You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives.
30
+
**Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives.**
31
31
32
32
- Simple YAML format for creating and customizing vulnerability templates.
33
33
- Contributed by thousands of security professionals to tackle trending vulnerabilities.
@@ -37,64 +37,76 @@ Nuclei is a modern, high-performance vulnerability scanner that leverages simple
37
37
- Supports multiple protocols like TCP, DNS, HTTP, SSL, WHOIS JavaScript, Code and more.
38
38
- Integrate with Jira, Splunk, GitHub, Elastic, GitLab.
39
39
40
-
## Table of Contents
40
+
<br>
41
+
<br>
41
42
42
-
-[Get Started](#get-started)
43
-
-[1. Nuclei CLI](#1-nuclei-cli)
44
-
-[2. Pro and Enterprise Editions](#2-pro-and-enterprise-editions)
-[_`Scanning with your custom template`_](#scanning-with-your-custom-template)
54
+
-[_`Connect Nuclei to ProjectDiscovery_`_](#connect-nuclei-to-projectdiscovery)
55
+
-[**`Nuclei Templates, Community and Rewards`**](#nuclei-templates-community-and-rewards-) 💎
56
+
-[**`Our Mission`**](#our-mission)
57
+
-[**`Contributors`**](#contributors-heart) ❤
58
+
-[**`License`**](#license)
59
+
60
+
<br>
61
+
<br>
57
62
58
63
## Get Started
59
64
60
65
### **1. Nuclei CLI**
61
66
62
-
Install Nuclei on your machine. Get started by following the installation guide [here](https://docs.projectdiscovery.io/tools/nuclei/install?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme). Additionally, We provide [a free cloud tier](https://cloud.projectdiscovery.io/sign-up) and comes with a generous monthly free limits:
67
+
_Install Nuclei on your machine. Get started by following the installation guide [**`here`**](https://docs.projectdiscovery.io/tools/nuclei/install?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme). Additionally, We provide [**`a free cloud tier`**](https://cloud.projectdiscovery.io/sign-up) and comes with a generous monthly free limits:_
63
68
64
69
- Store and visualize your vulnerability findings
65
70
- Write and manage your nuclei templates
66
71
- Access latest nuclei templates
67
72
- Discover and store your targets
68
73
69
-
|:exclamation:**Disclaimer**|
70
-
|:--------------------------------|
71
-
|**This project is in active development**. Expect breaking changes with releases. Review the release changelog before updating. |
72
-
| This project is primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. |
74
+
> [!Important]
75
+
> |**This project is in active development**. Expect breaking changes with releases. Review the release changelog before updating.|
76
+
> |:--------------------------------|
77
+
> | This project is primarily built to be used as a standalone CLI tool. **Running nuclei as a service may pose security risks.** It's recommended to use with caution and additional security measures. |
78
+
79
+
<br>
73
80
74
81
### **2. Pro and Enterprise Editions**
75
82
76
-
For security teams and enterprises, we provide a cloud-hosted service built on top of Nuclei OSS, fine-tuned to help you continuously run vulnerability scans at scale with your team and existing workflows:
83
+
_For security teams and enterprises, we provide a cloud-hosted service built on top of Nuclei OSS, fine-tuned to help you continuously run vulnerability scans at scale with your team and existing workflows:_
- Plus: Real-time scanning, SAML SSO, SOC 2 compliant platform (with EU and US hosting options), shared team workspaces, and more
84
-
- We're constantly [adding new features](https://feedback.projectdiscovery.io/changelog)!
91
+
- We're constantly [**`adding new features`**](https://feedback.projectdiscovery.io/changelog)!
85
92
-**Ideal for:** Pentesters, security teams, and enterprises
86
93
87
-
[Sign up to Pro](https://projectdiscovery.io/pricing?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme) or [Talk to our team](https://projectdiscovery.io/request-demo?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme) if you have large organization and complex requirements.
94
+
[**`Sign up to Pro`**](https://projectdiscovery.io/pricing?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme) or [**`Talk to our team`**](https://projectdiscovery.io/request-demo?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme) if you have large organization and complex requirements.
95
+
96
+
<br>
97
+
<br>
88
98
89
99
## Documentation
90
100
91
-
Browse the full Nuclei [documentation here](https://docs.projectdiscovery.io/tools/nuclei/running). If you’re new to Nuclei, check out our [foundational Youtube series.](https://www.youtube.com/playlist?list=PLZRbR9aMzTTpItEdeNSulo8bYsvil80Rl)
101
+
Browse the full Nuclei [**`documentation here`**](https://docs.projectdiscovery.io/tools/nuclei/running). If you’re new to Nuclei, check out our [**`foundational Youtube series`**](https://www.youtube.com/playlist?list=PLZRbR9aMzTTpItEdeNSulo8bYsvil80Rl).
