Skip to main content
Frequently asked questions about Nuclei vulnerability scanning.

General questions

Nuclei is a modern, high-performance vulnerability scanner built in Go that leverages YAML-based templates for customizable vulnerability detection. It supports multiple protocols (HTTP, DNS, TCP, SSL, WebSocket, WHOIS, JavaScript, Code) and is designed for zero false positives through real-world condition simulation.Key features:
  • Simple YAML-based template format
  • Community-contributed templates (9,000+)
  • Multi-protocol support
  • Ultra-fast parallel scanning
  • CI/CD integration
  • Zero false positives design philosophy
Yes! Nuclei is completely free and open source under the MIT license. The CLI tool and all official templates are freely available.ProjectDiscovery also offers:
  • Free cloud tier: Store findings, manage templates, and access latest templates
  • Pro edition: 50x faster scans, large-scale scanning, cloud integrations
  • Enterprise edition: SAML SSO, SOC 2 compliance, team workspaces, dedicated support
View pricing
Traditional scanners:
  • Closed source, black-box engines
  • Slow, often taking days for scans
  • Vendor-driven updates (weeks/months for new CVEs)
  • High false positive rates
  • Expensive licensing
Nuclei:
  • Open source, transparent engine
  • Ultra-fast (can scan thousands of hosts in minutes)
  • Community-driven updates (templates released within hours of CVE disclosure)
  • Zero false positive design
  • Free and open source
  • Fully customizable via YAML templates
Nuclei is used by:
  • Fortune 500 enterprises
  • Government agencies
  • Security researchers
  • Bug bounty hunters
  • Penetration testers
  • DevSecOps teams
  • Universities and educational institutions
Over 10,000 organizations worldwide rely on Nuclei for vulnerability detection.

Installation and setup

Nuclei requires Go >= 1.24.2:
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
See the installation guide for other methods (Docker, binary releases, package managers).
# Update Nuclei engine
nuclei -update

# Update templates
nuclei -update-templates

# Update both
nuclei -update && nuclei -update-templates
By default, templates are stored in:
  • Linux/macOS: ~/nuclei-templates/
  • Windows: %USERPROFILE%\nuclei-templates\
You can customize this with:
# Use custom directory
export NUCLEI_TEMPLATES_DIR=/custom/path

# Or specify with flag
nuclei -u target.com -t /custom/path/templates/
Nuclei can be configured via:
  1. Command-line flags (highest priority)
  2. Environment variables
  3. Configuration file: ~/.config/nuclei/config.yaml
# Use custom config file
nuclei -config /path/to/config.yaml -u target.com
See Running Nuclei for configuration details.

Usage and scanning

# Scan a single target
nuclei -u https://example.com

# Scan multiple targets from file
nuclei -list targets.txt

# Scan with specific templates
nuclei -u https://example.com -t cves/ -t exposures/
See Examples for more usage patterns.
# Scan for specific CVE
nuclei -u https://example.com -t cves/2021/CVE-2021-44228.yaml

# Scan by severity
nuclei -u https://example.com -s critical,high

# Scan by tags
nuclei -u https://example.com -tags rce,sqli

# Scan by template ID
nuclei -u https://example.com -id CVE-2021-44228
Yes! Nuclei supports network scanning:
# Scan IP range
nuclei -target 192.168.1.0/24

# Scan specific ports
nuclei -target 192.168.1.0/24 -t network/ -p 80,443,8080

# Network protocols
nuclei -u target.com -t dns/ -t ssl/ -t network/
Nuclei is highly optimized:
  • Request clustering: Combines identical requests across templates
  • Connection pooling: Reuses connections for multiple requests
  • Parallel execution: Concurrent template execution
  • Template optimization: Smart caching and compilation
Performance tuning:
# Increase concurrency (default 25)
nuclei -list targets.txt -c 50

# Increase rate limit (default 150 req/sec)
nuclei -list targets.txt -rl 300

# Increase bulk size (default 25 hosts)
nuclei -list targets.txt -bs 50
ProjectDiscovery Cloud offers 50x faster scans with distributed infrastructure.
Nuclei is designed for zero false positives. Templates simulate real-world exploitation steps to verify vulnerabilities exist.However:
  • Some templates may need adjustment for specific environments
  • Template quality varies (official templates are thoroughly reviewed)
  • Always validate findings in your specific context
Use -debug to inspect requests/responses and verify matches.

