Skip to main content

Installations

Install Go

ProjectDiscovery runs on any operating system that supports Go, but this example uses Linux. For instructions on installing Go for an OS besides Linux check out this post on our blog or refer to the installation instructions available through the Go website.
1

Get the latest version

Download and install the latest version of Go.
2

Verify the version

After downloading and installing run go version to verify that you are running the latest version (v 1.21 at the time of writing)

Update your $PATH

PATH is an environment variable on UNIX systems to define which directories contain executable programs. The variable is set within the config file for your particular shell. To run Nuclei the folder where it resides needs to be in the PATH. ProjectDiscovery binaries are stored in the go/bin directory which is usually in the home directory. Note: This folder is not automatically added to your PATH. Refer to the steps below to update it manually.
1

Verify your GOPATH

To verify your GOPATH Run go env | grep GOPATH in your terminal and copy the output path. You may need to add a /bin to the end of this path for it to work correctly.
2

Open your shell config file

Open the shell config file for your shell in an editor (this example refers to nano). The command is nano ~/.zshrc for zsh or nano ~/.bashrc for bash.At the bottom of the file, add export PATH=”$PATH:insert/go/path/here/bin”, replacing insert/go/path/here with the GOPATH from Step 1.
3

Reset your terminal

Run source ~/.zshrc or source~/.bashrc to reset your terminal and reload it with the new config added. You can also just close your terminal and open it again for this to take effect.
4

Verify your updated PATH

Your PATH should be updated. Type $PATH to check that the go binary directory is added to the end.

Install Nuclei

Before we jump into the installation here’s a quick high-level overview of what Nuclei and templates are all about! What is Nuclei? Nuclei is a community-powered vulnerability scanner that uses templates to identify vulnerabilities in your assets. As an open-source tool, it has the benefit of a huge community of users and contributors who have helped to create a vast library of templates. Templates, are YAML files used to define what is scanned by Nuclei. The template library includes many options and customizations, and supports any templates you create to meet your requirements.
1

Install Nuclei with Go

From your terminal run the following command go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
2

Confirm installation

To confirm installation, on your terminal run nuclei -h to see the list of options and flags available.

Sample Nuclei Output

Run a Scan

In this example we’re going to run a scan with a testing host that we use to detect weak template matchers with sample vulnerabilities and sample results. We’ll be using the test URL(http://honey.scanme.sh/) to demonstrate the expected scan behavior and walk you through some results.

Scan your host

To scan your target host, on your terminal, run nuclei -u http://honey.scanme.sh/. The -u option specifies the target you want to scan with all available templates.

View results

Here we have an example (edited for easier readability)

Understanding your results

If you examine the following line of output [mismatched-ssl-certificate] [ssl] [low] scanme.sh:443 [CN: scanme] The fields are as follows:
  • [mismatched-ssl-certificate] is the template-id for the finding
  • [ssl] is the protocol associated with the finding
  • [low] is the severity associated with the finding
  • Scanme.sh:443 is the output (in this case the host that the finding applies to)
  • [CN: scanme] - This output also includes an extracted value, which is not typically in all templates but does show an example of some of the other types of output you might see.
So, for each line of output from our scan the data format is as follows: [template-id] [protocol] [severity] output (impacted host, etc) Other examples:

What’s Next

Take a look at the “What’s Next” section for suggestions on what to explore next.