https://astroicers.link/tags/vulnerability-scanning.htmlRecent content in vulnerability-scanning on Astroicers BlogHugo -- gohugo.ioenThu, 26 Mar 2026 00:00:00 +0000https://astroicers.link/p/trivy-%E5%AE%B9%E5%99%A8%E5%AE%89%E5%85%A8%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7.htmlThu, 26 Mar 2026 00:00:00 +0000https://astroicers.link/p/trivy-%E5%AE%B9%E5%99%A8%E5%AE%89%E5%85%A8%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7.html<h2 id="專案簡介">專案簡介</h2> <p><a class="link" href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" >Trivy</a> 是 Aqua Security 開發的全方位安全掃描工具。支援容器映像、檔案系統、Git 儲存庫、Kubernetes 等多種目標，可檢測漏洞、錯誤設定和機密資訊。</p> <p><strong>GitHub Stars</strong>: 31K+</p> <h2 id="主要功能">主要功能</h2> <ul> <li><strong>漏洞掃描</strong> - CVE、安全公告</li> <li><strong>錯誤設定檢測</strong> - Dockerfile、K8s、Terraform</li> <li><strong>機密掃描</strong> - API 金鑰、密碼、憑證</li> <li><strong>SBOM 生成</strong> - 軟體物料清單</li> <li><strong>授權合規</strong> - 開源授權檢查</li> </ul> <h2 id="安裝">安裝</h2> <h3 id="homebrew">Homebrew</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">brew install trivy </span></span></code></pre></td></tr></table> </div> </div><h3 id="apt">APT</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sudo apt-get install wget apt-transport-https gnupg lsb-release </span></span><span class="line"><span class="cl">wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key <span class="p">|</span> sudo apt-key add - </span></span><span class="line"><span class="cl"><span class="nb">echo</span> deb https://aquasecurity.github.io/trivy-repo/deb <span class="k">$(</span>lsb_release -sc<span class="k">)</span> main <span class="p">|</span> sudo tee -a /etc/apt/sources.list.d/trivy.list </span></span><span class="line"><span class="cl">sudo apt-get update </span></span><span class="line"><span class="cl">sudo apt-get install trivy </span></span></code></pre></td></tr></table> </div> </div><h3 id="docker">Docker</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker pull aquasec/trivy </span></span></code></pre></td></tr></table> </div> </div><h2 id="容器映像掃描">容器映像掃描</h2> <h3 id="基本掃描">基本掃描</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="指定嚴重度">指定嚴重度</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --severity CRITICAL,HIGH nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="忽略未修復漏洞">忽略未修復漏洞</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --ignore-unfixed nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描本地映像">掃描本地映像</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --input image.tar </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描私有-registry">掃描私有 Registry</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 使用環境變數認證</span> </span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">TRIVY_USERNAME</span><span class="o">=</span>user </span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">TRIVY_PASSWORD</span><span class="o">=</span>password </span></span><span class="line"><span class="cl">trivy image private-registry.com/image:tag </span></span></code></pre></td></tr></table> </div> </div><h2 id="檔案系統掃描">檔案系統掃描</h2> <h3 id="掃描目錄">掃描目錄</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy fs /path/to/project </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描-git-儲存庫">掃描 Git 儲存庫</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy repo https://github.com/user/repo </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描-rootfs">掃描 Rootfs</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy rootfs / </span></span></code></pre></td></tr></table> </div> </div><h2 id="iac-掃描">IaC 掃描</h2> <h3 id="terraform">Terraform</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy config /path/to/terraform </span></span></code></pre></td></tr></table> </div> </div><h3 id="kubernetes">Kubernetes</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy config /path/to/k8s-manifests </span></span></code></pre></td></tr></table> </div> </div><h3 id="dockerfile">Dockerfile</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy config --file-patterns <span class="s2">&#34;Dockerfile:dockerfile&#34;</span> /path/to/project </span></span></code></pre></td></tr></table> </div> </div><h3 id="常見錯誤設定">常見錯誤設定</h3> <ul> <li>以 root 運行容器</li> <li>使用 latest 標籤</li> <li>缺少資源限制</li> <li>暴露敏感端口</li> </ul> <h2 id="機密掃描">機密掃描</h2> <h3 id="啟用機密掃描">啟用機密掃描</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy fs --scanners secret /path/to/project </span></span></code></pre></td></tr></table> </div> </div><h3 id="自訂規則">自訂規則</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># trivy-secret.yaml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">rules</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">custom-api-key</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">category</span><span class="p">:</span><span class="w"> </span><span class="l">general</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">title</span><span class="p">:</span><span class="w"> </span><span