Your saved dynamic groups will appear in the same [list as your assets](https://cloud.projectdiscovery.io/assets). From here you can:
* **Access groups:** Click any group name to instantly view that filtered subset
* **Edit groups:** Hover over a group name and click the edit icon to modify the filters
* **Delete groups:** Remove groups that are no longer needed via the group settings menu
* **Share groups:** Generate shareable links for specific groups (Enterprise plan only)
## Use Cases and Best Practices
Dynamic asset groups offer versatile applications across your organization's security workflows. Create team-specific views (DevOps focusing on cloud technologies, Security teams monitoring vulnerabilities, Compliance teams tracking regulated systems), environment-specific groups (production, development, third-party integrations), and security-priority filters (critical infrastructure, public-facing systems, legacy technologies). For optimal results, maintain descriptive naming conventions, document each group's purpose, regularly review and update as infrastructure evolves, limit group quantity to maintain focus, and combine with custom labels for more powerful filtering. This approach streamlines asset management while providing targeted visibility where it matters most.
## Limitations
* Dynamic groups cannot be targeted for independent rescans
* The results in a dynamic group will always reflect the most recent state of the parent discovery
* Filter conditions apply only to discovered attributes - custom data cannot be used for filtering
### Visual Data Flow
The following diagram illustrates how credential data flows through our classification system:
```mermaid
flowchart TD
A["🔍 Malware Log Data
[The Template Editor](https://cloud.projectdiscovery.io/) has AI to generate templates for vulnerability reports. This document helps to guide you through the process, offering usagwe tips and examples.
## Overview
Powered by ProjectDiscovery's deep library of public Nuclei templates and a rich CVE data set, the AI understands a broad array of security vulnerabilities. First, the system interprets the user's prompt to identify a specific vulnerability. Then, it generates a template based on the steps required to reproduce the vulnerability along with all the necessary meta information to reproduce and remediate.
## Initial Setup
Kick start your AI Assistance experience with these steps:
1. **Provide Detailed Information**: Construct comprehensive Proof of Concepts (PoCs) for vulnerabilities like Cross-Site Scripting (XSS), and others.
2. **Understand the Template Format**: Get to grips with the format to appropriately handle and modify the generated template.
3. **Validation and Linting**: Use the integrated linter to guarantee the template's validity.
4. **Test the Template**: Evaluate the template against a test target ensuring its accuracy.
## Best Practices
* **Precision Matters**: Detailed prompts yield superior templates.
* **Review and Validate**: Consistently check matchers' accuracy.
* **Template Verification**: Validate the template on known vulnerable targets before deployment.
## Example Prompts
The following examples demonstrate different vulnerabilities and the corresponding Prompt.
## Template Compatibility
In addition to the Template Editor, our cloud platform supports any templates compatible with [Nuclei](nuclei/overview). These templates are exactly the same powerful YAML format supported in open source.
Take a look at our [Templates](/Templates/introduction) documentation for a wealth of resources available around template design, structure, and how they can be customized to meet an enormous range of use cases. As always, if you have questions [we're here to help](/help/home).
## Features
Current and upcoming features:
| Feature | Description and Use | Availability |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
| **Editor** | Experience something akin to using VS Code with our integrated editor, built on top of Monaco. This feature allows easy writing and modification of Nuclei Templates. | Free |
| **Optimizer** | Leverage the in-built TemplateMan API to automatically lint, format, validate, and enhance your Nuclei Templates. | Free |
| **Scan (URL)** | Run your templates on a targeted URL to check their validity. | Free \* |
| **Debugger** | Utilize the in-built debugging function that displays requests and responses of your template scans, aiding troubleshooting and understanding template behavior. | Free |
| **Cloud Storage** | Store and access your Nuclei Templates securely anytime, anywhere using your account. | Free |
| **Sharing** | Share your templates for better collaboration by generating untraceable unique links. | Free |
| **AI Assistance** | Employ AI to craft Nuclei Templates based on the context of specified vulnerabilities. This feature simplifies template creation and tailors them to minimize the time required for creation. | Free \* |
| **Scan (LIST, CIDR, ASN)** | In the professional version, run scans on target lists, network ranges (CIDR), AS numbers (ASN). | Teams |
| **REST API** | In the professional version, fetch templates, call the AI, and perform scans remotely using APIs. | Teams |
| **PDCP Sync** | Sync your generated templates with our cloud platform for easy access and management, available in the professional version. | Teams |
## Free Feature Limitations
Some features available within the free tier have usage caps in place:
* **Scan (URL):** You're allowed up to **100** scans daily.
* **AI Assistance:** Up to **10** queries can be made each day.
The limitations, reset daily, ensure system integrity and availability while providing access to key functions.
## How to Get Started
Begin by ensuring you have an account. If not, sign up on [https://cloud.projectdiscovery.io](https://cloud.projectdiscovery.io/sign-up) and follow the steps below:
1. Log in to your account at [https://cloud.projectdiscovery.io](https://cloud.projectdiscovery.io).
2. Click on the "**Create new template**" button to open up a fresh editor.
3. Write and modify your template. The editor includes tools like syntax highlighting, snippet suggestions, and other features to simplify the process.
4. After writing your template, input your testing target and click the "**Scan**" button to authenticate your template's accuracy.
# Recommended
Source: https://docs.projectdiscovery.io/cloud/editor/recommended
Learn more about using recommended templates with ProjectDiscovery
To share a template, click on the "Share" button to generate a link that can be sent to others.
## How to Share Public Templates
Public templates are designed for ease of sharing. You don't need to be authenticated to share them, meaning there's no need to log in. These templates are mapped with their Template ID, following a static URL pattern. For instance, a public template URL might resemble this: [https://cloud.projectdiscovery.io/public/CVE-2023-35078](https://cloud.projectdiscovery.io/public/CVE-2023-35078). In the given URL, `CVE-2023-35078` is the Template ID representing the template in the [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) project.
## How to Share User Templates
User templates, unlike public templates, require authentication for sharing. These templates are assigned a unique, UUID-based ID similar to YouTube's unlisted URLs for sharing purposes. This means anyone given the shared URL will be able to access the template.
## Revoking Access to Shared Templates
If at any point you want to limit the access to the shared template, it is as simple as changing the visibility of the template to private. After this change, the originally shared link will become inactive. However, you have the flexibility to share it again, which would generate a new unique ID.
Please remember, while sharing is easy, it's important to distribute the URL cautiously as the link allows full access to the shared template.
# Editor Keyboard Shortcuts
Source: https://docs.projectdiscovery.io/cloud/editor/shortcuts
Review keyboard shortcuts for Nuclei templates
The Template Editor is equipped with keyboard shortcuts to make it more efficient. You can use these shortcuts whether you're creating a new template or optimizing an existing one, enabling quicker actions without interfering with your workflow.
Here is a list of the actions, along with their corresponding shortcut keys and descriptions:
| **Action** | **Shortcut Key** | **Description** |
| --------------------- | ----------------------- | ------------------------------------------------------------ |
| Save Template | **CMD + S** | Saves the current template. |
| Duplicate Template | **CMD + D** | Creates a copy of a public template. |
| Execute Template | **CMD + SHIFT + SPACE** | Run a scan with the current template. |
| Share Template Link | **ALT + SHIFT + SPACE** | Generates a URL for sharing the current template. |
| Search Templates | **CMD + K** | Searches within your own templates. |
| Copy Template | **CMD + SHIFT + C** | Copies the selected template to your clipboard. |
| Show/Hide Side Bar | **CMD + B** | Toggles the visibility of the side bar. |
| Show/Hide Debug Panel | **CMD + SHIFT + M** | Toggles the visibility of the debug panel for extra insight. |
### Slack
ProjectDiscovery supports scan notifications through Slack. To enable Slack notifications provide a name for your Configuration, a webhook, and an optional username.
Choose from the list of **Events** (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated. All Events are selected by default
* Refer to Slack's [documentation on creating webhooks](https://api.slack.com/messaging/webhooks) for configuration details.
### MS Teams
ProjectDiscovery supports notifications through Microsoft Teams. To enable notifications, provide a name for your Configuration and a corresponding webhook.
Choose from the list of **Events** (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated.
* Refer to [Microsoft's documentation on creating webhooks](https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=newteams%2Cdotnet) for configuration details.
### Email
ProjectDiscovery supports notifications via Email. To enable email notifications for completed scans simply add your recipient email addresses.
### Webhook
ProjectDiscovery supports custom webhook notifications, allowing you to post events to any HTTP endpoint that matches your infrastructure requirements.
To implement webhook notifications, provide:
* Configuration name
* Webhook URL
* Authentication parameters (if required)
Example endpoint format:
```
https://your-domain.com/api/security/alerts
```
## Ticketing Integrations
The integrations under Ticketing support ticketing functionality as part of scanning and include support for Jira, GitHub, GitLab, and Linear. Navigate to [Scans → Configurations → Ticketing](https://cloud.projectdiscovery.io/scans/configs?type=reporting) to configure your ticketing tools.
