docs/assets/files/nuclei_config.yml
# nuclei config file
# generated by https://github.com/projectdiscovery/goflags
# target urls/hosts to scan
#target: []
# path to file containing a list of target urls/hosts to scan (one per line)
#list:
# resume scan using resume.cfg (clustering will be disabled)
#resume: false
# template or template directory paths to include in the scan
#templates: []
# url containing list of templates to run
#template-url: []
# run only new templates added in latest nuclei-templates release
#new-templates: false
# workflow or workflow directory paths to include in the scan
#workflows: []
# url containing list of workflows to run
#workflow-url: []
# validate the passed templates to nuclei
#validate: false
# list all available templates
#tl: false
# allowed domain list to load remote templates from
#remote-template-domain: ["api.nuclei.sh"]
# execute a subset of templates that contain the provided tags
#tags: []
# tags from the default deny list that permit executing more intrusive templates
#include-tags: []
# exclude templates with the provided tags
exclude-tags: ['dos', 'dns', 'ssl', 'tech', 'token-spray', 'iot', 'token', 'network', 'android', 'metadata', 'wordpress', 'wp-plugin', 'misc', 'router']
# templates to be executed even if they are excluded either by default or configuration
#include-templates: []
# template or template directory paths to exclude
exclude-templates: [
misconfiguration/http-missing-security-headers.yaml,
misconfiguration/xss-deprecated-header.yaml,
misconfiguration/iis-internal-ip-disclosure.yaml,
misconfiguration/aspx-debug-mode.yaml,
misconfiguration/front-page-misconfig.yaml,
misconfiguration/unauthenticated-varnish-cache-purge.yaml,
miscellaneous/robots-txt-endpoint.yaml,
miscellaneous/microsoft-azure-error.yaml,
misconfiguration/php-errors.yaml,
exposures/configs/keycloak-openid-config.yaml,
exposures/files/readme-md.yaml,
exposures/configs/azure-domain-tenant.yaml,
exposures/apis/drupal-jsonapi-user-listing.yaml,
exposed-panels/drupal-login.yaml,
exposed-panels/jupyter-notebook.yaml,
vulnerabilities/generic/cors-misconfig.yaml,
vulnerabilities/generic/request-based-interaction.yaml,
vulnerabilities/generic/oob-header-based-interaction.yaml,
vulnerabilities/other/openvpn-hhi.yaml,
cves/2000/CVE-2000-0114.yaml,
cves/2020/CVE-2020-9490.yaml,
exposed-panels/key-cloak-admin-panel.yaml,
technologies/sap/sap-netweaver-detect.yaml
]
# templates to run based on severity. possible values: info, low, medium, high, critical
#severity: info,low,medium,high,critical
# templates to exclude based on severity. possible values: info, low, medium, high, critical
#exclude-severity:
# protocol types to be executed. possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
#type:
# protocol types to not be executed. possible values: dns, file, http, headless, network, workflow, ssl, websocket, whois
#exclude-type:
# execute templates that are (co-)created by the specified authors
#author: []
# list of template ids to run (comma-separated, file)
#template-id: []
# list of template ids to exclude (comma-separated, file)
#exclude-id: []
# output file to write found issues/vulnerabilities
#output:
# display findings only
# silent: true
# disable output content coloring (ansi escape codes)
#no-color: false
# write output in jsonl(ines) format
# json: true
# include request/response pairs in the jsonl output (for findings only)
#include-rr: false
# don't display match metadata
#no-meta: false
# don't display timestamp metadata in cli output
#no-timestamp: false
# local nuclei reporting database (always use this to persist report data)
#report-db:
# show optional match failure status
#matcher-status: false
# directory to export results in markdown format
#markdown-export:
# file to export results in sarif format
#sarif-export:
# path to the nuclei configuration file
#config:
# nuclei reporting module configuration file
#report-config:
# custom headers in header:value format
#header: []
# custom vars in var=value format
#var:
# file containing resolver list for nuclei
#resolvers:
# use system dns resolving as error fallback
#system-resolvers: false
# enable passive http response processing mode
#passive: false
# enable environment variables to be used in template
#env-vars: false
# client certificate file (pem-encoded) used for authenticating against scanned hosts
#client-cert:
# client key file (pem-encoded) used for authenticating against scanned hosts
#client-key:
# client certificate authority file (pem-encoded) used for authenticating against scanned hosts
#client-ca:
# use ztls library with autofallback to standard one for tls13
#ztls: false
# interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
#interactsh-server:
# authentication token for self-hosted interactsh server
#interactsh-token:
# number of requests to keep in the interactions cache
#interactions-cache-size: 5000
# number of seconds to wait before evicting requests from cache
#interactions-eviction: 60
# number of seconds to wait before each interaction poll request
#interactions-poll-duration: 5
# extra time for interaction polling before exiting
#interactions-cooldown-period: 5
# disable interactsh server for oast testing, exclude oast based templates
#no-interactsh: false
# maximum number of requests to send per second
# rate-limit: 250
# maximum number of requests to send per minute
#rate-limit-minute: 0
# maximum number of hosts to be analyzed in parallel per template
#bulk-size: 25
# maximum number of templates to be executed in parallel
#concurrency: 20
# maximum number of headless hosts to be analyzed in parallel per template
#headless-bulk-size: 10
# maximum number of headless templates to be executed in parallel
#headless-concurrency: 10
# time to wait in seconds before timeout
#timeout: 5
# number of times to retry a failed request
#retries: 1
# leave default http/https ports (eg. host:80,host:443
#leave-default-ports: false
# max errors for a host before skipping from scan
#max-host-error: 30
# use a project folder to avoid sending same request multiple times
#project: false
# set a specific project path
#project-path: /tmp
# stop processing http requests after the first match (may break template/workflow logic)
#stop-at-first-path: false
# stream mode - start elaborating without sorting the input
#stream: false
# enable templates that require headless browser support (root user on linux will disable sandbox)
#headless: false
# seconds to wait for each page in headless mode
#page-timeout: 20
# show the browser on the screen when running templates with headless mode
#show-browser: false
# use local installed chrome browser instead of nuclei installed
#system-chrome: false
# show all requests and responses
#debug: false
# show all sent requests
#debug-req: false
# show all received responses
#debug-resp: false
# list of http(s)/socks5 proxy to use (comma separated or file input)
#proxy: []
# file to write sent requests trace log
#trace-log:
# file to write sent requests error log
#error-log:
# show nuclei version
#version: false
# show verbose output
#verbose: false
# display templates loaded for scan
#vv: false
# shows the version of the installed nuclei-templates
#templates-version: false
# update nuclei engine to the latest released version
#update: false
# update nuclei-templates to latest released version
#update-templates: false
# overwrite the default directory to install nuclei-templates
#update-directory: /root/nuclei-templates
# disable automatic nuclei/templates update check
#disable-update-check: false
# display statistics about the running scan
#stats: false
# write statistics data to an output file in jsonl(ines) format
#stats-json: false
# number of seconds to wait between showing a statistics update
#stats-interval: 5
# expose nuclei metrics on a port
#metrics: false
# port to expose nuclei metrics on