Sensitive data exposure with Nuclei: The new big gun with exploit bullets

InfoSec Write-ups – Medium–

Hey my hacker buddies! I hope you are enjoying the WFH(if you have)/ your bounty days! I am not hunting a lot since a good couple of months and that’s the reason I was not active on medium. I got some bounties and I thought to share something with you guys. So here we go!

I am a big fan of automated tools and I use them a lot. So recently I came across a tool called Nuclei and let me tell you this one is a beast for easy wins. ProjectDiscovery guys have done some amazing work as always and some very good hackers have contributed in it along with my dude Harsh Bothra. It is basically a template based tool and finds bugs based on given templates. You can read more about it HERE

So, I was hunting on and since I was using nuclei a lot, I tried it on this website as well. I was amazed that it found some really good stuff for me. So there is one template which gives you .env directory where you can find sensitive data of that particular website. The complete URL looks like this:- You can see it in the screenshot down below:-

This was my first bug with Nuclei and I would highly recommend to use this one. You might get a big fish if you are having a good day. Who knows! I got some more bugs using this tool like Git info disclosures and I am quite happy with it. You can add your own templates for your use and you can even contribute in this tool if you have a unique template.

So, this was pretty much of this one. I hope you guys get something from it. If you do, please give me a clap down below and yes, follow me on twitter for more of these.

Keep hunting, bugs are everywhere, you just need a different mindset which comes with experience. Don’t get demotivated easily, bug bounty is a love-hate relationship and we don’t leave our loved ones:) Spend some time with the programs, you will find something eventually.

Stay curios! Adios❤



Sensitive data exposure with Nuclei: The new big gun with exploit bullets was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s