class="l">Custom API Key</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="l">HIGH</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">regex</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;CUSTOM_API_KEY\s*=\s*[&#34;\&#39;]([^&#34;\&#39;]+)[&#34;\&#39;]&#39;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy fs --secret-config trivy-secret.yaml /path/to/project </span></span></code></pre></td></tr></table> </div> </div><h2 id="sbom-生成">SBOM 生成</h2> <h3 id="cyclonedx-格式">CycloneDX 格式</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format cyclonedx -o sbom.json nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="spdx-格式">SPDX 格式</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format spdx-json -o sbom.json nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描-sbom">掃描 SBOM</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy sbom sbom.json </span></span></code></pre></td></tr></table> </div> </div><h2 id="cicd-整合">CI/CD 整合</h2> <h3 id="github-actions">GitHub Actions</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Security Scan</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">on</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">push, pull_request]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">jobs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">trivy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runs-on</span><span class="p">:</span><span class="w"> </span><span class="l">ubuntu-latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">steps</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">actions/checkout@v4</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Build image</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">run</span><span class="p">:</span><span class="w"> </span><span class="l">docker build -t myapp:${{ github.sha }} .</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Run Trivy</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">aquasecurity/trivy-action@master</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image-ref</span><span class="p">:</span><span class="w"> </span><span class="l">myapp:${{ github.sha }}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">format</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;sarif&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">output</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;trivy-results.sarif&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;CRITICAL,HIGH&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Upload to GitHub Security</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">github/codeql-action/upload-sarif@v3</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sarif_file</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;trivy-results.sarif&#39;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="gitlab-ci">GitLab CI</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">trivy</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">aquasec/trivy:latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">script</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">trivy image --exit-code 1 --severity CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">allow_failure</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="jenkins">Jenkins</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-groovy" data-lang="groovy"><span class="line"><span class="cl"><span class="n">pipeline</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">agent</span> <span class="n">any</span> </span></span><span class="line"><span class="cl"> <span class="n">stages</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">stage</span><span class="o">(</span><span class="s1">&#39;Security Scan&#39;</span><span class="o">)</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">steps</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">sh</span> <span class="s1">&#39;&#39;&#39; </span></span></span><span class="line"><span class="cl"><span class="s1"> trivy image \ </span></span></span><span class="line"><span class="cl"><span class="s1"> --format json \ </span></span></span><span class="line"><span class="cl"><span class="s1"> --output trivy-report.json \ </span></span></span><span class="line"><span class="cl"><span class="s1"> --severity CRITICAL,HIGH \ </span></span></span><span class="line"><span class="cl"><span class="s1"> myapp:latest </span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;&#39;</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"><span class="o">}</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="kubernetes-掃描">Kubernetes 掃描</h2> <h3 id="掃描叢集">掃描叢集</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy k8s --report summary cluster </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描特定-namespace">掃描特定 Namespace</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy k8s --namespace default --report all </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描-workloads">掃描 