### Jira
ProjectDiscovery provides integration support for Jira to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Jira instance URL , the Account ID, the Email, and the associated API token.
Details on creating an API token are available [in the Jira documentation here.](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/)
### GitHub
ProjectDiscovery provides integration support for GitHub to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Organization or username, Project name, Issue Assignee, Token, and Issue Label. The Issue Label determines when a ticket is created. (For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
* The severity as label option adds a template result severity to any GitHub issues created.
* Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Details on setting up access in GitHub [are available here.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)
### GitLab
ProjectDiscovery provides integration support for GitLab to create new tickets when vulnerabilities are found.
Provide your GitLab username, Project name, Project Access Token and a GitLab Issue label. The Issue Label determines when a ticket is created.
(For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
* The severity as label option adds a template result severity to any GitLab issues created.
* Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Refer to GitLab's documentation for details on [configuring a Project Access token.](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#create-a-project-access-token)
### Linear
ProjectDiscovery integrates with Linear for automated issue tracking. The integration requires the following API parameters:
1. Linear API Key
2. Linear Team ID
3. Linear Open State ID
To retrieve these parameters:
1. **API Key Generation**:
* Path: Linear > Settings > API > Personal API keys
* Direct URL: linear.app/\[workspace]/settings/api
2. **Team ID Retrieval**:
```graphql
query {
teams {
nodes {
id
name
}
}
}
```
1. **Open State ID Retrieval**:
```graphql
query {
workflowStates {
nodes {
id
name
}
}
}
```
For detailed API documentation, refer to the [Linear API Documentation](https://developers.linear.app/docs/graphql/working-with-the-graphql-api).
## Cloud Asset Discovery
ProjectDiscovery supports integrations with all popular cloud providers to automatically sync externally facing hosts for vulnerability scanning. This comprehensive approach ensures all your cloud resources with external exposure are continuously monitored, complementing our external discovery capabilities. The result is complete visibility of your attack surface across cloud environments through a simple web interface.
### AWS (Amazon Web Services)
Supported AWS Services:
| Service | Description |
| :---------------------------------------------------- | :-------------------------------------------- |
| [EC2](https://aws.amazon.com/ec2/) | VM instances and their public IPs |
| [Route53](https://aws.amazon.com/route53/) | DNS hosted zones and records |
| [S3](https://aws.amazon.com/s3/) | Buckets (especially those public or with DNS) |
| [Cloudfront](https://aws.amazon.com/cloudfront/) | CDN distributions and their domains |
| [ECS](https://aws.amazon.com/ecs/) | Container cluster resources |
| [EKS](https://aws.amazon.com/eks/) | Kubernetes cluster endpoints |
| [ELB](https://aws.amazon.com/elasticloadbalancing/) | Load balancers (Classic ELB and ALB/NLB) |
| [ELBv2](https://aws.amazon.com/elasticloadbalancing/) | Load balancers (Classic ELB and ALB/NLB) |
| [Lambda](https://aws.amazon.com/lambda/) | Serverless function endpoints |
| [Lightsail](https://aws.amazon.com/lightsail/) | Lightsail instances (simplified VPS) |
| [Apigateway](https://aws.amazon.com/api-gateway/) | API endpoints deployed via Amazon API Gateway |
By covering these services, ProjectDiscovery can map out a broad range of AWS assets in your account. (Support for additional services may be added over time.)
**AWS Integration Methods**
ProjectDiscovery supports three methods to connect to AWS, each suited for different use cases and security preferences:
1. **Single AWS Account (Access Key & Secret)** – Direct credential-based authentication using an IAM User's Access Key ID and Secret Access Key to connect one AWS account. Choose this for quick setups or single-account monitoring.
2. **Multiple AWS Accounts (Assume Role)** – Use one set of credentials to assume roles in multiple accounts. This method is ideal for organizations with multiple AWS accounts (e.g. dev, prod, etc.). You provide one account's credentials and the common role name that exists in all target accounts.
3. **Cross-Account Role (Role ARN)** – Use a dedicated IAM role with an External ID for third-party access. This option lets you create a cross-account IAM role in your AWS account and grant ProjectDiscovery access via that role's Amazon Resource Name (ARN). This is the most secure integration method, as it follows AWS best practices for third-party account access.
**Prerequisites**
Before configuring the integration, make sure you have:
* **AWS Account** – Access to an AWS account where you can create IAM identities
* **Admin Access to IAM** – Permissions to create IAM users and roles
* **ProjectDiscovery Account** – Access to ProjectDiscovery's Cloud platform
* **Basic AWS IAM Knowledge** – Understanding of IAM users, access keys, and roles
#### 1. Single AWS Account (Access Key & Secret)
To connect a single AWS account directly:
1. **Create a Read-Only IAM User:** In the AWS IAM console, create a new IAM user for ProjectDiscovery integration. Assign **programmatic access** (which generates an Access Key ID and Secret Access Key).
2. **Attach Required Policies:** Grant the user read-only permissions to the AWS services you want to monitor. You can use AWS-managed policies like **AmazonEC2ReadOnlyAccess**, **AmazonS3ReadOnlyAccess**, etc. for each service (see the **Required Permissions** section below).
3. **Configure in ProjectDiscovery:**
* Select **Single AWS Account (Access Key & Secret)**
* Enter your **AWS Access Key ID** and **AWS Secret Access Key**
* Optionally provide a **Session Token** (only for temporary credentials)
* Give the integration a unique name
* Select the AWS services you want to monitor
*Tip:* Use an IAM user with minimal read-only permissions and rotate keys periodically for security.
#### 2. Multiple AWS Accounts (Assume Role)
For monitoring multiple AWS accounts from a central account:
1. **Choose a Primary Account:** Create an IAM user in one AWS account (the "primary") with programmatic access.
2. **Create an IAM Role in Each Target Account:** In each AWS account you want to monitor, create a role that:
* Uses the **same role name** across all accounts (e.g., "ProjectDiscoveryReadOnlyRole")
* Has a trust relationship allowing your primary account to assume it
* Has the required read-only permissions
3. **Configure in ProjectDiscovery:**
* Select **Multiple AWS Accounts (Assume Role)**
* Enter the primary account's **AWS Access Key ID** and **Secret Access Key**
* Specify the **Role Name to Assume** (the common role name)
* List all **AWS Account IDs** to monitor (one per line)
* Give the integration a unique name
* Select the AWS services you want to monitor
#### 3. Cross-Account Role (Role ARN)
The most secure method using ProjectDiscovery's service account:
1. **Create an IAM Role in Your AWS Account:**
* In your AWS console, go to IAM → Roles → Create Role
* Select "Another AWS account" as the trusted entity
* Enter ProjectDiscovery's ARN: `arn:aws:iam::034362060511:user/projectdiscovery`
* Enable "Require External ID" and enter the External ID shown in the ProjectDiscovery UI
* Attach the necessary read-only permissions
2. **Configure in ProjectDiscovery:**
* Select **Cross-Account Role (Role ARN)**
* Enter the **Role ARN** of the role you created
* Give the integration a unique name
* Select the AWS services you want to monitor
**Required Permissions**
ProjectDiscovery needs read-only access to your AWS assets. The following AWS-managed policies are recommended:
* EC2 - AmazonEC2ReadOnlyAccess
* Route53 - AmazonRoute53ReadOnlyAccess
* S3 - AmazonS3ReadOnlyAccess
* Lambda - AWSLambda\_ReadOnlyAccess
* ELB - ElasticLoadBalancingReadOnly
* Cloudfront - CloudFrontReadOnlyAccess
Alternatively, you can use this custom policy for minimal permissions:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequiredReadPermissions",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"s3:ListAllMyBuckets",
"lambda:ListFunctions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"cloudfront:ListDistributions",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"eks:ListClusters",
"eks:DescribeCluster",
"apigateway:GET",
"lightsail:GetInstances",
"lightsail:GetRegions"
],
"Resource": "*"
}
]
}
```
**Verifying the Integration**
After configuring the integration, it's important to verify that ProjectDiscovery is successfully connected and enumerating your AWS assets:
* **Check Asset Discovery:** In the ProjectDiscovery platform, navigate to the cloud assets or inventory section. After a successful integration, you should start seeing resources from your AWS account(s) listed (for example, EC2 instance IDs, S3 bucket names, etc., corresponding to the integrated accounts). It may take a short while for the initial discovery to complete. If you see those assets, the integration is working.
* **Test with a Known Resource:** As a quick test, pick a known resource (like a specific EC2 instance or S3 bucket in your AWS account) and search for it in ProjectDiscovery's asset inventory. If it appears, the connection is functioning and pulling data.
* **Troubleshooting Errors:** If the integration fails or some assets are missing, consider these common issues:
* *Incorrect Credentials:* Double-check that the Access Key and Secret (if used) were entered correctly and correspond to an active IAM user. If you recently created the user, ensure you copied the keys exactly (no extra spaces or missing characters).
* *Insufficient Permissions:* If certain services aren't showing up, the IAM policy might be missing permissions. For example, if S3 buckets aren't listed, confirm that the policy includes `s3:ListAllMyBuckets`. Refer back to the Required Permissions and make sure all relevant actions are allowed. You can also use AWS IAM Policy Simulator or CloudTrail logs to see if any **AccessDenied** errors occur when ProjectDiscovery calls AWS APIs.
* *Assume Role Failures:* In multi-account or cross-account setups, a common issue is a misconfigured trust relationship. If ProjectDiscovery cannot assume a role, you might see an error in the UI or logs like "AccessDenied: Not authorized to perform sts:AssumeRole". In that case, check the following:
* The trust policy of the IAM role (in target account) trusts the correct principal (either your primary account's IAM user/role ARN for multi-account, or ProjectDiscovery's external account ID for cross-account) and the External ID if applicable.
* The role name or ARN in the ProjectDiscovery config exactly matches the one in AWS (spelling/case must match).
* The primary credentials (for multi-account) have permission to call `AssumeRole`.
* *External ID Mismatch:* For cross-account roles, if the external ID in ProjectDiscovery and the one in the IAM role's trust policy do not match, AWS will deny the assume request. Ensure you didn't accidentally copy the wrong value or include extra spaces. It must be exact.
* **AWS CloudTrail Logs:** As an additional verification, you can check AWS CloudTrail in your account. When ProjectDiscovery connects, you should see events like `DescribeInstances`, `ListBuckets`, etc., being called by the IAM user or assumed role. For cross-account roles, you will see an `AssumeRole` event from ProjectDiscovery's AWS account ID, and subsequent calls under the assumed role's identity. This audit trail can confirm that the integration is working as intended and using only allowed actions.
If all checks out, ProjectDiscovery is now actively monitoring your AWS environment. New resources launched in AWS should be detected on the next scan cycle, and any changes to your cloud footprint will be reflected in the platform. Make sure to regularly review the integration and update the IAM permissions if you start using new AWS services.
**References:**
1. [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference\_policies\_examples\_iam\_read-only-console.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_iam_read-only-console.html)
2. [https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_credentials\_access-keys.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
3. [https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_credentials\_temp\_request.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
4. [https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html](https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html)
5. [https://docs.logrhythm.com/OCbeats/docs/aws-cross-account-access-using-sts-assume-role](https://docs.logrhythm.com/OCbeats/docs/aws-cross-account-access-using-sts-assume-role)
### Google Cloud Platform (GCP)
Supported GCP Services:
* [Cloud DNS](https://cloud.google.com/dns)
* [Kubernetes Engine](https://cloud.google.com/kubernetes-engine)
* [Compute Engine](https://cloud.google.com/products/compute)
* [Bucket](https://cloud.google.com/storage)
* [Cloud Functions](https://cloud.google.com/functions)
* [Cloud Run](https://cloud.google.com/run)
**GCP Integration Methods:**
1. **Organization-Level Asset API** (Recommended for Enterprises)
* Uses Google Cloud's **Asset Inventory API** for comprehensive organization-wide discovery
* Discovers assets across entire GCP organization with a single configuration
* Requires organization-level permissions: `roles/cloudasset.viewer` and `roles/resourcemanager.viewer`
* Ideal for large organizations with multiple projects
2. **Individual Service APIs** (Default)
* Uses individual GCP service APIs for project-specific discovery
* Faster execution with detailed resource metadata
* Requires project-level permissions for each service
* Ideal for focused, single-project discovery
### Multi-Organization Support
ProjectDiscovery supports monitoring **multiple GCP organizations simultaneously**. Simply configure multiple integrations with different organization IDs to get consolidated asset discovery across all your GCP environments (e.g., production, staging, development organizations).
### Finding Your Organization ID
1. **Via Google Cloud Console:**
* Go to the [Google Cloud Console](https://console.cloud.google.com/)
* In the top navigation, click on the **project selector** (next to "Google Cloud Platform")
* Click **All** tab to view all resources
* Look for your organization name - the **Organization ID** is displayed next to it
* Alternatively, go to [IAM & Admin > Settings](https://console.cloud.google.com/iam-admin/settings) - your Organization ID will be shown at the top
2. **Via gcloud CLI:**
```bash
# List all organizations you have access to
gcloud organizations list
# Get current organization (if configured)
gcloud config get-value project
gcloud projects describe $(gcloud config get-value project) --format="value(parent.id)"
```
3. **Via Organization Policies Page:**
* Navigate to [Organization Policies](https://console.cloud.google.com/iam-admin/orgpolicies) in the Console
* Your Organization ID will be displayed in the URL and page header
### Checking Your Permissions
Before setting up the integration, verify you have the necessary permissions:
1. **For Organization-Level Integration:**
```bash
# Check if you can list organization assets
gcloud organizations list
# Check if you have the required roles
gcloud organizations get-iam-policy YOUR_ORG_ID --flatten="bindings[].members" --format="table(bindings.role)" --filter="bindings.members:user:YOUR_EMAIL"
```
2. **For Project-Level Integration:**
```bash
# Check project permissions
gcloud projects get-iam-policy YOUR_PROJECT_ID --flatten="bindings[].members" --format="table(bindings.role)" --filter="bindings.members:user:YOUR_EMAIL"
```
## Step-by-Step Setup Instructions
### Option 1: Organization-Level Asset API Setup
1. **Verify Organization Access:**
* Ensure you have `roles/cloudasset.viewer` and `roles/resourcemanager.viewer` at the organization level
* You can check this in [IAM & Admin > IAM](https://console.cloud.google.com/iam-admin/iam) by switching to your organization scope
2. **Create Service Account:**
* Navigate to any project within your organization
* Go to [IAM & Admin > Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts)
* Click **Create Service Account**
* Name it something like `projectdiscovery-org-scanner`
* Click **Create and Continue**
3. **Grant Organization-Level Permissions:**
* Go to [IAM & Admin > IAM](https://console.cloud.google.com/iam-admin/iam)
* Switch to your **Organization** scope (not project)
* Click **Grant Access**
* Enter your service account email: `projectdiscovery-org-scanner@YOUR_PROJECT_ID.iam.gserviceaccount.com`
* Assign these roles:
* `Cloud Asset Viewer`
* `Organization Viewer`
* Click **Save**
4. **Generate Service Account Key:**
* Return to [Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts)
* Click on your service account
* Go to **Keys** tab
* Click **Add Key > Create New Key**
* Choose **JSON** format
* Download and securely store the key file
### Option 2: Individual Service APIs Setup
1. **Select Target Project:**
* Choose the specific project you want to monitor
* Note the **Project ID** (not the display name)
2. **Create Service Account:**
* Navigate to [IAM & Admin > Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) in your target project
* Click **Create Service Account**
* Name it something like `projectdiscovery-scanner`
* Click **Create and Continue**
3. **Grant Project-Level Permissions:**
* On the same page, assign these roles:
* `Compute Viewer`
* `DNS Reader`
* `Storage Object Viewer`
* `Cloud Run Viewer`
* `Cloud Functions Viewer`
* `Kubernetes Engine Viewer`
* `Browser` (for basic project access)
* Click **Continue** and then **Done**
4. **Generate Service Account Key:**
* Click on your service account
* Go to **Keys** tab
* Click **Add Key > Create New Key**
* Choose **JSON** format
* Download and securely store the key file
References:
1. [https://cloud.google.com/iam/docs/service-account-overview](https://cloud.google.com/iam/docs/service-account-overview)
2. [https://cloud.google.com/iam/docs/keys-create-delete#creating](https://cloud.google.com/iam/docs/keys-create-delete#creating)
3. [https://cloud.google.com/asset-inventory/docs/overview](https://cloud.google.com/asset-inventory/docs/overview)
### Azure
Supported Azure Services:
* Virtual Machines
**Azure Integration Method:**
To connect ProjectDiscovery to your Azure account, you will need to create and configure an **App Registration** in Azure Active Directory. This process generates a Service Principal with the necessary credentials and permissions to monitor your cloud assets in a secure, read-only manner.
The required credentials are:
* Azure Tenant ID
* Azure Subscription ID
* Azure Client ID
* Azure Client Secret
Below are the steps to get the above credentials:
1. **Create App Registration:**
* Go to **Azure Active Directory > App registrations > + New registration**.
* From the app's **Overview** page, collect the **Application (client) ID** and **Directory (tenant) ID**.
2. **Generate Client Secret:**
* In the app, navigate to **Certificates & secrets > + New client secret**.
* **CRITICAL:** Copy the secret **Value** immediately, as it is shown only once.
3. **Assign Permissions:**
* Go to your **Subscription > Access control (IAM)**.
