Overview

ProjectDiscovery’s scanning engine supports various configuration options to customize scan behavior and template execution. These configurations allow you to set up authentication, rate limiting, custom headers, and template variables through an easy-to-use interface. Some templates, particularly those requiring authentication or specific parameters, need additional configuration to work effectively in the cloud platform.

Scan Configurations

When you create a new scan configuration, you’ll see a form with several sections that you can fill out based on your needs:

Configuration Setup

Config Name (Required) Enter a descriptive name for your configuration to identify it later. Examples:
  • “WordPress Authentication”
  • “Rate Limited Scanning”
  • “API Key Headers”
  • “Production Environment Config”

Rate Limiting

Rate limit per host Set the number of requests per second per host to control scan speed:
  • Enter a number (e.g., 60 for 60 requests per second)
  • Leave empty for maximum speed (default behavior)
  • Lower values are more respectful to target hosts
  • Higher values increase scan speed but may overwhelm targets
Lower rate limit values reduce scan speed but are more respectful to target hosts. Leave empty for maximum speed (default behavior).

Custom Headers

Add HTTP headers that will be included in all scan requests. Click “Add another” to add multiple headers. Common Examples:
  • Key: Authorization Value: Bearer your-api-token-here
  • Key: X-API-Key Value: 1234-5678-9012-3456
  • Key: User-Agent Value: Custom Scanner v1.0
  • Key: X-Forwarded-For Value: 10.0.0.1
Use Cases:
  • Adding authentication tokens
  • Setting specific User-Agent strings
  • Including custom tracking headers
  • Passing required API keys

Template Variables

Define variables that templates can reference during execution. Click “Add another” to add multiple variables. Common Examples:
  • Key: username Value: admin
  • Key: password Value: your-password-here
  • Key: domain Value: example.com
  • Key: api_key Value: your-api-key
Use Cases:
  • Authentication credentials
  • API tokens
  • Custom parameters
  • Environment-specific values

Interactsh Settings

Configure out-of-band (OOB) testing parameters for advanced vulnerability detection: Server
  • Enter your custom Interactsh server URL (e.g., oast.acme)
  • Leave empty to use the default ProjectDiscovery server
Token
  • Enter your Interactsh token for authentication
  • Required if using a custom server
  • Example format: 1234-5678-9012-3456

Practical Example: WordPress Authentication

Many Nuclei templates require WordPress login credentials. Here’s how to set this up:

Step 1: Create the Configuration

  1. Config Name: WordPress Login Config
  2. Rate limit per host: 30 (to avoid overwhelming the WordPress site)

Step 2: Add Template Variables

Add these two variables:
  • Key: username Value: admin (or your WordPress username)
  • Key: password Value: your-wordpress-password

Step 3: Save and Use

After saving, you can select this configuration when running scans that include WordPress templates.

Authentication Example

Let’s look at how this works with a real template. Consider this WordPress vulnerability template:
id: CVE-2023-1890
info:
  name: Tablesome < 1.0.9 - Cross-Site Scripting
  severity: medium
  
http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/edit.php?post_type=tablesome_cpt&a%22%3e%3cscript%3ealert`document.domain`%3c%2fscript%3e HTTP/1.1
        Host: {{Hostname}}
This template uses {{username}} and {{password}} variables. When you create a configuration with these template variables, the scanner automatically substitutes your values during execution.

Setting Up Scan Configurations

Creating a New Configuration

1

Access Configuration Settings

  1. Navigate to Scans → Configurations
  2. Click “New Integration” or “New Config”
2

Fill Out the Form

  1. Config Name: Enter a descriptive name
  2. Rate limit per host: Set your desired rate limit (optional)
  3. Custom headers: Add any required HTTP headers
  4. Template variables: Add authentication or custom variables
  5. Interactsh: Configure OOB settings if needed
3

Save Configuration

  1. Click “Create” to save your configuration
  2. The configuration will be available for future scans
  3. You can edit or delete it later if needed
4

Apply to Scans

When creating a new scan:
  1. Select your target
  2. Choose your configuration from the dropdown
  3. The settings will automatically apply to your scan

Configuration Scope Options

When you enable the “Enable for all scans” toggle:
  • Global Application: The configuration applies to every scan automatically
  • Manual Selection: You choose when to apply the configuration per scan
Recommendation: Use global application for rate limiting configurations to ensure consistent, respectful scanning behavior across all your scans.

Advanced Configuration Examples

API Testing Setup

  • Config Name: API Testing Config
  • Custom Headers:
    • Authorization: Bearer abc123xyz
    • Content-Type: application/json
  • Template Variables:
    • api_endpoint: https://api.example.com
    • api_version: v2

E-commerce Platform Testing

  • Config Name: E-commerce Auth
  • Rate limit per host: 20
  • Template Variables:
    • username: testuser
    • password: testpass123
    • shop_domain: myshop.example.com

Corporate Environment

  • Config Name: Corporate Network
  • Custom Headers:
    • X-Forwarded-For: 192.168.1.100
    • User-Agent: Corporate Security Scanner
  • Rate limit per host: 10

Best Practices

  1. Naming Conventions
    • Use descriptive, clear names
    • Include the purpose (e.g., “WordPress Auth”, “Rate Limit - Slow”)
    • Avoid special characters
  2. Security Considerations
    • Don’t use production passwords in testing
    • Use dedicated test accounts when possible
    • Regularly rotate credentials
    • Limit configuration access to authorized users
  3. Rate Limiting Guidelines
    • Start with lower values (10-30 requests/second)
    • Increase gradually based on target capacity
    • Use global rate limiting for consistent behavior
    • Monitor target server response times
  4. Template Variables
    • Use consistent naming (lowercase, underscores)
    • Document variable purposes in config names
    • Test configurations before production use
    • Keep sensitive values secure
When using authentication credentials or sensitive parameters, ensure they are stored securely and accessed only by authorized users. Consider using dedicated test accounts rather than production credentials.

What’s Next?

After setting up configurations:
  1. Create new scans using your configurations
  2. Monitor scan results for proper parameter usage
  3. Adjust rate limits based on target performance
  4. Create multiple configurations for different environments
For template development guidance, visit our Template Editor documentation.