Nuclei Template Creation:

This will be a summarization of the original nuclei template documentation which can be found here: https://nuclei.projectdiscovery.io/templating-guide/

This guide will explain and demonstrate the template creation process in a short and simplified way for better understanding.

Basic Template Details:

We all know that everything needs a unique identifier for themselves to make themselves easy to identify among other similar kinds. When we are in a school or university, our roll number or university registration number are our identifier by when school or university keep tracks of their students.

Similarly, these templates has a unique id by which they are generally identified. This should be the first line of our YAML template and the value of which will define our scan result.

id: nginx-version

The above picture shows how it reflects back in the output.

Next most important information is our details, something like name, address, education, contact number , etc. These templates have something similar to this, and these are generally included inside the info block.

Info block provides name, author, description, severity and tags. It also contain severity field which indicates the severity of the template, when it comes to severity it can be too easy to filter out results according to severity.

info:
  name: nginx version detect
  author: hacktifycs
  description: Some nginx servers have the version on the response header. Useful when you need to find specific CVEs on your targets.
  severity: info

This above block can be an example of information block. Where we can specify the above name, author, description, severity according to the requirement.

Another important attribute that can be added is tags. This allows you to set some custom tags to a template, depending on the purpose like cve, rce, git, etc

So now, as we have already discussed the most important details of nuclei template this is the time we want to introduce an awesome descriptive documentation for nuclei templates which can be found here:https://nuclei.projectdiscovery.io/templating-guide/

In this guide we will look more into the gist of each and every block and tags that should be considered by everyone who has or going to start developing nuclei templates.

Let's move on and start learning the core concept of developing nuclei templates.

HTTP:

HTTP (Hypertext Transfer Protocol) is a protocol which allows the fetching of resources, such as HTML documents, CSS files. It is the foundation of any data exchange on the Web and it is a client-server protocol, It is used for sending and getting data to and from server and modifying the data on server.

Now that you are aware of what HTTP is, Let us look at some major blocks we need to consider while developing a HTTP based template.

requests

requests: 
				{Contents of the block}

method

requests:
			- methods: GET/POST #Others can be implemented according to requirement.

path

path: "{{BaseURL}}/.git/config" 
#We can also curate the path according to our desired requirement.

redirects

redirects: true
max-redirects: 5
#There will be 5 max redirects if we specify this option


Awesome! Let's sum up everything so far and see how our template looks.

info:
  name: Simple Login Form
  author: hacktifycs
  description: A simple login setup.
  severity: info
requests:
  - method: GET
    path:
      - "{{BaseURL}}/login.php"
    redirects: true
    max-redirects: 3