* Prefer a least-privilege custom role instead of the broad built-in Reader.
* Create a custom role (for example, "CloudList Reader") with minimal actions and then assign it to the App Registration you created. Example definition:
```json
{
"properties": {
"roleName": "CloudList Reader",
"description": "Minimal permissions for CloudList to discover Azure resources (VMs, Public IPs, Traffic Manager)",
"assignableScopes": [
"/subscriptions/
Supported Alibaba Cloud Services:
* ECS Instances
**Alibaba Integration Method**
This guide details the secure, best-practice method for connecting to Alibaba Cloud using a dedicated RAM user with read-only permissions.
1. **Create a RAM User for API Access:**
* Navigate to the **RAM (Resource Access Management) console**. [Ref](https://ram.console.aliyun.com/manage/ak)
* From the left menu, go to **Identities > Users** and click **Create User**.
* Enter a **Logon Name** (e.g., `projectdiscovery-readonly`).
* For **Access Mode**, select **OpenAPI Access** and click **OK**. This is for programmatic access, not console login.
2. **Securely Store the Access Key**: An AccessKey pair is generated immediately after the user is created. This is the only time the secret is shown.
Supported Kubernetes Services:
* Services
* Ingresses
* Cross-cloud cluster discovery
Supported Cloudflare Services:
* DNS and CDN assets
**Cloudflare Integration Methods:**
You can integrate Cloudflare into ProjectDiscovery via one of two methods:
1. **Global API Key**
* Go to Cloudflare Dashboard.
* Under "API Keys", locate the **Global API Key** and click **View.**
* Authenticate and copy the key.
* Now enter the Cloudflare account email and Global API Key copied in above step into ProjectDiscovery Cloud Platform.
* Give a unique Integration name and click **Verify**.
2. **API Token**
* From the [Cloudflare dashboard ↗](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.
* Select **Create Token**.
* Give required permission (follow reference 2 for details) and create token. Copy the Token
* Now enter API Token in ProjectDiscovery Cloud Platform.
* Give a unique Integration name and click **Verify**.
References:
1. [https://developers.cloudflare.com/api/keys](https://developers.cloudflare.com/api/keys)
2. [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/)
### Fastly
**Fastly Integration Method**
* Go to Fastly [account settings](https://manage.fastly.com/account/personal).
* Under **API**, click **Create API token** if you don’t already have one.
* Copy the API Key.
* Now enter API Key in ProjectDiscovery Cloud Platform.
* Give a unique Integration name and click **Verify**.
**DigitalOcean Integration Method**
* Go to DigitalOcean [API Settings](https://cloud.digitalocean.com/account/api/tokens).
* Click **Generate New Token**
* Provide a name and enable **read-only** access scope
* Copy the token
* Now enter token in ProjectDiscovery Cloud Platform.
* Give a unique Integration name and click **Verify**.
Supported Services:
* Droplets and managed services
References:
1. [https://docs.digitalocean.com/reference/api/create-personal-access-token/](https://docs.digitalocean.com/reference/api/create-personal-access-token/)
2. [https://docs.digitalocean.com/reference/api/](https://docs.digitalocean.com/reference/api/)
# Introducing ProjectDiscovery
Source: https://docs.projectdiscovery.io/cloud/introduction
Unified Asset Discovery & Continuous Monitoring
* Continuously discovers and inventories both internet-exposed **and** internal/cloud assets—VMs, load balancers, Kubernetes ingresses, sub-domains, and more—keeping your inventory always up to date
* Continuously tracks changes so new hosts, endpoints, or configuration drifts never slip through the cracks, ensuring complete visibility across your attack surface
Validated, Actionable Findings
* Safe, real-world attack simulation validates exploits at runtime, ensuring every vulnerability surfaced is **actually exploitable**
* Attacker-centric methodology prioritizes the weaknesses real adversaries target, eliminating alert fatigue
* Results are noise-free—teams report up to **97 % manual triage time saved**
* Automated retest and remediation workflows accelerate fix verification and prevent regressions
Community-Powered Updates
* Stays in sync with the latest threats via a real-time community feed of new vulnerability templates and attack techniques
* ProjectDiscovery's global user community continuously contributes and updates these detection templates (for trending exploits, emerging CVEs, etc.)
* Our internal security team validates each contribution for quality and safety before release, ensuring reliable and secure detection templates
* Ensures you're quickly alerted to new attack vectors as soon as they arise
Each of these capabilities works together to give security teams and developers an accurate, noise-free view of their true security risks. By focusing on what attackers can really exploit (rather than just matching CVEs), ProjectDiscovery helps organizations address the most critical vulnerabilities first, with confidence and speed.
# From Open Source to Cloud Platform
Source: https://docs.projectdiscovery.io/cloud/ossvscloud
ProjectDiscovery's journey from open source to a cloud platform is grounded in a commitment to community-driven security and enhanced organizational capabilities. **ProjectDiscovery began as an open-source toolkit**, embraced by over 100,000 security professionals worldwide. These tools thrive on community-driven innovation – for example, users contribute new vulnerability templates to quickly detect emerging threats. We also offer advanced customization, like the ability to write custom scan templates and integrate with scripts, giving security engineers flexibility in how they hunt for issues. However, as usage grows within a company, teams often encounter challenges with **scale, consistency, and maintenance** that individual open-source tools alone may not easily solve. The **ProjectDiscovery Cloud Platform** was built to address these challenges by transforming our battle-tested open-source tools into a comprehensive, managed solution. It retains the transparency and flexibility that the community loves, while streamlining workflows, increasing speed, and adding enterprise-grade features to meet the needs of security and engineering teams at scale. Below, we outline the key benefits and features that the cloud platform brings, and how it complements our open-source tools.
## Cloud Platform Benefits
Moving to the cloud platform **streamlines security workflows** and offloads the operational burden from your team. Instead of running scans on local infrastructure and managing updates manually, you can leverage a high-performance cloud environment purpose-built for security scanning. Key benefits include:
* **No Infrastructure to Manage:** The cloud platform eliminates the need to deploy, configure, and maintain your own scanning servers or VMs. All scanning infrastructure is hosted and managed by ProjectDiscovery, meaning no installation headaches or ongoing server upkeep on your side (zero maintenance overhead). This frees your team to focus on findings and fixes rather than ops tasks.
* **Blazing-Fast, Scalable Scanning:** ProjectDiscovery's cloud orchestrates scans across a distributed network of machines, enabling massively parallel execution. This design delivers vulnerability scanning up to **50× faster than typical self-hosted deployments**. Large asset inventories that might take hours or days to scan with local tools can be covered in minutes on the cloud. High throughput scanning becomes the norm, allowing you to continuously assess thousands of assets without waiting.
* **Centralized Results (Single Source of Truth):** All scan findings and asset data are consolidated in one cloud-based dashboard. By maintaining a **single source of truth for all security discoveries across your organization**, the platform makes it easy to track issues from discovery to resolution. Teams no longer deal with scattered scan outputs or multiple databases – everything is in one place, searchable and correlated, which simplifies analysis and reporting.
* **Always Up-to-Date Checks:** The cloud platform stays in sync with the latest threat intelligence. Vulnerability signatures and detection templates are updated in real-time by ProjectDiscovery's research team and the global community. The moment a new CVE or exploit technique emerges, a template can be added and instantly made available for your scans. Your security tests are always using the most current knowledge base without you manually pulling updates from GitHub or managing template files.
* **Fixed Scan IPs for Easy Whitelisting:** All cloud-initiated scans originate from a fixed set of IP addresses provided by ProjectDiscovery. This makes it simple to whitelist the scanner in your target environments' firewalls and IPS. Unlike running scans from ever-changing IPs or developer machines, you know exactly what source addresses our cloud will use. You can define custom rate limits or access rules for these scanners, ensuring high-speed scans don't trigger defensive blocks. This **predictable IP range** is especially useful when scanning internal assets or third-party services that require pre-approval of scanner IPs.
## Enterprise-Grade Features
Beyond raw speed and convenience, the ProjectDiscovery Cloud Platform includes **enterprise-grade features** that help manage security efforts across large teams and complex environments. It's designed to provide the visibility, control, and integrations that organizations need for a mature security program:
* **Centralized Security Visibility:** The platform provides a unified dashboard that displays all vulnerabilities and assets discovered across your organization in real time. This **central visibility** means security leads and engineers share the same up-to-date view of the attack surface and can prioritize issues together. Instead of siloed scan reports, everyone sees findings in one place – improving situational awareness and facilitating data-driven decisions. Graphs, search filters, and trend views let you quickly assess your security posture or drill down into specific asset groups.
