-
如何细粒度控制nuclei、naabu参数?$ cat config/config.json {
"tomcatuserpass": "brute/dicts/tomcatuserpass.txt",
"jbossuserpass": "brute/dicts/jbossuserpass.txt",
"weblogicuserpass": "brute/dicts/weblogicuserpass.txt",
"filedic": "brute/dicts/filedic.txt",
"top100pass": "brute/dicts/top100pass.txt",
"bakSuffix": "brute/dicts/bakSuffix.txt",
"fuzzct": "brute/dicts/fuzzContentType1.txt",
"fuzz404": "brute/dicts/fuzz404.txt",
"page404Content1": "brute/dicts/page404Content.txt",
"eHoleFinger": "pkg/fingerprint/dicts/eHoleFinger.json",
"localFinger": "pkg/fingerprint/dicts/localFinger.json",
"nmap": "nmap -n --unique --resolve-all -Pn --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate 10000 -T4",
"HydraUser": "",
"HydraPass": "",
"UrlPrecise": true,
"EnableSubfinder": false,
"naabu_dns": {},
"naabu": {"TopPorts": "1000"},
"nuclei": {},
"httpx": {}
}nuclei 可用参数都有哪些?type Options struct {
// Tags contains a list of tags to execute templates for. Multiple paths
// can be specified with -l flag and -tags can be used in combination with
// the -l flag.
Tags goflags.FileNormalizedStringSlice
// ExcludeTags is the list of tags to exclude
ExcludeTags goflags.FileNormalizedStringSlice
// Workflows specifies any workflows to run by nuclei
Workflows goflags.FileOriginalNormalizedStringSlice
// WorkflowURLs specifies URLs to a list of workflows to use
WorkflowURLs goflags.FileOriginalNormalizedStringSlice
// Templates specifies the template/templates to use
Templates goflags.FileOriginalNormalizedStringSlice
// TemplateURLs specifies URLs to a list of templates to use
TemplateURLs goflags.FileOriginalNormalizedStringSlice
// RemoteTemplates specifies list of allowed URLs to load remote templates from
RemoteTemplateDomainList goflags.StringSlice
// ExcludedTemplates specifies the template/templates to exclude
ExcludedTemplates goflags.FileOriginalNormalizedStringSlice
// CustomHeaders is the list of custom global headers to send with each request.
CustomHeaders goflags.FileStringSlice
// Vars is the list of custom global vars
Vars goflags.RuntimeMap
// vars to use as iterative payload
varsPayload map[string]interface{}
// Severities filters templates based on their severity and only run the matching ones.
Severities severity.Severities
// ExcludeSeverities specifies severities to exclude
ExcludeSeverities severity.Severities
// Authors filters templates based on their author and only run the matching ones.
Authors goflags.FileNormalizedStringSlice
// Protocols contains the protocols to be allowed executed
Protocols types.ProtocolTypes
// ExcludeProtocols contains protocols to not be executed
ExcludeProtocols types.ProtocolTypes
// IncludeTags includes specified tags to be run even while being in denylist
IncludeTags goflags.FileNormalizedStringSlice
// IncludeTemplates includes specified templates to be run even while being in denylist
IncludeTemplates goflags.FileOriginalNormalizedStringSlice
// IncludeIds includes specified ids to be run even while being in denylist
IncludeIds goflags.FileNormalizedStringSlice
// ExcludeIds contains templates ids to not be executed
ExcludeIds goflags.FileNormalizedStringSlice
InternalResolversList []string // normalized from resolvers flag as well as file provided.
// ProjectPath allows nuclei to use a user defined project folder
ProjectPath string
// InteractshURL is the URL for the interactsh server.
InteractshURL string
// Interactsh Authorization header value for self-hosted servers
InteractshToken string
// Target URLs/Domains to scan using a template
Targets goflags.StringSlice
// TargetsFilePath specifies the targets from a file to scan using templates.
TargetsFilePath string
// Resume the scan from the state stored in the resume config file
Resume string
// Output is the file to write found results to.
Output string
// ProxyInternal requests
ProxyInternal bool
// List of HTTP(s)/SOCKS5 proxy to use (comma separated or file input)
Proxy goflags.NormalizedOriginalStringSlice
// TemplatesDirectory is the directory to use for storing templates
TemplatesDirectory string
// TraceLogFile specifies a file to write with the trace of all requests
TraceLogFile string
// ErrorLogFile specifies a file to write with the errors of all requests
ErrorLogFile string
// ReportingDB is the db for report storage as well as deduplication
ReportingDB string
// ReportingConfig is the config file for nuclei reporting module
ReportingConfig string
// MarkdownExportDirectory is the directory to export reports in Markdown format
MarkdownExportDirectory string
// SarifExport is the file to export sarif output format to
SarifExport string
// ResolversFile is a file containing resolvers for nuclei.
