Skip to content

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

License

Notifications You must be signed in to change notification settings

bernard-yip/missing-cve-nuclei-templates

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Weekly updated list of missing CVEs in nuclei templates official repository


Note This repository is 100% automated so there can be errors, but in general is pretty accurate. Go to section "How it works" to understand how data is collected.

Stats 📊

CVEs analyzed: 102273

CVEs missing: 28236

Dropdown by vuln type:

Type Count Data
XSS 12471 xss.txt
RCE 4363 rce.txt
SQL Injection 7380 sqli.txt
Local File Inclusion 152 lfi.txt
Server Side Request Forgery 231 ssrf.txt
Prototype Pollution 217 proto-pollution.txt
Request Smuggling 77 req-smuggling.txt
Open Redirect 280 open-redirect.txt
XML External Entity 349 xxe.txt
Path Traversal 2669 path-traversal.txt
Server Side Template Injection 47 ssti.txt

Dropdown by year:

Year Count Data
1999 1 1999.txt
2000 2 2000.txt
2001 8 2001.txt
2002 22 2002.txt
2003 28 2003.txt
2004 97 2004.txt
2005 334 2005.txt
2006 1008 2006.txt
2007 1025 2007.txt
2008 1935 2008.txt
2009 751 2009.txt
2010 647 2010.txt
2011 240 2011.txt
2012 452 2012.txt
2013 380 2013.txt
2014 797 2014.txt
2015 812 2015.txt
2016 537 2016.txt
2017 1330 2017.txt
2018 1934 2018.txt
2019 1518 2019.txt
2020 2203 2020.txt
2021 2501 2021.txt
2022 3174 2022.txt
2023 2941 2023.txt
2024 3559 2024.txt

Why 🤔

  • Bug bounty: the CVE templates in the official nuclei-templates repo are completely useless for bug bounty. This because everyone is using those templates looking for low hanging fruit. Build your own templates for new (and old!) CVEs, scan all the possible targets and don't forget to share them in the official nuclei-templates repo.
  • General Security: Security people can write their own templates for missing CVEs and use them to secure products during pentests, vuln assessments, red team ops and so on... every user will benefit from these actions. If they are very good security people they'll share the templates in official nuclei-templates repo helping the whole infosec community.
  • Stats & Data lover: I love data and statistics and I hope people like me will enjoy.

How it works 🖥️

Automated Logic:

for each cve in trickest/cve:
    if this cve not present in nuclei-templates:
        if it contains one of the words we are looking for:
            if it is a CVE suitable for nuclei:
                print it
  • Which are the "words we are looking for"? reflected, rce, local file inclusion, server side request forgery, ssrf, remote code execution, remote command execution, command injection, code injection, ssti, template injection, lfi, xss, Cross-Site Scripting, Cross Site Scripting, SQL injection, Prototype pollution, XML External Entity, Request Smuggling, XXE, Open redirect, Path Traversal and Directory Traversal.

  • This means the tracked vulnerability types are: XSS, RCE, SQL injection, Local File Inclusion, Server Side Request Forgery, Prototype Pollution, Request Smuggling, Open Redirect, XML Enternal Entity, Path Traversal and Server Side Template Injection; but new vuln types will be supported.

  • Why there can be errors in categorizing CVEs? Because when grepping for these words there can be false positives, meaning that an XXE vulnerability can be categorized as RCE because e.g. it says "in certain situations can be escalated to rce".

  • Why if I subtract the "CVEs missing" from the "CVEs analyzed" I don't get the exact official nuclei templates count? Because as said before the tracked vuln types are just 10 (the most famous ones), but a lot of other types are reported as well (and they will be supported).

  • What does it mean a CVE is suitable for Nuclei? Basically a remote web or network vulnerability (e.g. a CVE on Android is not suitable).

Contributing 🛠

Just open an issue / pull request.

Thanks 💝

License 📝

This repository is under MIT License.
edoardoottavianelli.it to contact me.

About

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%