* **Team Collaboration and Workspaces:** ProjectDiscovery Cloud is built for teams. You can organize assets and scans into shared workspaces so multiple team members can contribute without stepping on each other's toes. The platform enables collaborative workflows – for example, one team member can configure a scan, another can review the results, and a third can validate a finding – all within the same interface. By **uniting security teams through shared workspaces and collaborative processes**, the cloud platform ensures everyone stays in sync. Findings can be commented on and tagged, facilitating knowledge sharing across AppSec, DevOps, and engineering groups.
* **Granular Access Control (RBAC):** With role-based access control, you can tightly manage who on your team can view data or perform certain actions. The platform lets you define roles (e.g., admin, security engineer, read-only analyst) and assign permissions accordingly. For instance, you might allow an engineering team to see and fix vulnerabilities in their projects, while restricting administrative settings to the security team leads. This granular access control ensures sensitive information is only accessible to the right people and supports separation-of-duties practices. As a result, large organizations can onboard many users while maintaining governance over what each user or team can do.
* **Single Sign-On and Audit Logging:** ProjectDiscovery Cloud integrates with enterprise Single Sign-On (SSO) providers like Okta, Azure AD (Entra ID), and Google Workspace for streamlined and secure authentication. Your team can use existing corporate logins to access the platform, simplifying user management and enforcing company login policies (such as 2FA). Additionally, every action on the platform is tracked with comprehensive **audit logs**. You can review who ran a scan, who acknowledged a vulnerability, or who changed a setting, along with timestamps. These logs help meet compliance requirements and provide accountability, making it easier to pass security audits or investigate incidents.
* **Compliance Reporting:** Generating reports for executives or compliance frameworks is built into the platform. With a few clicks, you can produce reports tailored to standards like **SOC 2, PCI-DSS, HIPAA** and others. The reports compile relevant findings, trends, and metrics to demonstrate your security posture over time. This saves significant effort for security teams who typically would manually assemble data for auditors or management. The cloud platform ensures that the data in these reports is up-to-date and pulled from that single source of truth, reducing errors and omissions. Having on-demand executive and compliance reports readily available helps translate technical findings into business terms and proof of due diligence.
* **Automated Vulnerability Regression Testing:** When vulnerabilities are found and fixed, the work isn't over – you need to ensure those issues stay fixed. The cloud platform can automatically **re-scan and retest known vulnerabilities** on a schedule or upon deployment of a fix. This regression testing workflow means if a previously patched issue reappears (due to a code change, configuration drift, etc.), you'll catch it immediately. It creates a safety net that continuously validates your remediation efforts. Instead of relying on memory or tickets to revisit old findings, the platform's automation verifies them for you and alerts if something that was safe becomes vulnerable again. This feature gives teams confidence that improvements are lasting and helps prevent regressions from slipping through.
* **Dedicated Scanning IPs and Control:** (Enterprise Feature) As mentioned earlier, the cloud provides fixed scanning IP addresses. In an enterprise context, this is critical for complying with internal security policies. You can formally register or whitelist the ProjectDiscovery scanner IPs in advance, satisfying any approval processes before testing. Moreover, you can enforce custom rate limits or scanning hours to avoid network saturation in sensitive environments. Having **dedicated, known scanner IPs** and the ability to control their behavior makes the cloud platform play nicely within corporate network rules, unlike unmanaged open-source scans that might inadvertently trigger alarms.
* **Enterprise Support and Scale:** For organizations that need it, ProjectDiscovery offers enterprise support plans with dedicated assistance, SLAs, and onboarding help. The platform is also built to handle **enterprise scale** – from discovering assets across multiple cloud providers to mapping out subsidiaries and business units. You can monitor a large, dynamic attack surface without worrying about hitting tool limits. Whether you have 100 or 100,000 assets to assess, the cloud backend can scale to meet the demand, leveraging cloud resources to maintain performance. This ensures that as your organization (and asset inventory) grows, your security scanning can grow with it seamlessly.
## Open-Source Integration and Flexibility
Adopting the cloud platform doesn't mean abandoning the open-source tools your team knows and loves. In fact, the two work hand-in-hand. We recognize that **security teams value the flexibility of open-source**, from crafting custom detection logic to integrating tools into bespoke workflows. ProjectDiscovery Cloud is designed to complement and enhance your use of open-source tools, allowing you to continue leveraging them where it makes sense while benefiting from cloud capabilities. Here's how the platform integrates with open-source usage:
* **Use Existing CLI Tools with Cloud:** If you have existing scripts or pipelines built around ProjectDiscovery's CLI tools (such as Nuclei, Subfinder, httpx, etc.), you can plug them into the cloud via our API. The platform provides a robust API and SDKs that let you programmatically trigger cloud scans, fetch results, and manage assets. In practice, this means you can **connect your current automation with our cloud APIs** without a complete rewrite. For example, a CI/CD pipeline running daily scans can call the cloud to perform the scan and retrieve findings, blending into your established processes.
* **Custom Templates Across Environments:** One of the strengths of ProjectDiscovery tools is the ability to write custom vulnerability templates (e.g., Nuclei YAML templates) for your specific needs. The cloud platform fully supports this customization. You can upload and use your **custom templates on the cloud just as you do locally**. Templates you've developed in-house can be synced to the cloud scanner, ensuring that proprietary checks (for your app, environment, or policy requirements) run at scale. There's no lock-in to only built-in templates – you maintain the freedom to tailor scanning to your unique context, with the cloud handling the heavy lifting to run those checks on many targets.
* **Unified Data from Open-Source and Cloud Scans:** Whether a scan is run locally or in the cloud, you can bring the results together. The platform is able to **aggregate findings from both cloud and local scans into one unified view**. This means if certain sensitive scans must be done on-premises with open-source tools (for example, inside a restricted network), those results can be imported or correlated with your cloud findings. Your team gets a holistic picture of vulnerabilities without needing to manually merge reports. In short, the cloud platform becomes the central repository for all your ProjectDiscovery tool outputs, regardless of where they ran.
* **Flexible Deployment Strategies:** With the combination of open-source and cloud, you can adopt a hybrid scanning strategy. The cloud platform allows you to **choose where to run specific security checks** – some can run in the cloud for speed and scale, while others run locally for special cases. For instance, you might run external-facing asset scans on the cloud (to leverage its scale and fixed IPs), but execute internal network scans with the open-source tools on an on-prem machine that has the necessary network access. Both sets of results flow into the platform. This flexibility ensures you're not constrained by one approach; you use the best tool for the job, and ProjectDiscovery ties it all together. The open-source tools remain an integral part of your workflow, and the cloud platform enhances them with a centralized, automated touch.
## Performance and Scale
One of the most compelling reasons to use the cloud platform is the **dramatic boost in scanning performance and the ability to scale to very large environments** effortlessly. ProjectDiscovery Cloud's architecture and optimizations solve many limitations of self-hosted scanning:
* **Massively Parallel Scanning Engine:** Unlike running scanners on a single server (even a powerful one), the cloud platform can distribute workloads across many nodes. This massively parallel approach means you can scan dozens or hundreds of targets concurrently, each with hundreds of payloads or templates, without bogging down. The result is scans completing far faster than in a self-managed setup – up to *50 times faster than a typical Nuclei self-hosted deployment*. By scaling out horizontally, the cloud handles large-scale reconnaissance and vulnerability scanning in a fraction of the time, which is crucial when you need quick feedback or have tight assessment windows.
* **High Throughput with Reliability:** The cloud platform is tuned for high-throughput scanning – it can handle running tens of thousands of requests per second when needed, all while gracefully managing retries, timeouts, and failures. Because ProjectDiscovery operates the infrastructure, it is optimized to avoid common pain points like running out of memory or crashing under load. You don't have to guess at thread counts or worry about CPU spikes; the platform auto-scales and balances load to keep scans efficient from start to finish. This means you get both speed *and* stability, even for complex scanning tasks.
* **Real-Time Security Updates:** Speed is not just about how fast packets can be sent, but also how current your scanning knowledge is. The cloud platform benefits from **real-time vulnerability template updates** fed by our research team and community contributions. The instant a new vulnerability check is available, cloud scans can include it. This real-time update cycle ensures you can scan for the latest threats *immediately*. In contrast, in a self-hosted scenario you might update your tools weekly or ad-hoc, possibly missing critical windows. The platform essentially keeps you on the cutting edge of detection without any manual intervention.
* **Scaling to Your Entire Attack Surface:** Because it's built on cloud infrastructure, the platform can easily scale to cover your full environment, however large or distributed. Need to scan assets across multiple regions or cloud providers? The platform can do that in parallel. It supports **multi-cloud asset discovery and monitoring** to find and track assets in AWS, GCP, Azure, and more. This wide coverage is coupled with the ability to run scans from different geographical regions to minimize latency to targets, if needed. In practical terms, whether you have 50 websites or 50,000, or whether those are spread across on-prem data centers and cloud accounts, you can count on the platform to enumerate and assess them in a standardized way. You won't be constrained by the limits of a single machine or network – the cloud dynamically allocates resources to meet your scanning needs.
