.png)
3 years ago
188 BOOK THIS SPACE FOR AD
ARTICLE ADInstallation step by step avoiding pitfalls
You might think that installing Go and nuclei is simple. That's what I thought.
I had several instances of Nuclei running in different servers. I wanted to use a machine with low load to do some scans. An Ubuntu Linux instance and it took me couple of hours to get it running.
Let me explain you why. There are two things that can fail (and will, especially if you are in a hurry or need to do something important, that's Murphy's law, it's science).
So, you need to install Go. What do you do?
> sudo apt install golangReading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
golang-1.10 golang-1.10-doc golang-doc
The following NEW packages will be installed:
golang golang-1.10 golang-1.10-doc golang-doc
0 upgraded, 4 newly installed, 0 to remove and 10 not upgraded.
Need to get 2436 kB of archives.
After this operation, 4280 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
... trunked
Preparing to unpack .../golang-doc_2%3a1.10~4ubuntu1_all.deb ...
Unpacking golang-doc (2:1.10~4ubuntu1) ...
Selecting previously unselected package golang.
Preparing to unpack .../golang_2%3a1.10~4ubuntu1_amd64.deb ...
Unpacking golang (2:1.10~4ubuntu1) ...
Setting up golang-1.10-doc (1.10.4-2ubuntu1~18.04.2) ...
Setting up golang-doc (2:1.10~4ubuntu1) ...
Setting up golang-1.10 (1.10.4-2ubuntu1~18.04.2) ...
Setting up golang (2:1.10~4ubuntu1) ...
Then, let's set some variables (add at the end of .bashrc file):
export GOROOT=/usr/local/goexport GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
Great. Now let's install nuclei:
GO111MODULE=on go get github.com/projectdiscovery/nuclei/v2/cmd/nucleiWhat do we get?
GO111MODULE=on go get github.com/projectdiscovery/nuclei/v2/cmd/nucleipackage github.com/pierrec/lz4/v4: cannot find package "github.com/pierrec/lz4/v4" in any of:/usr/lib/go/src/github.com/pierrec/lz4/v4 (from $GOROOT)
/home/ubuntu/go/src/github.com/pierrec/lz4/v4 (from $GOPATH)
package github.com/google/go-github/v32/github: cannot find package "github.com/google/go-github/v32/github" in any of:
/usr/lib/go/src/github.com/google/go-github/v32/github (from $GOROOT)
/home/ubuntu/go/src/github.com/google/go-github/v32/github (from $GOPATH)
package crypto/ed25519: unrecognized import path "crypto/ed25519" (import path does not begin with hostname)
What's the problem? Please tell me.
Well, we forgot one step. Check the installed go version:
> go versiongo version go1.10.4 linux/amd64go1.10.4, which is…. a VERY OLD version. According to Wikipedia is from the beginning of 2018, centuries ago. I have no idea why the default go package is so old.
To solve this you need to install Go from its website. At the time latest version is 1.16.5
Mostly because old and the newer versions of Go use different installation paths. The dependencies of Nuclei will try to install or read other packages from another paths. That's confusing and annoying.
This is a source of problems. You think you're updating packages in order to make your program work better, faster, fancier. But no, this flag might crash the installation of nuclei.
So, here the steps to properly and nicely install nuclei.
Install Go:
#download compress filewget https://golang.org/dl/go1.16.5.linux-amd64.tar.gz#cleaning previous installations
sudo rm -rf /usr/local/go #decompressing to /usr/local
sudo tar -C /usr/local -xzf go1.16.5.linux-amd64.tar.gz#add variables to .bashrc
echo "export GOROOT=/usr/local/go" >> .bashrc
echo "export GOPATH=$HOME/go" >> .bashrc
echo "export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH" >> .bashrc #reload .bashrc
source ~/.bashrc#check version
go versiongo1.16.5
Now, let's install nuclei:
GO111MODULE=on go get -v github.com/projectdiscovery/nuclei/v2/cmd/nucleiCheck that's running and the version:
> nuclei -v__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.3.7projectdiscovery.io[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[FTL] Program exiting: no template/templates provided
That's it?
No so fast, let's install the templates, sometimes you need to manually create the template folder:
#Check what's the template foldercat ~/.config/nuclei/.templates-config.json{"templates-directory":"/home/user/nuclei-templates","current-version":"8.3.0","last-checked":"2021-06-04T01:43:04.461403932-04:00","ignore-url":"https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/master/.nuclei-ignore","nuclei-version":"2.3.7","last-checked-ignore":"2021-06-04T01:43:04.461404084-04:00"}#folder creation
mkdir ~/nuclei-templates#download/update templates
nuclei -ut vulnerabilities/wordpress/wp-plugin-statistics-sqli.yaml
vulnerabilities/wordpress/wp-simple-fields-lfi.yaml
vulnerabilities/wordpress/wp-site-editor-lfi.yaml
vulnerabilities/wordpress/wp-tutor-lfi.yaml
vulnerabilities/wordpress/wp-wechat-broadcast-lfi.yaml
workflows/airflow-workflow.yamlNuclei Templates v8.3.3 Changelog
+-------+-------+---------+
| TOTAL | ADDED | REMOVED |
+-------+-------+---------+
| 1198 | 81 | 11 |
+-------+-------+---------+
[INF] Successfully updated nuclei-templates (v8.3.3). Enjoy!
In my case the folder was updated with newer templates.
Now you're ready to scan!
Bengali (Bangladesh) · 
English (United States) ·