On the seventh day, amidst the darkness, God granted ProjectDiscovery, aiding brave souls in their perilous pen-testing journey. In the wake of ProjectDiscovery's ascent, tools like Nuclei, Katana, Subfinder, Naabu, and the latest addition, cvemap, emerged to fortify the arsenal of the brave. CVEmap and Nuclei missing feature And most of the were disappointed by the missing feature to “map” results directly to existing nuclei templates. penetration testers cvemap This absolutely necessary feature does not exist today, and I hope it will change - I will create an issue on to address this problem. GitHub However, I decided to fix this problem in this guide myself because a solution might not come at all. Fortunately, the existing nuclei templates use the same naming convention as the CVE one, and nuclei support an argument where you can enter the ID of the desired templates directly into the input. CVEmap’s flag nicely informs that the template exists in the Nuclei, but unfortunately, it doesn't tell how and where to find it. -template By combining this information, I came up with an ugly but short solution. Solution A bit of allows us to create the following script. bash glue This script scans targets from a file, with Nuclei templates filtered based on criteria from cvemap. Command expansion ( ) creates the resulting list of template IDs, separated by a comma, which Nuclei accepts as valid template selection. targets.txt $(…) nuclei -l "targets.txt" \ -id "$(cvemap -template -list-id -silent \ -age '<365' -q '"remote code execution" is_remote:true' -vendor cisco | tr -s '\n' ',')" \ -o "output.txt" Precisely, in this case, the command scans CVEs of the Cisco products that provide RCE to the attackers and are less than one year old. Isn't that great!? Feel free to change the query on line 3 for your purpose. The other lines are mandatory. Postface Why this feature doesn't exist officially, I don't know, but if I had to bet, it's because they want to use the synergy of these tools in their paid cloud platform, and they don't want to give all the features for free but at the same time they want to be opensource. So they created a flag with the flag, which informs you that the template exists, but which one it is, and so on, you must look up yourself. cvemap -template Resources https://docs.projectdiscovery.io/tools/cvemap/running https://cloud.projectdiscovery.io/?ref=api_key https://github.com/projectdiscovery/cvemap https://github.com/projectdiscovery/nuclei
