nuclei on Astroicers Bloghttps://astroicers.link/tags/nuclei.htmlRecent content in nuclei on Astroicers BlogHugo -- gohugo.ioenFri, 06 Mar 2026 00:00:00 +0000Nuclei 漏洞掃描工具完整指南https://astroicers.link/p/nuclei-%E6%BC%8F%E6%B4%9E%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7%E5%AE%8C%E6%95%B4%E6%8C%87%E5%8D%97.htmlFri, 06 Mar 2026 00:00:00 +0000https://astroicers.link/p/nuclei-%E6%BC%8F%E6%B4%9E%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7%E5%AE%8C%E6%95%B4%E6%8C%87%E5%8D%97.html<h2 id="專案簡介">專案簡介</h2> <p><a class="link" href="https://github.com/projectdiscovery/nuclei" target="_blank" rel="noopener" >Nuclei</a> 是 ProjectDiscovery 開發的快速漏洞掃描工具,使用 YAML 模板定義掃描規則。擁有社群維護的數千種模板,涵蓋 CVE、錯誤設定、敏感資訊洩露等。</p> <p><strong>GitHub Stars</strong>: 27K+</p> <h2 id="主要功能">主要功能</h2> <ul> <li><strong>模板驅動</strong> - 使用 YAML 定義掃描規則</li> <li><strong>高效能</strong> - Go 語言開發,支援大規模掃描</li> <li><strong>社群模板</strong> - 數千種現成的漏洞檢測模板</li> <li><strong>自訂模板</strong> - 可撰寫自己的檢測規則</li> <li><strong>多協定支援</strong> - HTTP、DNS、TCP、SSL 等</li> </ul> <h2 id="安裝">安裝</h2> <h3 id="go-install">Go Install</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="homebrew">Homebrew</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">brew install nuclei </span></span></code></pre></td></tr></table> </div> </div><h3 id="docker">Docker</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker pull projectdiscovery/nuclei:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="更新模板">更新模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -update-templates </span></span></code></pre></td></tr></table> </div> </div><h2 id="基本使用">基本使用</h2> <h3 id="掃描單一目標">掃描單一目標</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -u https://example.com </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描多個目標">掃描多個目標</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -l targets.txt </span></span></code></pre></td></tr></table> </div> </div><h3 id="指定模板">指定模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 使用特定模板</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -t cves/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 使用多個模板目錄</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -t cves/ -t vulnerabilities/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 排除模板</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -exclude-templates dos/ </span></span></code></pre></td></tr></table> </div> </div><h3 id="依嚴重度過濾">依嚴重度過濾</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 只掃描 critical 和 high</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -severity critical,high </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 排除 info 等級</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -exclude-severity info </span></span></code></pre></td></tr></table> </div> </div><h2 id="進階選項">進階選項</h2> <h3 id="效能調整">效能調整</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 調整並行數</span> </span></span><span class="line"><span class="cl">nuclei -l targets.txt -c <span class="m">50</span> -rl <span class="m">150</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># -c: 並行模板數</span> </span></span><span class="line"><span class="cl"><span class="c1"># -rl: 每秒請求限制</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="輸出格式">輸出格式</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># JSON 輸出</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -json -o results.json </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Markdown 輸出</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -me output/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># SARIF 格式(整合 CI/CD)</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -sarif-export results.sarif </span></span></code></pre></td></tr></table> </div> </div><h3 id="代理設定">代理設定</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># HTTP 代理</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -proxy http://127.0.0.1:8080 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 搭配 Burp Suite</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -proxy http://127.0.0.1:8080 -H <span class="s2">&#34;Cookie: session=xxx&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="模板語法">模板語法</h2> <h3 id="基本結構">基本結構</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">example-detection</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Example Vulnerability Detection</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">author</span><span class="p">:</span><span class="w"> </span><span class="l">your-name</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="l">high</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="l">描述這個漏洞</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="l">cve,example</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l">GET</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;{{BaseURL}}/vulnerable-endpoint&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">word</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">words</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;vulnerable response&#34;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="http-請求模板">HTTP 請求模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">sql-injection-check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">SQL Injection Check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="l">critical</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l">GET</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;{{BaseURL}}/search?q=test&#39;&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers-condition</span><span class="p">:</span><span class="w"> </span><span class="l">and</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">word</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">words</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;SQL syntax&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;mysql_fetch&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">condition</span><span class="p">:</span><span class="w"> </span><span class="l">or</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">status</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">status</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="m">500</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="使用變數">使用變數</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">raw</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="p">|</span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> POST /login HTTP/1.1 </span></span></span><span class="line"><span class="cl"><span class="sd"> Host: {{Hostname}} </span></span></span><span class="line"><span class="cl"><span class="sd"> Content-Type: application/json </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> {&#34;username&#34;:&#34;{{username}}&#34;,&#34;password&#34;:&#34;{{password}}&#34;}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">payloads</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">admin</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">administrator</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">admin123</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">password</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">attack</span><span class="p">:</span><span class="w"> </span><span class="l">clusterbomb</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="workflow-模板">Workflow 模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">wordpress-workflow</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">WordPress Security Check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">author</span><span class="p">:</span><span class="w"> </span><span class="l">your-name</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">workflows</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">template</span><span class="p">:</span><span class="w"> </span><span class="l">technologies/wordpress-detect.yaml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">subtemplates</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">template</span><span class="p">:</span><span class="w"> </span><span class="l">vulnerabilities/wordpress/*.yaml</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h2 id="實戰範例">實戰範例</h2> <h3 id="bug-bounty-流程">Bug Bounty 流程</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 1. 子域名收集</span> </span></span><span class="line"><span class="cl">subfinder -d target.com -o subdomains.txt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 存活檢測</span> </span></span><span class="line"><span class="cl">httpx -l subdomains.txt -o alive.txt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 漏洞掃描</span> </span></span><span class="line"><span class="cl">nuclei -l alive.txt -t cves/ -t vulnerabilities/ -severity critical,high -o findings.txt </span></span></code></pre></td></tr></table> </div> </div><h3 id="cicd-整合">CI/CD 整合</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># .github/workflows/security-scan.yml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Security Scan</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">on</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">push]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">jobs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nuclei</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runs-on</span><span class="p">:</span><span class="w"> </span><span class="l">ubuntu-latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">steps</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">projectdiscovery/nuclei-action@main</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l">https://example.com</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">templates</span><span class="p">:</span><span class="w"> </span><span class="l">cves/</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sarif-export</span><span class="p">:</span><span class="w"> </span><span class="l">nuclei.sarif</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">github/codeql-action/upload-sarif@v3</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sarif_file</span><span class="p">:</span><span class="w"> </span><span class="l">nuclei.sarif</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="自動化監控">自動化監控</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span><span class="c1"># daily-scan.sh</span> </span></span><span class="line"><span class="cl">nuclei -l targets.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -t cves/ <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -severity critical,high <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -new-templates <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -json -o <span class="s2">&#34;scans/</span><span class="k">$(</span>date +%Y%m%d<span class="k">)</span><span class="s2">.json&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 比對新發現</span> </span></span><span class="line"><span class="cl">diff scans/<span class="k">$(</span>date +%Y%m%d<span class="k">)</span>.json scans/<span class="k">$(</span>date -d <span class="s2">&#34;yesterday&#34;</span> +%Y%m%d<span class="k">)</span>.json </span></span></code></pre></td></tr></table> </div> </div><h2 id="常用模板分類">常用模板分類</h2> <table> <thead> <tr> <th>分類</th> <th>說明</th> </tr> </thead> <tbody> <tr> <td><code>cves/</code></td> <td>CVE 漏洞檢測</td> </tr> <tr> <td><code>vulnerabilities/</code></td> <td>已知漏洞</td> </tr> <tr> <td><code>exposures/</code></td> <td>敏感資訊洩露</td> </tr> <tr> <td><code>misconfiguration/</code></td> <td>錯誤設定</td> </tr> <tr> <td><code>default-logins/</code></td> <td>預設憑證</td> </tr> <tr> <td><code>takeovers/</code></td> <td>子域名接管</td> </tr> <tr> <td><code>technologies/</code></td> <td>技術偵測</td> </tr> </tbody> </table> <h2 id="相關連結">相關連結</h2> <ul> <li><a class="link" href="https://github.com/projectdiscovery/nuclei" target="_blank" rel="noopener" >GitHub Repository</a></li> <li><a class="link" href="https://github.com/projectdiscovery/nuclei-templates" target="_blank" rel="noopener" >模板庫</a></li> <li><a class="link" href="https://docs.projectdiscovery.io/tools/nuclei" target="_blank" rel="noopener" >官方文件</a></li> </ul> <h2 id="延伸閱讀">延伸閱讀</h2> <ul> <li><a class="link" href="https://astroicers.link/p/subfinder-subdomain-enumeration/" >Subfinder 子域名列舉工具</a></li> <li><a class="link" href="https://astroicers.link/p/ffuf-web-fuzzer/" >ffuf 網頁 Fuzzing 工具</a></li> <li><a class="link" href="https://astroicers.link/p/seclists-pentest-wordlists/" >SecLists 滲透測試字典</a></li> </ul>