Creating CVE Detection Pipeline with Nuclei for Bug Bounty

bitpanic.medium.com · Spectat0rguy · 14 days ago · research
quality 7/10 · good
0 net
Tags
bug-bounty
Creating CVE Detection Pipeline with Nuclei for Bug Bounty | by Spectat0rguy - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Creating CVE Detection Pipeline with Nuclei for Bug Bounty Nuclei is perfect for this — it has a dedicated CVE template library. Here's how to set it up effectively: Spectat0rguy Follow ~2 min read · March 26, 2026 (Updated: March 26, 2026) · Free: Yes 1. Installation & Setup # Install Nuclei go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest # Update templates (includes CVE templates) nuclei -update-templates Templates are saved to ~/nuclei-templates/ by default. 2. Run CVE-Specific Scans # Scan only CVE templates against a target nuclei -u https://target.com -t cves/ # Scan a list of targets nuclei -l targets.txt -t cves/ # Filter by severity nuclei -u https://target.com -t cves/ -severity critical,high # Filter by specific year nuclei -u https://target.com -t cves/2024/ 3. Automate Recon → Scan Pipeline #!/bin/bash TARGET=$1# Step 1: Subdomain enumeration subfinder -d $TARGET -silent | httpx -silent -o live_hosts.txt# Step 2: Run CVE detection on all live hosts nuclei -l live_hosts.txt \ -t cves/ \ -severity critical,high,medium \ -o results.txt \ -json \ -stats echo "Scan complete. Results saved to results.txt" 4. Useful Flags for Bug Bounty # Flag : Purpose # -rate-limit 50 : Avoid getting banned # -c 25 : Concurrency (parallel checks) # -timeout 10 : Per-request timeout # -retries 2 : Retry failed requests # -json : JSON output for parsing # -tags rce,sqli : Filter by vulnerability type # -exclude-tags dos : Skip dangerous templates # -H "Cookie: ..." : Authenticated scans 5. Auto-Update & Schedule Scans # Auto-update templates before every scan nuclei -u https://target.com -t cves/ -update-templates # Cron job: daily scan at 6 AM 0 6 * * * /usr/local/bin/nuclei -l ~/targets.txt -t cves/ -severity critical,high -o ~/results/$(date +\%F).txt 6. Workflow with New CVEs # Watch for newly added CVE templates (last 7 days) nuclei -u https://target.com \ -t cves/ \ -nt \ # only new templates -stats Pro Tips for Bug Bounty : Always use -rate-limit — aggressive scanning can get you banned from the program Combine with httpx to pre-filter live hosts — don't waste scans on dead targets Use -json output and pipe into jq or a dashboard for triage Check the program scope — never scan out-of-scope assets Pair with notify (ProjectDiscovery tool) to get Slack/Discord alerts on findings Validate findings manually before reporting — nuclei can have false positives Quick One-Liner for a Fast CVE Sweep subfinder -d target.com -silent | httpx -silent | nuclei -t cves/ -severity critical,high -stats #cybersecurity #bug-bounty #infosec #information-technology #hacking Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).
← Back to stories