Templates & Editor FAQ - ProjectDiscovery Documentation

What are Nuclei templates?

Nuclei templates are the core of the Nuclei project and ProjectDiscovery Cloud Platform. The templates contain the actual logic that is executed in order to detect various vulnerabilities.The ProjectDiscovery template library contains several thousand ready-to-use community-contributed vulnerability templates. We are continuously working with our open source community to update and add templates as vulnerabilities are discovered.

How can I write Nuclei templates?

We maintain a template guide for writing new and custom Nuclei templates. ProjectDiscovery Cloud Platform also provides AI support to assist in writing and testing custom templates. - Check out our documentation on the Templates Editor for more information.

How can writing Nuclei templates help me or my organization?

Performing security assessment of an application is time-consuming. It’s always better and time-saving to automate steps whenever possible. Once you’ve found a security vulnerability, you can prepare a Nuclei template by defining the required HTTP request to reproduce the issue, and test the same vulnerability across multiple hosts with ease. It’s worth mentioning ==you write the template once and use it forever==, as you don’t need to manually test that specific vulnerability any longer.Here are few examples from the community making use of templates to automate the security findings:

https://dhiyaneshgeek.github.io/web/security/2021/02/19/exploiting-out-of-band-xxe/
https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
https://projectdiscovery.io/blog/if-youre-not-writing-custom-nuclei-templates-youre-missing-out
https://projectdiscovery.io/blog/the-power-of-nuclei-templates-a-universal-language-of-vulnerabilities

How do I run Nuclei templates in the Cloud Platform?

Nuclei templates are selected as part of any scans you create. You can select pre-configured groups of templates, individual templates, or add your own custom templates as part of your scan configuration.

Check out the scanning documentation to learn more.

How can I contribute a Nuclei template?

You are always welcome to share your templates with the community. You can either open a GitHub issue with the template details or open a GitHub pull request with your Nuclei templates. If you don’t have a GitHub account, you can also make use of the discord server to share the template with us.

Who owns the templates generated by the AI?

You own any templates generated by the AI through the Template Editor. They are your property, and you are granted a perpetual license to use and modify them as you see fit.

Do you use a public or private LLM?

The Template Editor feature in PDCP uses OpenAI.

Do you store the prompts, and what is your data retention policy?

Yes, prompts are stored as part of the generated template metadata. This data is deleted as soon as the template or the user are deleted.

How accurate are the templates generated by the AI?

The accuracy of the generated templates is primarily dependent on the detail and specificity of the input you provide. The more detailed information you supply, the better the AI can understand the context and create an accurate template. However, as with any AI tool, it is highly recommended to review, validate, and test any generated templates before using them in a live environment.

Does your LLM or AI learn from the templates I generate?

No, AI does not use the templates you generate for further training or improvement of the AI model. The system only uses public templates and CVE data for training, ensuring your unique templates remain confidential.