
English •
中文 •
Korean •
Indonesia •
Spanish •
日本語 •
Portuguese •
Türkçe
Nuclei es un escáner de vulnerabilidades moderno y de alto rendimiento que aprovecha plantillas simples basadas en YAML. Te permite diseñar escenarios personalizados de detección de vulnerabilidades que imitan condiciones del mundo real, logrando cero falsos positivos.
Primeros Pasos1. Nuclei CLI2. Ediciones Pro y EnterpriseDocumentaciónBanderas de Línea de ComandosEscaneo de un solo objetivoEscaneo de múltiples objetivosEscaneo de redEscaneo con tu plantilla personalizadaConectar Nuclei a ProjectDiscoveryPlantillas de Nuclei, Comunidad y Recompensas 💎Nuestra MisiónColaboradores ❤LicenciaInstala Nuclei en tu máquina. Comienza siguiendo la guía de instalación aquí. Adicionalmente, ofrecemos una capa gratuita en la nube con generosos límites mensuales gratuitos:
[!Important] |Este proyecto está en desarrollo activo. Espera cambios incompatibles entre versiones. Revisa el changelog antes de actualizar.| |:--------------------------------| | Este proyecto está construido principalmente para ser utilizado como herramienta CLI independiente. Ejecutar nuclei como servicio puede suponer riesgos de seguridad. Se recomienda usarlo con precaución y medidas de seguridad adicionales. |
Para equipos de seguridad y empresas, ofrecemos un servicio alojado en la nube construido sobre Nuclei OSS, optimizado para ayudarte a ejecutar escaneos de vulnerabilidades de forma continua y a escala con tu equipo y flujos de trabajo existentes:
añadiendo nuevas funcionalidades!Regístrate en Pro o habla con nuestro equipo si tienes una organización grande y requisitos complejos.
Consulta la documentación completa de Nuclei aquí. Si eres nuevo en Nuclei, mira nuestra serie introductoria en YouTube.
nuclei requiere go >= 1.24.2 para instalarse correctamente. Ejecuta el siguiente comando para obtener el repositorio:
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
Para saber más sobre cómo instalar nuclei, consulta https://docs.projectdiscovery.io/tools/nuclei/install.
Para mostrar todas las banderas de la herramienta:
nuclei -h
Expandir todas las banderas de ayuda
```yaml Nuclei is a fast, template based vulnerability scanner focusing on extensive configurability, massive extensibility and ease of use.
Usage: ./nuclei [flags]
Flags: TARGET: -u, -target string[] target URLs/hosts to scan -l, -list string path to file containing a list of target URLs/hosts to scan (one per line) -eh, -exclude-hosts string[] hosts to exclude to scan from the input list (ip, cidr, hostname) -resume string resume scan from and save to specified file (clustering will be disabled) -sa, -scan-all-ips scan all the IP's associated with dns record -iv, -ip-version string[] IP version to scan of hostname (4,6) - (default 4)
TARGET-FORMAT: -im, -input-mode string mode of input file (list, burp, jsonl, yaml, openapi, swagger) (default "list") -ro, -required-only use only required fields in input format when generating requests -sfv, -skip-format-validation skip format validation (like missing vars) when parsing input file
TEMPLATES: -nt, -new-templates run only new templates added in latest nuclei-templates release -ntv, -new-templates-version string[] run new templates added in specific version -as, -automatic-scan automatic web scan using wappalyzer technology detection to tags mapping -t, -templates string[] list of template or template directory to run (comma-separated, file) -turl, -template-url string[] template url or list containing template urls to run (comma-separated, file) -ai, -prompt string generate and run template using ai prompt -w, -workflows string[] list of workflow or workflow directory to run (comma-separated, file) -wurl, -workflow-url string[] workflow url or list containing workflow urls to run (comma-separated, file) -validate validate the passed templates to nuclei -nss, -no-strict-syntax disable strict syntax check on templates -td, -template-display displays the templates content -tl list all templates matching current filters -tgl list all available tags -sign signs the templates with the private key defined in NUCLEI_SIGNATURE_PRIVATE_KEY env variable -code enable loading code protocol-based templates -dut, -disable-unsigned-templates disable running unsigned templates or templates with mismatched signature -esc, -enable-self-contained enable loading self-contained templates -egm, -enable-global-matchers enable loading global matchers templates -file enable loading file templates
FILTERING: -a, -author string[] templates to run based on authors (comma-separated, file) -tags string[] templates to run based on tags (comma-separated, file) -etags, -exclude-tags string[] templates to exclude based on tags (comma-separated, file) -itags, -include-tags string[] tags to be executed even if they are excluded either by default or configuration -id, -template-id string[] templates to run based on template ids (comma-separated, file, allow-wildcard) -eid, -exclude-id string[] templates to exclude based on template ids (comma-separated, file) -it, -include-templates string[] path to template file or directory to be executed even if they are excluded either by default or configuration -et, -exclude-templates string[] path to template file or directory to exclude (comma-separated, file) -em, -exclude-matchers string[] template matchers to exclude in result -s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical, unknown -es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown -pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript -ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript -tc, -template-condition string[] templates to run based on expression condition
OUTPUT: -o, -output string output file to write found issues/vulnerabilities -sresp, -store-resp store all request/response passed through nuclei to output directory -srd, -store-resp-dir string store all request/response passed through nuclei to custom directory (default "output") -silent display findings only -nc, -no-color disable output content coloring (ANSI escape codes) -j, -jsonl write output in JSONL(ines) format -irr, -include-rr -omit-raw include request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only) [DEPRECATED use -omit-raw] (default true) -or, -omit-raw omit request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only) -ot, -omit-template omit encoded template in the JSON, JSONL output -nm, -no-meta disable printing result metadata in cli output -ts, -timestamp enables printing timestamp in cli output -rdb, -report-db string nuclei reporting database (always use this to persist report data) -ms, -matcher-status display match failure status -me, -markdown-export string directory to export results in markdown format -se, -sarif-export string file to export results in SARIF format -je, -json-export string file to export results in JSON format -jle, -jsonl-export string file to export results in JSONL(ine) format -rd, -redact string[] redact given list of keys fro
$ claude mcp add nuclei \
-- python -m otcore.mcp_server <graph>