Skip to content

wooluo/nuclei-templates-2025hw

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
CVE-2025-25257.yaml
CVE-2025-25257.yaml
 
 
CVE-2025-53770.yaml
CVE-2025-53770.yaml
 
 
CVE-2025-5777.yaml
CVE-2025-5777.yaml
 
 
README.md
README.md
 
 
arbitrary-file-read-pws.yaml
arbitrary-file-read-pws.yaml
 
 
beijing-erpsystem-fileupload.yaml
beijing-erpsystem-fileupload.yaml
 
 
bianque-medical-sql-injection.yaml
bianque-medical-sql-injection.yaml
 
 
commmng-upload-mail-file.yaml
commmng-upload-mail-file.yaml
 
 
cve-2025-25257.yaml
cve-2025-25257.yaml
 
 
cve-2025-34041.yaml
cve-2025-34041.yaml
 
 
cve-2025-44148.yaml
cve-2025-44148.yaml
 
 
cve-2025-48703.yaml
cve-2025-48703.yaml
 
 
cve-2025-49001.yaml
cve-2025-49001.yaml
 
 
dahua-icc-evo-runs-rce.yaml
dahua-icc-evo-runs-rce.yaml
 
 
dahua-icc-rce.yaml
dahua-icc-rce.yaml
 
 
dataease-cve-2025-49001-49002.yaml
dataease-cve-2025-49001-49002.yaml
 
 
dataease-jwt-bypass.yaml
dataease-jwt-bypass.yaml
 
 
deep-security-rce.yaml
deep-security-rce.yaml
 
 
deepsec-dp-osm-rce.yaml
deepsec-dp-osm-rce.yaml
 
 
dongshengwuliu-sqli-getbanklist.yaml
dongshengwuliu-sqli-getbanklist.yaml
 
 
easportal-autologin-rce.yaml
easportal-autologin-rce.yaml
 
 
eastwin-logistics-sqli.yaml
eastwin-logistics-sqli.yaml
 
 
fr_remote_design_file_upload.yaml
fr_remote_design_file_upload.yaml
 
 
fumengyun-sql-injection.yaml
fumengyun-sql-injection.yaml
 
 
hanvon-fastjson-rce.yaml
hanvon-fastjson-rce.yaml
 
 
hanwang-efacego-arbitrary-file-upload.yaml
hanwang-efacego-arbitrary-file-upload.yaml
 
 
hanwang-file-read.yaml
hanwang-file-read.yaml
 
 
hanwang-querymanypeople-sqli.yaml
hanwang-querymanypeople-sqli.yaml
 
 
hanwang-upload-arbitrary-file.yaml
hanwang-upload-arbitrary-file.yaml
 
 
huace-sql-injection.yaml
huace-sql-injection.yaml
 
 
inforcenter-uploadfile-vulnerability.yaml
inforcenter-uploadfile-vulnerability.yaml
 
 
inspur-gs-purbidsupplementsrv-file-read.yaml
inspur-gs-purbidsupplementsrv-file-read.yaml
 
 
jeecgboot-password-reset.yaml
jeecgboot-password-reset.yaml
 
 
jeecgboot-reset-password.yaml
jeecgboot-reset-password.yaml
 
 
jeecgboot-sql-injection.yaml
jeecgboot-sql-injection.yaml
 
 
jhoa-c6-xxe-vulnerability.yaml
jhoa-c6-xxe-vulnerability.yaml
 
 
jhoa-sql-injection.yaml
jhoa-sql-injection.yaml
 
 
jhsoft-taskreportconfirm-sqlinjection.yaml
jhsoft-taskreportconfirm-sqlinjection.yaml
 
 
jhsoft-web-dailytaskmanage-sql-injection.yaml
jhsoft-web-dailytaskmanage-sql-injection.yaml
 
 
jinhwaoa-c6-xxe.yaml
jinhwaoa-c6-xxe.yaml
 
 
kingdee-apusic-jndi-injection.yaml
kingdee-apusic-jndi-injection.yaml
 
 
kingdee-dynamicform-rce.yaml
kingdee-dynamicform-rce.yaml
 
 
langchao-cloud-financial-system-rce.yaml
langchao-cloud-financial-system-rce.yaml
 
