nuclei_scan
Scan web applications and networks for security vulnerabilities using customizable templates and severity filters to identify potential threats.
Instructions
Run Nuclei vulnerability scanner
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target URL or IP | |
| templates | No | Specific templates to run | |
| severity | No | Minimum severity level |
Implementation Reference
- src/tools/vulnscan.ts:22-89 (handler)Core handler function that executes the Nuclei vulnerability scanner. Constructs the command line with target, optional templates and severity filters, runs it via child_process.exec, parses JSONL output into structured results, handles errors, and returns formatted ScanResult.async nucleiScan(target: string, templates?: string[], severity?: string): Promise<ScanResult> { try { let command = `nuclei -target ${target} -json`; if (templates && templates.length > 0) { command += ` -t ${templates.join(',')}`; } if (severity) { command += ` -severity ${severity}`; } // Add rate limiting and timeout command += ' -rate-limit 10 -timeout 10'; console.error(`Executing: ${command}`); const { stdout, stderr } = await execAsync(command, { timeout: 600000, // 10 min timeout maxBuffer: 1024 * 1024 * 10 // 10MB buffer }); const vulnerabilities: VulnerabilityResult[] = []; // Parse JSON output line by line const lines = stdout.split('\n').filter(line => line.trim()); for (const line of lines) { try { const result = JSON.parse(line); vulnerabilities.push({ id: result.info?.name || result.templateID || 'Unknown', name: result.info?.name || 'Unknown Vulnerability', severity: result.info?.severity || 'info', description: result.info?.description || 'No description available', solution: result.info?.remediation, references: result.info?.reference || [], cvss_score: result.info?.['cvss-score'], cve: result.info?.classification?.['cve-id'], affected_url: result.matched_at || target }); } catch (e) { // Skip invalid JSON lines } } return { target, timestamp: new Date().toISOString(), tool: 'nuclei', results: { vulnerabilities, total_found: vulnerabilities.length, severity_breakdown: this.categorizeBySeverity(vulnerabilities), raw_output: stdout }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'nuclei', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:137-148 (schema)Input schema definition for the nuclei_scan tool, specifying parameters: target (required), templates (array of strings), severity (enum). Registered in the MCP tool list.name: "nuclei_scan", description: "Run Nuclei vulnerability scanner", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target URL or IP" }, templates: { type: "array", items: { type: "string" }, description: "Specific templates to run" }, severity: { type: "string", enum: ["info", "low", "medium", "high", "critical"], description: "Minimum severity level" } }, required: ["target"] } },
- src/index.ts:518-519 (registration)Tool registration in the MCP server request handler switch statement. Maps 'nuclei_scan' calls to the VulnScanTools.nucleiScan method with parsed arguments.case "nuclei_scan": return respond(await this.vulnScanTools.nucleiScan(args.target, args.templates, args.severity));