Workloads</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy k8s --report summary deployments,pods </span></span></code></pre></td></tr></table> </div> </div><h2 id="輸出格式">輸出格式</h2> <h3 id="json">JSON</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format json -o results.json nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="table預設">Table（預設）</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format table nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="sarif">SARIF</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format sarif -o results.sarif nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="template">Template</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">trivy image --format template --template <span class="s2">&#34;@contrib/html.tpl&#34;</span> -o report.html nginx:latest </span></span></code></pre></td></tr></table> </div> </div><h2 id="忽略漏洞">忽略漏洞</h2> <h3 id="trivyignore">.trivyignore</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl"># 忽略特定 CVE </span></span><span class="line"><span class="cl">CVE-2023-12345 </span></span><span class="line"><span class="cl">CVE-2023-67890 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"># 忽略整個套件 </span></span><span class="line"><span class="cl">pkg:npm/lodash </span></span></code></pre></td></tr></table> </div> </div><h3 id="內聯忽略">內聯忽略</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># trivy:ignore:CVE-2023-12345</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="l">FROM nginx:latest</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h2 id="相關連結">相關連結</h2> <ul> <li><a class="link" href="https://github.com/aquasecurity/trivy" target="_blank" rel="noopener" >GitHub Repository</a></li> <li><a class="link" href="https://aquasecurity.github.io/trivy/" target="_blank" rel="noopener" >官方文件</a></li> <li><a class="link" href="https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/" target="_blank" rel="noopener" >漏洞資料庫</a></li> </ul> <h2 id="延伸閱讀">延伸閱讀</h2> <ul> <li><a class="link" href="https://astroicers.link/p/docker-scout/" >Docker Scout 容器安全</a></li> <li><a class="link" href="https://astroicers.link/p/harbor-container-registry/" >Harbor 容器映像倉庫</a></li> <li><a class="link" href="https://astroicers.link/p/kubernetes-pod-security-standards/" >Kubernetes Pod Security Standards</a></li> </ul>https://astroicers.link/p/owasp-zap-%E7%B6%B2%E9%A0%81%E5%AE%89%E5%85%A8%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7.htmlSun, 22 Mar 2026 00:00:00 +0000https://astroicers.link/p/owasp-zap-%E7%B6%B2%E9%A0%81%E5%AE%89%E5%85%A8%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7.html<h2 id="專案簡介">專案簡介</h2> <p><a class="link" href="https://github.com/zaproxy/zaproxy" target="_blank" rel="noopener" >OWASP ZAP</a>（Zed Attack Proxy）是世界上最受歡迎的免費網頁安全掃描工具。由 OWASP 維護，提供自動化掃描、手動滲透測試、API 測試等功能。</p> <p><strong>GitHub Stars</strong>: 14K+</p> <h2 id="主要功能">主要功能</h2> <ul> <li><strong>被動掃描</strong> - 自動分析流經的請求</li> <li><strong>主動掃描</strong> - 主動探測漏洞</li> <li><strong>Spider</strong> - 自動爬取網站結構</li> <li><strong>Fuzzer</strong> - 自訂 Payload 測試</li> <li><strong>API 整合</strong> - 支援 CI/CD 自動化</li> </ul> <h2 id="安裝">安裝</h2> <h3 id="官方安裝包">官方安裝包</h3> <p>下載：https://www.zaproxy.org/download/</p> <h3 id="docker">Docker</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker pull zaproxy/zap-stable </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 執行 GUI（需要 X11）</span> </span></span><span class="line"><span class="cl">docker run -u zap -p 8080:8080 -p 8090:8090 zaproxy/zap-stable zap.sh -daemon -port <span class="m">8090</span> -host 0.0.0.0 </span></span></code></pre></td></tr></table> </div> </div><h3 id="kali-linux">Kali Linux</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sudo apt install zaproxy </span></span></code></pre></td></tr></table> </div> </div><h2 id="基本操作">基本操作</h2> <h3 id="代理設定">代理設定</h3> <ol> <li>啟動 ZAP</li> <li>設定瀏覽器代理：<code>localhost:8080</code></li> <li>匯入 ZAP CA 憑證處理 HTTPS</li> </ol> <h3 id="自動掃描">自動掃描</h3> <ol> <li>輸入目標 URL</li> <li>點擊「Attack」</li> <li>ZAP 會自動 Spider 並掃描</li> </ol> <h3 id="手動探索">手動探索</h3> <ol> <li>設定瀏覽器代理</li> <li>瀏覽目標網站</li> <li>ZAP 自動記錄並被動掃描</li> </ol> <h2 id="spider-爬蟲">Spider 爬蟲</h2> <h3 id="標準-spider">標準 Spider</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 透過 API</span> </span></span><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/spider/action/scan/?url=https://target.com&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="ajax-spider">AJAX Spider</h3> <p>適用於 SPA（React、Vue）：</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/ajaxSpider/action/scan/?url=https://target.com&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="spider-設定">Spider 設定</h3> <ul> <li>Maximum Depth: 爬取深度</li> <li>Thread Count: 並行數</li> <li>Parse Comments: 解析註解中的 URL</li> </ul> <h2 id="主動掃描">主動掃描</h2> <h3 id="開始掃描">開始掃描</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 取得 Spider 