1
00:00:07,260 --> 00:00:10,860
All right, so the last lecture we talked about goes spider and hack crawlers.

2
00:00:11,190 --> 00:00:16,260
Now we're going to get into nuclei and I'd like to think of this as an alternative to the EMAP scanners.

3
00:00:16,650 --> 00:00:17,010
Right.

4
00:00:17,420 --> 00:00:20,850
Just give you another way to run vulnerability scans against targets.

5
00:00:21,720 --> 00:00:23,610
You scroll down here, you can see there's a bunch of templates.

6
00:00:23,610 --> 00:00:31,110
You can use the controllers template, download the templates.

7
00:00:32,010 --> 00:00:32,850
Yeah, here they are.

8
00:00:34,860 --> 00:00:36,930
So you can see these are some of the templates that you can use.

9
00:00:37,440 --> 00:00:41,310
And you can see there's a lot of templates here and a lot of this is active.

10
00:00:41,580 --> 00:00:41,790
Right.

11
00:00:41,820 --> 00:00:44,640
This committee was two hours ago, two hours, two days ago.

12
00:00:44,890 --> 00:00:49,770
This is a project that has a lot of support and is actively being maintained by Project Discovery.

13
00:00:50,400 --> 00:00:53,850
So one of the things about nuclear that's really nice is the takeover's template.

14
00:00:55,390 --> 00:00:57,890
You can see there's just a ton of takeover templates here.

15
00:00:58,120 --> 00:00:59,470
For example, if we click on one of these.

16
00:01:00,470 --> 00:01:04,910
You can actually see what it's doing, this is related to subdomain takeover's, right?

17
00:01:04,940 --> 00:01:06,700
You can see the reference and you can see what it's doing.

18
00:01:06,710 --> 00:01:12,890
It's looking for a base here along the path and it's looking for these words, right, to find these

19
00:01:12,890 --> 00:01:13,240
matches.

20
00:01:13,250 --> 00:01:15,510
Then it's going to tell you that this is probably vulnerable.

21
00:01:16,370 --> 00:01:20,210
So there's a lot of a lot of goodness in nuclei.

22
00:01:20,950 --> 00:01:27,140
I really want to show you guys how to use it because it is becoming the premier tool for bug bounties

23
00:01:27,890 --> 00:01:29,600
and, you know, performing tests.

24
00:01:31,160 --> 00:01:36,410
So if you scroll down, you can see it tells you what you need to do, create a template, you know,

25
00:01:36,440 --> 00:01:40,110
run along your targets and it might not be very obvious and how you do this.

26
00:01:40,110 --> 00:01:41,930
So let me show you guys how to get started with nuclei.

27
00:01:42,740 --> 00:01:47,000
First, we're going to grab the string to install nuclei.

28
00:01:47,830 --> 00:01:52,870
And you can see once you get the template, you update the templates and then we simply pass in the

29
00:01:52,870 --> 00:01:57,630
file of our targets and then we put the Tactix and the name of the template.

30
00:01:58,270 --> 00:02:04,000
And if you want a a reminder of what those templates are, you can see here, here are all the templates

31
00:02:04,000 --> 00:02:04,830
on this guitar page.

32
00:02:05,290 --> 00:02:10,930
So if we went into this folder, you can see it's basically going to run, you know, all of these checks

33
00:02:10,930 --> 00:02:11,710
against the target.

34
00:02:13,230 --> 00:02:17,570
We've got a 20, 20, you can look at some of these Evey's, and you can see pretty much what it's doing.

35
00:02:17,970 --> 00:02:20,030
So this is a Solondz scan.

36
00:02:21,030 --> 00:02:23,880
So this is a really, really, really awesome project.

37
00:02:23,880 --> 00:02:27,800
I love Nuclei and I'm glad that Project Discovery is really putting a lot of work behind it.

38
00:02:28,440 --> 00:02:29,780
But let's go ahead and get started with it.

39
00:02:31,610 --> 00:02:32,590
So that's fired off.

40
00:02:35,130 --> 00:02:36,900
Right, that finished in a few seconds.

41
00:02:37,510 --> 00:02:38,530
Do we have nuclei?

42
00:02:38,970 --> 00:02:39,540
Yes, we do.

43
00:02:40,000 --> 00:02:44,070
And now you can see everything we can do, right?

44
00:02:44,280 --> 00:02:46,780
Nuclei, flags, and there's a lot of options.

45
00:02:46,800 --> 00:02:51,750
I encourage you to really, you know, get used to this to get comfortable with it, because there's

46
00:02:51,750 --> 00:02:53,700
a lot of functionality here.

47
00:02:54,000 --> 00:02:56,280
But what we want to do, first of all, is just update the templates.

48
00:02:56,850 --> 00:03:06,570
So I'm going to type pseudo nuclei Tarcutta to update the templates, update templates, downloading

49
00:03:06,570 --> 00:03:08,660
updates, nuclei, community templates.

50
00:03:09,420 --> 00:03:09,900
All right.

51
00:03:09,930 --> 00:03:11,220
So I think I need to take off CEDO.

52
00:03:13,410 --> 00:03:14,080
All right, sweet.

53
00:03:14,100 --> 00:03:16,290
So we just added a few more to our repository.

54
00:03:17,210 --> 00:03:17,780
That's great.

55
00:03:18,670 --> 00:03:20,910
So now we can run nuclei, right?

56
00:03:20,930 --> 00:03:29,390
You could type nuclei together, people that expects this contains all of our subdomains and then you

57
00:03:29,390 --> 00:03:31,550
could run some templates to see if there's any of these that'll work.

58
00:03:34,800 --> 00:03:40,140
Now, do the ports that start to get everything in sight, that's how it works, guys, so that's everything

59
00:03:40,140 --> 00:03:42,260
we have for the bug bounty section.

60
00:03:42,270 --> 00:03:46,710
You guys have an arsenal of tools that you need to get started to start, you know, getting some some

61
00:03:46,710 --> 00:03:49,320
data that you can start to report to hacker one or bug crowd.

62
00:03:49,710 --> 00:03:54,090
And now in the next lecture, we're really just going to get into the Web application penetration testing

63
00:03:54,090 --> 00:03:58,590
piece, you know, getting back into our cyber range and running some attacks, getting you conversant

64
00:03:58,590 --> 00:04:03,440
with your last top 10 and then getting into our active directory, writing attacks.

65
00:04:03,820 --> 00:04:04,080
Right.

66
00:04:04,320 --> 00:04:06,730
So I'll see you guys in the next couple of sections.

67
00:04:06,750 --> 00:04:07,650
It's going to be a lot of fun.

68
00:04:08,040 --> 00:04:12,450
And if you have any questions, just reach out and you know, I'll try to help you the best I can.

69
00:04:12,810 --> 00:04:13,110
All right.

70
00:04:13,230 --> 00:04:14,080
See you guys in a little bit.