* **Faster Time to Remediation:** Ultimately, the performance gains and scalability translate into earlier detection of vulnerabilities. When scans that used to take days now finish in an hour, your team gets findings that much sooner. Faster discovery means you can start fixing issues sooner, reducing exposure. It also enables more frequent re-scans; instead of scanning critical assets monthly due to time constraints, perhaps you can scan them weekly or daily now. This agility in scanning cadence helps ensure that if a new risk appears, it's caught and addressed promptly, keeping your security posture much more current.
## Standardized Security Processes
Migrating to the ProjectDiscovery Cloud Platform not only improves raw capabilities, but also helps **standardize your security assessment processes**. For many organizations, one of the biggest challenges is ensuring everyone follows best practices and that security tasks are done consistently. The cloud platform is opinionated in the right ways – it provides structure that makes your operations more repeatable and efficient:
* **Consistent, Templated Workflows:** The platform allows you to define and use templated workflows for common tasks. For example, you might have a "Weekly External Scan" template that includes a specific set of scanners, templates, and notification settings. By using such predefined scans, every execution follows the same proven process. This **standardization of workflows** ensures that no matter who runs the scan, the coverage and methodology are uniform. It reduces the chance of human error (such as someone forgetting to include a critical test) and makes your scanning regimen systematic. Over time, this builds confidence that your security checks are thorough and consistent.
* **Organization-Wide Methodology:** When all teams use the cloud platform, you effectively establish a common security testing methodology across the organization. Application security, cloud security, and ops teams are no longer using completely different tools or techniques – they're all working within the same framework. This unified approach means findings from different parts of the organization are directly comparable and all follow the same risk scoring and format. If your company has multiple engineering teams, standardizing on the platform helps ensure each team's security practices are at the same high standard, which is hard to achieve when everyone uses disparate open-source setups.
* **Faster Onboarding and Training:** New engineers or security analysts can get up to speed quicker because they have a clear, centralized system to learn. Instead of teaching newcomers a grab-bag of scripts and command-line flags, you can train them on the ProjectDiscovery Cloud interface and workflow. The learning curve is lower, and they can start contributing sooner. The platform's dashboards and reports are also more accessible to non-security stakeholders compared to raw tool output, which means developers, product managers, or auditors can understand the security data without needing deep tool knowledge. This broader understanding further enforces the practice, as more people in the organization can engage with the security process in a standard way.
* **Improved Collaboration & Accountability:** With standardized processes comes better teamwork. Everyone knows how a finding should be documented, how a remediation should be validated, and how to mark an issue as resolved in the system. Features like shared workspaces, comments, and assignment of findings to owners mean the hand-off from detection to remediation is well-defined. Meanwhile, **audit logs on the platform record all these actions**, so you have a trail of who did what. This clarity greatly improves accountability – if a vulnerability was missed or left unpatched, you can trace back through the logs and workflow to see where the process might be improved. Over time, analyzing this data helps refine and strengthen your security operations playbook.
* **Security and Compliance Alignment:** A standardized platform naturally produces standardized outputs (dashboards, reports, metrics). This makes it much easier to align with security policies and compliance requirements. You can configure the platform to enforce certain checks or frequencies (for example, require that all critical apps are scanned monthly). Compliance frameworks often call for evidence of regular, consistent security activities – the platform can be that evidence, showing a schedule of scans and how issues are tracked to closure. By automating and standardizing those activities, you reduce the manual effort to prove compliance. In essence, the platform bakes best practices and policy adherence into the daily routine, so passing audits becomes a byproduct of doing the right thing consistently.
***
By moving **from open-source tools to the ProjectDiscovery Cloud Platform**, organizations can dramatically boost their security capabilities while still retaining the flexibility that made the open-source approach successful. The cloud platform offloads maintenance and accelerates scanning, provides a unified view of risk for the entire team, and introduces enterprise features that simplify management and reporting. At the same time, it respects the need for customization and integration by working hand-in-hand with open-source workflows. The result is a solution that empowers security and engineering teams to cover more ground in less time, with greater confidence and consistency. In an era of fast-evolving threats and expanding attack surfaces, the combination of community-powered tools and a scalable cloud platform helps ensure your security processes are both **agile and standardized** – enabling you to find and fix vulnerabilities before they can be exploited.
# Scan Exclusions
Source: https://docs.projectdiscovery.io/cloud/scanning/exclusions
Configure target and template exclusions for vulnerability scanning
## Overview
Scan Exclusions provide granular control over your vulnerability scanning operations by allowing you to exclude specific targets or templates from scans. This feature helps optimize scan performance, reduce noise, and focus scanning efforts on relevant assets and vulnerabilities.
The exclusion system operates at two levels:
* **Scan Target Exclusions**: Prevent specific targets from being scanned
* **Scan Template Exclusions**: Prevent specific vulnerability templates from being executed
4. **Launch Your Scan**:
* Click "Create scan" to start scanning your internal targets
Your scan will now execute against internal targets through the secure TunnelX connection, with results appearing in your ProjectDiscovery dashboard just like external scans.
3. Use the `nuclei -auth` command, and enter your API key when prompted.
### Configure Team (Optional)
If you want to upload the scan results to a team workspace instead of your personal workspace, you can configure the Team ID using either method:
* **Obtain Team ID:**
* Navigate to [https://cloud.projectdiscovery.io/settings/team](https://cloud.projectdiscovery.io/settings/team)
* Copy the Team ID from the top right section
* **CLI Option:**
```bash
nuclei -tid XXXXXX -cloud-upload
```
* **ENV Variable:**
```bash
export PDCP_TEAM_ID=XXXXX
```
2. Run your scan with the upload flag:
```bash
# Single target
nuclei -u http://internal-target -cloud-upload
# Multiple targets
nuclei -l internal-hosts.txt -cloud-upload
# With specific templates
nuclei -u http://internal-target -t misconfiguration/ -cloud-upload
```
All Enterprise accounts are automatically enrolled in Real-time Autoscan. To check if Real-time Autoscan is enabled for your account:
1. Visit the [ProjectDiscovery Cloud Dashboard](https://cloud.projectdiscovery.io/)
2. Navigate to the Real-Time Scanning section directly from the dashboard home
3. Check if "Real-time Autoscan" is toggled on
### Custom Asset Selection
By default, every asset added to ProjectDiscovery will be automatically scanned when new Nuclei templates are released.
Real-time Autoscan can also be configured to scan a subset of your assets by taking the following steps:
1. Visit the [ProjectDiscovery Cloud Dashboard](https://cloud.projectdiscovery.io/)
2. Navigate to the Real-Time Scanning section directly from the dashboard home
3. Click on the gear icon next to the toggle
4. Select **Custom Assets**
5. Select the asset groups you wish to include in Real-time Autoscan
6. Click on **Update**
## Reviewing Scan Results
Real-time Autoscan results are grouped as a separate scan titled **"Early Templates Autoscan"** under the **Scans** tab. This scan updates automatically whenever a new Nuclei template is merged, scanning your assets with the latest template.
Detected vulnerabilities will appear as open results within the scan. These results will remain open even if the scan is later updated with a newly merged Nuclei template.
To view the most recent template used in the scan:
1. Click the three dots menu to the right of the scan.
2. Select **Update**
3. Click on the tab **Set templates**.
4. Expand the folder labeled **"Early Templates"**.
## Alerting
By default, only newly detected vulnerabilities will generate email or message alert. However, on occasion, we may merge a trending exploit that warrants a notification even if no vulnerable hosts are detected. This message can be shared internally to proactively communicate a strong security posture with relevant stakeholders and leadership personnel.
The retest scan will automatically verify if the vulnerability has been resolved. If fixed, the report status will automatically update to "Fixed". Otherwise, it will revert to its original status.
## Supported Scenarios
### External Vulnerabilities
* Direct retesting of vulnerabilities on externally accessible assets
* No additional configuration required
* Immediate validation of remediation status
### Internal Vulnerabilities
The platform supports retesting of internal vulnerabilities in two scenarios:
1. **Cloud Platform Internal Scans**
* Results from scans executed through the cloud platform
* Requires selection of an internal proxy for retesting
* Maintains consistent access to internal targets
2. **Uploaded Local Scan Results**
* Support for results from locally executed scans
* Requires proxy host with access to the original internal targets
* Seamless integration with existing internal scanning workflows
{/* Hero Section */}
Map your internet-exposed assets and understand your attack surface.
Create and automate custom security templates to detect vulnerabilities at scale.
Stay updated with trending vulnerabilities and security exploits in real-time.
Scale your security operations with our cloud platform and advanced automation.
Connect and monitor AWS, GCP, Cloudflare, and Azure accounts for security vulnerabilities.
Integrate with your existing ticketing and alerting tools.
{/* Third Set of Cards */}
Build and automate custom security workflows using our comprehensive REST APIs.
Secure internal networks with automated vulnerability assessment and monitoring.
