nuclei-templates

This repository is a library of detection templates used by Nuclei, a security scanning tool. Nuclei works by running templates against websites, servers, or cloud environments to check for known vulnerabilities. This repository stores the templates themselves, not the scanning engine. Think of it as a rulebook: each template describes one specific thing to look for, such as a misconfiguration, an exposed admin panel, or a known software vulnerability, and Nuclei follows those rules when it scans.

The collection is community-built: security researchers and bug bounty hunters contribute templates by submitting pull requests or filing issues. At the time of the README, the library contained nearly 12,000 template files across 873 folders, organized by category. The biggest categories cover general vulnerabilities, CVEs (publicly catalogued software flaws), fingerprinting (identifying what software a server is running), and WordPress plugin issues.

The library also tracks coverage for vulnerabilities listed in the CISA Known Exploited Vulnerabilities catalog, a list maintained by the US government of security flaws known to be actively used by attackers. As of the README, over 1,400 templates cover vulnerabilities from that catalog.

This repository is intended for security professionals doing authorized testing, such as bug bounty work, penetration testing, or security audits. Using Nuclei against systems you do not have permission to test is not authorized. Documentation for writing your own templates is hosted on the ProjectDiscovery website. Community discussion happens on Discord and GitHub.