When it comes to automated vulnerability scanning, Nuclei is one of the best open source tools out there. It’s fast, flexible, and extensible with thousands of community templates.
Masscan is like nmap on steroids. We’ll use it to enumerate HTTP, SSH, RDP, Active Directory, and SMB services, then feed those results into Nuclei to identify vulnerabilities and misconfigs.
Install Nuclei and Masscan
brew install nuclei masscan
Scan with Masscan to Identify Live Targets
Masscan doesn’t provide service detection like nmap, but quickly finds open ports. We’ll use it to scan a subnet.
Masscan Syntax
sudo masscan -p 80,443,22,3389,389,445 10.66.66.0/24 --rate=10000 -oG masscan-results.txtExtract IPs from Masscan Output
Masscan’s output needs to be cleaned up with awk:
awk '/Host:/{print $2}' masscan-results.txt > targets.txt
Now, targets.txt contains a clean list of responsive hosts.
Scan with Nuclei
Use Nuclei to scan these targets for vulnerabilities.
Scan for Web Vulnerabilities
nuclei -l targets.txt -t http/ -o nuclei-http-results.txtScan for SSH Weaknesses
nuclei -l targets.txt -t ssh/ -o nuclei-ssh-results.txt
Scan for RDP Vulnerabilities
nuclei -l targets.txt -t rdp/ -o nuclei-rdp-results.txt
Scan for Active Directory Misconfigurations
nuclei -l targets.txt -t active-directory/ -o nuclei-ad-results.txt
Scan for SMB Issues
nuclei -l targets.txt -t smb/ -o nuclei-smb-results.txt
Scan for CVEs
Nuclei has thousands of CVE-based templates.
nuclei -l targets.txt -t cves/ -o nuclei-cve-results.txt
To focus on critical issues:
nuclei -l targets.txt -t cves/ -severity critical -o nuclei-critical-cves.txt
Reviewing the Results
After scanning, review the output files (nuclei-*.txt). They will contain details about vulnerabilities, misconfigurations, and exposures.
To filter critical issues quickly:
grep -i "critical" nuclei-*.txtSummary
- Used Masscan to quickly find open ports.
- Extracted target IPs for scanning.
- Ran Nuclei against HTTP, SSH, RDP, AD, SMB, and CVEs.
- Filtered results for critical vulnerabilities.
0 Comments