cent
→ View on GitHubAI Summary: Cent is a tool designed to organize community-contributed Nuclei templates, simplifying the process of managing and utilizing these resources for vulnerability scanning. Key features include the ability to clone templates from multiple repositories, validate their integrity, and generate detailed summaries of the templates’ metadata, including statistics on validation and severity distribution. Additionally, Cent supports multi-threading for efficient repository management and offers commands for initializing configurations, updating templates, and accessing versioning information.
README
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.
Install
go install -v github.com/xm1k3/cent/v2@latest
after installation run cent init to initialize cent with the configuration files you find here
Supported commands
| Command | Description |
|---|---|
| check | Check if templates repo are still available |
| init | Cent init configuration file |
| summary | Print detailed summary of nuclei templates |
| update | Update your repository |
| validate | Validate templates, if the template is invalid it is deleted from the folder |
| version | Print cent version |
Root flags
Flags:
--config string config file (default is .config/cent/.cent.yaml)
-C, --console Print console output
-p, --path string Root path to save the templates (default "cent-nuclei-templates")
-t, --threads int Number of threads to use when cloning repositories (default 10)
Usage
cent -h
cent check -h
cent init -h
cent update -h
cent summary -h
cent validate -h
cent version
Basic Usage
Clone and insert all the community templates into the cent-nuclei-templates folder
cent -p cent-nuclei-templates
Example output:
cent started
[CLONED] https://github.com/projectdiscovery/nuclei-templates
[CLONED] https://github.com/0xSojalSec/nuclei-templates-4
[CLONED] https://github.com/0xPugazh/my-nuclei-templates
[CLONED] https://github.com/0xSojalSec/my-nuclei-templates-1
[CLONED] https://github.com/0x727/ObserverWard
[CLONED] https://github.com/0xAwali/Blind-SSRF
[CLONED] https://github.com/0x727/ObserverWard_0x727
[CLONED] https://github.com/0xAwali/Virtual-Host
[CLONED] https://github.com/0xSojalSec/Nuclei-Templates-API-Linkfinder
...
...
...
cent finished, you can find all your nuclei-templates in cent-nuclei-templates
Summary Command
The summary command provides detailed statistics about your nuclei templates collection:
Basic Summary
# Display summary in table format
cent summary
# Display summary in JSON format
cent summary --json
Advanced Summary Features
# Limit number of tags displayed (default: 25)
cent summary --limit 10
# Search for specific data in summary
cent summary --search cve
cent summary --search wordpress
cent summary --search critical
# Update summary data
cent summary update
# Update with custom path
cent summary update -p /path/to/templates
Summary Output Example
=== NUCLEI TEMPLATES SUMMARY ===
+-------------------+-------+
| METRIC | COUNT |
+-------------------+-------+
| Total Templates | 3249 |
| CVE Templates | 3821 |
| Invalid Templates | 1 |
| Valid Templates | 3248 |
+-------------------+-------+
=== SEVERITY DISTRIBUTION ===
+----------+-------+
| SEVERITY | COUNT |
+----------+-------+
| CRITICAL | 582 |
| HIGH | 877 |
| MEDIUM | 877 |
| LOW | 63 |
| INFO | 744 |
+----------+-------+
=== TOP TAGS ===
+---------------+-------+
| TAG | COUNT |
+---------------+-------+
| cve | 1909 |
| xss | 569 |
| wordpress | 487 |
| lfi | 459 |
| wp-plugin | 450 |
+---------------+-------+
JSON Output Structure
{
"metrics": {
"total_templates": 3249,
"cve_templates": 3821,
"invalid_templates": 1,
"valid_templates": 3248
},
"severity_distribution": {
"CRITICAL": 582,
"HIGH": 877,
"MEDIUM": 877,
"LOW": 63,
"INFO": 744
},
"tags": {
"cve": 1909,
"xss": 569,
"wordpress": 487
},
"last_updated": "2024-01-15 14:30:25"
}
Update Command
If you have updated the cent.yaml file by adding new folders
exclude-dirs:
- ...
- dns
- ...
just do:
cent update -p cent-nuclei-templates -d
and cent will automatically delete all dns folder present in cent-nuclei-templates without cloning all the github repos.
Example output:
[D][-] Dir removed cent-nuclei-templates/dns
[D][-] Dir removed cent-nuclei-templates/dns/subdomain
Same thing with exclude-files
cent update -p cent-nuclei-templates -f
Configuration Management
Initialize Configuration
# Initialize with default configuration
cent init
# Initialize with custom URL
cent init --url https://example.com/config.yaml
# Overwrite existing configuration
cent init --overwrite
Check Configuration Status
# Check if configuration file exists
cent init check
Check Template Repositories
# Check if all template repositories are accessible
cent check
# Remove inaccessible repositories from config
cent check --remove
Once cent has been configured correctly you can perform a scan with Nuclei.
Example
nuclei -u https://example.com -t ./cent-nuclei-templates -tags cve
nuclei -l urls.txt -t ./cent-nuclei-templates -tags cve
See here for more documentation about Nuclei
Config
You need to configure cent parameters in .config/cent/.cent.yaml
# Directories to exclude
exclude-dirs:
- .git
# Files to exclude
exclude-files:
- README.md
- .gitignore
- .pre-commit-config.yaml
- LICENSE
# Add github urls
community-templates:
- https://github.com/projectdiscovery/nuclei-templates
...
...
Credits
- hakluke
- Nuclei
- Project Discovery
- sec715
- geeknik
- SYSTEM00 SECURITY
- clarkvoss
- notnotnotveg
- Alra3ees - Emad Shanab
- Nuclei-Templates-Collection
Disclaimer
Disclaimer: The developer of this tool is not responsible for how the community uses the open source templates collected within it. These templates have not been validated by Project Discovery and are provided as-is.
License
Cent is distributed under Apache-2.0 License