[The Template Editor](https://cloud.projectdiscovery.io/) has AI to generate templates for vulnerability reports. This document helps to guide you through the process, offering usagwe tips and examples.
## Overview
Powered by ProjectDiscovery's deep library of public Nuclei templates and a rich CVE data set, the AI understands a broad array of security vulnerabilities. First, the system interprets the user's prompt to identify a specific vulnerability. Then, it generates a template based on the steps required to reproduce the vulnerability along with all the necessary meta information to reproduce and remediate.
## Initial Setup
Kick start your AI Assistance experience with these steps:
1. **Provide Detailed Information**: Construct comprehensive Proof of Concepts (PoCs) for vulnerabilities like Cross-Site Scripting (XSS), and others.
2. **Understand the Template Format**: Get to grips with the format to appropriately handle and modify the generated template.
3. **Validation and Linting**: Use the integrated linter to guarantee the template's validity.
4. **Test the Template**: Evaluate the template against a test target ensuring its accuracy.
## Best Practices
* **Precision Matters**: Detailed prompts yield superior templates.
* **Review and Validate**: Consistently check matchers' accuracy.
* **Template Verification**: Validate the template on known vulnerable targets before deployment.
## Example Prompts
The following examples demonstrate different vulnerabilities and the corresponding Prompt.
To share a template, click on the "Share" button to generate a link that can be sent to others.
## How to Share Public Templates
Public templates are designed for ease of sharing. You don't need to be authenticated to share them, meaning there's no need to log in. These templates are mapped with their Template ID, following a static URL pattern. For instance, a public template URL might resemble this: [https://cloud.projectdiscovery.io/public/CVE-2023-35078](https://cloud.projectdiscovery.io/public/CVE-2023-35078). In the given URL, `CVE-2023-35078` is the Template ID representing the template in the [nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) project.
## How to Share User Templates
User templates, unlike public templates, require authentication for sharing. These templates are assigned a unique, UUID-based ID similar to YouTube's unlisted URLs for sharing purposes. This means anyone given the shared URL will be able to access the template.
## Revoking Access to Shared Templates
If at any point you want to limit the access to the shared template, it is as simple as changing the visibility of the template to private. After this change, the originally shared link will become inactive. However, you have the flexibility to share it again, which would generate a new unique ID.
Please remember, while sharing is easy, it's important to distribute the URL cautiously as the link allows full access to the shared template.
# Editor Keyboard Shortcuts
Source: https://docs.projectdiscovery.io/cloud/editor/shortcuts
Review keyboard shortcuts for Nuclei templates
The Template Editor is equipped with keyboard shortcuts to make it more efficient. You can use these shortcuts whether you're creating a new template or optimizing an existing one, enabling quicker actions without interfering with your workflow.
Here is a list of the actions, along with their corresponding shortcut keys and descriptions:
| **Action** | **Shortcut Key** | **Description** |
| --------------------- | ----------------------- | ------------------------------------------------------------ |
| Save Template | **CMD + S** | Saves the current template. |
| Duplicate Template | **CMD + D** | Creates a copy of a public template. |
| Execute Template | **CMD + SHIFT + SPACE** | Run a scan with the current template. |
| Share Template Link | **ALT + SHIFT + SPACE** | Generates a URL for sharing the current template. |
| Search Templates | **CMD + K** | Searches within your own templates. |
| Copy Template | **CMD + SHIFT + C** | Copies the selected template to your clipboard. |
| Show/Hide Side Bar | **CMD + B** | Toggles the visibility of the side bar. |
| Show/Hide Debug Panel | **CMD + SHIFT + M** | Toggles the visibility of the debug panel for extra insight. |
### Slack
ProjectDiscovery supports scan notifications through Slack. To enable Slack notifications provide a name for your Configuration, a webhook, and an optional username.
Choose from the list of **Events** (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated. All Events are selected by default
* Refer to Slack's [documentation on creating webhooks](https://api.slack.com/messaging/webhooks) for configuration details.
### MS Teams
ProjectDiscovery supports notifications through Microsoft Teams. To enable notifications, provide a name for your Configuration and a corresponding webhook.
Choose from the list of **Events** (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated.
* Refer to [Microsoft's documentation on creating webhooks](https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=newteams%2Cdotnet) for configuration details.
### Email
ProjectDiscovery supports notifications via Email. To enable email notifications for completed scans simply add your recipient email addresses.
