Skip to content

gigachad80/Aadhar-PAN-Nuclei-Scanner

BranchesTags

Repository files navigation

πŸš€ Project Name: Aadhar-PAN-Nuclei-Scanner

Maintenance

πŸ“Œ Overview

A comprehensive collection of Nuclei templates designed to detect exposed Aadhar and PAN card numbers during security assessments.

πŸ“š Requirements & Dependencies

  • Nuclei (latest version recommended)
  • Target website / Scope
  • Go (for running Nuclei)

πŸ“‹ Detection Capabilities

βœ… Detects ALL formats:

  • Aadhar with spaces: XXXX XXXX XXXX
  • Aadhar without spaces: XXXXXXXXXXXX
  • PAN cards: ABCDE1234F

βœ… Covers ALL endpoints:

  • Web pages (home, login, profile)
  • API endpoints (REST, JSON responses)
  • File storage (uploads, downloads)
  • Debug/Error pages

βœ… Smart features:

  • Contextual detection (looks for keywords like "aadhar", "pan" near numbers)
  • False positive reduction (ignores "example", "sample", "dummy" data)
  • Multiple extractors (separates Aadhar vs PAN findings)
  • Context extraction (shows surrounding text for analysis)

πŸ“¦ Template Versions Available

Two Approaches:

Approach Templates Count Recommendation
Individual Templates 8 separate files For specialized testing
All-in-One Template 1 comprehensive file βœ… Recommended for most users

Individual Templates (8 Versions)

Template Purpose Recommendation
Template 1 Aadhar with spaces only ❌ Redundant
Template 2 Aadhar without spaces only ❌ Redundant
Template 3 PAN cards only ❌ Redundant
Template 4 Combined basic detector ⚠️ Good starting point
Template 5 Advanced with contextual keywords βœ… Most comprehensive
Template 6 JSON/API focused πŸ”§ Specialized use case
Template 7 File endpoints focused πŸ”§ Specialized use case
Template 8 Error pages focused πŸ”§ Specialized use case

What Makes Each Template Unique:

  1. Templates 1-3: Basic individual detectors (Aadhar with spaces, without spaces, PAN) - Redundant
  2. Template 4: Combined basic detector - Good starting point
  3. Template 5: Advanced with contextual keywords - Most comprehensive
  4. Template 6: JSON/API focused - Specialized use case
  5. Template 7: File endpoints focused - Specialized use case
  6. Template 8: Error pages focused - Specialized use case

Recommended Approach for Individual Templates:

Use Template 5 (Advanced Detection) as your main template

Why Template 5 is the best:

  • Detects ALL formats (Aadhar with/without spaces + PAN)
  • Uses contextual keywords to reduce false positives
  • Covers the most common endpoints
  • Single scan covers everything
  • Most comprehensive coverage

Optional: Add Template 6 if you're specifically testing APIs

When to use the specialized ones (6-8):

  • Template 6: Only if you're specifically targeting REST APIs and JSON responses
  • Template 7: Only if you're testing file upload/storage systems
  • Template 8: Only if you're doing error-based testing

All-in-One Template (Recommended)

The comprehensive single template that combines the best features of all 8 individual templates.

Why This One Template is Better:

  1. Single scan = faster execution
  2. Comprehensive coverage = nothing missed
  3. Smart filtering = fewer false positives
  4. Better reporting = organized extracted data
  5. Maintenance = only one file to update

This replaces all 8 previous templates with one efficient, comprehensive solution perfect for bug hunting!

πŸš€ Usage

Quick Start (All-in-One Template)

# Save as: all-in-one.yaml
nuclei -t all-in-one.yaml -u https://target.com

# Bulk scanning:
nuclei -t all-in-one.yaml -l targets.txt

# With output:
nuclei -t all-in-one.yaml -u target.com -o results.txt

# Verbose mode with extracted data:
nuclei -t all-in-one.yaml -u target.com -v

Advanced Usage

# Rate limiting for production testing:
nuclei -t all-in-one.yaml -l targets.txt -rl 10

# With custom headers:
nuclei -t all-in-one.yaml -u target.com -H "Authorization: Bearer token"

# Silent mode (only show findings):
nuclei -t all-in-one.yaml -u target.com -silent

# JSON output for automation:
nuclei -t all-in-one.yaml -u target.com -json -o results.json

Individual Templates Usage

# Using specific templates:
nuclei -t template-1.yaml -u target.com
nuclei -t template-3.yaml -u target.com
nuclei -t template-5.yaml -u target.com

# Using multiple templates:
nuclei -t /path/to/templates/ -u target.com

πŸ“Š Template Comparison

Feature Individual Templates All-in-One Template
Coverage Requires multiple scans Single comprehensive scan
Speed Slower (8 separate requests) Faster (1 optimized scan)
Maintenance 8 files to update 1 file to maintain
False Positives Variable across templates Optimized filtering
Customization High granular control Balanced comprehensive approach
Recommended for Specific use cases General bug hunting

False Positive Reduction

The templates include negative matchers to avoid flagging:

  • Example/dummy data
  • Test datasets
  • Placeholder values
  • Documentation samples

🎯 Recommendations

For Most Users:

Use the All-in-One Template - It's optimized, comprehensive, and efficient.

For Specialized Testing:

  • API Testing: Use All-in-One + consider the JSON-focused individual template
  • File Upload Testing: All-in-One covers this, but individual Template 7 offers more file-specific paths
  • Error-based Testing: All-in-One includes error detection

Best Practices:

  1. Start with All-in-One for general assessments
  2. Add individual templates only for specific deep-dive testing
  3. Use rate limiting (-rl 10) for production testing
  4. Review extracted data manually to confirm findings
  5. Report responsibly - these are sensitive PII exposures

πŸ”§ Customization

Adding New Paths

Edit the path section to include application-specific endpoints:

path:
  - "{{BaseURL}}/your-custom-endpoint"
  - "{{BaseURL}}/app-specific-path"

Adjusting Sensitivity

Modify the negative matchers to reduce false positives for your specific environment:

negative:
  - type: word
    words:
      - "your-test-keyword"
      - "staging-data"

πŸ› Troubleshooting

Common Issues:

Caution

It might give too many false positives , so you need to validate all😝☠️ to get true positives.

  1. Too many false positives: Adjust the negative matchers
  2. Missing detections: Check if target uses different URL patterns
  3. Rate limiting: Add -rl parameter to slow down requests
  4. No output: Ensure target is responsive and accessible

πŸ€” Why This Project ?

This project was inspired by a Telegram channel where someone shared Nuclei templates designed to detect similar types of PII credentials ( for scanning credit & debit cards )

πŸ’“ Credits:

⌚ Total Time Taken to Develop & Test

1 hr 21 min - LOL XD πŸ’€, All templates created by Sonnet 4 model of Anthropic! which took 17 min. The rest of the time, 1 hour and 5 minutes , was spent writing the README and editing the templates.

Debug Mode:

# Enable debug output:
nuclei -t template.yaml -u target.com -debug

# Verbose mode:
nuclei -t template.yaml -u target.com -v

πŸ“ž Support

πŸ“§ Email: pookielinuxuser@tutamail.com

For Nuclei-specific issues, refer to:

πŸ“œ License

Licensed under Affero GNU General Public License 3.0

πŸ•’ Last Updated:

August 18, 2025

About

Find leaked Aadhar & PAN cards using these nuclei templates

Topics

uid recon nuclei pan aadhaar upi subfinder pan-card nuclei-templates projectdiscovery aadhar-cards nuclei-scan

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages