nuclei_scan
Scan web applications and networks for security vulnerabilities using customizable templates and severity filters to identify potential threats during authorized penetration testing.
Instructions
Run Nuclei vulnerability scanner
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| severity | No | Minimum severity level | |
| target | Yes | Target URL or IP | |
| templates | No | Specific templates to run |
Input Schema (JSON Schema)
{
"properties": {
"severity": {
"description": "Minimum severity level",
"enum": [
"info",
"low",
"medium",
"high",
"critical"
],
"type": "string"
},
"target": {
"description": "Target URL or IP",
"type": "string"
},
"templates": {
"description": "Specific templates to run",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"target"
],
"type": "object"
}
Implementation Reference
- src/tools/vulnscan.ts:22-89 (handler)Core implementation of the nuclei_scan tool. Executes the Nuclei scanner binary with provided target, optional templates and severity filters, parses JSON output into structured VulnerabilityResult objects, and returns a standardized ScanResult.async nucleiScan(target: string, templates?: string[], severity?: string): Promise<ScanResult> { try { let command = `nuclei -target ${target} -json`; if (templates && templates.length > 0) { command += ` -t ${templates.join(',')}`; } if (severity) { command += ` -severity ${severity}`; } // Add rate limiting and timeout command += ' -rate-limit 10 -timeout 10'; console.error(`Executing: ${command}`); const { stdout, stderr } = await execAsync(command, { timeout: 600000, // 10 min timeout maxBuffer: 1024 * 1024 * 10 // 10MB buffer }); const vulnerabilities: VulnerabilityResult[] = []; // Parse JSON output line by line const lines = stdout.split('\n').filter(line => line.trim()); for (const line of lines) { try { const result = JSON.parse(line); vulnerabilities.push({ id: result.info?.name || result.templateID || 'Unknown', name: result.info?.name || 'Unknown Vulnerability', severity: result.info?.severity || 'info', description: result.info?.description || 'No description available', solution: result.info?.remediation, references: result.info?.reference || [], cvss_score: result.info?.['cvss-score'], cve: result.info?.classification?.['cve-id'], affected_url: result.matched_at || target }); } catch (e) { // Skip invalid JSON lines } } return { target, timestamp: new Date().toISOString(), tool: 'nuclei', results: { vulnerabilities, total_found: vulnerabilities.length, severity_breakdown: this.categorizeBySeverity(vulnerabilities), raw_output: stdout }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'nuclei', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:137-148 (schema)Input schema definition for the nuclei_scan tool, specifying parameters: target (required), templates (array of strings), and severity (enum of severity levels).name: "nuclei_scan", description: "Run Nuclei vulnerability scanner", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target URL or IP" }, templates: { type: "array", items: { type: "string" }, description: "Specific templates to run" }, severity: { type: "string", enum: ["info", "low", "medium", "high", "critical"], description: "Minimum severity level" } }, required: ["target"] } },
- src/index.ts:518-519 (registration)Tool dispatch registration in the MCP callToolRequest handler switch statement, mapping 'nuclei_scan' calls to the VulnScanTools.nucleiScan method.case "nuclei_scan": return respond(await this.vulnScanTools.nucleiScan(args.target, args.templates, args.severity));
- src/index.ts:55-55 (registration)Instantiation of VulnScanTools class instance used for nuclei_scan and other vuln scanning tools.this.vulnScanTools = new VulnScanTools();
- src/tools/vulnscan.ts:8-18 (schema)Type definition for VulnerabilityResult used in the structured output of nucleiScan.export interface VulnerabilityResult { id: string; name: string; severity: 'info' | 'low' | 'medium' | 'high' | 'critical'; description: string; solution?: string; references?: string[]; cvss_score?: number; cve?: string; affected_url?: string; }