Nuclei
FeaturedMIT⚡ Vulnerability Scanning · Go
Nuclei is a fast, customizable vulnerability scanner based on YAML templates. It allows scanning for vulnerabilities, misconfigurations, exposed panels, and more across multiple protocols including HTTP, DNS, TCP, SSL, and JavaScript. The community maintains thousands of detection templates covering CVEs, default credentials, exposed APIs, and technology fingerprints. Nuclei's template system makes it easy to write custom checks and share them with the community.
Installation
go install
$ go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latestbrew (macOS)
$ brew install nucleidocker
$ docker pull projectdiscovery/nucleiUse Cases
- Automated vulnerability scanning with YAML templates
- CVE detection across web applications
- Misconfiguration and exposure detection
- Custom security checks for CI/CD pipelines
- Bug bounty hunting at scale
Tags
Details
- Category
- ⚡ Vulnerability Scanning
- Language
- Go
- Repository
- projectdiscovery/nuclei
- License
- MIT
- Platforms
- 🐧linux🍎macos🪟windows
Links
GitHub Repository
github.com/projectdiscovery/nuclei
Official Website
docs.projectdiscovery.io/tools/nuclei
Documentation
docs.projectdiscovery.io/tools/nuclei/overview
Download
github.com/projectdiscovery/nuclei/releases
Releases
github.com/projectdiscovery/nuclei/releases
Issues
github.com/projectdiscovery/nuclei/issues
Used in 2 Workflows
Community Reviews
Alternatives & Comparisons
Nikto
PerlClassic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.
Compare Nuclei vs NiktoWPScan
RubyWordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.
Compare Nuclei vs WPScanOpenVAS
CFull-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.
Compare Nuclei vs OpenVASInteractsh
GoOut-of-band interaction server. Detect blind vulnerabilities with DNS, HTTP, SMTP, and LDAP callback listeners.
Compare Nuclei vs InteractshCRLFuzz
GoCRLF injection scanner. Fast detection of HTTP response splitting vulnerabilities across multiple URLs.
Compare Nuclei vs CRLFuzzSmuggler
PythonHTTP request smuggling tester. Detects CL.TE, TE.CL, and TE.TE desync vulnerabilities in web servers and proxies.
Compare Nuclei vs Smugglerafrog
GoFast vulnerability scanner with custom PoC support for CVEs, default credentials, and command injection.
Compare Nuclei vs afrogWapiti
PythonBlack-box web application vulnerability scanner with built-in fuzzer modules.
Compare Nuclei vs WapitiMore in Vulnerability Scanning
sqlmap
PythonAutomatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.
WPScan
RubyWordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.
OpenVAS
CFull-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.
XSStrike
PythonAdvanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.
Commix
PythonAutomated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.
testssl.sh
ShellCommand-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws on any port.