@@ -104,7 +116,7 @@ Browse the full Nuclei [documentation here](https://docs.projectdiscovery.io/too
104
116
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
105
117
```
106
118
107
-
To learn more about installing nuclei, see https://docs.projectdiscovery.io/tools/nuclei/install.
119
+
To learn more about installing nuclei, see `https://docs.projectdiscovery.io/tools/nuclei/install`.
108
120
109
121
### Command Line Flags
110
122
@@ -117,7 +129,7 @@ nuclei -h
117
129
<details>
118
130
<summary>Expand full help flags</summary>
119
131
120
-
```console
132
+
```yaml
121
133
Nuclei is a fast, template based vulnerability scanner focusing
122
134
on extensive configurability, massive extensibility and ease of use.
123
135
@@ -165,10 +177,10 @@ FILTERING:
165
177
-it, -include-templates string[] path to template file or directory to be executed even if they are excluded either by default or configuration
166
178
-et, -exclude-templates string[] path to template file or directory to exclude (comma-separated, file)
167
179
-em, -exclude-matchers string[] template matchers to exclude in result
168
-
-s, -severity value[] templates to run based on severity. Possible values: info, low, medium, high, critical, unknown
169
-
-es, -exclude-severity value[] templates to exclude based on severity. Possible values: info, low, medium, high, critical, unknown
170
-
-pt, -type value[] templates to run based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
171
-
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values: dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
180
+
-s, -severity value[] templates to run based on severity. Possible values - info, low, medium, high, critical, unknown
181
+
-es, -exclude-severity value[] templates to exclude based on severity. Possible values - info, low, medium, high, critical, unknown
182
+
-pt, -type value[] templates to run based on protocol type. Possible values - dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
183
+
-ept, -exclude-type value[] templates to exclude based on protocol type. Possible values - dns, file, http, headless, tcp, workflow, ssl, websocket, whois, code, javascript
172
184
-tc, -template-condition string[] templates to run based on expression condition
173
185
174
186
OUTPUT:
@@ -213,7 +225,7 @@ CONFIGURATIONS:
213
225
-ca, -client-ca string client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
214
226
-sml, -show-match-line show match lines for file templates, works with extractors only
215
227
-ztls use ztls library with autofallback to standard one for tls13 [Deprecated] autofallback to ztls is enabled by default
216
-
-sni string tls sni hostname to use (default: input domain name)
228
+
-sni string tls sni hostname to use (default - input domain name)
217
229
-dka, -dialer-keep-alive value keep-alive duration for network requests.
218
230
-lfa, -allow-local-file-access allows file (payload) access anywhere on the system
219
231
-lna, -restrict-local-network-access blocks connections to the local / private network
@@ -227,7 +239,7 @@ CONFIGURATIONS:
227
239
-hae, -http-api-endpoint string experimental http api endpoint
228
240
229
241
INTERACTSH:
230
-
-iserver, -interactsh-server string interactsh server url for self-hosted instance (default: oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
242
+
-iserver, -interactsh-server string interactsh server url for self-hosted instance (default - oast.pro,oast.live,oast.site,oast.online,oast.fun,oast.me)
231
243
-itoken, -interactsh-token string authentication token for self-hosted interactsh server
232
244
-interactions-cache-size int number of requests to keep in the interactions cache (default 5000)
233
245
-interactions-eviction int number of seconds to wait before evicting requests from cache (default 60)
@@ -238,7 +250,7 @@ INTERACTSH:
238
250
FUZZING:
239
251
-ft, -fuzzing-type string overrides fuzzing type set in template (replace, prefix, postfix, infix)
240
252
-fm, -fuzzing-mode string overrides fuzzing mode set in template (multiple, single)
241
-
-fuzz enable loading fuzzing templates (Deprecated: use -dast instead)
253
+
-fuzz enable loading fuzzing templates (Deprecated; use -dast instead)
242
254
-dast enable / run dast (fuzz) nuclei templates
243
255
-dfp, -display-fuzz-points display fuzz points in the output for debugging
244
256
-fuzz-param-frequency int frequency of uninteresting parameters for fuzzing before skipping (default 10)
@@ -353,7 +365,7 @@ Additional documentation is available at: https://docs.nuclei.sh/getting-started
353
365
354
366
```
355
367
356
-
Additional documentation is available at: [https://docs.nuclei.sh/getting-started/running](https://docs.nuclei.sh/getting-started/running?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme)
368
+
Additional documentation is available at: [**`docs.nuclei.sh/getting-started/running`**](https://docs.nuclei.sh/getting-started/running?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme)
> This feature is absolutely free and does not require any subscription. For a detailed guide, refer to the [documentation](https://docs.projectdiscovery.io/cloud/scanning/nuclei-scan?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme).
