Learn about supported input formats in Nuclei and how to use them
-u
flag:
Comma Separated list of values (ex: -u scanme.sh,127.0.0.1,AS1337,192.168.1.0/24
)
-l
flag:
File containing list of values (ex: -l urls.txt
)
cat urls.txt | nuclei
) or piped from other tools (ex: mytool | nuclei
)
https://projectdiscover.io
127.0.0.1
or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
192.168.1.0/24
AS1337
projectdiscovery.io
-l
flag and the format of the file needs to be passed via -input-mode
flag
JSONL
or YAML-MultiDoc
specification of Proxify can be used with Nuclei.
This means output of tools like Katana , Httpx etc. can be used with nuclei.
If you want to add support for a new format, please create a Pull Request to nuclei.
-ro
flag:
Parameters defined in OpenAPI schema can be optional or required. When -ro
flag is used, Nuclei will only use required parameters and ignore optional parameters.
-sfv
flag:
When -sfv
flag is used, nuclei will skip any and all requests that have missing parameters
-vars
flag. For example:
-v
flag (verbose mode), Nuclei will also log skipped optional parameters. For example:
-vars
flag or by temporarily specifiying them in auto-generated required_openapi_params.yaml
file.
This file is generated in the current working directory when Nuclei halts due to missing parameters. Here’s an example auto-generated required_openapi_params.yaml
file
required_openapi_params.yaml
file and it will be automatically picked up by Nuclei. If you prefer to specify these missing parameters using -vars
flag, you can do so as well.
required_openapi_params.yaml
is meant for temporary use and it will be deprecated in next release as we move towards our goal of ProjectDiscovery Standard Authentication Across Tools using secret
file-ro
flag is not used, it will use placeholder values depending on the data type of the parameter. For example:
If a parameter is of type string
then it will use string
as placeholder value, same goes for other known types including timestamps and datatypes.