Nuclei is a vulnerability scanner tool from ProjectDiscovery.
Using a template system, Nuclei becomes an extensible and highly configurable application that can be very helpful in pentests or bug bounty processes.
In this first post, I’ll show how to install Nuclei in a Kali Linux inside a MacBook Pro with the new M1 Pro CPU. Kali Linux is installed using a VMware Fusion for Apple Silicon beta version. More info can be obtained here.
We are going to use the Go installation, so if Go is not installed in your system, first we need to install it.
Download the latest version.
$ wget https://go.dev/dl/go1.17.6.linux-amd64.tar.gz
--2022-02-05 23:09:07-- https://go.dev/dl/go1.17.6.linux-amd64.tar.gz
Resolviendo go.dev (go.dev)... 216.239.36.21, 216.239.38.21, 216.239.32.21, ...
Conectando con go.dev (go.dev)[216.239.36.21]:443... conectado.
Petición HTTP enviada, esperando respuesta... 302 Found
Localización: https://dl.google.com/go/go1.17.6.linux-amd64.tar.gz [siguiendo]
--2022-02-05 23:09:08-- https://dl.google.com/go/go1.17.6.linux-amd64.tar.gz
Resolviendo dl.google.com (dl.google.com)... 172.217.17.14, 2a00:1450:4003:80c::200e
Conectando con dl.google.com (dl.google.com)[172.217.17.14]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 134830580 (129M) [application/x-gzip]
Grabando a: «go1.17.6.linux-amd64.tar.gz»
go1.17.6.linux-amd64.tar.gz 100%[============================================================================================>] 128,58M 24,3MB/s en 7,7s
2022-02-05 23:09:16 (16,8 MB/s) - «go1.17.6.linux-amd64.tar.gz» guardado [134830580/134830580]$ sudo tar -xvf go1.17.6.linux-amd64.tar.gz
$ sudo mv go /usr/local
$ nano .zshrc
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH$ source .zshrc
$ go version
zsh: formato de ejecutable incorrecto: goWe are trying to install it into a new macboock with an ARM processor.
So this might be the error.
Let’s make a short test:
$ file go
go: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=aPr44Uc8-iqFEnK-PZAf/untyhZQWBveyt6rEj6-q/JfLDiaeF7Hy5gUhzqKZm/q-P7_NtgMRASiCSD3f6R, not stripped$ file ls
ls: ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=d1c4677bf228b74f9fb76c1bbe3ccaea4b850172, for GNU/Linux 3.7.0, strippedSo, we confirm that our Kali has a ARM architecture, so we need to download the same version.
$ wget https://go.dev/dl/go1.17.6.linux-arm64.tar.gz
--2022-02-05 23:24:14-- https://go.dev/dl/go1.17.6.linux-arm64.tar.gz
Resolviendo go.dev (go.dev)... 216.239.38.21, 216.239.36.21, 216.239.32.21, ...
Conectando con go.dev (go.dev)[216.239.38.21]:443... conectado.
Petición HTTP enviada, esperando respuesta... 302 Found
Localización: https://dl.google.com/go/go1.17.6.linux-arm64.tar.gz [siguiendo]
--2022-02-05 23:24:14-- https://dl.google.com/go/go1.17.6.linux-arm64.tar.gz
Resolviendo dl.google.com (dl.google.com)... 172.217.17.14, 2a00:1450:4003:800::200e
Conectando con dl.google.com (dl.google.com)[172.217.17.14]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 102638334 (98M) [application/x-gzip]
Grabando a: «go1.17.6.linux-arm64.tar.gz»
go1.17.6.linux-arm64.tar.gz 100%[============================================================================================>] 97,88M 29,2MB/s en 3,5s
2022-02-05 23:24:18 (27,8 MB/s) - «go1.17.6.linux-arm64.tar.gz» guardado [102638334/102638334]$ tar -xvf go1.17.6.linux-arm64.tar.gz
$ sudo mv go /usr/local
$ go version
go version go1.17.6 linux/arm64Now we can proceed to install Nuclei.
$ go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
$ nuclei -version
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.6.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Current Version: 2.6.0We will cover the usage of the tool in a further post.