結果後掃描</span> </span></span><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/ascan/action/scan/?url=https://target.com&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描策略">掃描策略</h3> <p>建立自訂掃描策略：</p> <ol> <li>Analyze → Scan Policy Manager</li> <li>新增策略</li> <li>調整各漏洞檢測的強度</li> </ol> <h3 id="掃描進度">掃描進度</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/ascan/view/status/?scanId=0&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="常見漏洞檢測">常見漏洞檢測</h2> <h3 id="sql-injection">SQL Injection</h3> <p>ZAP 會自動測試：</p> <ul> <li>Error-based SQLi</li> <li>Blind SQLi</li> <li>Time-based SQLi</li> </ul> <h3 id="xss">XSS</h3> <p>檢測類型：</p> <ul> <li>Reflected XSS</li> <li>Stored XSS</li> <li>DOM-based XSS</li> </ul> <h3 id="其他漏洞">其他漏洞</h3> <ul> <li>CSRF</li> <li>Path Traversal</li> <li>Remote File Inclusion</li> <li>Command Injection</li> <li>LDAP Injection</li> </ul> <h2 id="api-測試">API 測試</h2> <h3 id="匯入-openapi">匯入 OpenAPI</h3> <ol> <li>Import → Import OpenAPI Definition</li> <li>選擇 OpenAPI/Swagger 檔案</li> <li>ZAP 自動生成請求</li> </ol> <h3 id="匯入-graphql">匯入 GraphQL</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 透過 API</span> </span></span><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/graphql/action/importUrl/?url=https://api.target.com/graphql&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="自動化整合">自動化整合</h2> <h3 id="cli-掃描">CLI 掃描</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 基線掃描</span> </span></span><span class="line"><span class="cl">docker run -t zaproxy/zap-stable zap-baseline.py -t https://target.com </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 完整掃描</span> </span></span><span class="line"><span class="cl">docker run -t zaproxy/zap-stable zap-full-scan.py -t https://target.com </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># API 掃描</span> </span></span><span class="line"><span class="cl">docker run -t zaproxy/zap-stable zap-api-scan.py -t https://api.target.com/openapi.json -f openapi </span></span></code></pre></td></tr></table> </div> </div><h3 id="github-actions">GitHub Actions</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">OWASP ZAP Scan</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">on</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">push]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">jobs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">zap_scan</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runs-on</span><span class="p">:</span><span class="w"> </span><span class="l">ubuntu-latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">steps</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">ZAP Baseline Scan</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">zaproxy/action-baseline@v0.12.0</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;https://target.com&#39;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">rules_file_name</span><span class="p">:</span><span class="w"> </span><span class="s1">&#39;.zap/rules.tsv&#39;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="jenkins-整合">Jenkins 整合</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-groovy" data-lang="groovy"><span class="line"><span class="cl"><span class="n">pipeline</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">agent</span> <span class="n">any</span> </span></span><span class="line"><span class="cl"> <span class="n">stages</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">stage</span><span class="o">(</span><span class="s1">&#39;ZAP Scan&#39;</span><span class="o">)</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">steps</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">script</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">sh</span> <span class="s1">&#39;&#39;&#39; </span></span></span><span class="line"><span class="cl"><span class="s1"> docker run -t zaproxy/zap-stable \ </span></span></span><span class="line"><span class="cl"><span class="s1"> zap-baseline.py -t https://target.com \ </span></span></span><span class="line"><span class="cl"><span class="s1"> -r zap-report.html </span></span></span><span class="line"><span class="cl"><span class="s1"> &#39;&#39;&#39;</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="n">post</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">always</span> <span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="n">publishHTML</span><span class="o">([</span> </span></span><span class="line"><span class="cl"> <span class="nl">reportDir:</span> <span class="s1">&#39;.