A fast and customisable vulnerability scanner powered by simple YAML-based templates
Nuclei is a fast vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of exploitable vulnerabilities.
At its core, Nuclei uses templates—expressed as straightforward YAML files, that delineate methods for detecting, ranking, and addressing specific security flaws.
Each template delineates a possible attack route, detailing the vulnerability, its severity, priority rating, and occasionally associated exploits. This template-centric methodology ensures Nuclei not only identifies potential threats, but pinpoints exploitable vulnerabilities with tangible real-world implications.
New to scanners and Nuclei? Try it out today with a quick example through our Getting Started.
Feature | Description |
---|---|
Extensive Template Library | Nuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors. |
Versatile Target Specification | Support for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope. |
Bulk Scanning | Perform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites. |
Flexible Customization | Customize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks. |
Parallel Scanning | Supports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets. |
Comprehensive Reporting cloud | Generates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps. |
Integration with CI/CD Pipelines | Seamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process. |
CI/CD Integration cloud | Actively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework. |
Ticketing integration cloud | Two-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities. |
Customizable Output Format | Configure the output format of Nuclei’s scan results to suit your needs, including options for JSON, YAML, and more. |
Dynamic Variables | Utilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations. |
Inclusion and Exclusion Filters | Apply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest. |
Authentication Support | Nuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more. |
Embedding custom code in templates | Execute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more. |
AI-Powered Template Generation | Generate and run vulnerability templates on-the-fly using natural language descriptions powered by ProjectDiscovery’s AI capabilities. |
The global security community, including numerous researchers and engineers, actively contributes to the Nuclei template ecosystem. With over 6500 templates contributed thus far, Nuclei is continuously updated with real-world exploits and cutting-edge attack vectors.
Nuclei templates support scanning for critical issues such as the Log4j vulnerability and RCEs that impact vendors such as GitLab, Cisco, F5, and many others. Nuclei has dozens of use cases, including:
Use Case | Description |
---|---|
Web Application Security | Identifies common web vulnerabilities with community-powered templates. |
Infrastructure Security | Audits server configurations, open ports, and insecure services for security issues. |
API Security Testing alpha | Tests APIs against known vulnerabilities and misconfigurations. |
(CI/CD) Security | Integrates into CI/CD pipelines to minimize vulnerability resurface into production. |
Third-party Vendor Assessment | Evaluates the security of third-party vendors by scanning their digital assets. |
Cloud Security alpha | Scans cloud environments for misconfigurations and vulnerabilities. |
Mobile Application Security | Scans mobile applications for security issues, including API tests and configuration checks. |
Network Device Security alpha | Identifies vulnerabilities in network devices like routers, switches, and firewalls. |
Web Server Assessment | Identifies common vulnerabilities and misconfigurations in web servers. |
Content Management System (CMS) Assessment | Identifies vulnerabilities specific to CMS platforms like WordPress, Joomla, or Drupal. |
Database Security Assessment | Scans databases for known vulnerabilities, default configurations, and access control issues. |
People use Nuclei in a variety of ways:
Nuclei offers a number of features that are helpful for security engineers to customise workflows in their organization. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create a suite of custom checks with Nuclei.
Nuclei is built with simplicity in mind and templates backed by hundreds of community members, it allows you to stay updated with the latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify fixes and eliminate future vulnerabilities.
Nuclei allows a custom testing approach, supporting your own suite of checks to easily run across your bug bounty programs. In addition, Nuclei can be easily integrated into any continuous scanning workflow.
Check our projects and tools to see what might fit into your bug bounty workflow: github.com/projectdiscovery. We also host a daily refresh of DNS data at Chaos.
Nuclei can immensely improve how you approach security assessment by augmenting the manual, repetitive processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.
Pen-testers get the full power public templates and customization capabilities to speed up their assessment process, particularly during the regression cycle where you can easily verify the fix.
A fast and customisable vulnerability scanner powered by simple YAML-based templates
Nuclei is a fast vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of exploitable vulnerabilities.
At its core, Nuclei uses templates—expressed as straightforward YAML files, that delineate methods for detecting, ranking, and addressing specific security flaws.
Each template delineates a possible attack route, detailing the vulnerability, its severity, priority rating, and occasionally associated exploits. This template-centric methodology ensures Nuclei not only identifies potential threats, but pinpoints exploitable vulnerabilities with tangible real-world implications.
New to scanners and Nuclei? Try it out today with a quick example through our Getting Started.
