https://github.com/projectdiscovery/fuzzing-templates
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
https://github.com/projectdiscovery/fuzzing-templates
api dast fuzzing nuclei security
Last synced: 5 months ago
JSON representation
Community curated list of nuclei templates for finding "unknown" security vulnerabilities.
- Host: GitHub
- URL: https://github.com/projectdiscovery/fuzzing-templates
- Owner: projectdiscovery
- License: mit
- Archived: true
- Created: 2022-10-11T16:46:38.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-05-02T22:02:52.000Z (about 2 years ago)
- Last Synced: 2025-12-17T04:27:39.924Z (6 months ago)
- Topics: api, dast, fuzzing, nuclei, security
- Homepage:
- Size: 50.8 KB
- Stars: 84
- Watchers: 5
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Fuzzing Templates
Community curated list of fuzzing templates for the nuclei engine to find unknown security vulnerabilities.
Documentation •
Contributions •
Discussion •
Community
----
> [!Caution]
> This repository is archived and merged into [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) project under `/dast` directory.
Fuzzing templates are used with [nuclei](https://github.com/projectdiscovery/nuclei) scanner which powers the actual scanning engine. This repository contains various fuzzing templates for the scanner provided by our team, as well as contributed by the community.
We welcome contributions from the community through pull requests or issues to increase the coverage of security testing. Unlike the [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) project, which focuses on known vulnerabilities, fuzzing templates are specifically designed to **discover previously unknown vulnerabilities** in applications.
📖 Documentation
-----
Please navigate to https://docs.projectdiscovery.io/templates/protocols/http/fuzzing-overview for detailed documentation to **build your own fuzzing** template.
We have also added a set of templates to help you understand how things work.
🌪️ Using Fuzzing Templates
-----
1. **Install Nuclei**
```
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
```
2. **Run Fuzzing Templates**
#### Input for fuzzing templates:
Current fuzzing support is limited to URLs with with query parameters, so any urls with no query parameters will be simply ignored.
```bash
$ cat fuzz_endpoints.txt
http://127.0.0.1:8082/info?name=test&another=value&random=data
http://127.0.0.1:8082/redirect?redirect_url=/info?name=redirected_from_url
http://127.0.0.1:8082/request?url=https://example.com
http://127.0.0.1:8082/email?text=important_user
http://127.0.0.1:8082/permissions?cmd=whoami
http://127.0.0.1:8082/info?name=redirected_from_url
```
> [!NOTE]
> *You can use [katana](https://github.com/projectdiscovery/katana) with query url filter (`-f qurl`) to get list of endpoints to run with url fuzzing templates*
#### Running fuzzing templates:
```
nuclei -list fuzz_endpoints.txt -dast
```
> [!NOTE]
> *You can use existing nuclei options to filter / run specific dast templates by tags or templates*
💬 Discussion
-----
Got questions / doubts / ideas to discuss?
Feel free to open a discussion on [GitHub discussions](https://github.com/projectdiscovery/fuzzing-templates/discussions) board.
👨💻 Community
-----
You are welcome to join the active [Discord Community](https://discord.gg/projectdiscovery) to discuss directly with project maintainers and share things with others around security and automation.
Additionally, you may follow us on [Twitter](https://twitter.com/pdnuclei) to be updated on all the things about Nuclei.
Thanks again for your contribution and keeping this community vibrant. ❤️