Revising Nuclei FAQ

projectdiscovery · Dec 12, 2023 · fc840dd · fc840dd
1 parent 3360e36
commit fc840dd
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 56 deletions.
diff --git a/mint.json b/mint.json
@@ -90,7 +90,8 @@
         "tools/nuclei/overview",
         "tools/nuclei/install",
         "tools/nuclei/running",
-        "tools/nuclei/faq"
+        "tools/nuclei/faq",
+        "tools/nuclei/faq-revision"
       ]
     },
     {

diff --git a/tools/nuclei/faq.mdx b/tools/nuclei/faq.mdx
@@ -1,25 +1,59 @@
 ---
 title: "Nuclei FAQ"
-description: "Common questions and answers about using Nuclei"
+description: "Common questions and answers about Nuclei"
 sidebarTitle: "FAQ"
 ---
+<Tip>If you have other issues to report we'd love to share those with the community. Please join our [Discord server](https://discord.gg/projectdiscovery), or reach out to us on [GitHub](https://github.com/projectdiscovery). </Tip>
 
-<AccordionGroup>
-  <Accordion title="What is nuclei?" icon="circle-info" iconType="solid">
-    Nuclei is a fast and customizable vulnerability scanner based on simple **YAML-based templates**.
-
-	It has two components, 1) [Nuclei](http://github.com/projectdiscovery/nuclei) engine - the core of the project allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. 2) Nuclei [templates](http://github.com/projectdiscovery/nuclei-templates) - ready-to-use **community-contributed** vulnerability templates.
+## General
 
-  </Accordion>
+Questions and answers on general topics for Nuclei. 
+
+<AccordionGroup>
+  <Accordion title="What is Nuclei?" icon="circle-info" iconType="solid">
+   Nuclei is a powerful open-source vulnerability scanner that is fast and customizable. It uses simple templates (YAML-based) that describe how to detect, prioritize, and remediate security vulnerabilities for the Nuclei scanning engine. 
+	 The two components, the [Nuclei engine](http://github.com/projectdiscovery/nuclei) - is the core of the project. It allows scripting HTTP / DNS / Network / Headless / File protocols based checks in a very simple to read-and-write YAML-based format. 
+   The Nuclei [templates](http://github.com/projectdiscovery/nuclei-templates) - are custom-created or ready-to-use **community-contributed** vulnerability templates.
+   </Accordion>
+
+  <Accordion title="What was the motivation to create Nuclei?" icon="circle-info" iconType="solid">
+   Nuclei was created to solve many of the limitations of traditional scanners, which always lacked the features to allow easy-to-write custom checks on top of their engine. 
+   Nuclei was built with a focus on simplicity, modularity, and the ability to scale scanning for many assets.
+
+   Ultimately, we wanted to create something simple enough to be used by everyone with the complexity to integrate well with the intricacies of the modern technical stack. 
+   Nuclei's features are implemented and tailored to allow rapid prototyping for complex security checks.
+   </Accordion>
+
+   <Accordion title="How well-maintained is this Nuclei?" icon="circle-info" iconType="solid">
+   Nuclei is actively maintained and supported by ProjectDiscovery. In general, we release every two weeks and continue to refine, update, and expand Nuclei and its associated capabilities. 
+   Our team also actively monitors for announcements about new CVEs, exploits, and other vulnerabilities to quickly provide a response to address those issues. 
+
+   We recently released Nuclei v3, [read more about that release on our blog.](https://blog.projectdiscovery.io/nuclei-v3-featurefusion/) 
+   </Accordion>
+
+   <Accordion title="How can I support/contribute to this project? 💙" icon="fire-flame-curved" iconType="solid">
+   Nuclei is open-source! The best way to support Nuclei is to contribute new templates.
+
+   In addition, we are always interested in hearing about how our community uses Nuclei to solve unique security problems and would love to discuss more. 
+   If you want to share the process of a solution you found in walk-through on our blog, we are happy to publish your guest post on the [ProjectDiscovery blog](https://blog.projectdiscovery.io).
+
+   Review more details about the project [through GitHub](https://github.com/projectdiscovery/nuclei-templates) or [reach out to us on Discord.](https://discord.com/servers/projectdiscovery-community-695645237418131507) 
+   </Accordion>
+
+</AccordionGroup>  
+
+## Usage 
+
+Question and answers about using Nuclei. 
 
