nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Nuclei is a fast, template-driven vulnerability scanner that checks websites, APIs, and servers for thousands of known security weaknesses using community-written YAML recipes.
Nuclei is a vulnerability scanner: a command-line program that probes websites, APIs, servers, and cloud configurations to see whether they show signs of known security weaknesses. A vulnerability is a flaw that could let an attacker get in, see data they should not, or break something. The goal of a scanner like Nuclei is to find those flaws before an attacker does, so the owner of the system can fix them.
The distinctive idea behind Nuclei is that each check is written as a small YAML file called a template. YAML is a simple plain-text format, so a template is a recipe describing how to test for a single issue: what request to send, what response to look for, and how to confirm a finding. Because templates are short and readable, the security community has built and contributed thousands of them, and the project's separate nuclei-templates repository acts as a shared library that the scanner pulls from.
The README highlights what the tool tries to be good at: a simple YAML format for writing and customising checks, community contributions for current vulnerabilities, low false positives by actually simulating the exploit steps rather than just matching version numbers, fast parallel scanning with request clustering, and support for many protocols including TCP, DNS, HTTP, SSL, WHOIS, JavaScript, and code-execution checks. It can be wired into a CI/CD pipeline so that new builds are scanned automatically, and it can send results into existing tools like Jira, Splunk, GitHub, Elastic, and GitLab.
The README is translated into Chinese, Korean, Indonesian, Spanish, Japanese, Portuguese, and Turkish. It walks through getting started with the free open-source CLI, briefly mentions paid Pro and Enterprise editions and a free cloud tier from ProjectDiscovery (the company behind the project) for storing findings and managing templates, and shows the command-line flags for single-target scans, multi-target scans, network scans, and running with your own custom template.
The project is written in Go and is under active development, so the README warns that breaking changes can land between releases and asks users to read the changelog before updating. People who run Nuclei include penetration testers, bug bounty hunters, security teams checking their own attack surface, and developers running it from a continuous integration job.
Where it fits
- Scan your web app or API for known CVEs and misconfigurations using thousands of community-maintained templates.
- Add Nuclei to a CI/CD pipeline so every new build is automatically checked for security regressions.
- Write a custom YAML template to check for a vulnerability unique to your app and run it on demand.
- Run a bug bounty recon scan across a list of target domains and pipe findings into Jira, Splunk, or Slack.