Get started with ProjectDiscovery for asset discovery, vulnerability scanning, and exposure monitoring
yourcompany.com
as a root domain. The platform will automatically enumerate subdomains, IP addresses, and related assets linked to that domain. You can add up to a certain number of domains for free — e.g. your company’s main domains. ProjectDiscovery will use its scanners behind the scenes to give you an instant inventory of your external assets.
pdtm -ia
(install all) to automatically download and set up all ProjectDiscovery CLI tools. This one command gives you access to Nuclei, Subfinder, HTTPx, and many more tools in one go.
$GOPATH/bin
. (You can also find pre-built binaries on the ProjectDiscovery GitHub or use package managers like Homebrew on macOS.)
bin
path is in your PATH
environment variable so you can run the tools from any directory. Once installed, you can verify by running subfinder -h
, httpx -h
, and nuclei -h
to see the help output.
2. Asset Discovery with Subfinder: To immediately see value from the CLI, start by discovering assets. For example, to find subdomains of a target domain:
subdomains.txt
. In seconds, you’ll get a list of domains that are part of the target’s attack surface. (You can also run subfinder -d example.com
without the -o
flag to just print results to the screen.)
3. Probing Assets with HTTPx: Often, you’ll want to know which of those discovered domains are alive and what web technologies they are running. HTTPx can take a list of hostnames and probe them for active web services:
-title
and -status-code
flags tell HTTPx to fetch the page title and HTTP status code for each host, and -silent
removes verbose headers for clean output. The results saved in live_hosts.txt
will show you which subdomains are up, and give a hint of what each is (for example, a status 200 and a title “Login Portal” might indicate a login page). This helps you focus on active targets.
4. Vulnerability Scanning with Nuclei: Now for the real value – finding vulnerabilities. Nuclei is a fast vulnerability scanner that uses template files to check targets for hundreds of known issues. You can run Nuclei against a single URL or a list:
live_hosts.txt
for a broad range of vulnerabilities. Nuclei will output any findings to the console and also save them to findings.txt
. Each finding will include the URL, the name of the vulnerability detected (based on the template that matched), and a severity level. For a quick test, you could also run nuclei directly on a single URL, e.g., nuclei -u https://example.com
, to see if any common issues are present.
After running these tools, you should have: a list of your assets (subdomains), a list of active systems, and any potential vulnerabilities discovered. Even as a beginner, within a few minutes you’ve used the CLI to map out a target and identify possible security issues – demonstrating the immediate value of ProjectDiscovery’s tools.
(Tip: All ProjectDiscovery tools come with various options. For instance, you can update Nuclei templates with nuclei -update-templates
, or limit scan scope by severity. As you grow more comfortable, you can customize these tools for more targeted results.)