What is Nuclei?

Nuclei is a fast exploitable vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of vulnerabilities.

At its core, Nuclei utilizes templates—expressed as straightforward YAML files—that delineate methods for detecting, ranking, and addressing specific security flaws.

Each template delineates a possible attack route, detailing the vulnerability, its severity, priority rating, and occasionally associated exploits. This template-centric methodology ensures Nuclei not only identifies potential threats, but pinpoints exploitable vulnerabilities with tangible real-world implications.

What does Nuclei produce?

The global security community, including numerous researchers and engineers, actively contributes to this template ecosystem. With over 6500 templates contributed thus far, Nuclei remains updated with real-world exploits and cutting-edge attack vectors, such as the Log4j vulnerability and RCEs that impact vendors such as GitLab, Cisco, F5, and many others.

Once configured, Nuclei can provide detailed information on each vulnerability, including:

Where to use Nuclei?

Use CaseDescription
Web Application SecurityIdentifies common web vulnerabilities with community-powered templates.
Infrastructure SecurityAudits server configurations, open ports, and insecure services for security issues.
API Security Testing alphaTests APIs against known vulnerabilities and misconfigurations.
(CI/CD) SecurityIntegrates into CI/CD pipelines to minimize vulnerability resurface into production.
Third-party Vendor AssessmentEvaluates the security of third-party vendors by scanning their digital assets.
Cloud Security alphaScans cloud environments for misconfigurations and vulnerabilities.
Mobile Application SecurityScans mobile applications for security issues, including API tests and configuration checks.
Network Device Security alphaIdentifies vulnerabilities in network devices like routers, switches, and firewalls.
Web Server AssessmentIdentifies common vulnerabilities and misconfigurations in web servers.
Content Management System (CMS) AssessmentIdentifies vulnerabilities specific to CMS platforms like WordPress, Joomla, or Drupal.
Database Security AssessmentScans databases for known vulnerabilities, default configurations, and access control issues.

Who can use Nuclei?

People use Nuclei in a variety of ways:

  • Security Engineers/Analysts: Conduct security assessments, proactively identify vulnerabilities, convert custom vectors and analyze latest attack vectors.
  • Red Teams: Leverage Nuclei as part of their offensive security operations to simulate real-world attack scenarios, identify weaknesses, and provide actionable recommendations for enhancing overall security.
  • DevOps Teams: Integrate Nuclei into their CI/CD pipelines to ensure continuous security and regression of custom vulnerabilities.
  • Bug Bounty Hunters: Leverage Nuclei to find vulnerabilities across their programs listed on platforms like HackerOne, Bugcrowd, Intigriti etc.
  • Penetration Testers: Utilize Nuclei to automate their assessment methodologies into templates for their clients’ systems.

What are the features of Nuclei?

Extensive Template LibraryNuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors.
Versatile Target SpecificationSupport for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope.
Bulk ScanningPerform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites.
Flexible CustomizationCustomize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks.
Parallel ScanningSupports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets.
Comprehensive Reporting cloudGenerates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps.
Integration with CI/CD PipelinesSeamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process.
CI/CD Integration cloudActively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework.
Ticketing integration cloudTwo-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities.
Customizable Output FormatConfigure the output format of Nuclei’s scan results to suit your needs, including options for JSON, YAML, and more.
Dynamic VariablesUtilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations.
Inclusion and Exclusion FiltersApply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest.
Authentication SupportNuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more.
Embedding custom code in templatesExecute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more.