 -c 50 -o targets.nuke -severity critical,high -o targets.nuked

ranges.txt: https://github.com/herrbischoff/country-ip-blocks

 

[molotov477]

So I have been trying to use Nuclei to scan targets for various for CVEs, but for some reason even if I feed it a different list, it only identifies just one target every single time, I tried using different templates as well, but again, just one result for some reason, any idea what I might be doing wrong there?

 

[dunkel]

тащи еще статей с экспа, пока мне инвайт не дадут хыхы

 

[soggyTowel]

You can improve this by targeting your scans to specific countries IP ranges, scanning all ports, adding them to the end of IP addresses and scanning them all with nuclei and looking for both critical and high severity vulnerabilities.

masscan:

masscan -Pn -sS -iL america.txt --rate 5000 -p0-65535 --open-only --excludefile block.txt --output-format list --output-file results.txt

Append ports to IP addresses discovered:

awk '{ print $4 ":" $3 }' results.txt > final_results.txt

Scan using nuclei looking for both critical and high severity vulns:

nuclei -l final_results.txt -t cves -s critical,high -o vulns.txt

america.txt: https://lite.ip2location.com/united-states-of-america-ip-address-ranges
block.txt: https://gist.github.com/ozuma/fb21ab0f7143579b1f2794f4af746fb2

If you don't consider it to be too much a of a reveal of "secrets" would you mind sharing some of your favorite templates in particular to target? Or do you always just cast a wide net and throw all high and critical templates at the list? Thanks for the addition to the post by the way, very helpful!

 

[Artnilooog1992]

тащи еще статей с экспа, пока мне инвайт не дадут хыхы

зачем тебе экспа?) помочь может чем