EN
ENNA

Getting Started Guide

How to Install and Use Nuclei

This guide covers installing Nuclei, running your first vulnerability scan, using templates, and building automated scanning workflows.

Prerequisites

  • -Go 1.21+ (for go install) or download binary directly
  • -A target URL you have permission to scan
Official Documentation
1

Install Nuclei

Install Nuclei and download the template library.

Via Go

go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

Via Homebrew

brew install nuclei

Verify and download templates

nuclei -update-templates

Note: On first run, Nuclei automatically downloads thousands of community templates from the nuclei-templates repository.

2

Run Your First Scan

Scan a single URL with all default templates. This checks for thousands of known vulnerabilities, misconfigurations, and exposed files.

nuclei -u https://example.com

Note: A full template scan can take several minutes. Nuclei is noisy - only scan targets you have explicit authorization to test.

3

Filter by Severity

Focus on what matters by filtering templates by severity level.

Critical and high only

nuclei -u https://example.com -severity critical,high

Medium and above

nuclei -u https://example.com -severity medium,high,critical
4

Scan Multiple Targets

Pipe a list of URLs into Nuclei for bulk scanning. This is how most real assessments work - you feed in URLs from tools like httpx or subfinder.

From a file

nuclei -l urls.txt

Piped from httpx

cat subdomains.txt | httpx -silent | nuclei

With rate limiting

nuclei -l urls.txt -rate-limit 50 -concurrency 10

Note: Rate limiting (-rate-limit) is important to avoid overwhelming targets or getting blocked. 50 requests per second is a reasonable starting point.

5

Use Specific Template Categories

Run only specific types of checks instead of everything.

Technology detection

nuclei -u https://example.com -tags tech

CVE checks only

nuclei -u https://example.com -tags cve

Exposed panels

nuclei -u https://example.com -tags panel

Specific template

nuclei -u https://example.com -t cves/2024/
6

Save and Format Output

Export findings in different formats for reporting.

JSON output

nuclei -u https://example.com -json -o findings.json

Markdown report

nuclei -u https://example.com -me report/

Note: The -me flag generates a markdown report directory with findings organized by severity. JSON output is best for feeding into other tools or dashboards.

Back to NucleiFull Documentation