Scans are at the heart of the ProjectDiscovery Cloud Platform (PDCP). After adding assets, select the templates you want to use, and complete the scan details to start checking your tech stack for exploitable vulnerabilities.

On Scans, the three sections (sub-tabs) are Scans, Results, and Configurations.

  • Scans - view all of the scans you, or your team created.
  • Results - a summary of all scan results in a unified view.
  • Configurations - explore integrations for alerting and ticketing, scan settings, and template options. (Check out the Integrations page for details.)

Scans

The Scans tab provides a summary of your scan data and displays a list of all of your created scans. These results can be explored using search and filtering.

The Scans section also includes the Create Scan and Connect to local Nuclei options.

For examples of common scanning workflows check out our Use Cases.

Creating a Scan

From the Scans tab select Create New Scan to open the creation workflow.

For advanced scan configurations, check out Integrations we support for Jira, Slack, and more.

1

Select Assets

Select from existing Assets or add new assets.

2

Choose your templates

Choose the templates you want to use for scanning.

  • Template Profiles (groups of templates for a specific category)
  • Custom Templates (from the full Nuclei template library or any custom templates)
3

Finalize configuration

Provide a name, select a scan frequency, and complete any additional configurations (integrations, configurations, or variables).

4

Create your scan

Click Create Scan to start your new scan. This scan will be added to the Scans page with an in-progress status until it completes and provides the results of the scan with any vulnerabilities.

Want to connect your existing Nuclei scan? Check our our documentation on those steps here.

Automatic Real-Time Vulnerability Scan

PDCP now offers an automatic real-time vulnerability scanning feature:

  • Instant Template Updates: The system automatically triggers vulnerability scans whenever new Nuclei templates are added to the platform.
  • Immediate Detection: This ensures immediate detection of the latest vulnerabilities as soon as they are released.
  • Stay Ahead of Threats: By leveraging this feature, you can stay ahead of potential threats by identifying new vulnerabilities in your assets as soon as detection methods become available.

To enable automatic real-time vulnerability scanning:

  1. Navigate to the Dashboard page.
  2. Look for the “Automatic Real-Time Scanning” option to enable.
  3. Select your asset groups to configure for Automatic Vulnerability Scan.

Automatic Discovery with Vulnerability Scan

PDCP now allows you to enable automatic asset discovery before running vulnerability scan.

  • Automatic Discovery: You can choose to automatically run asset discovery before scanning.
  • Immediate Scanning: You can opt to initiate a vulnerability scan immediately after asset discovery completes.
  • Flexible Configuration: These behaviors are configurable, allowing you to enable or disable automation based on your specific requirements.

To configure discovery and scan automation:

  1. Go to the Scans page.
  2. Find the “Automatic Discovery” option and adjust it according to your preferences.
  3. If you’ve enabled automatic discovery, automatic asset discovery will be performed before vulnerability scan.

These new automation features provide greater flexibility and ensure your security posture remains up-to-date with minimal manual intervention.

Results (Vulnerabilities)

All Scans

The main Results section of Scans displays the summarized results of all the scans in your environment.

Your results can be explored and refined through the categories (Vulnerabilities, Info, Affected Assets) or through filtering (Status, Severity, Host)

Individual Scans

To view the results of an individual scan, select that scan from the Scans page by clicking on the name. This displays the results of that scan and includes categories (Vulnerabilities, Info, Affected Assets) or filtering (Status, Severity, Host) to explore the details of the individual scan.

Select the Logs tab to view scanning logs with information around time, assets, detection template, and match results. The Logs also include error information to assist with any troubleshooting.

Vulnerabilities

From the results view (all or individual) selecting a vulnerability expands to show you the complete details including the template(s), assets, and detection information. From the results page you can:

  • Export your vulnerabilities (JSON, CSV, PDF)
  • Modify the status of the vulnerabilities (false positives/closed)
  • Retest individual vulnerabilities
  • Review the template used to identify vulnerabilities

Click on the individual vulnerability to review detailed information, including remediation recommendations.

Configurations

Configurations is where all of our scanning-based integrations are available. The Configurations section includes individual pages for each category outlined below:

  • Alerting - currently supports integrations with Slack, MS Teams, Email, and Custom Webhooks. These great features can connect the scanning data with your teams through automation.
  • Ticketing - currently supports integrations for Jira, GitHub, and GitLab. Use these integrations to create something as simple as an email notification, or integrate with Jira to create tickets based on your scan results.
  • Scan - configure custom http headers, template variables, and custom interactsh server for your scans.
  • Template - review our built in template configurations or create a new template configuration with template filters to include or exclude based on severity, tags, protocol, and template ID

Was this page helpful?

Connect NucleiIntegrations