### Webhook
ProjectDiscovery supports custom webhook notifications, allowing you to post events to any HTTP endpoint that matches your infrastructure requirements.
To implement webhook notifications, provide:
* Configuration name
* Webhook URL
* Authentication parameters (if required)
Example endpoint format:
```
https://your-domain.com/api/security/alerts
```
## Ticketing Integrations
The integrations under Ticketing support ticketing functionality as part of scanning and include support for Jira, GitHub, GitLab, and Linear. Navigate to [Scans → Configurations → Ticketing](https://cloud.projectdiscovery.io/scans/configs?type=reporting) to configure your ticketing tools.
### Jira
ProjectDiscovery provides integration support for Jira to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Jira instance URL , the Account ID, the Email, and the associated API token.
Details on creating an API token are available [in the Jira documentation here.](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/)
### GitHub
ProjectDiscovery provides integration support for GitHub to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Organization or username, Project name, Issue Assignee, Token, and Issue Label. The Issue Label determines when a ticket is created. (For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
* The severity as label option adds a template result severity to any GitHub issues created.
* Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Details on setting up access in GitHub [are available here.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)
### GitLab
ProjectDiscovery provides integration support for GitLab to create new tickets when vulnerabilities are found.
Provide your GitLab username, Project name, Project Access Token and a GitLab Issue label. The Issue Label determines when a ticket is created.
(For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
* The severity as label option adds a template result severity to any GitLab issues created.
* Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Refer to GitLab's documentation for details on [configuring a Project Access token.](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#create-a-project-access-token)
### Linear
ProjectDiscovery integrates with Linear for automated issue tracking. The integration requires the following API parameters:
1. Linear API Key
2. Linear Team ID
3. Linear Open State ID
To retrieve these parameters:
1. **API Key Generation**:
* Path: Linear > Settings > API > Personal API keys
* Direct URL: linear.app/\[workspace]/settings/api
2. **Team ID Retrieval**:
```graphql
query {
teams {
nodes {
id
name
}
}
}
```
1. **Open State ID Retrieval**:
```graphql
query {
workflowStates {
nodes {
id
name
}
}
}
```
For detailed API documentation, refer to the [Linear API Documentation](https://developers.linear.app/docs/graphql/working-with-the-graphql-api).
## Cloud Asset Discovery
ProjectDiscovery leverages our open-source [Cloudlist](https://github.com/projectdiscovery/cloudlist) technology to provide comprehensive cloud asset discovery and management through a simple web interface.
### Major Cloud Services
#### AWS (Amazon Web Services)
Supported AWS Services:
* [EC2](https://aws.amazon.com/ec2/)
* [Route53](https://aws.amazon.com/route53/)
* [S3](https://aws.amazon.com/s3/)
* [Cloudfront](https://aws.amazon.com/cloudfront/)
* [ECS](https://aws.amazon.com/ecs/)
* [EKS](https://aws.amazon.com/eks/)
* [ELB](https://aws.amazon.com/elasticloadbalancing/)
* [ELBv2](https://aws.amazon.com/elasticloadbalancing/)
* [Lambda](https://aws.amazon.com/lambda/)
* [Lightsail](https://aws.amazon.com/lightsail/)
* [Apigateway](https://aws.amazon.com/api-gateway/)
**Example Config**:
Amazon Web Services can be integrated by using the following configuration block.
```yaml
- provider: aws # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# aws_access_key is the access key for AWS account
aws_access_key: $AWS_ACCESS_KEY
# aws_secret_key is the secret key for AWS account
aws_secret_key: $AWS_SECRET_KEY
# aws_session_token session token for temporary security credentials retrieved via STS (optional)
aws_session_token: $AWS_SESSION_TOKEN
# assume_role_name is the name of the role to assume (optional)
assume_role_name: $AWS_ASSUME_ROLE_NAME
# account_ids is the aws account ids which has similar assumed role name (optional)
account_ids:
- $AWS_ACCOUNT_ID_1
- $AWS_ACCOUNT_ID_2
```
`aws_access_key` and `aws_secret_key` can be generated in the IAM console. We recommend creating a new IAM user with `Read Only` permissions and providing the access token for the user.
Scopes Required:
The following scopes can directly be provided to the IAM user.