ResolversFile string
// StatsInterval is the number of seconds to display stats after
StatsInterval int
// MetricsPort is the port to show metrics on
MetricsPort int
// MaxHostError is the maximum number of errors allowed for a host
MaxHostError int
// BulkSize is the of targets analyzed in parallel for each template
BulkSize int
// TemplateThreads is the number of templates executed in parallel
TemplateThreads int
// HeadlessBulkSize is the of targets analyzed in parallel for each headless template
HeadlessBulkSize int
// HeadlessTemplateThreads is the number of headless templates executed in parallel
HeadlessTemplateThreads int
// Timeout is the seconds to wait for a response from the server.
Timeout int
// Retries is the number of times to retry the request
Retries int
// Rate-Limit is the maximum number of requests per specified target
RateLimit int
// Rate-Limit is the maximum number of requests per minute for specified target
RateLimitMinute int
// PageTimeout is the maximum time to wait for a page in seconds
PageTimeout int
// InteractionsCacheSize is the number of interaction-url->req to keep in cache at a time.
InteractionsCacheSize int
// InteractionsPollDuration is the number of seconds to wait before each interaction poll
InteractionsPollDuration int
// Eviction is the number of seconds after which to automatically discard
// interaction requests.
InteractionsEviction int
// InteractionsCoolDownPeriod is additional seconds to wait for interactions after closing
// of the poller.
InteractionsCoolDownPeriod int
// MaxRedirects is the maximum numbers of redirects to be followed.
MaxRedirects int
// FollowRedirects enables following redirects for http request module
FollowRedirects bool
// OfflineHTTP is a flag that specific offline processing of http response
// using same matchers/extractors from http protocol without the need
// to send a new request, reading responses from a file.
OfflineHTTP bool
// StatsJSON writes stats output in JSON format
StatsJSON bool
// Headless specifies whether to allow headless mode templates
Headless bool
// ShowBrowser specifies whether the show the browser in headless mode
ShowBrowser bool
// UseInstalledChrome skips chrome install and use local instance
UseInstalledChrome bool
// SystemResolvers enables override of nuclei's DNS client opting to use system resolver stack.
SystemResolvers bool
// Metrics enables display of metrics via an http endpoint
Metrics bool
// Debug mode allows debugging request/responses for the engine
Debug bool
// DebugRequests mode allows debugging request for the engine
DebugRequests bool
// DebugResponse mode allows debugging response for the engine
DebugResponse bool
// LeaveDefaultPorts skips normalization of default ports
LeaveDefaultPorts bool
// AutomaticScan enables automatic tech based template execution
AutomaticScan bool
// Silent suppresses any extra text and only writes found URLs on screen.
Silent bool
// Version specifies if we should just show version and exit
Version bool
// Validate validates the templates passed to nuclei.
Validate bool
// Verbose flag indicates whether to show verbose output or not
Verbose bool
VerboseVerbose bool
// No-Color disables the colored output.
NoColor bool
// UpdateTemplates updates the templates installed at startup
UpdateTemplates bool
// JSON writes json output to files
JSON bool
// JSONRequests writes requests/responses for matches in JSON output
JSONRequests bool
// EnableProgressBar enables progress bar
EnableProgressBar bool
// TemplatesVersion shows the templates installed version
TemplatesVersion bool
// TemplateList lists available templates
TemplateList bool
// HangMonitor enables nuclei hang monitoring
HangMonitor bool
// Stdin specifies whether stdin input was given to the process
Stdin bool
// StopAtFirstMatch stops processing template at first full match (this may break chained requests)
StopAtFirstMatch bool
// Stream the input without sorting
Stream bool
// NoMeta disables display of metadata for the matches
NoMeta bool
// NoTimestamp disables display of timestamp for the matcher
NoTimestamp bool
// Project is used to avoid sending same HTTP request multiple times
Project bool
// NewTemplates only runs newly added templates from the repository
NewTemplates bool
// NoInteractsh disables use of interactsh server for interaction polling
NoInteractsh bool
// UpdateNuclei checks for an update for the nuclei engine
UpdateNuclei bool
// NoUpdateTemplates disables checking for nuclei templates updates
NoUpdateTemplates bool
// EnvironmentVariables enables support for environment variables
EnvironmentVariables bool
// MatcherStatus displays optional status for the failed matches as well
MatcherStatus bool
// ClientCertFile client certificate file (PEM-encoded) used for authenticating against scanned hosts
ClientCertFile string
// ClientKeyFile client key file (PEM-encoded) used for authenticating against scanned hosts
ClientKeyFile string
// ClientCAFile client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
ClientCAFile string
// Use ZTLS library
ZTLS bool
// ShowMatchLine enables display of match line number
ShowMatchLine bool
// EnablePprof enables exposing pprof runtime information with a webserver.
