Documentation Index Fetch the complete documentation index at: https://mintlify.com/projectdiscovery/nuclei/llms.txt
Use this file to discover all available pages before exploring further.
Nuclei provides a comprehensive set of helper functions (also called DSL functions) that can be used in templates for data manipulation, transformation, validation, and computation. These functions are available in matchers, extractors, and variables.
String functions Convert string to lowercase. dsl : - "to_lower('HELLO') == 'hello'"
Convert string to uppercase. dsl : - "to_upper('hello') == 'HELLO'"
contains(input, substring)
Check if string contains substring. matchers : - type : dsl dsl : - "contains(body, 'admin')"
starts_with(input, prefix)
Check if string starts with prefix. dsl : - "starts_with(header, 'HTTP/2')"
Check if string ends with suffix. dsl : - "ends_with(body, '</html>')"
Remove leading and trailing whitespace. dsl : - "trim(' hello ') == 'hello'"
trim_prefix(input, prefix)
Remove prefix from string. dsl : - "trim_prefix('www.example.com', 'www.') == 'example.com'"
trim_suffix(input, suffix)
Remove suffix from string. extractors : - type : dsl name : domain dsl : - "trim_suffix(cname, '.vercel-dns.com')"
Replace all occurrences of old with new. dsl : - "replace(body, 'http://', 'https://')"
Get length of string or array. dsl : - "len(body) > 1000"
Concatenate multiple strings. dsl : - "concat('https://', host, ':', port)"
Encoding functions Base64 encode string. variables : encoded : "{{base64('admin:password')}}"
Base64 decode string. dsl : - "base64_decode('YWRtaW46cGFzc3dvcmQ=')"
URL encode string. dsl : - "urlencode('<script>alert(1)</script>')"
URL decode string. dsl : - "urldecode('%3Cscript%3E')"
HTML encode string. dsl : - "html_escape('<img src=x>')"
HTML decode string. dsl : - "html_unescape('<img>')"
Hex encode string. dsl : - "hex_encode('admin')"
Hex decode string. dsl : - "hex_decode('61646d696e')"
Hashing functions Calculate MD5 hash. dsl : - "md5(body) == '5d41402abc4b2a76b9719d911017c592'"
Calculate SHA1 hash. dsl : - "sha1('password')"
Calculate MurmurHash3 hash. Regex functions Check if input matches regex pattern. dsl : - "regex(' \\ d+ \\ . \\ d+ \\ . \\ d+', body)"
Numeric functions Generate random integer between min and max. variables : random_id : "{{rand_int(1000, 9999)}}"
Get current Unix timestamp. variables : timestamp : "{{unixtime()}}"
Random data functions Generate random alphanumeric string of specified length. variables : nonce : "{{randstr(16)}}"
rand_text_alphanumeric(length)
Generate random alphanumeric text. payloads : random : "{{rand_text_alphanumeric(10)}}"
Generate random alphabetic text. variables : random_alpha : "{{rand_text_alpha(8)}}"
rand_text_numeric(length)
Generate random numeric text. variables : random_num : "{{rand_text_numeric(6)}}"
Generate random base64 encoded string. variables : random_b64 : "{{rand_base64(20)}}"
Response data functions HTTP response status code. dsl : - "status_code == 200"
HTTP response content length. dsl : - "content_length > 1000"
Request duration in milliseconds. HTTP response body. dsl : - "contains(body, 'success')"
HTTP response headers as map. dsl : - "header['Server'] == 'nginx'"
All HTTP response headers concatenated. dsl : - "contains(tolower(all_headers), 'x-powered-by')"
Real-world examples Complex DSL Matcher
Encoding Chain
Hash Validation
String Manipulation
Multi-Request Correlation
id : dsl-matcher-example info : name : Complex DSL Matching author : pdteam severity : info http : - method : GET path : - "{{BaseURL}}/package.json" matchers : - type : dsl condition : and dsl : - "contains(body, 'packages')" - "contains(tolower(all_headers), 'application/octet-stream')" - "status_code == 200" - "content_length < 100000"
Combining functions Helper functions can be nested and combined:
dsl : - "contains(to_lower(body), 'admin')" - "len(trim(header['Server'])) > 0" - "base64(to_upper(concat('user:', username)))" - "md5(base64_decode(cookie))"
Best practices
Use appropriate functions - Choose the right function for the task (e.g., contains() vs regex())Chain functions efficiently - Combine functions to avoid multiple operationsValidate before transforming - Check data exists before applying transformationsUse case-insensitive comparisons - Apply to_lower() or to_upper() for reliable matchingCache expensive operations - Store computed values in variablesTest DSL expressions - Verify complex DSL logic with known inputsDocument complex logic - Add comments for non-obvious DSL expressions
Common patterns Validate and extract matchers : - type : dsl dsl : - "regex('[0-9]+ \\ .[0-9]+ \\ .[0-9]+', body)" extractors : - type : dsl dsl : - "regex('[0-9]+ \\ .[0-9]+ \\ .[0-9]+', body)"
Normalize and compare dsl : - "to_lower(trim(header['Server'])) == 'nginx'"
Multiple conditions matchers : - type : dsl condition : and dsl : - "status_code >= 200 && status_code < 300" - "content_length > 0" - "duration < 1000" - "!contains(body, 'error')"
Hash-based detection matchers : - type : dsl dsl : - "md5(body) == '5d41402abc4b2a76b9719d911017c592'" - "sha256(body) == 'known_malicious_hash'"
Some helper functions are computationally expensive:
Hashing functions (md5, sha256, etc.) on large responses
Regex matching on entire response body
Multiple nested function calls
Use these judiciously and consider caching results in variables. Function categories String
Encoding
Hashing
Random
Utility
to_lower, to_uppercontains, starts_with, ends_withtrim, trim_prefix, trim_suffixreplace, concat, len
base64, base64_decodeurlencode, urldecodehtml_escape, html_unescapehex_encode, hex_decode
md5, sha1, sha256, sha512mmh3
randstr, rand_intrand_text_alphanumericrand_text_alpha, rand_text_numericrand_base64
regex, unixtimeResponse variables: status_code, body, header, etc.
Matchers Using DSL in matchers
Extractors Using DSL in extractors
Variables Computing variables
Flow Control JavaScript vs DSL