```
EC2 - AmazonEC2ReadOnlyAccess
Route53 - AmazonRoute53ReadOnlyAccess
S3 - AmazonS3ReadOnlyAccess
Lambda - AWSLambda_ReadOnlyAccess
ELB - ElasticLoadBalancingReadOnly
Cloudfront - CloudFrontReadOnlyAccess
```
To also support other services, a custom policy document is provided which can directly be copy-pasted to the role to allow correct and minimal permissions.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequiredReadPermissions",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"s3:ListAllMyBuckets",
"lambda:ListFunctions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"cloudfront:ListDistributions",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"eks:ListClusters",
"eks:DescribeCluster",
"apigateway:GET",
"lightsail:GetInstances",
"lightsail:GetRegions"
],
"Resource": "*"
}
]
}
```
**References:**
1. [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference\_policies\_examples\_iam\_read-only-console.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_iam_read-only-console.html)
2. [https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_credentials\_access-keys.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
3. [https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_credentials\_temp\_request.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
* Aws Assume Role:
* [https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html](https://docs.aws.amazon.com/sdkref/latest/guide/feature-assume-role-credentials.html)
* [https://docs.logrhythm.com/OCbeats/docs/aws-cross-account-access-using-sts-assume-role](https://docs.logrhythm.com/OCbeats/docs/aws-cross-account-access-using-sts-assume-role)
#### Google Cloud Platform (GCP)
Supported GCP Services:
* [Cloud DNS](https://cloud.google.com/dns)
* [Kubernetes Engine](https://cloud.google.com/kubernetes-engine)
* [Compute Engine](https://cloud.google.com/products/compute)
* [Bucket](https://cloud.google.com/storage)
* [Cloud Functions](https://cloud.google.com/functions)
* [Cloud Run](https://cloud.google.com/run)
**Example Config:**
Google Cloud Platform can be integrated by using the following configuration block.
```yaml
- provider: gcp # provider is the name of the provider
# profile is the name of the provider profile
id: logs
# gcp_service_account_key is the minified json of a google cloud service account with list permissions
gcp_service_account_key: '{xxxxxxxxxxxxx}'
```
`gcp_service_account_key` can be retrieved by creating a new service account. To do so, create service account with Read Only access to `cloudresourcemanager` and `dns` scopes in IAM. Next, generate a new account key for the Service Account by following steps in Reference 2. This should give you a json which can be pasted in a single line in the `gcp_service_account_key`.
Scopes Required: Cloud DNS, GKE
References:
1. [https://cloud.google.com/iam/docs/service-account-overview](https://cloud.google.com/iam/docs/service-account-overview)
#### Azure
Supported Azure Services:
* Virtual Machines
**Example Config:**
Microsoft Azure can be integrated by using the following configuration block.
```yaml
- provider: azure # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# client_id is the client ID of registered application of the azure account (not requuired if using cli auth)
client_id: $AZURE_CLIENT_ID
# client_secret is the secret ID of registered application of the zure account (not requuired if using cli uth)
client_secret: $AZURE_CLIENT_SECRET
# tenant_id is the tenant ID of registered application of the azure account (not requuired if using cli auth)
tenant_id: $AZURE_TENANT_ID
#subscription_id is the azure subscription id
subscription_id: $AZURE_SUBSCRIPTION_ID
#use_cli_auth if set to true cloudlist will use azure cli auth
use_cli_auth: true
```
`tenant_id`, `client_id`, `client_secret` can be obtained/generated from `All services` > `Azure Active Directory` > `App registrations`
`subscription_id` can be retrieved from `All services` > `Subscriptions`
To use cli auth set `use_cli_auth` value to `true` and run `az login` in the terminal
References:
1. [https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli)
2. [https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az\_ad\_sp\_create\_for\_rbac](https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_create_for_rbac)
3. [https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli)
#### Alibaba Cloud
Suppoted Alibaba Cloud Services:
* ECS Instances
**Example Config:**
Alibaba Cloud can be integrated by using the following configuration block.