EnablePprof bool
// StoreResponse stores received response to output directory
StoreResponse bool
// StoreResponseDir stores received response to custom directory
StoreResponseDir string
// DisableRedirects disables following redirects for http request module
DisableRedirects bool
// SNI custom hostname
SNI string
}httpx 可用参数都有哪些?type Options struct {
CustomHeaders customheader.CustomHeaders
CustomPorts customport.CustomPorts
matchStatusCode []int
matchContentLength []int
filterStatusCode []int
filterContentLength []int
Output string
StoreResponseDir string
HTTPProxy string
SocksProxy string
InputFile string
Methods string
RequestURI string
RequestURIs string
requestURIs []string
OutputMatchStatusCode string
OutputMatchContentLength string
OutputFilterStatusCode string
OutputFilterContentLength string
InputRawRequest string
rawRequest string
RequestBody string
OutputFilterString string
OutputMatchString string
OutputFilterRegex string
OutputMatchRegex string
Retries int
Threads int
Timeout int
filterRegex *regexp.Regexp
matchRegex *regexp.Regexp
VHost bool
VHostInput bool
Smuggling bool
ExtractTitle bool
StatusCode bool
Location bool
ContentLength bool
FollowRedirects bool
StoreResponse bool
JSONOutput bool
CSVOutput bool
Silent bool
Version bool
Verbose bool
NoColor bool
OutputServerHeader bool
OutputWebSocket bool
responseInStdout bool
chainInStdout bool
FollowHostRedirects bool
MaxRedirects int
OutputMethod bool
TLSProbe bool
CSPProbe bool
OutputContentType bool
OutputIP bool
OutputCName bool
Unsafe bool
Debug bool
DebugRequests bool
DebugResponse bool
Pipeline bool
HTTP2Probe bool
OutputCDN bool
OutputResponseTime bool
NoFallback bool
NoFallbackScheme bool
TechDetect bool
TLSGrab bool
protocol string
ShowStatistics bool
StatsInterval int
RandomAgent bool
StoreChain bool
Deny customlist.CustomList
Allow customlist.CustomList
MaxResponseBodySizeToSave int
MaxResponseBodySizeToRead int
OutputExtractRegex string
RateLimit int
RateLimitMinute int
Probe bool
Resume bool
resumeCfg *ResumeCfg
ExcludeCDN bool
HostMaxErrors int
Stream bool
SkipDedupe bool
ProbeAllIPS bool
Resolvers goflags.NormalizedStringSlice
Favicon bool
OutputFilterFavicon goflags.NormalizedStringSlice
OutputMatchFavicon goflags.NormalizedStringSlice
LeaveDefaultPorts bool
OutputLinesCount bool
OutputMatchLinesCount string
matchLinesCount []int
OutputFilterLinesCount string
filterLinesCount []int
OutputWordsCount bool
OutputMatchWordsCount string
matchWordsCount []int
OutputFilterWordsCount string
filterWordsCount []int
Hashes string
Jarm bool
Asn bool
//
CeyeApi string
CeyeDomain string
NoPOC bool
}naabu 可用参数都有哪些?type Options struct {
Verbose bool // Verbose flag indicates whether to show verbose output or not
NoColor bool // No-Color disables the colored output
JSON bool // JSON specifies whether to use json for output format or text file
Silent bool // Silent suppresses any extra text and only writes found host:port to screen
Stdin bool // Stdin specifies whether stdin input was given to the process
Verify bool // Verify is used to check if the ports found were valid using CONNECT method
Version bool // Version specifies if we should just show version and exit
Ping bool // Ping uses ping probes to discover fastest active host and discover dead hosts
Debug bool // Prints out debug information
ExcludeCDN bool // Excludes ip of knows CDN ranges for full port scan
Nmap bool // Invoke nmap detailed scan on results
InterfacesList bool // InterfacesList show interfaces list
Retries int // Retries is the number of retries for the port
Rate int // Rate is the rate of port scan requests
Timeout int // Timeout is the seconds to wait for ports to respond
WarmUpTime int // WarmUpTime between scan phases
Host goflags.NormalizedStringSlice // Host is the single host or comma-separated list of hosts to find ports for
HostsFile string // HostsFile is the file containing list of hosts to find port for
Output string // Output is the file to write found ports to.
Ports string // Ports is the ports to use for enumeration
PortsFile string // PortsFile is the file containing ports to use for enumeration
ExcludePorts string // ExcludePorts is the list of ports to exclude from enumeration
ExcludeIps string // Ips or cidr to be excluded from the scan
ExcludeIpsFile string // File containing Ips or cidr to exclude from the scan
TopPorts string // Tops ports to scan
SourceIP string // SourceIP to use in TCP packets
Interface string // Interface to use for TCP packets
ConfigFile string // Config file contains a scan configuration
NmapCLI string // Nmap command (has priority over config file)
Threads int // Internal worker threads
EnableProgressBar bool // Enable progress bar
ScanAllIPS bool // Scan all the ips
ScanType string // Scan Type
Proxy string // Socks5 proxy
Resolvers string // Resolvers (comma separated or file)
baseResolvers []string
OnResult OnResultCallback // OnResult callback
CSV bool
StatsInterval int // StatsInterval is the number of seconds to display stats after
Resume bool
ResumeCfg *ResumeCfg
Stream bool
Passive bool
//
CeyeApi string
CeyeDomain string
NoPOC bool
} |
Beta Was this translation helpful? Give feedback.
Answered by
hktalent
Jun 23, 2022
Replies: 1 comment
Answer selected by
hktalent
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
end