 
lanling-rce.yaml
lanling-rce.yaml
 
 
letter-image-upload-rce.yaml
letter-image-upload-rce.yaml
 
 
licmould-sql-injection.yaml
licmould-sql-injection.yaml
 
 
maildata-mailgateway-exploit.yaml
maildata-mailgateway-exploit.yaml
 
 
metacrm-file-upload-vulnerability.yaml
metacrm-file-upload-vulnerability.yaml
 
 
metacrm-sendfile-file-upload.yaml
metacrm-sendfile-file-upload.yaml
 
 
metacrm-sendsms-file-upload.yaml
metacrm-sendsms-file-upload.yaml
 
 
metacrm-sqli-detection.yaml
metacrm-sqli-detection.yaml
 
 
mingyuan-erp-auth-bypass.yaml
mingyuan-erp-auth-bypass.yaml
 
 
mobileoa-sql-injection.yaml
mobileoa-sql-injection.yaml
 
 
nips-users-json-infoleak.yaml
nips-users-json-infoleak.yaml
 
 
osm-portal-login-rce.yaml
osm-portal-login-rce.yaml
 
 
redis-hll-exploit.yaml
redis-hll-exploit.yaml
 
 
shikongzhiyou-erp-file-upload.yaml
shikongzhiyou-erp-file-upload.yaml
 
 
softmng-fileinputhandler-upload.yaml
softmng-fileinputhandler-upload.yaml
 
 
sql-injection-antisubmarine.yaml
sql-injection-antisubmarine.yaml
 
 
sql-injection-auditing.yaml
sql-injection-auditing.yaml
 
 
sql-injection-getValidEmpForGroup.yaml
sql-injection-getValidEmpForGroup.yaml
 
 
sql-injection-test.yaml
sql-injection-test.yaml
 
 
struts2-rce-login-action.yaml
struts2-rce-login-action.yaml
 
 
tiandy-easy7-arbitrary-file-read.yaml
tiandy-easy7-arbitrary-file-read.yaml
 
 
transcoder-ms-sqli.yaml
transcoder-ms-sqli.yaml
 
 
u8cloud-filtercondaction-sqli.yaml
u8cloud-filtercondaction-sqli.yaml
 
 
u9cloud-unauth-file-download.yaml
u9cloud-unauth-file-download.yaml
 
 
uap-metawebservice-sqli.yaml
uap-metawebservice-sqli.yaml
 
 
unibox-arbitrary-file-read.yaml
unibox-arbitrary-file-read.yaml
 
 
unisdp-emm-core-oauth-token-leak.yaml
unisdp-emm-core-oauth-token-leak.yaml
 
 
weaver-Vulnerability.yaml
weaver-Vulnerability.yaml
 
 
weaver-ecology-directory-traversal.yaml
weaver-ecology-directory-traversal.yaml
 
 
weaver-oa-rce.yaml
weaver-oa-rce.yaml
 
 
wingftp-null-byte-auth-bypass.yaml
wingftp-null-byte-auth-bypass.yaml
 
 
wps-unauthorized-rce.yaml
wps-unauthorized-rce.yaml
 
 
xinhuoa-sqli-upfile.yaml
xinhuoa-sqli-upfile.yaml
 
 
xxe-injection-check.yaml
xxe-injection-check.yaml
 
 
yisaetong-sql-injection.yaml
yisaetong-sql-injection.yaml
 
 
yonyou-blind-sql-injection.yaml
yonyou-blind-sql-injection.yaml
 
 
yonyou-dynamaticexport-arbitrary-file-download.yaml
yonyou-dynamaticexport-arbitrary-file-download.yaml
 
 

Repository files navigation

Nuclei Templates for HW 2025

仓库简介

这个仓库专门收集2025年HVV期间公开披露的漏洞POC和漏洞检测模板,使用Nuclei框架格式编写。

Nuclei简介

Nuclei是一款快速、可定制的漏洞扫描工具,基于YAML模板系统工作。它能够帮助安全研究人员快速识别目标系统中的已知漏洞。

安装Nuclei

二进制安装(推荐)

  1. 下载最新版Nuclei:

    go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

  2. 或者从发布页面下载预编译二进制文件: https://github.com/projectdiscovery/nuclei/releases

源码编译

go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

使用方法

基本扫描

nuclei -u https://example.com -t hw2025/

批量扫描URL列表

nuclei -list urls.txt -t hw2025/

使用特定模板

nuclei -u https://example.com -t hw2025/cves/CVE-2025-XXXX.yaml

常用参数

  • -severity:按严重程度过滤(critical,high,medium,low,info)
  • -tags:按标签过滤
  • -rate-limit:限制请求速率(默认150/秒)
  • -timeout:超时设置(默认10秒)
  • -retries:重试次数(默认1)
  • -proxy:使用代理

模板更新

建议定期更新Nuclei和模板:

nuclei -update
nuclei -ut

免责声明

本仓库仅用于合法安全测试和研究目的。使用者应遵守所有适用法律,并确保获得适当的授权后再进行扫描测试。仓库维护者对任何滥用行为概不负责。

贡献指南

欢迎提交HW期间发现的漏洞POC模板!请确保:

  1. 模板格式符合Nuclei规范
  2. 包含详细的漏洞描述和参考链接
  3. 经过测试验证可用
  4. 不包含敏感信息或攻击性payload

提交PR时请说明漏洞影响和验证方法。

许可证

本仓库采用MIT许可证,详见LICENSE文件。

About

自动生成nuclei 2025HW poc

Topics

hw day 0day 2025hvv 2025hw

Resources

Readme
Activity

Stars

96 stars

Watchers

5 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published