```yaml
- provider: alibaba # provider is the name of the provider
# id is the name defined by user for filtering (optional)
id: staging
# alibaba_region_id is the region id of the resources
alibaba_region_id: $ALIBABA_REGION_ID
# alibaba_access_key is the access key ID for alibaba cloud account
alibaba_access_key: $ALIBABA_ACCESS_KEY
# alibaba_access_key_secret is the secret access key for alibaba cloud account
alibaba_access_key_secret: $ALIBABA_ACCESS_KEY_SECRET
```
Alibaba Cloud Access Key ID and Secret can be created by visiting [https://ram.console.aliyun.com/manage/ak](https://ram.console.aliyun.com/manage/ak)
References:
1. [https://www.alibabacloud.com/help/faq-detail/142101.htm](https://www.alibabacloud.com/help/faq-detail/142101.htm)
2. [https://www.alibabacloud.com/help/doc-detail/53045.htm](https://www.alibabacloud.com/help/doc-detail/53045.htm)
## Infrastructure & Platform Services
#### Kubernetes
Support for:
* Services
* Ingresses
* Cross-cloud cluster discovery
Navigate to [Assets → Connect Cloud Services → Kubernetes](https://cloud.projectdiscovery.io/assets/configure) to configure your cluster access.
#### Hashicorp Stack
Support for:
* Terraform state file parsing
* Nomad services
* Consul services
### CDN & DNS Providers
Configure these providers through [Assets → Connect Cloud Services](https://cloud.projectdiscovery.io/assets/configure):
* **Cloudflare**: DNS and CDN assets
* **Fastly**: CDN endpoints
* **Namecheap**: Domain management
### VPS & PaaS Providers
Access these providers through [Assets → Connect Cloud Services](https://cloud.projectdiscovery.io/assets/configure):
* **DigitalOcean**: Droplets and managed services
* **Scaleway**: Instances and managed services
* **Heroku**: Applications and add-ons
* **Linode**: Compute instances
* **Hetzner Cloud**: Cloud servers
# Introducing ProjectDiscovery
Source: https://docs.projectdiscovery.io/cloud/introduction
3. Use the `nuclei -auth` command, and enter your API key when prompted.
### Configure Team (Optional)
If you want to upload the scan results to a team workspace instead of your personal workspace, you can configure the Team ID using either method:
* **Obtain Team ID:**
* Navigate to [https://cloud.projectdiscovery.io/settings/team](https://cloud.projectdiscovery.io/settings/team)
* Copy the Team ID from the top right section
* **CLI Option:**
```bash
nuclei -tid XXXXXX -cloud-upload
```
* **ENV Variable:**
```bash
export PDCP_TEAM_ID=XXXXX
```
2. Run your scan with the upload flag:
```bash
# Single target
nuclei -u http://internal-target -cloud-upload
# Multiple targets
nuclei -l internal-hosts.txt -cloud-upload
# With specific templates
nuclei -u http://internal-target -t misconfiguration/ -cloud-upload
```
The retest scan will automatically verify if the vulnerability has been resolved. If fixed, the report status will automatically update to "Fixed". Otherwise, it will revert to its original status.
## Supported Scenarios
### External Vulnerabilities
* Direct retesting of vulnerabilities on externally accessible assets
* No additional configuration required
* Immediate validation of remediation status
### Internal Vulnerabilities
The platform supports retesting of internal vulnerabilities in two scenarios:
1. **Cloud Platform Internal Scans**
* Results from scans executed through the cloud platform
* Requires selection of an internal proxy for retesting
* Maintains consistent access to internal targets
2. **Uploaded Local Scan Results**
* Support for results from locally executed scans
* Requires proxy host with access to the original internal targets
* Seamless integration with existing internal scanning workflows
{/* Hero Section */}
Map your internet-exposed assets and understand your attack surface.
Create and automate custom security templates to detect vulnerabilities at scale.
Stay updated with trending vulnerabilities and security exploits in real-time.
Scale your security operations with our cloud platform and advanced automation.
Connect and monitor AWS, GCP, Cloudflare, and Azure accounts for security vulnerabilities.
Integrate with your existing ticketing and alerting tools.
{/* Third Set of Cards */}
Build and automate custom security workflows using our comprehensive REST APIs.
Secure internal networks with automated vulnerability assessment and monitoring.
Configure SAML SSO, IP whitelisting, custom headers, and more for your organization.
{/* Expert Contact Card */}
Get personalized guidance on implementing security workflows for your organization. Our team is ready to help you scale your security operations.
# ProjectDiscovery Quick Start Guide
Source: https://docs.projectdiscovery.io/quickstart/index
Get started with ProjectDiscovery for asset discovery, vulnerability scanning, and exposure monitoring
ProjectDiscovery helps security and engineering teams continuously monitor and secure what they deploy on the internet. Modern development moves fast, and it's easy to unknowingly expose assets—whether it's an open port (e.g., 9092) assumed to be internal or a cloud resource left publicly accessible. Our platform automates discovery, providing real-time visibility into your internet-facing infrastructure, so you know exactly what's exposed before attackers do.