&#39;</span><span class="o">,</span> </span></span><span class="line"><span class="cl"> <span class="nl">reportFiles:</span> <span class="s1">&#39;zap-report.html&#39;</span><span class="o">,</span> </span></span><span class="line"><span class="cl"> <span class="nl">reportName:</span> <span class="s1">&#39;ZAP Report&#39;</span> </span></span><span class="line"><span class="cl"> <span class="o">])</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"> <span class="o">}</span> </span></span><span class="line"><span class="cl"><span class="o">}</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="報告生成">報告生成</h2> <h3 id="html-報告">HTML 報告</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/OTHER/core/other/htmlreport/&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="json-報告">JSON 報告</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/core/view/alerts/&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="xml-報告">XML 報告</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/OTHER/core/other/xmlreport/&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="擴充功能">擴充功能</h2> <h3 id="常用-add-ons">常用 Add-ons</h3> <ul> <li><strong>Active Scanner Rules</strong> - 額外掃描規則</li> <li><strong>Passive Scanner Rules</strong> - 額外被動規則</li> <li><strong>FuzzDB</strong> - Fuzzing 字典</li> <li><strong>Retire.js</strong> - 過時 JS 庫檢測</li> <li><strong>AJAX Spider</strong> - SPA 爬蟲</li> </ul> <h3 id="安裝-add-on">安裝 Add-on</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">curl <span class="s2">&#34;http://localhost:8090/JSON/autoupdate/action/installAddon/?id=retire&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="相關連結">相關連結</h2> <ul> <li><a class="link" href="https://github.com/zaproxy/zaproxy" target="_blank" rel="noopener" >GitHub Repository</a></li> <li><a class="link" href="https://www.zaproxy.org/docs/" target="_blank" rel="noopener" >官方文件</a></li> <li><a class="link" href="https://www.zaproxy.org/addons/" target="_blank" rel="noopener" >ZAP Marketplace</a></li> </ul> <h2 id="延伸閱讀">延伸閱讀</h2> <ul> <li><a class="link" href="https://astroicers.link/p/burp-suite-basic/" >Burp Suite 基礎操作</a></li> <li><a class="link" href="https://astroicers.link/p/owasp-api-security/" >OWASP API Security Top 10</a></li> <li><a class="link" href="https://astroicers.link/p/nuclei-vulnerability-scanner/" >Nuclei 漏洞掃描工具</a></li> </ul>https://astroicers.link/p/nuclei-%E6%BC%8F%E6%B4%9E%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7%E5%AE%8C%E6%95%B4%E6%8C%87%E5%8D%97.htmlFri, 06 Mar 2026 00:00:00 +0000https://astroicers.link/p/nuclei-%E6%BC%8F%E6%B4%9E%E6%8E%83%E6%8F%8F%E5%B7%A5%E5%85%B7%E5%AE%8C%E6%95%B4%E6%8C%87%E5%8D%97.html<h2 id="專案簡介">專案簡介</h2> <p><a class="link" href="https://github.com/projectdiscovery/nuclei" target="_blank" rel="noopener" >Nuclei</a> 是 ProjectDiscovery 開發的快速漏洞掃描工具，使用 YAML 模板定義掃描規則。擁有社群維護的數千種模板，涵蓋 CVE、錯誤設定、敏感資訊洩露等。</p> <p><strong>GitHub Stars</strong>: 27K+</p> <h2 id="主要功能">主要功能</h2> <ul> <li><strong>模板驅動</strong> - 使用 YAML 定義掃描規則</li> <li><strong>高效能</strong> - Go 語言開發，支援大規模掃描</li> <li><strong>社群模板</strong> - 數千種現成的漏洞檢測模板</li> <li><strong>自訂模板</strong> - 可撰寫自己的檢測規則</li> <li><strong>多協定支援</strong> - HTTP、DNS、TCP、SSL 等</li> </ul> <h2 id="安裝">安裝</h2> <h3 id="go-install">Go Install</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="homebrew">Homebrew</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">brew install nuclei </span></span></code></pre></td></tr></table> </div> </div><h3 id="docker">Docker</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker pull projectdiscovery/nuclei:latest </span></span></code></pre></td></tr></table> </div> </div><h3 id="更新模板">更新模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -update-templates </span></span></code></pre></td></tr></table> </div> </div><h2 id="基本使用">基本使用</h2> <h3 id="掃描單一目標">掃描單一目標</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -u https://example.com </span></span></code></pre></td></tr></table> </div> </div><h3 id="掃描多個目標">掃描多個目標</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nuclei -l targets.txt </span></span></code></pre></td></tr></table> </div> </div><h3 id="指定模板">指定模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 使用特定模板</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -t cves/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 使用多個模板目錄</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -t cves/ -t vulnerabilities/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 排除模板</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -exclude-templates dos/ </span></span></code></pre></td></tr></table> </div> </div><h3 id="依嚴重度過濾">依嚴重度過濾</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 只掃描 critical 和 high</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -severity critical,high </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 排除 info 等級</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -exclude-severity info </span></span></code></pre></td></tr></table> </div> </div><h2 id="進階選項">進階選項</h2> <h3 id="效能調整">效能調整</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 調整並行數</span> </span></span><span class="line"><span class="cl">nuclei -l targets.txt -c <span class="m">50</span> -rl <span class="m">150</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># -c: 並行模板數</span> </span></span><span class="line"><span class="cl"><span class="c1"># -rl: 每秒請求限制</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="輸出格式">輸出格式</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># JSON 