Configure SAML SSO, IP whitelisting, custom headers, and more for your organization.
{/* Expert Contact Card */}
Get personalized guidance on implementing security workflows for your organization. Our team is ready to help you scale your security operations.
# AlterX Install
Source: https://docs.projectdiscovery.io/opensource/alterx/install
Learn how to install AlterX and get started
Tap into the Future of Security Workflows
Learn and read all about our open-source technologies, cloud platform, and APIs
Get started
{/* First Set of Cards */}For Organizations
{/* Second Set of Cards */}Welcome to the ProjectDiscovery Discord Server!
Get support, share stories, and engage with the community.
Join ServerNeed Assistance?
We're here to help you! Explore the documentation or join the conversation.
View Help Section Join Discord
* Use the `httpx -auth` command, and enter your API key when prompted.
#### Configure Team (Optional)
If you want to upload the asset results to a team workspace instead of your personal workspace, you can configure the Team ID. You can use either the CLI option or the environment variable, depending on your preference.
* **Obtain Team ID:**
* To obtain your Team ID, navigate to [https://cloud.projectdiscovery.io/settings/team](https://cloud.projectdiscovery.io/settings/team) and copy the Team ID from the top right section.
* **CLI Option:**
* Use the `-tid` or `-team-id` option to specify the team ID.
* Example: `nuclei -tid XXXXXX -dashboard`
* **ENV Variable:**
* Set the `PDCP_TEAM_ID` environment variable to your team ID.
* Example: `export PDCP_TEAM_ID=XXXXX`
Either of these options is sufficient to configure the Team ID.
#### Run httpx with UI Dashboard
To run `httpx` and upload the results to the UI Dashboard:
```console
$ chaos -d hackerone.com | httpx -dashboard
__ __ __ _ __
/ /_ / /_/ /_____ | |/ /
/ __ \/ __/ __/ __ \| /
/ / / / /_/ /_/ /_/ / |
/_/ /_/\__/\__/ .___/_/|_|
/_/
projectdiscovery.io
[INF] Current httpx version v1.6.6 (latest)
[INF] To view results on UI dashboard, visit https://cloud.projectdiscovery.io/assets upon completion.
http://a.ns.hackerone.com
https://www.hackerone.com
http://b.ns.hackerone.com
https://api.hackerone.com
https://mta-sts.forwarding.hackerone.com
https://docs.hackerone.com
https://support.hackerone.com
https://mta-sts.hackerone.com
https://gslink.hackerone.com
[INF] Found 10 results, View found results in dashboard : https://cloud.projectdiscovery.io/assets/cqd56lebh6us73bi22pg
```
#### Uploading to an Existing Asset Group
To upload new assets to an existing asset group:
```console
$ chaos -d hackerone.com | httpx -dashboard -aid existing-asset-id
```
#### Setting an Asset Group Name
To set a custom asset group name:
```console
$ chaos -d hackerone.com | httpx -dashboard -aname "Custom Asset Group"
```
### Additional upload options
* `-pd, -dashboard`: Enable uploading of `httpx` results to the ProjectDiscovery Cloud (PDCP) UI Dashboard.
* `-aid, -asset-id string`: Upload new assets to an existing asset ID (optional).
* `-aname, -asset-name string`: Set the asset group name (optional).
* `-pdu, -dashboard-upload string`: Upload `httpx` output file (jsonl) to the ProjectDiscovery Cloud (PDCP) UI Dashboard.
### Environment Variables
* `export ENABLE_CLOUD_UPLOAD=true`: Enable dashboard upload by default.
* `export DISABLE_CLOUD_UPLOAD_WARN=true`: Disable dashboard warning.
* `export PDCP_TEAM_ID=XXXXX`: Set the team ID for the ProjectDiscovery Cloud Platform.
## Expanded Examples
### Using httpx as a library
httpx can be used as a library by creating an instance of the Option struct and populating it with the same options that would be specified via CLI.
Once validated, the struct should be passed to a runner instance (to be closed at the end of the program) and the RunEnumeration method should be called.
* A basic example of how to use httpx as a library is available in the [GitHub examples](https://github.com/projectdiscovery/httpx/tree/main/examples) folder.
### Using httpx screenshot
Httpx includes support for taking a screenshot with `-screenshot` that gives users the ability to take screenshots of target URLs, pages, or endpoints along with the rendered DOM.
This functionality enables a comprehensive view of the target's visual content.
Rendered DOM body is also included in json line output when `-screenshot` option is used with `-json` option.
To use this feature, add the `-screenshot` flag to the `httpx` command.
`httpx -screenshot -u https://example.com`
\n
\n\n\n",
"technologies": [
"Azure",
"Amazon ECS",
"Amazon Web Services",
"Docker",
"Azure CDN"
],
"raw": "HTTP/1.1 200 OK\r\nContent-Length: 1256\r\nAccept-Ranges: bytes\r\nAge: 331239\r\nCache-Control: max-age=604800\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Mon, 20 Mar 2023 10:53:58 GMT\r\nEtag: \"3147526947\"\r\nExpires: Mon, 27 Mar 2023 10:53:58 GMT\r\nLast-Modified: Thu, 17 Oct 2019 07:18:26 GMT\r\nServer: ECS (dcb/7EA3)\r\nVary: Accept-Encoding\r\nX-Cache: HIT\r\n\r\n\n\n\n Example Domain
\nThis domain is for use in illustrative examples in documents. You may use this\n domain in literature without prior coordination or asking for permission.
\n \n\n
\n\n\n"
}
}
```
### *`-store-response`*
***
The `-store-response` option allows for writing all crawled endpoint requests and responses to a text file. When this option is used, text files including the request and response will be written to the **katana\_response** directory. If you would like to specify a custom directory, you can use the `-store-response-dir` option.
```console
katana -u https://example.com -no-scope -store-response
```
```bash
$ cat katana_response/index.txt
katana_response/example.com/327c3fda87ce286848a574982ddd0b7c7487f816.txt https://example.com (200 OK)
katana_response/www.iana.org/bfc096e6dd93b993ca8918bf4c08fdc707a70723.txt http://www.iana.org/domains/reserved (200 OK)
```
**Note:**
*`-store-response` option is not supported in `-headless` mode.*
Here are additional CLI options related to output -
```console
katana -h output
OUTPUT:
-o, -output string file to write output to
-sr, -store-response store http requests/responses
-srd, -store-response-dir string store http requests/responses to custom directory
-j, -json write output in JSONL(ines) format
-nc, -no-color disable output content coloring (ANSI escape codes)
-silent display output only
-v, -verbose display verbose output
-version display project version
```
## Katana as a library
`katana` can be used as a library by creating an instance of the `Option` struct and populating it with the same options that would be specified via CLI. Using the options you can create `crawlerOptions` and so standard or hybrid `crawler`.
`crawler.Crawl` method should be called to crawl the input.
```go
package main
import (
"math"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/katana/pkg/engine/standard"
"github.com/projectdiscovery/katana/pkg/output"
"github.com/projectdiscovery/katana/pkg/types"
)
func main() {
options := &types.Options{
MaxDepth: 3, // Maximum depth to crawl
FieldScope: "rdn", // Crawling Scope Field
BodyReadSize: math.MaxInt, // Maximum response size to read
Timeout: 10, // Timeout is the time to wait for request in seconds
Concurrency: 10, // Concurrency is the number of concurrent crawling goroutines
Parallelism: 10, // Parallelism is the number of urls processing goroutines
Delay: 0, // Delay is the delay between each crawl requests in seconds
RateLimit: 150, // Maximum requests to send per second
Strategy: "depth-first", // Visit strategy (depth-first, breadth-first)
OnResult: func(result output.Result) { // Callback function to execute for result
gologger.Info().Msg(result.Request.URL)
},
}
crawlerOptions, err := types.NewCrawlerOptions(options)
if err != nil {
gologger.Fatal().Msg(err.Error())
}
defer crawlerOptions.Close()
crawler, err := standard.New(crawlerOptions)
if err != nil {
gologger.Fatal().Msg(err.Error())
}
defer crawler.Close()
var input = "https://www.hackerone.com"
err = crawler.Crawl(input)
if err != nil {
gologger.Warning().Msgf("Could not crawl %s: %s", input, err.Error())
}
}
```
# Katana Usage
Source: https://docs.projectdiscovery.io/opensource/katana/usage
Review Katana usage including flags, configs, and options
## Access help
Use `katana - h` to display all help options.
