nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities

  •        740

Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issue and grow the list. An overview of the nuclei template directory including number of templates associated with each directory.

https://github.com/projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei-templates

Tags
Implementation
License
Platform

   




Related Projects

nuclei - Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use

  •    Go

Nuclei is used to send requests across targets based on a template leading to zero false positives and providing fast scanning on large number of hosts. Nuclei offers scanning for a variety of protocols including TCP, DNS, HTTP, File, etc. With powerful and flexible templating, all kinds of security checks can be modelled with Nuclei. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 100 security researchers and engineers. It is preloaded with ready to use templates using -update-templates flag.

axiom - The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

  •    Shell

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security. Axiom works by pre-installing your tools of choice onto a 'base image', and then using that image to deploy fresh instances. From there, you can connect and instantly gain access to many tools useful for both bug hunters and pentesters. With the power of immutable infrastructure, most of which is done for you, you can just spin up 15 boxes, perform a distributed nmap/ffuf/screenshotting scan, and then shut them down.

StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

  •    Javascript

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool was created with a big focus on usability and graphical guidance in the user interface.

regula - Regula checks infrastructure as code templates (Terraform, CloudFormation) for AWS, Azure and Google Cloud security and compliance using Open Policy Agent/Rego

  •    Open

Regula is a tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment. Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, and Google Cloud Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.

email-templates - :mailbox: Create, preview, and send custom email templates for Node

  •    Javascript

Create, preview, and send custom email templates for Node.js. Highly configurable and supports automatic inline CSS, stylesheets, embedded images and fonts, and much more! Made for sending beautiful emails with Lad.NEW: v3.x is released (you'll need Node v6.4.0+); see breaking changes below. 2.x branch docs available if necessary.


HamlPy - A converter of HAML like templates into Django templates.

  •    Python

HamlPy (pronounced "haml pie") is a tool for Django developers who want to use a Haml like syntax for their templates. HamlPy is not a template engine in itself but simply a compiler which will convert HamlPy files into templates that Django can understand. But wait, what is Haml? Haml is an incredible template engine written in Ruby used a lot in the Rails community. You can read more about it here.

arm-ttk - Azure Resource Manager Template Toolkit

  •    PowerShell

The code in this repository can be used for analyzing and testing Azure Resource Manager Templates. The tests will check a template or set of templates for coding best practices. There are some checks for simple syntactical errors but the intent is not to re-implement tests or checks that are provided by the platform (e.g. the /validate api). For detailed instruction on how to use the arm-ttk, see this readme. More information can be found in the documentation.

ace - HTML template engine for Go

  •    Go

Ace is an HTML template engine for Go. This is inspired by Slim and Jade. This is a refinement of Gold.Ace fully utilizes the strength of the html/template package. You can embed actions of the template package in Ace templates. Ace also uses nested template definitions of the template package and Ace templates can pass pipelines (parameters) to other templates which they include.

Email Templates - Create, preview, and send custom email templates for Node.js

  •    Javascript

Create, preview, and send custom email templates for Node.js. Highly configurable and supports automatic inline CSS, stylesheets, embedded images and fonts, and much more! Made for sending beautiful emails with Lad. If you don't need this module to send your email, you can still use it to render HTML and/or text templates.

VosaoCMS - simple CMS for Google App Engine

  •    Java

Vosao (vo-za) is a content management system (CMS) that enables you to build web sites and online applications on the Google App Engine platform for Java.

gradle-appengine-templates - Freemarker based templates that build with the gradle-appengine-plugin

  •    FreeMarker

You can use Google App Engine backend templates hosted in this repository to add a backend to your existing (or new) Android application from Android Studio IDE.All of these backends are designed to be hosted on App Engine (which provides autoscaling and high-availability out-of-the-box), and can be used under App Engine's free resource quotas.

Handlebars.js - Minimal templating on steroids

  •    Javascript

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration. It is largely compatible with Mustache templates. In most cases it is possible to swap out Mustache with Handlebars and continue using your current templates. It compiles templates into JavaScript functions. This makes the template execution faster than most other template engines.

pac4j - The security engine to protect all your Java web applications

  •    Java

pac4j is a Java security engine to authenticate users, get their profiles and manage their authorizations in order to secure Java web applications. It supports most authentication mechanisms: OAuth (Facebook, Twitter, Google, Yahoo...), CAS, HTTP (form, basic auth...), OpenID, SAML, Google App Engine, OpenID Connect, JWT, LDAP, RDBMS, MongoDB and Stormpath and authorization checks.

varnish-3.0-configuration-templates - Configuration templates used for Varnish 3.0 implementations

  •    Perl

You can still use Varnish 3 of course, but there will be no more security or bug fixes to the Varnish 3.x release. It's probably wise to focus your Varnish adventures on the new varnish 4 VCL config template. You can use the configuration templates found in this repository to quickly get started with a complete Varnish configuration that offers support for most functionality. Start of by looking into "production.vcl" and taking the bits you need, copy it to your own default.vcl.

Apache JSPWiki - A feature-rich and extensible WikiWiki engine

  •    Java

A feature-rich and extensible WikiWiki engine built around the standard J2EE components (Java, servlets, JSP).

ppfuzz - A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

  •    Rust

ppfuzz uses chromiumoxide, which requires Chrome or Chromium browser to be installed. If the CHROME environment variable is set, then it'll use it as the default executable. Otherwise, the filenames google-chrome-stable, chromium, chromium-browser, chrome and chrome-browser are searched for in standard places. If that fails, /Applications/Google Chrome.app/... (on MacOS) or the registry (on Windows) is consulted. As you can see in the demo above (click to view in high-quality), ppfuzz attempts to check for prototype-pollution vulnerabilities by adding an object & pointer queries, if it's indeed vulnerable: it'll fingerprinting the script gadgets used and then display additional payload info that could potentially escalate its impact to XSS, bypass or cookie injection.

Mustachio - Lightweight, powerful, flavorful, template engine

  •    CSharp

A Lightweight, powerful, flavorful, templating engine for C# and other .net-based languages. Mustachio allows you to create simple text-based templates that are fast and safe to render. It's the heart of Postmark Templates, and we're ecstatic to provide it as Open Source to the .net community.

cfn-lint - CloudFormation Linter

  •    Python

Validate AWS CloudFormation yaml/json templates against the AWS CloudFormation Resource Specification and additional checks. Includes checking valid values for resource properties and best practices. This is an attempt to provide validation for AWS CloudFormation templates properties and their values. For values things can get pretty complicated (mappings, joins, splits, conditions, and nesting those functions inside each other) so it's a best effort to validate those values but the promise is to not fail if we can't understand or translate all the things that could be going on.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.