輸出</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -json -o results.json </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># Markdown 輸出</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -me output/ </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># SARIF 格式（整合 CI/CD）</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -sarif-export results.sarif </span></span></code></pre></td></tr></table> </div> </div><h3 id="代理設定">代理設定</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># HTTP 代理</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -proxy http://127.0.0.1:8080 </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 搭配 Burp Suite</span> </span></span><span class="line"><span class="cl">nuclei -u https://example.com -proxy http://127.0.0.1:8080 -H <span class="s2">&#34;Cookie: session=xxx&#34;</span> </span></span></code></pre></td></tr></table> </div> </div><h2 id="模板語法">模板語法</h2> <h3 id="基本結構">基本結構</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">example-detection</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Example Vulnerability Detection</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">author</span><span class="p">:</span><span class="w"> </span><span class="l">your-name</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="l">high</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">description</span><span class="p">:</span><span class="w"> </span><span class="l">描述這個漏洞</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tags</span><span class="p">:</span><span class="w"> </span><span class="l">cve,example</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l">GET</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;{{BaseURL}}/vulnerable-endpoint&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">word</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">words</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;vulnerable response&#34;</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="http-請求模板">HTTP 請求模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">sql-injection-check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">SQL Injection Check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">severity</span><span class="p">:</span><span class="w"> </span><span class="l">critical</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">method</span><span class="p">:</span><span class="w"> </span><span class="l">GET</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;{{BaseURL}}/search?q=test&#39;&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers-condition</span><span class="p">:</span><span class="w"> </span><span class="l">and</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">matchers</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">word</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">words</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;SQL syntax&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;mysql_fetch&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">condition</span><span class="p">:</span><span class="w"> </span><span class="l">or</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l">status</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">status</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="m">500</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="使用變數">使用變數</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">http</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">raw</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="p">|</span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> POST /login HTTP/1.1 </span></span></span><span class="line"><span class="cl"><span class="sd"> Host: {{Hostname}} </span></span></span><span class="line"><span class="cl"><span class="sd"> Content-Type: application/json </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> {&#34;username&#34;:&#34;{{username}}&#34;,&#34;password&#34;:&#34;{{password}}&#34;}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">payloads</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">admin</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">administrator</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">admin123</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">password</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">attack</span><span class="p">:</span><span class="w"> </span><span class="l">clusterbomb</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="workflow-模板">Workflow 模板</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l">wordpress-workflow</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">info</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">WordPress Security Check</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">author</span><span class="p">:</span><span class="w"> </span><span class="l">your-name</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">workflows</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">template</span><span class="p">:</span><span class="w"> </span><span class="l">technologies/wordpress-detect.yaml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">subtemplates</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">template</span><span class="p">:</span><span class="w"> </span><span class="l">vulnerabilities/wordpress/*.yaml</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h2 id="實戰範例">實戰範例</h2> <h3 id="bug-bounty-流程">Bug Bounty 流程</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># 1. 