Beyond discovery, ProjectDiscovery actively identifies and verifies exploitable vulnerabilities across your attack surface. Using real-world attack techniques, we simulate how adversaries find and exploit security gaps—but in a controlled, safe manner. This eliminates false positives and helps teams focus on actual risks. The platform is fully customizable, allowing you to extend detection with your own security rules, tailored to findings from pen tests, bug bounties, or internal policies.
Backed by battle-tested open-source security tools used by over 100,000 professionals, ProjectDiscovery combines real-world attack detection with comprehensive vulnerability management. While traditional tools rely on CVE databases and version checks, we take an attacker's perspective—helping organizations understand, prioritize, and secure their most critical exposures in real time.
## Real-World Impact of Security Exposures
Recent high-profile breaches demonstrate why continuous security monitoring is crucial:
* **Capital One (2019)**: Attackers exploited a misconfigured web application firewall and SSRF vulnerability to access an exposed AWS S3 bucket, stealing sensitive customer data.
* **Uber (2016/2017)**: Hackers discovered cloud access credentials accidentally committed in a GitHub repository, using them to access AWS and extract millions of user and driver records.
* **Equifax (2017)**: An unpatched Apache Struts vulnerability (CVE-2017-5638) in a public-facing web application allowed remote code execution, compromising personal data of around 143 million people.
* **Colonial Pipeline (2021)**: A legacy VPN account without multi-factor authentication was exploited using stolen credentials, granting attackers access to the network and triggering a ransomware attack.
* **Panera Bread (2018)**: An unsecured API endpoint exposed customer data in plain text, enabling attackers to enumerate records via sequential IDs and scrape millions of user profiles.
These incidents highlight why organizations need robust security monitoring and vulnerability management. ProjectDiscovery's platform helps prevent such breaches by continuously monitoring your attack surface and validating security controls.
## Platform Overview
**ProjectDiscovery** is a security platform that combines powerful **open-source tools** with a **cloud-based service** to help you secure your infrastructure. It offers a hybrid approach where you can use a user-friendly cloud interface or command-line tools (CLI) – or both – to suit your workflow. With ProjectDiscovery, you can:
* **Discover your assets** – Identify all your external-facing systems, domains, cloud resources, and more
* **Scan for vulnerabilities** – Use automated, up-to-date vulnerability checks to find exploitable issues
* **Monitor exposures continuously** – Keep an eye on your external and internal risks in real-time
* **Automate security tasks** – Integrate with APIs and workflows to alert your team when issues are found
Whether you're a beginner or a seasoned security professional, ProjectDiscovery's Cloud platform and CLI tools work together to provide immediate insights into your attack surface. The following guide will walk you through essential workflows on **both Cloud and CLI**, so you can quickly see value in using ProjectDiscovery for real-world security use cases.
Security at Scale
Tap into the Future of Security Workflows
Learn and read all about our open-source technologies, cloud platform, and APIs
Get started
{/* First Set of Cards */}For Organizations
{/* Second Set of Cards */}
Write and test Nuclei templates directly in your browser using our [template editor](https://cloud.projectdiscovery.io/templates/editor). The editor supports AI-assisted template generation, real-time validation, and immediate scanning against your targets. Need automation? Check out our [template generation API](/api-reference/templates/generate-ai-template).
## What are Nuclei Templates?
Nuclei templates are the cornerstone of the Nuclei scanning engine. Nuclei templates enable precise and rapid scanning across various protocols like TCP, DNS, HTTP, and more. They are designed to send targeted requests based on specific vulnerability checks, ensuring low-to-zero false positives and efficient scanning over large networks.
## YAML
Nuclei templates are based on the concepts of `YAML` based template files that define how the requests will be sent and processed. This allows easy extensibility capabilities to nuclei. The templates are written in `YAML` which specifies a simple human-readable format to quickly define the execution process.
## Universal Language for Vulnerabilities
Nuclei Templates offer a streamlined way to identify and communicate vulnerabilities, combining essential details like severity ratings and detection methods. This open-source, community-developed tool accelerates threat response and is widely recognized in the cybersecurity world.
\n
\n\nExample Domain
\nThis domain is for use in illustrative examples in documents. You may use this\n domain in literature without prior coordination or asking for permission.
\n \n