Nuclei: Attack Surface with Faraday

In Security, the concept of attack-surface refers to the set of entry points that an attacker can use to access a system or application and carry out an attack. In other words, it is the complete map in which a system or application can be violated. They may include software vulnerabilities, insecure configurations, unauthorized access, open ports, application programming interfaces (APIs), among others. The larger the attack surface of a system or application, the greater the risk that an attacker could exploit a vulnerability and compromise the security of the system.

It is important that security teams understand this within the systems and applications they manage so that they can identify and mitigate potential security risks. This involves analyzing and evaluating the different ways an attacker can try to break into a system, and taking steps to reduce potential attacks and increase security accordingly.

Tools like Faraday can be useful to carry out attack-surface processes, managing to centralize vulnerability management so that security teams can visualize, analyze and mitigate security risks in a single platform.

Faraday integrates different vulnerability scanning and security project management tools, allowing security teams to have a complete view of the attack surface of a system or application and be able to make informed decisions on how to mitigate security risk

Nuclei is an open source security scanning tool that allows you to automate vulnerability detection in web applications and services. With an extensive library of test templates, Nuclei can detect a variety of common vulnerabilities, including SQL injection, XSS, and Misconfiguration, among others. Additionally, Nuclei is easy to use and customizable, making it a great choice for any security team looking for an efficient and reliable vulnerability detection solution.

To run Nuclei is very easy. Simply by running the following command you can start detecting vulnerabilities on a website:

# nuclei -u <URL> -t <template>

Where <URL> is the web address of the site you want to scan, and <template> is the name of the template you want to use to search for specific vulnerabilities on the site.

For example, if you want to scan a website for SQL injection vulnerabilities, you can run the following command:

# nuclei -u <URL> -t sql-injection

This command will use the SQL injection template to scan the site you specified for vulnerabilities.

There are many other templates that you can use to scan different types of vulnerabilities on different types of websites. I recommend you to explore the Nuclei library and see what is the best that suits your tests.

If you didn’t have time, don’t worry, we leave you some of the Nuclei templates that can be useful and effective:

– cves: This template focuses on searching for known vulnerabilities using the CVEdatabases. It is very useful for searching for vulnerabilities in web applications and services.

– subdomain-takeover: This template focuses on searching for subordinate domains (subdomains) that can be taken over by an attacker. It is very useful for identifying domains that are pointing to services that no longer exist or to resources that are no longer available.

– exposed-panels: This template focuses on finding administration panels and other resources that are publicly exposed. It is very useful for identifying administration panels that may be vulnerable to brute force attacks or SQL injection attacks.

– default-logins: This template focuses on searching for services that are using default credentials. It is very useful for identifying services that may be vulnerable to brute force attacks.

– open-redirect: This template focuses on looking for open redirect vulnerabilities in web applications. It is very useful for identifying web applications that may be vulnerable to phishing attacks.

If you want to do all of this quickly and intuitively, sign up to Faraday and use our Firstscan agent that runs attack-surface tools including Nuclei without installing and configuring anything.

In this documentation we show you how to execute commands from our First Scan agent with 2 clicks!