## Katana help options
```
Flags:
INPUT:
-u, -list string[] target url / list to crawl
CONFIGURATION:
-r, -resolvers string[] list of custom resolver (file or comma separated)
-d, -depth int maximum depth to crawl (default 3)
-jc, -js-crawl enable endpoint parsing / crawling in javascript file
-jsl, -jsluice enable jsluice parsing in javascript file (memory intensive)
-ct, -crawl-duration value maximum duration to crawl the target for (s, m, h, d) (default s)
-kf, -known-files string enable crawling of known files (all,robotstxt,sitemapxml)
-mrs, -max-response-size int maximum response size to read (default 9223372036854775807)
-timeout int time to wait for request in seconds (default 10)
-aff, -automatic-form-fill enable automatic form filling (experimental)
-fx, -form-extraction extract form, input, textarea & select elements in jsonl output
-retry int number of times to retry the request (default 1)
-proxy string http/socks5 proxy to use
-H, -headers string[] custom header/cookie to include in all http request in header:value format (file)
-config string path to the katana configuration file
-fc, -form-config string path to custom form configuration file
-flc, -field-config string path to custom field configuration file
-s, -strategy string Visit strategy (depth-first, breadth-first) (default "depth-first")
-iqp, -ignore-query-params Ignore crawling same path with different query-param values
-tlsi, -tls-impersonate enable experimental client hello (ja3) tls randomization
DEBUG:
-health-check, -hc run diagnostic check up
-elog, -error-log string file to write sent requests error log
HEADLESS:
-hl, -headless enable headless hybrid crawling (experimental)
-sc, -system-chrome use local installed chrome browser instead of katana installed
-sb, -show-browser show the browser on the screen with headless mode
-ho, -headless-options string[] start headless chrome with additional options
-nos, -no-sandbox start headless chrome in --no-sandbox mode
-cdd, -chrome-data-dir string path to store chrome browser data
-scp, -system-chrome-path string use specified chrome browser for headless crawling
-noi, -no-incognito start headless chrome without incognito mode
-cwu, -chrome-ws-url string use chrome browser instance launched elsewhere with the debugger listening at this URL
-xhr, -xhr-extraction extract xhr request url,method in jsonl output
SCOPE:
-cs, -crawl-scope string[] in scope url regex to be followed by crawler
-cos, -crawl-out-scope string[] out of scope url regex to be excluded by crawler
-fs, -field-scope string pre-defined scope field (dn,rdn,fqdn) or custom regex (e.g., '(company-staging.io|company.com)') (default "rdn")
-ns, -no-scope disables host based default scope
-do, -display-out-scope display external endpoint from scoped crawling
FILTER:
-mr, -match-regex string[] regex or list of regex to match on output url (cli, file)
-fr, -filter-regex string[] regex or list of regex to filter on output url (cli, file)
-f, -field string field to display in output (url,path,fqdn,rdn,rurl,qurl,qpath,file,ufile,key,value,kv,dir,udir)
-sf, -store-field string field to store in per-host output (url,path,fqdn,rdn,rurl,qurl,qpath,file,ufile,key,value,kv,dir,udir)
-em, -extension-match string[] match output for given extension (eg, -em php,html,js)
-ef, -extension-filter string[] filter output for given extension (eg, -ef png,css)
-mdc, -match-condition string match response with dsl based condition
-fdc, -filter-condition string filter response with dsl based condition
RATE-LIMIT:
-c, -concurrency int number of concurrent fetchers to use (default 10)
-p, -parallelism int number of concurrent inputs to process (default 10)
-rd, -delay int request delay between each request in seconds
-rl, -rate-limit int maximum requests to send per second (default 150)
-rlm, -rate-limit-minute int maximum number of requests to send per minute
UPDATE:
-up, -update update katana to latest version
-duc, -disable-update-check disable automatic katana update check
OUTPUT:
-o, -output string file to write output to
-sr, -store-response store http requests/responses
-srd, -store-response-dir string store http requests/responses to custom directory
-or, -omit-raw omit raw requests/responses from jsonl output
-ob, -omit-body omit response body from jsonl output
-j, -jsonl write output in jsonl format
-nc, -no-color disable output content coloring (ANSI escape codes)
-silent display output only
-v, -verbose display verbose output
-debug display debug output
-version display project version
```
# Installing Naabu
Source: https://docs.projectdiscovery.io/opensource/naabu/install
Learn about how to install Naabu and get started
Example Domain
\nThis domain is for use in illustrative examples in documents. You may use this\n domain in literature without prior coordination or asking for permission.
\n \n
2. Use the `nuclei -auth` command, enter your API key when prompted.
3. To perform a scan and upload the results straight to the cloud, use the `-cloud-upload` option while running a nuclei scan.
An example command might look like this:
```bash
nuclei -target http://honey.scanme.sh -cloud-upload
```
And the output would be like this:
```console
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.0
projectdiscovery.io
[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] To view results on cloud dashboard, visit https://cloud.projectdiscovery.io/scans upon scan completion.
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 71
[INF] Executing 71 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[CVE-2017-9506] [http] [medium] http://honey.scanme.sh/plugins/servlet/oauth/users/icon-uri?consumerUri=http://clk37fcdiuf176s376hgjzo3xsoq5bdad.oast.live
[CVE-2019-9978] [http] [medium] http://honey.scanme.sh/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://clk37fcdiuf176s376hgyk9ppdqe9a83z.oast.live
[CVE-2019-8451] [http] [medium] http://honey.scanme.sh/plugins/servlet/gadgets/makeRequest
[CVE-2015-8813] [http] [high] http://honey.scanme.sh/Umbraco/feedproxy.aspx?url=http://clk37fcdiuf176s376hgj885caqoc713k.oast.live
[CVE-2020-24148] [http] [critical] http://honey.scanme.sh/wp-admin/admin-ajax.php?action=moove_read_xml
[CVE-2020-5775] [http] [medium] http://honey.scanme.sh/external_content/retrieve/oembed?endpoint=http://clk37fcdiuf176s376hgyyxa48ih7jep5.oast.live&url=foo
[CVE-2020-7796] [http] [critical] http://honey.scanme.sh/zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://clk37fcdiuf176s376hgi9b8sd33se5sr.oast.live%23
[CVE-2017-18638] [http] [high] http://honey.scanme.sh/composer/send_email?to=hVsp@XOvw&url=http://clk37fcdiuf176s376hgyf8y81i9oju3e.oast.live
[CVE-2018-15517] [http] [high] http://honey.scanme.sh/index.php/System/MailConnect/host/clk37fcdiuf176s376hgi5j3fsht3dchj.oast.live/port/80/secure/
[CVE-2021-45967] [http] [critical] http://honey.scanme.sh/services/pluginscript/..;/..;/..;/getFavicon?host=clk37fcdiuf176s376hgh1y3xjzb3yjpy.oast.live
[CVE-2021-26855] [http] [critical] http://honey.scanme.sh/owa/auth/x.js
[INF] Scan results uploaded! View them at https://cloud.projectdiscovery.io/scans/clk37krsr14s73afc3ag
```
After the scan, a URL will be displayed on the command line interface. Visit this URL to check your results on the Cloud Dashboard.
### Advanced Integration Options
**Setting API key via environment variable**
Avoid entering your API key via interactive prompt by setting it via environment variable.
```sh
export PDCP_API_KEY=XXXX-XXXX
```
**Enabling result upload by default**
If you want all your scans to automatically upload results to the cloud, enable the `ENABLE_CLOUD_UPLOAD` environment variable.
```sh
export ENABLE_CLOUD_UPLOAD=true
```
**Disabling cloud upload warnings**
To suppress warnings about result uploads, disable the `DISABLE_CLOUD_UPLOAD_WRN` environment variable.
```sh
export DISABLE_CLOUD_UPLOAD_WRN=true
```
Your configured PDCP API key stored in `$HOME/.pdcp/credentials.yaml`
Write and test Nuclei templates directly in your browser using our [template editor](https://cloud.projectdiscovery.io/templates/editor). The editor supports AI-assisted template generation, real-time validation, and immediate scanning against your targets. Need automation? Check out our [template generation API](/api-reference/templates/generate-ai-template).
## What are Nuclei Templates?
Nuclei templates are the cornerstone of the Nuclei scanning engine. Nuclei templates enable precise and rapid scanning across various protocols like TCP, DNS, HTTP, and more. They are designed to send targeted requests based on specific vulnerability checks, ensuring low-to-zero false positives and efficient scanning over large networks.
## YAML
Nuclei templates are based on the concepts of `YAML` based template files that define how the requests will be sent and processed. This allows easy extensibility capabilities to nuclei. The templates are written in `YAML` which specifies a simple human-readable format to quickly define the execution process.
## Universal Language for Vulnerabilities
Nuclei Templates offer a streamlined way to identify and communicate vulnerabilities, combining essential details like severity ratings and detection methods. This open-source, community-developed tool accelerates threat response and is widely recognized in the cybersecurity world.
code property strictly requires a function reference. Direct expressions or values are invalid and will not work. Always use a function.
**Incorrect:**
```yaml
action: script
args:
code: alert(document.domain) # ❌ This is NOT a function reference
```
**Correct:**
```yaml
action: script
args:
code: () => alert(document.domain) # ✅ This is a function reference
```