413
+
> This feature is absolutely free and does not require any subscription. For a detailed guide, refer to the [**`documentation`**](https://docs.projectdiscovery.io/cloud/scanning/nuclei-scan?utm_source=github&utm_medium=web&utm_campaign=nuclei_readme).
414
+
415
+
<br>
416
+
<br>
402
417
403
418
## Nuclei Templates, Community and Rewards 💎
404
-
[Nuclei templates](https://github.com/projectdiscovery/nuclei-templates) are based on the concepts of YAML based template files that define how the requests will be sent and processed. This allows easy extensibility capabilities to nuclei. The templates are written in YAML which specifies a simple human-readable format to quickly define the execution process.
419
+
[**Nuclei templates**](https://github.com/projectdiscovery/nuclei-templates) are based on the concepts of YAML based template files that define how the requests will be sent and processed. This allows easy extensibility capabilities to nuclei. The templates are written in YAML which specifies a simple human-readable format to quickly define the execution process.
405
420
406
-
Try it online with our free AI powered Nuclei Templates Editor by[clicking here.](https://cloud.projectdiscovery.io/templates)
421
+
**Try it online with our free AI powered Nuclei Templates Editor by** [**`clicking here`**](https://cloud.projectdiscovery.io/templates).
407
422
408
-
Nuclei Templates offer a streamlined way to identify and communicate vulnerabilities, combining essential details like severity ratings and detection methods. This open-source, community-developed tool accelerates threat response and is widely recognized in the cybersecurity world. Nuclei templates are actively contributed by thousands of security researchers globally. We run two programs for our contributors: [Pioneers](https://projectdiscovery.io/pioneers) and [💎 bounties](https://github.com/projectdiscovery/nuclei-templates/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22%F0%9F%92%8E%20Bounty%22).
423
+
Nuclei Templates offer a streamlined way to identify and communicate vulnerabilities, combining essential details like severity ratings and detection methods. This open-source, community-developed tool accelerates threat response and is widely recognized in the cybersecurity world. Nuclei templates are actively contributed by thousands of security researchers globally. We run two programs for our contributors: [**`Pioneers`**](https://projectdiscovery.io/pioneers) and [**`💎 bounties`**](https://github.com/projectdiscovery/nuclei-templates/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22%F0%9F%92%8E%20Bounty%22).
409
424
410
425
411
426
<p align="left">
@@ -414,7 +429,7 @@ Nuclei Templates offer a streamlined way to identify and communicate vulnerabili
414
429
415
430
#### Examples
416
431
417
-
Visit [our documentation](https://docs.projectdiscovery.io/templates/introduction) for use cases and ideas.
432
+
Visit [**our documentation**](https://docs.projectdiscovery.io/templates/introduction) for use cases and ideas.
Traditional vulnerability scanners were built decades ago. They are closed-source, incredibly slow, and vendor-driven. Today's attackers are mass exploiting newly released CVEs across the internet within days, unlike the years it used to take. This shift requires a completely different approach to tackling trending exploits on the internet.
440
458
441
459
We built Nuclei to solve this challenge. We made the entire scanning engine framework open and customizable—allowing the global security community to collaborate and tackle the trending attack vectors and vulnerabilities on the internet. Nuclei is now used and contributed by Fortune 500 enterprises, government agencies, universities.
442
460
443
-
You can participate by contributing to our code, [templates library](https://github.com/projectdiscovery/nuclei-templates), or [joining our team.](https://projectdiscovery.io/)
461
+
You can participate by contributing to our code, [**`templates library`**](https://github.com/projectdiscovery/nuclei-templates), or [**`joining our team`**](https://projectdiscovery.io/).
462
+
463
+
<br>
464
+
<br>
444
465
445
466
## Contributors :heart:
446
467
447
-
Thanks to all the amazing [community contributors for sending PRs](https://github.com/projectdiscovery/nuclei/graphs/contributors) and keeping this project updated. :heart:
468
+
Thanks to all the amazing [**`community contributors for sending PRs`**](https://github.com/projectdiscovery/nuclei/graphs/contributors) and keeping this project updated. :heart:
0 commit comments