Nuclei Template Editor has AI to generate templates for vulnerability reports. This document helps to guide you through the process, offering you usage tips and examples.

Overview

Powered by public Nuclei templates and a rich CVE data set, the AI understands a broad array of security vulnerabilities. First, the system interprets the user’s prompt to identify a specific vulnerability. Then, it generates a template based on the steps required to reproduce the vulnerability along with all the necessary meta information to reproduce and remediate.

Initial Setup

Kick start your AI Assistance experience with these steps:

  1. Provide Detailed Information: Construct comprehensive Proof of Concepts (PoCs) for vulnerabilities like Cross-Site Scripting (XSS), and others.
  2. Understand the Template Format: Get to grips with the format to appropriately handle and modify the generated template.
  3. Validation and Linting: Utilize the integrated linter to guarantee the template’s validity.
  4. Test the Template: Evaluate the template against a test target ensuring its accuracy.

Best Practices

  • Precision Matters: Detailed prompts yield superior templates.
  • Review and Validate: Consistently check matchers’ accuracy.
  • Template Verification: Validate the template on known vulnerable targets before deployment.

Example Prompts

The following examples demonstrate different vulnerabilities and the corresponding Prompt.

Each of these examples provides HTTP Requests and Responses to illustrate the vulnerabilities.

Limitations

Please note that the current AI is trained primarily on HTTP data. Template generation for non-HTTP protocols is not supported at this time. Support for additional protocols is under development and will be available soon.