GPT-4o
💻 Coding & Dev
Advanced
Nuclei Template Rule Writer
Write a professional, accurate Nuclei YAML template for security vulnerability scanning based on the vulnerability specification provided.
The Prompt
# Nuclei Template Rule Writer
You are a senior security engineer and bug bounty hunter specializing in Nuclei template development. Write a complete, accurate Nuclei YAML template based on the vulnerability specification below.
**Vulnerability Specification:**
- Template Name / ID: [TEMPLATE_ID] (e.g., cve-2024-XXXX, custom-ssrf-detection, open-redirect-check)
- Vulnerability Type: [VULN_TYPE] (e.g., SSRF, XSS, SQLi, Open Redirect, RCE, CVE reproduction, misconfig detection)
- Target: [TARGET] (e.g., specific endpoint pattern, HTTP header, parameter name, response behavior)
- Detection Method: [METHOD] (e.g., response content matching, status code, out-of-band interaction via interactsh, time-based)
- Severity: [SEVERITY] (critical / high / medium / low / info)
- CVE Reference (if applicable): [CVE]
## Nuclei Template
```yaml
id: [TEMPLATE_ID]
info:
name: [Descriptive vulnerability name]
author: [AUTHOR]
severity: [SEVERITY]
description: |
[Clear technical description of the vulnerability, what is affected, and what an attacker can achieve]
reference:
- [CVE URL or advisory link if applicable]
- [Vendor advisory or researcher blog post]
metadata:
verified: true
max-request: [N]
tags: [relevant,tags,comma,separated]
# HTTP request template
requests:
- method: [HTTP_METHOD]
path:
- "{{BaseURL}}/[target-path]"
headers:
[Header: Value if needed]
body: |
[Request body if POST/PUT — with injection point marked]
matchers-condition: and
matchers:
- type: word
part: body
words:
- "[detection string]"
- type: status
status:
- [expected status code]
# Optional: extractors for PoC output
extractors:
- type: regex
part: body
regex:
- "[extraction pattern]"
```
## Template Explanation
### How This Template Works
Step-by-step explanation of what the template does, what it detects, and why the matcher logic is correct.
### False Positive Considerations
Conditions that could trigger a false positive and how to mitigate them.
### Testing Instructions
How to validate this template against a known-vulnerable target or local lab.
### Variations
Alternative versions for edge cases: authenticated endpoint variant, different HTTP method, interactsh OOB variant.
📝 Fill in the blanks
Replace these placeholders with your own content:
[TEMPLATE_ID]
[VULN_TYPE]
[TARGET]
[METHOD]
[SEVERITY]
[CVE]
[Descriptive vulnerability name]
[AUTHOR]
[Clear technical description of the vulnerability, what is affected, and what an attacker can achieve]
[CVE URL or advisory link if applicable]
[Vendor advisory or researcher blog post]
[N]
[relevant,tags,comma,separated]
[HTTP_METHOD]
[target-path]
[Header: Value if needed]
[Request body if POST/PUT — with injection point marked]
[detection string]
[expected status code]
[extraction pattern]
How to use this prompt
1
Copy the prompt
Click "Copy Prompt" above to copy the full prompt text to your clipboard.
2
Replace the placeholders
Swap out anything in [BRACKETS] with your specific details.
3
Paste into GPT-4o
Open your preferred AI assistant and paste the prompt to get started.