Project Discovery has many amazing tools and useful repositories.
Nuclei is one of the tools used daily and one of the best template lists for nuclei usage is Nuclei-Templates. Besides that awesome template collection, it exists that could help to find that finding is hiding with Nuclei-Templates.
According to its description:
Fuzzing templates are used with nuclei scanner which powers the actual scanning engine. This repository contains various fuzzing templates for the scanner provided by our team, as well as contributed by the community.
We welcome contributions from the community through pull requests or issues to increase the coverage of security testing. Unlike the nuclei-templates project, which focuses on known vulnerabilities, fuzzing templates are specifically designed to discover previously unknown vulnerabilities in applications.
https://github.com/projectdiscovery/fuzzing-templates
Install
$ git clone https://github.com/projectdiscovery/fuzzing-templates.git
Update
$ git pull origin main
Usage
$ ls
cmdi crlf csti lfi LICENSE README.md redirect sqli ssrf ssti xss xxe
Current fuzzing support is limited to URLs with with query parameters, so any URLs with no query parameters will be simply ignored.
$ nuclei -t fuzzing-templates -list fuzz_endpoints.txt
Tip
To obtain a list of endpoints ready to be sent to nuclei for using the fuzzing templates katana -f qurl can be used.