EN
ENNA

Nuclei

FeaturedMIT

Vulnerability Scanning · Go

Nuclei is a fast, customizable vulnerability scanner based on YAML templates. It allows scanning for vulnerabilities, misconfigurations, exposed panels, and more across multiple protocols including HTTP, DNS, TCP, SSL, and JavaScript. The community maintains thousands of detection templates covering CVEs, default credentials, exposed APIs, and technology fingerprints. Nuclei's template system makes it easy to write custom checks and share them with the community.

27.8kstars
3.3kforks
143issues
Updated 2d ago
View on GitHubOfficial WebsiteDocumentationDownload

Installation

go install

$ go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

brew (macOS)

$ brew install nuclei

docker

$ docker pull projectdiscovery/nuclei

Use Cases

  • Automated vulnerability scanning with YAML templates
  • CVE detection across web applications
  • Misconfiguration and exposure detection
  • Custom security checks for CI/CD pipelines
  • Bug bounty hunting at scale

Tags

template-basedcvemisconfigprojectdiscoveryattack-surfacecve-scannerdasthacktoberfestnuclei-enginesecuritysecurity-scannersubdomain-takeovervulnerability-assessmentvulnerability-detectionvulnerability-scanner

Details

Category
Vulnerability Scanning
Language
Go
License
MIT
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/projectdiscovery/nuclei

Official Website

docs.projectdiscovery.io/tools/nuclei

Documentation

docs.projectdiscovery.io/tools/nuclei/overview

Download

github.com/projectdiscovery/nuclei/releases

Releases

github.com/projectdiscovery/nuclei/releases

Issues

github.com/projectdiscovery/nuclei/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

Alternatives & Comparisons

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

Compare Nuclei vs Nikto

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

Compare Nuclei vs WPScan

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

Compare Nuclei vs OpenVAS

More in Vulnerability Scanning

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app

testssl.sh

Shell

Command-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws on any port.

tlssslcipher-check