# Nuclei Configuration File # Save as ~/.config/nuclei/config.yaml or specify with -config flag # Template configuration templates: # Auto-update templates on each run update-templates: true # Template directory (default: ~/.nuclei-templates/) # templates-directory: /custom/path/to/templates # Custom template paths # custom-templates: # - /path/to/custom/templates/ # - /path/to/organization/templates/ # Scan configuration severity: - critical - high # - medium # - low # - info # Rate limiting (requests per second) rate-limit: 50 # Concurrency (parallel template execution) concurrency: 10 # Bulk size (parallel host scanning) bulk-size: 10 # Timeout per request (seconds) timeout: 10 # Retries for failed requests retries: 1 # HTTP configuration http: # User agent user-agent: "Mozilla/5.0 (compatible; Nuclei/3.0)" # Follow redirects follow-redirects: true # Max redirects to follow max-redirects: 3 # Custom headers (applied to all requests) # headers: # - "X-Custom-Header: value" # - "Authorization: Bearer token" # Proxy configuration # proxy: http://proxy.example.com:8080 # proxy-socks: socks5://proxy.example.com:1080 # Network configuration network: # Disable SSL/TLS verification (use with caution) # disable-ssl-verification: false # Enable HTTP/2 # disable-http2: false # Output configuration output: # Silent mode (only show findings) silent: false # Verbose mode (detailed output) verbose: false # No color output no-color: false # JSON output json: false # JSONL output (one JSON per line) jsonl: true # SARIF output # sarif: true # Markdown output # markdown: false # Filtering configuration filters: # Exclude templates by ID # exclude-ids: # - template-id-1 # - template-id-2 # Exclude templates by tag # exclude-tags: # - tech # - info # Exclude severity levels # exclude-severity: # - info # Include only specific tags # tags: # - cve # - owasp # Include only specific templates # include-templates: # - /path/to/template.yaml # Performance tuning performance: # Maximum number of templates to run # max-templates: 1000 # Maximum number of hosts to scan # max-hosts: 10000 # Memory optimization (reduces memory usage) # stream: true # Disable update check # disable-update-check: false # CI/CD specific settings ci: # Fail on findings (exit code 1 if vulnerabilities found) # fail-on-severity: # - critical # - high # No interactive prompts # no-interaction: true # Suppress progress bars # no-progress: true # Authentication configuration authentication: # For authenticated scanning, use headers or custom authentication scripts # See authentication_patterns.md reference for details # Example: Bearer token authentication # headers: # - "Authorization: Bearer ${API_TOKEN}" # Example: Cookie-based authentication # headers: # - "Cookie: session=${SESSION_COOKIE}" # Reporting configuration reporting: # Report directory # report-directory: ./nuclei-reports # Report format # report-format: json # Include timestamp in filenames # include-timestamp: true # Advanced configuration advanced: # Follow host redirects (allow redirects to different hosts) # follow-host-redirects: false # Maximum response body size to read (in KB) # max-response-size: 10240 # Include request/response in output # include-rr: false # Store response # store-response: false # Store response directory # store-response-dir: ./responses/ # Exclude configuration (global exclusions) exclude: # Exclude specific hosts # hosts: # - https://safe-domain.com # - https://third-party.com # Exclude URL patterns (regex) # urls: # - ".*\\.js$" # - ".*\\.css$" # - ".*logout.*" # Interactsh configuration (for OAST testing) interactsh: # Enable interactsh # enable: true # Custom interactsh server # server: https://interact.sh # Disable automatic polling # disable-polling: false # Cloud configuration (for cloud-specific templates) cloud: # Enable cloud metadata service checks # enable-metadata: true # Debug configuration debug: # Enable debug mode # enable: false # Debug requests # debug-req: false # Debug responses # debug-resp: false # Example usage: # nuclei -u https://target.com -config nuclei_config.yaml