-  <Accordion title="What was the genesis behind nuclei?" icon="circle-info" iconType="solid">
-    Traditional scanners always lacked the features to allow easy-to-write custom checks on top of their engine. And this is why we started developing Nuclei with a core focus on simplicity, modularity, and the ability to scan on many assets.
+<AccordionGroup>
 
-	We wanted something simple enough to be used by _**everyone**_ while complex enough to integrate into the modern web with its intricacies. The features implemented in nuclei are tailored to allow very rapid prototyping of complex security checks.
+  <Accordion title="How do I install Nuclei?" icon="circle-info" iconType="solid">
+  Nuclei can be installed with several different options including: Go, Brew, and Dccoker. Check out [the Nuclei install page](/tools/nuclei/install) for details on all of the options. 
   </Accordion>
 
-  <Accordion title="What modules does nuclei engine support?" icon="circle-info" iconType="solid">
-    Nuclei engine supports the following type of modules.
+  <Accordion title="What modules does Nuclei support?" icon="circle-info" iconType="solid">
+    Nuclei supports the following type of modules.
 
 	- [HTTP](/templates/protocols/http/)
 	- [DNS](/templates/protocols/dns/)
@@ -30,60 +64,77 @@ sidebarTitle: "FAQ"
 	- [FILE](/templates/protocols/file/)
   </Accordion>
 
-  <Accordion title="What kind of scans can I perform with nuclei?" icon="circle-info" iconType="solid">
-   Nuclei can be used to detect security vulnerabilities in **Web Applications**, **Networks**, **DNS** based misconfiguration, and **Secrets scanning** in source code or files on the local file system.
-  </Accordion>
-
-  <Accordion title="How well-maintained is this project?" icon="circle-info" iconType="solid">
-   The nuclei project is actively developed and maintained by the [ProjectDiscovery](https://projectdiscovery.io/#/) team, and generally releases every 2 weeks.
+  <Accordion title="What kind of scans can Nuclei perform?" icon="circle-info" iconType="solid">
+   Nuclei can detect security vulnerabilities in **Web Applications**, **Networks**, **DNS** based misconfiguration, and **Secrets scanning** in source code or in files on the local file system.
   </Accordion>
 
-  <Accordion title="How can I support/contribute to this project? 💙" icon="fire-flame-curved" iconType="solid">
-    To help keep project momentum, we request everyone to write and share new templates with the community in the [template project](https://github.com/projectdiscovery/nuclei-templates). Please help us maintain this public, ready to use, and up-to-date nuclei template repository.
-
-	If you found an interesting/unique security issue using nuclei and want to share the process walk-through in the form of a blog, we are happy to publish your guest post on the [ProjectDiscovery blog](https://blog.projectdiscovery.io).
+  <Accordion title="Where can I learn more about Nuclei Templates?" icon="circle-info" iconType="solid">
+  To learn more about Nuclei templates, check out [the GitHub repository](https://github.com/projectdiscovery/nuclei-templates), or and [explore additional documentation here](templates/introduction). 
   </Accordion>
 
-  <Accordion title="I found results with nuclei. When should I report it?" icon="triangle-exclamation" iconType="solid">
-    **Wait a minute** -- after nuclei detected a security issue, it's always advised to have a second look before reporting it. Here's a tip to confirm/validate the issues.
-
-    <Accordion title="How do I validate nuclei results?" icon="fire-flame-curved" iconType="solid">
-        Once nuclei finds a result, and you have vulnerable **target** and **template**, rerun the template with **`-debug`** flag to inspect the output against the expected matcher defined in the template. In this way, you can confirm the identified vulnerability.
-    </Accordion>
+  <Accordion title="What do I do with Nuclie scan results?" icon="triangle-exclamation" iconType="solid">
+  After detecting a security issue **we always recommend that you validate it a second time** before reporting it. 
+
+  **To validate:** 
+  If you have both a vulnerable target and template, rerun the template with `-debug` flag to inspect the output against the expected matcher defined in the template. Use this to confirm the identified vulnerability.
+
+  Once you confirm the result, report it!
   </Accordion>
 
-  <Accordion title="How much traffic does nuclei generate?" icon="triangle-exclamation" iconType="solid">
-    By default nuclei will make several thousand requests (both HTTP protocol and other services) against a single target when running **all nuclei-templates**. This stems from over 3500 nuclei templates in the [[template releases](https://github.com/projectdiscovery/nuclei-templates/releases/), with more added daily.
-
-    <Note>As default, few templates listed [here](https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore) are excluded from default scans.</Note>
+  <Accordion title="How much traffic does Nuclei generate?" icon="triangle-exclamation" iconType="solid">
+    By default, Nuclei will make several thousand requests (both HTTP protocol and other services) against a single target when running **all nuclei-templates**. 
+    This is the result of running over 3500 templates (_with an active and growing template library_). 
+
+    By default, [the following templates](https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore) are excluded from default scans.
   </Accordion>
 