Templates

The official nuclei-templates repository contains 9,000+ templates covering:
  • CVEs (Common Vulnerabilities and Exposures)
  • Misconfigurations
  • Exposures and leaks
  • Technology-specific checks
  • Security best practices
Templates are continuously updated by the community.
Templates are written in YAML:
id: example-template

info:
  name: Example Vulnerability
  author: username
  severity: high
  tags: example

http:
  - method: GET
    path:
      - "{{BaseURL}}/vulnerable-endpoint"

    matchers:
      - type: word
        words:
          - "vulnerability signature"
      - type: status
        status:
          - 200
Use the free template editor with AI assistance.See Template Introduction for full syntax.
Absolutely! Template contributions are highly encouraged.Community programs:
  • Pioneers: Recognition for top contributors
  • Bounties: Monetary rewards for high-quality templates
See the Contributing Guide for details.
# Validate template syntax
nuclei -validate -t template.yaml

# Validate all templates in directory
nuclei -validate -t templates/

# Test template against target
nuclei -u https://target.com -t template.yaml -debug

Integration and automation

Yes! Nuclei is designed for CI/CD integration.GitHub Actions example:
- name: Run Nuclei
  run: |
    go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
    nuclei -u ${{ secrets.TARGET }} -s critical,high -json-export results.json
Exit codes:
  • 0: No vulnerabilities found
  • 1: Vulnerabilities found (fails pipeline)
See Use Cases for CI/CD integration examples.
Issue tracking:
  • Jira
  • GitHub Issues
  • GitLab Issues
SIEM/Logging:
  • Splunk
  • Elastic
Notifications:
  • Slack
  • Discord
  • Microsoft Teams
  • Webhooks
Cloud platforms:
  • ProjectDiscovery Cloud
  • AWS, GCP, Azure (via Pro/Enterprise)
Configure via -report-config or reporting integrations.
Yes! Nuclei can be embedded in Go applications:
import (
    "github.com/projectdiscovery/nuclei/v3/lib"
)

// See lib/ directory for SDK examples
Examples are available in the lib/ and examples/ directories.

Security and safety

Nuclei is designed as a scanning tool, not an exploitation framework.Safety considerations:
  • Templates are designed for detection, not exploitation
  • No destructive actions by default
  • Templates are reviewed before acceptance
  • Rate limiting prevents resource exhaustion
Important:
  • Only scan systems you have permission to test
  • Nuclei should NOT be run as a public service
  • Some templates may trigger security monitoring
  • Review templates before running on production systems
Yes! Nuclei is popular among bug bounty hunters.Best practices:
  • Respect program scope and rules
  • Use appropriate rate limiting
  • Avoid DoS templates (excluded by default)
  • Validate findings manually
  • Report responsibly
See Use Cases - Bug Bounty for examples.
Nuclei uses Interactsh for Out-of-Band (OOB) vulnerability detection. This is an optional service:
  • Default: Uses public Interactsh servers (oast.pro, oast.live, etc.)
  • No sensitive data is transmitted
  • Only random unique identifiers are used
  • Can be disabled with -ni flag
  • Can use self-hosted Interactsh instance
# Disable Interactsh
nuclei -u target.com -ni

# Use self-hosted instance
nuclei -u target.com -iserver https://custom.oast.pro

Troubleshooting

See the Troubleshooting Guide for detailed debugging steps.Quick checks:
# Enable debug mode
nuclei -u target.com -t template.yaml -debug

# Show variable values
nuclei -u target.com -t template.yaml -svd

# Validate template
nuclei -validate -t template.yaml
Optimize performance:
# Increase concurrency and rate limit
nuclei -list targets.txt -c 50 -rl 300 -bs 50

# Disable httpx probing if not needed
nuclei -list targets.txt -nh

# Use specific templates only
nuclei -list targets.txt -t cves/2024/
Consider ProjectDiscovery Pro for 50x faster scans.
Common solutions:
# Increase timeout
nuclei -u target.com -timeout 30

# Use custom DNS resolvers
nuclei -u target.com -r resolvers.txt

# Reduce concurrency
nuclei -u target.com -c 10
See Troubleshooting Guide for connection issues.

Community and support

Discord

Join our active community

GitHub

Report issues and contribute

Documentation

Browse comprehensive docs

YouTube

Watch tutorial videos
Contributions are welcome!
  • Templates: Submit new templates to nuclei-templates
  • Code: Contribute to the Nuclei engine
  • Documentation: Improve guides and examples
  • Community: Help others on Discord/GitHub
See the Contributing Guide for details.
Yes! ProjectDiscovery offers:
  • Pro: Self-service with email support
  • Enterprise: Dedicated support, SLAs, custom features
Contact us for enterprise inquiries.

Still have questions?

Discord community

Ask questions in real-time

GitHub discussions

Start a discussion

Documentation

Explore the full docs

Contact sales

Enterprise inquiries

Build docs developers (and LLMs) love

Get started for freeTalk to us