子域名收集</span> </span></span><span class="line"><span class="cl">subfinder -d target.com -o subdomains.txt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 2. 存活檢測</span> </span></span><span class="line"><span class="cl">httpx -l subdomains.txt -o alive.txt </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 3. 漏洞掃描</span> </span></span><span class="line"><span class="cl">nuclei -l alive.txt -t cves/ -t vulnerabilities/ -severity critical,high -o findings.txt </span></span></code></pre></td></tr></table> </div> </div><h3 id="cicd-整合">CI/CD 整合</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># .github/workflows/security-scan.yml</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">Security Scan</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">on</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="l">push]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">jobs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">nuclei</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">runs-on</span><span class="p">:</span><span class="w"> </span><span class="l">ubuntu-latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">steps</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">projectdiscovery/nuclei-action@main</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">target</span><span class="p">:</span><span class="w"> </span><span class="l">https://example.com</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">templates</span><span class="p">:</span><span class="w"> </span><span class="l">cves/</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sarif-export</span><span class="p">:</span><span class="w"> </span><span class="l">nuclei.sarif</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="nt">uses</span><span class="p">:</span><span class="w"> </span><span class="l">github/codeql-action/upload-sarif@v3</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">with</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">sarif_file</span><span class="p">:</span><span class="w"> </span><span class="l">nuclei.sarif</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="自動化監控">自動化監控</h3> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span><span class="c1"># daily-scan.sh</span> </span></span><span class="line"><span class="cl">nuclei -l targets.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -t cves/ <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -severity critical,high <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -new-templates <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> -json -o <span class="s2">&#34;scans/</span><span class="k">$(</span>date +%Y%m%d<span class="k">)</span><span class="s2">.json&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 比對新發現</span> </span></span><span class="line"><span class="cl">diff scans/<span class="k">$(</span>date +%Y%m%d<span class="k">)</span>.json scans/<span class="k">$(</span>date -d <span class="s2">&#34;yesterday&#34;</span> +%Y%m%d<span class="k">)</span>.json </span></span></code></pre></td></tr></table> </div> </div><h2 id="常用模板分類">常用模板分類</h2> <table> <thead> <tr> <th>分類</th> <th>說明</th> </tr> </thead> <tbody> <tr> <td><code>cves/</code></td> <td>CVE 漏洞檢測</td> </tr> <tr> <td><code>vulnerabilities/</code></td> <td>已知漏洞</td> </tr> <tr> <td><code>exposures/</code></td> <td>敏感資訊洩露</td> </tr> <tr> <td><code>misconfiguration/</code></td> <td>錯誤設定</td> </tr> <tr> <td><code>default-logins/</code></td> <td>預設憑證</td> </tr> <tr> <td><code>takeovers/</code></td> <td>子域名接管</td> </tr> <tr> <td><code>technologies/</code></td> <td>技術偵測</td> </tr> </tbody> </table> <h2 id="相關連結">相關連結</h2> <ul> <li><a class="link" href="https://github.com/projectdiscovery/nuclei" target="_blank" rel="noopener" >GitHub Repository</a></li> <li><a class="link" href="https://github.com/projectdiscovery/nuclei-templates" target="_blank" rel="noopener" >模板庫</a></li> <li><a class="link" href="https://docs.projectdiscovery.io/tools/nuclei" target="_blank" rel="noopener" >官方文件</a></li> </ul> <h2 id="延伸閱讀">延伸閱讀</h2> <ul> <li><a class="link" href="https://astroicers.link/p/subfinder-subdomain-enumeration/" >Subfinder 子域名列舉工具</a></li> <li><a class="link" href="https://astroicers.link/p/ffuf-web-fuzzer/" >ffuf 網頁 Fuzzing 工具</a></li> <li><a class="link" href="https://astroicers.link/p/seclists-pentest-wordlists/" >SecLists 滲透測試字典</a></li> </ul>