DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Nuclei Azure Template

#azure #nuclei

To run Azure-specific Nuclei templates, you need to configure your Azure credentials so that Nuclei can authenticate and interact with the Azure environment. Here’s how you can set up Azure credentials on Windows:

1. Install Azure CLI

  1. Download the Azure CLI installer for Windows from https://aka.ms/installazurecliwindows.
  2. Install it by running the .msi file.

2. Sign in to Azure

Open Command Prompt or PowerShell and sign in to Azure:

az login
Enter fullscreen mode Exit fullscreen mode

This will open a browser window for you to sign in with your Azure credentials.

3. Verify Your Azure Subscription

Check your active Azure subscriptions:

az account list --output table
Enter fullscreen mode Exit fullscreen mode

Set the active subscription if you have more than one:

az account set --subscription "SUBSCRIPTION_ID"
Enter fullscreen mode Exit fullscreen mode

4. Create a Service Principal (Optional)

If you want to use a Service Principal instead of your login session:

Step 1: Create a Service Principal: 

az ad sp create-for-rbac --name "nuclei-scan" --role "Contributor"
Enter fullscreen mode Exit fullscreen mode

Output will be like:

{
  "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "displayName": "nuclei-scan",
  "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Enter fullscreen mode Exit fullscreen mode

Step 2: Export Service Principal Credentials:

Set the following environment variables:

$env:AZURE_CLIENT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$env:AZURE_CLIENT_SECRET="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$env:AZURE_TENANT_ID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Enter fullscreen mode Exit fullscreen mode

For permanent setup, add these to your Windows environment variables:

  1. Go to Control PanelSystemAdvanced system settingsEnvironment Variables
  2. Create the following variables under System Variables:
    • AZURE_CLIENT_ID
    • AZURE_CLIENT_SECRET
    • AZURE_TENANT_ID
  3. Restart your terminal for the changes to take effect.

5. Test Azure Authentication

To confirm your credentials are working:

az account show
Enter fullscreen mode Exit fullscreen mode

If successful, it will display your active Azure subscription details.

6. Run Nuclei with Azure Templates

Now that credentials are configured, run the Azure templates:

nuclei -t C:\Users\<YourUsername>\nuclei-templates\cloud\azure\ -l targets.txt -v
Enter fullscreen mode Exit fullscreen mode

Example: Run a Specific Azure Template

Example to check for weak authentication in ARM templates:

nuclei -t C:\Users\<YourUsername>\nuclei-templates\cloud\azure\azure-arm-template-should-include-strong-authentication.yaml -u https://example.com
Enter fullscreen mode Exit fullscreen mode

🔎 Additional Tips:

  • Use Elevated Permissions – Ensure you are running the terminal as Administrator.
  • Rotate Service Principal Credentials – For long-term use, rotate your AZURE_CLIENT_SECRET regularly.
  • Use Multiple Subscriptions – If you want to scan across multiple subscriptions, switch context using: 
az account set --subscription "SUBSCRIPTION_ID"
Enter fullscreen mode Exit fullscreen mode

Top comments (0)