Skip to content

Seeders

REST seeder

protocol: rest

The REST seeder allows you to send a request that adapts to the host of your current scan.

You can still use a raw HTTP text format, but we'll automatically fill the host and scheme for you.

This requests will be sent at the same time as the hotstart, the syntax is similar to it but you can configure for which user the request must be sent.

The main difference between this two features it that a seeded request is bound to a custom security check. If you disable a check, the seeded request will not be sent.

Example

seed:
  - protocol: rest
    path: /books/some-title
    method: GET
    headers:
      Content-Type: application/json
    body: '{"hello": "world"}'
    user: admin
    params:
      id: 1

Properties

  • user: The user to use for the request. If not provided, the request is sent without authentication.
  • path: The path to use for the request.
  • method: The method to use for the request.
  • headers: The headers to use for the request. The key is the header name and the value is the header value.
  • body: The body to use for the request.
  • params: parameters to use for the request. The key is the parameter name and the value is the parameter value.

HTTP raw seeder

protocol: http

The HTTP seeder allows you to send a request at the start of the scan.

This requests will be sent at the same time as the hotstart, the syntax is similar to it but you can configure for which user the request must be sent.

The main difference between this two features it that a seeded request is bound to a custom security check. If you disable a check, the seeded request will not be sent.

Example

seed:
  - protocol: http
    raw: |
      @Host: https://example.com
      GET /debug HTTP/1.1
      Host: example.com
      Content-Type: application/json

Properties

  • raw: The raw HTTP request in Nuclei format.
  • user: The user to use for the request. If not provided, the request is sent without authentication.