Nuclei Templates FAQ

Nuclei templates are the core of the Nuclei project. The templates contain the actual logic that is executed in order to detect various vulnerabilities. The project consists of several thousand ready-to-use community-contributed vulnerability templates.

We maintain a template guide for writing new and custom Nuclei templates.

Performing security assessment of an application is time-consuming. It’s always better and time-saving to automate steps whenever possible. Once you’ve found a security vulnerability, you can prepare a Nuclei template by defining the required HTTP request to reproduce the issue, and test the same vulnerability across multiple hosts with ease. It’s worth mentioning ==you write the template once and use it forever==, as you don’t need to manually test that specific vulnerability any longer.

Here are few examples from the community making use of templates to automate the security findings:

• https://dhiyaneshgeek.github.io/web/security/2021/02/19/exploiting-out-of-band-xxe/
  • https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
  • https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
  • https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
  • https://projectdiscovery.io/blog/if-youre-not-writing-custom-nuclei-templates-youre-missing-out

Nuclei templates can be executed using a template name or with tags, using -templates (-t) and -tags flag, respectively.

nuclei -tags cve -list target_urls.txt

You are always welcome to share your templates with the community. You can either open a GitHub issue with the template details or open a GitHub pull request with your nuclei templates. If you don’t have a GitHub account, you can also make use of the discord server to share the template with us.

The Nuclei template project is a community-contributed project. The ProjectDiscovery team manually reviews templates before merging them into the project. Still, there is a possibility that some templates with weak matchers will slip through the verification. This could produce false-positive results. Templates are only as good as their matchers.

If you identified templates producing false positive/negative results, here are few steps that you can follow to fix them quickly.

The Nuclei templates project houses a variety of templates which perform fuzzing and other actions which may result in a DoS against the target system (see the list here). To ensure these templates are not accidentally run, they are tagged and excluded them from the default scan. These templates can be only executed when explicitly invoked using the -itags option.

When you download or update Nuclei templates using the Nuclei binary, it downloads all the templates from the latest release. All templates added after the release exist in the master branch and are added to Nuclei when a new template release is created.