-  <Accordion title="Is it safe to run nuclei?" icon="triangle-exclamation" iconType="solid">
-   We consider two factors to say **"safe"** in context of nuclei -
-
-    1. The **traffic** nuclei makes against the target website.
-    2. The **impact** templates have on the target website.
-
-    <Check>
-    **HTTP Traffic**
-
-    Nuclei usually makes fewer HTTP requests than the number of templates selected for a scan due to its intelligent request reduction. While some templates contain multiple requests, this rule generally holds true across most scan configurations.
-    </Check>
+  <Accordion title="Is it safe to run Nuclei?" icon="triangle-exclamation" iconType="solid">
+
+  We consider two factors for “safety” within the context of Nuclei. 
+
+   - The traffic Nuclei creates against the target 
+   - The impact templates have on the target 
+
+   **Traffic**
+
+   Nuclei usually makes fewer HTTP requests than the number of templates selected for a scan due to its intelligent request reduction. 
+   While some templates contain multiple requests, this rule holds true across most scan configurations.
+
+   **Templates**
+
+   The library of Nuclei templates houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system ([see the list here](https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore)). 
+
+   To ensure these templates are not run accidentally they are tagged and excluded from the default scan. These templates can be only executed when explicitly invoked using the `-itags` option.
+   </Accordion>
+
+   <Accordion title="What are the specifics for Nuclei's license?" icon="circle-info" iconType="solid">
+   Nuclei is an open-source project distributed under the [MIT License](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md).
+   </Accordion>
 
-    <Check>
-    **Safe Templates**
+   <Accordion title="What do I do if I have more questions? 🙋" icon="circle-info" iconType="solid">
+   Please join our [Discord server](https://discord.gg/projectdiscovery), or contact us via [Twitter](http://twitter.com/pdnuclei).
+   </Accordion>
+</AccordionGroup>
 
-    The nuclei templates project houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see [the list here](https://github.com/projectdiscovery/nuclei-templates/blob/master/.nuclei-ignore)). To ensure  these templates are not accidentally run, they are tagged and excluded them from the default scan. These templates can be only executed when explicitly invoked using the `-itags` option.
-    </Check>
+## Troubleshooting
 
-  </Accordion>
+Questions and answers about troubleshooting scenarios for Nuclei. 
 
-  <Accordion title="What is nuclei's license?" icon="circle-info" iconType="solid">
-   Nuclei is an open-source project distributed under the [MIT License](https://github.com/projectdiscovery/nuclei/blob/master/LICENSE.md).
-  </Accordion>
-
-  <Accordion title="I have more questions! 🙋" icon="circle-info" iconType="solid">
-   Please join our [Discord server](https://discord.gg/projectdiscovery), or contact us via [Twitter](http://twitter.com/pdnuclei).
+<AccordionGroup>
+  <Accordion title="Why is Nuclei(Template) being flagged as malware? " icon="triangle-exclamation" iconType="solid">
+  Nuclei uses templates to scan for potential vulnerabilities. These templates are files that contain information on identifying certain types of vulnerabilities. 
+  Think of the templates as a building blueprint. On its own a blueprint cannot cause harm, as it only describes how a building or construct (in this example, a vulnerability) can be built or identified. 
+
+  **For example:**
+   - `Webshell.Generic.118` is  a template to check for the vulnerability CVE-2017-12615, which is a specific vulnerability in some versions of Apache Tomcat.
+   - `Backdoor.Generic.LinuxTsunami` is a template that can identify the infamous Linux Tsunami backdoor if it were present on a system.
+   - `kingdee-erp-rce.yaml` is a template designed to identify a remote code execution vulnerability in Kingdee ERP software.
+
+ These files are being flagged as **malware** by anti-malware solutions because they contain patterns that match known vulnerabilities. 
+ It's similar to a textbook on viruses being detected as an actual virus.
+
+  Remember, these templates can't "harm" your computer, they are not executing any malicious code on your system. 
+  However, if used as part of a vulnerability scanning process against an insecure system, they could help identify weaknesses.
   </Accordion>
 
   <Accordion title="Missing dependencies in headless mode on Linux" icon="triangle-exclamation" iconType="solid">
@@ -132,4 +183,4 @@ sidebarTitle: "FAQ"
 	snap install chromium
 	```
   </Accordion>
-</AccordionGroup>
+</AccordionGroup>