Initial commit

skills/appsec/dast-nuclei/assets/nuclei_config.yaml

@@ -0,0 +1,225 @@
+# Nuclei Configuration File
+# Save as ~/.config/nuclei/config.yaml or specify with -config flag
+
+# Template configuration
+templates:
+  # Auto-update templates on each run
+  update-templates: true
+
+  # Template directory (default: ~/.nuclei-templates/)
+  # templates-directory: /custom/path/to/templates
+
+  # Custom template paths
+  # custom-templates:
+  #   - /path/to/custom/templates/
+  #   - /path/to/organization/templates/
+
+# Scan configuration
+severity:
+  - critical
+  - high
+  # - medium
+  # - low
+  # - info
+
+# Rate limiting (requests per second)
+rate-limit: 50
+
+# Concurrency (parallel template execution)
+concurrency: 10
+
+# Bulk size (parallel host scanning)
+bulk-size: 10
+
+# Timeout per request (seconds)
+timeout: 10
+
+# Retries for failed requests
+retries: 1
+
+# HTTP configuration
+http:
+  # User agent
+  user-agent: "Mozilla/5.0 (compatible; Nuclei/3.0)"
+
+  # Follow redirects
+  follow-redirects: true
+
+  # Max redirects to follow
+  max-redirects: 3
+
+  # Custom headers (applied to all requests)
+  # headers:
+  #   - "X-Custom-Header: value"
+  #   - "Authorization: Bearer token"
+
+  # Proxy configuration
+  # proxy: http://proxy.example.com:8080
+  # proxy-socks: socks5://proxy.example.com:1080
+
+# Network configuration
+network:
+  # Disable SSL/TLS verification (use with caution)
+  # disable-ssl-verification: false
+
+  # Enable HTTP/2
+  # disable-http2: false
+
+# Output configuration
+output:
+  # Silent mode (only show findings)
+  silent: false
+
+  # Verbose mode (detailed output)
+  verbose: false
+
+  # No color output
+  no-color: false
+
+  # JSON output
+  json: false
+
+  # JSONL output (one JSON per line)
+  jsonl: true
+
+  # SARIF output
+  # sarif: true
+
+  # Markdown output
+  # markdown: false
+
+# Filtering configuration
+filters:
+  # Exclude templates by ID
+  # exclude-ids:
+  #   - template-id-1
+  #   - template-id-2
+
+  # Exclude templates by tag
+  # exclude-tags:
+  #   - tech
+  #   - info
+
+  # Exclude severity levels
+  # exclude-severity:
+  #   - info
+
+  # Include only specific tags
+  # tags:
+  #   - cve
+  #   - owasp
+
+  # Include only specific templates
+  # include-templates:
+  #   - /path/to/template.yaml
+
+# Performance tuning
+performance:
+  # Maximum number of templates to run
+  # max-templates: 1000
+
+  # Maximum number of hosts to scan
+  # max-hosts: 10000
+
+  # Memory optimization (reduces memory usage)
+  # stream: true
+
+  # Disable update check
+  # disable-update-check: false
+
+# CI/CD specific settings
+ci:
+  # Fail on findings (exit code 1 if vulnerabilities found)
+  # fail-on-severity:
+  #   - critical
+  #   - high
+
+  # No interactive prompts
+  # no-interaction: true
+
+  # Suppress progress bars
+  # no-progress: true
+
+# Authentication configuration
+authentication:
+  # For authenticated scanning, use headers or custom authentication scripts
+  # See authentication_patterns.md reference for details
+
+  # Example: Bearer token authentication
+  # headers:
+  #   - "Authorization: Bearer ${API_TOKEN}"
+
+  # Example: Cookie-based authentication
+  # headers:
+  #   - "Cookie: session=${SESSION_COOKIE}"
+
+# Reporting configuration
+reporting:
+  # Report directory
+  # report-directory: ./nuclei-reports
+
+  # Report format
+  # report-format: json
+
+  # Include timestamp in filenames
+  # include-timestamp: true
+
+# Advanced configuration
+advanced:
+  # Follow host redirects (allow redirects to different hosts)
+  # follow-host-redirects: false
+
+  # Maximum response body size to read (in KB)
+  # max-response-size: 10240
+
+  # Include request/response in output
+  # include-rr: false
+
+  # Store response
+  # store-response: false
+
+  # Store response directory
+  # store-response-dir: ./responses/
+
+# Exclude configuration (global exclusions)
+exclude:
+  # Exclude specific hosts
+  # hosts:
+  #   - https://safe-domain.com
+  #   - https://third-party.com
+
+  # Exclude URL patterns (regex)
+  # urls:
+  #   - ".*\\.js$"
+  #   - ".*\\.css$"
+  #   - ".*logout.*"
+
+# Interactsh configuration (for OAST testing)
+interactsh:
+  # Enable interactsh
+  # enable: true
+
+  # Custom interactsh server
+  # server: https://interact.sh
+
+  # Disable automatic polling
+  # disable-polling: false
+
+# Cloud configuration (for cloud-specific templates)
+cloud:
+  # Enable cloud metadata service checks
+  # enable-metadata: true
+
+# Debug configuration
+debug:
+  # Enable debug mode
+  # enable: false
+
+  # Debug requests
+  # debug-req: false
+
+  # Debug responses
+  # debug-resp: false
+
+# Example usage:
+# nuclei -u https://target.com -config nuclei_config.yaml