DAST Scanning

[davidvazquezpf]

Hello,

I´m trying to perform automated DAST scanning in a weekly basis to some targets. The idea is to get improvements for our application development.

I´m trying to configure some schedules in order to use Nuclei and get vulnerabilities related to web technologies. I´m using the following command:
nuclei -u https://mytarget.com -include-tags iot, misc, fuzz, xss, sqli, rce, ssrf, config, cve -fuzz

Do you think the outcomes from the scan can be improved?
We don't use Joomla/Wordpress, I like that the scanning goes quite fast, but I wouldn't mind if it took a bit longer and found more stuff. I'm interested in community feedback or what best practices you use to take advantage of Nuclei.

Thanks

[geeknik]

Well, you'll want to ensure you're running the latest version of nuclei and then replace -fuzz with -dast in your command line. Good luck.

$ nuclei -h | grep dast
   -fuzz                      enable loading fuzzing templates (Deprecated: use -dast instead)
   -dast                      enable / run dast (fuzz) nuclei templates

[davidvazquezpf]

I didn't know it was obsolete, I didn't see it in the documentation. Thank you!