Your Company

Learn how to fuzz with nuclei

Welcome to the companion website for "Fuzzing Frontiers: Exploring Unknown Unknown Vulnerabilities," where you'll find additional resources, templates, and in-depth guides to enhance your security testing toolkit.

fuzz.yaml
fuzzbuzz.yaml

http:
...
  payloads:
    injection: # Variable name for payload
      - "'"
      ...
  fuzzing:
    - part: query       # One of query, path, header, cookie, body
      type: postfix     # Type of rule (prefix, postfix, replace, infix,replace-regex)
      mode: single      # mutation mode (single, multiple) (ex: replace all existing kv pairs at once or one by one)
      # replace-regex: # (optional) regex to be used in replace-regex type
      # keys-regex: # (optional) limit this rule to specific keys of the request part using regex
      # keys: # (optional) limit this rule to specific keys of request part
      # values: # (optional) limit this rule to specific values of the request part using regex

  fuzz:
    - "{{injection}}" # The payload to be injected

Dive deeper

Learn More

Use the resources below to learn more about fuzzing with nuclei!

Fuzzing for Unknown Vulnerabilities with Nuclei v3.2

Read the blog post introducing the 3.2 version of Nuclei, which introduced advanced fuzzing capabilities.

Documentation

Read the official documentation for Nuclei to learn more about the tool and its fuzzing capabilities.

Example Templates

See the DAST folder of the Nuclei template repository for example templates to get started with fuzzing.

Join our Discord

Join the Project Discovery Discord server to chat with other security researchers and ask questions about fuzzing.