Feature | Description |
---|---|
Extensive Template Library | Nuclei offers a vast collection of community-powered templates for targeted scans of various vulnerabilities and attack vectors. |
Versatile Target Specification | Support for various target specification options, such as URLs, IP ranges, ASN range, and file input, allowing flexibility in defining the scanning scope. |
Bulk Scanning | Perform bulk scanning by specifying multiple targets at once, enabling efficient scanning of a large number of assets or websites. |
Flexible Customization | Customize scanning templates to fit specific needs, allowing tailored scanning and focusing on relevant security checks. |
Parallel Scanning | Supports parallel scanning, reducing scanning time and improving efficiency, especially for large-scale targets. |
Comprehensive Reporting cloud | Generates detailed reports with actionable insights, including vulnerability details, severity levels, affected endpoints, and suggested remediation steps. |
Integration with CI/CD Pipelines | Seamlessly integrate Nuclei into CI/CD pipelines for automated security testing as part of the development and deployment process. |
CI/CD Integration cloud | Actively maintained and developed by the ProjectDiscovery team, introducing new features, bug fixes, and enhancements to provide an up-to-date scanning framework. |
Ticketing integration cloud | Two-way ticketing integration with Jira, Splunk, and many others to easily remediate and retest vulnerabilities. |
Customizable Output Format | Configure the output format of Nuclei’s scan results to suit your needs, including options for JSON, YAML, and more. |
Dynamic Variables | Utilize dynamic variables in templates to perform parameterized scanning, enabling versatile and flexible scanning configurations. |
Inclusion and Exclusion Filters | Apply inclusion and exclusion filters to specify targets, reducing scanning scope and focusing on specific areas of interest. |
Authentication Support | Nuclei supports various authentication mechanisms, including HTTP basic authentication, JWT token authentication, and more. |
Embedding custom code in templates | Execute custom code within Nuclei templates to incorporate user-defined logic, perform advanced scanning actions, and more. |
AI-Powered Template Generation | Generate and run vulnerability templates on-the-fly using natural language descriptions powered by ProjectDiscovery’s AI capabilities. |
The global security community, including numerous researchers and engineers, actively contributes to the Nuclei template ecosystem. With over 6500 templates contributed thus far, Nuclei is continuously updated with real-world exploits and cutting-edge attack vectors.
Nuclei templates support scanning for critical issues such as the Log4j vulnerability and RCEs that impact vendors such as GitLab, Cisco, F5, and many others. Nuclei has dozens of use cases, including:
Use Case | Description |
---|---|
Web Application Security | Identifies common web vulnerabilities with community-powered templates. |
Infrastructure Security | Audits server configurations, open ports, and insecure services for security issues. |
API Security Testing alpha | Tests APIs against known vulnerabilities and misconfigurations. |
(CI/CD) Security | Integrates into CI/CD pipelines to minimize vulnerability resurface into production. |
Third-party Vendor Assessment | Evaluates the security of third-party vendors by scanning their digital assets. |
Cloud Security alpha | Scans cloud environments for misconfigurations and vulnerabilities. |
Mobile Application Security | Scans mobile applications for security issues, including API tests and configuration checks. |
Network Device Security alpha | Identifies vulnerabilities in network devices like routers, switches, and firewalls. |
Web Server Assessment | Identifies common vulnerabilities and misconfigurations in web servers. |
Content Management System (CMS) Assessment | Identifies vulnerabilities specific to CMS platforms like WordPress, Joomla, or Drupal. |
Database Security Assessment | Scans databases for known vulnerabilities, default configurations, and access control issues. |
People use Nuclei in a variety of ways:
Nuclei offers a number of features that are helpful for security engineers to customise workflows in their organization. With the varieties of scan capabilities (like DNS, HTTP, TCP), security engineers can easily create a suite of custom checks with Nuclei.
Nuclei is built with simplicity in mind and templates backed by hundreds of community members, it allows you to stay updated with the latest security threats using continuous Nuclei scanning on the hosts. It is designed to be easily integrated into regression tests cycle, to verify fixes and eliminate future vulnerabilities.
Nuclei allows a custom testing approach, supporting your own suite of checks to easily run across your bug bounty programs. In addition, Nuclei can be easily integrated into any continuous scanning workflow.
Check our projects and tools to see what might fit into your bug bounty workflow: github.com/projectdiscovery. We also host a daily refresh of DNS data at Chaos.
Nuclei can immensely improve how you approach security assessment by augmenting the manual, repetitive processes. Consultancies are already converting their manual assessment steps with Nuclei, it allows them to run set of their custom assessment approach across thousands of hosts in an automated manner.
Pen-testers get the full power public templates and customization capabilities to speed up their assessment process, particularly during the regression cycle where you can easily verify the fix.